Windows Analysis Report
Anfrage244384.exe

AI detected suspicious sample

Source: Yara match

File source: 00000004.00000002.2357676631.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Anfrage244384.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.4:49736 version: TLS 1.2

Source: Anfrage244384.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Anfrage244384.exe, 00000004.00000003.2319937495.0000000034CAC000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000003.2317765702.0000000034AF7000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034E60000.00000040.00001000.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034FFE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Anfrage244384.exe, Anfrage244384.exe, 00000004.00000003.2319937495.0000000034CAC000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000003.2317765702.0000000034AF7000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034E60000.00000040.00001000.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034FFE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405665
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_0040270B FindFirstFileA,	0_2_0040270B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_004060C7 FindFirstFileA,FindClose,	0_2_004060C7

Source: Joe Sandbox View

IP Address: 188.40.95.144 188.40.95.144

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49736 -> 188.40.95.144:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49737

Source: global traffic

HTTP traffic detected: GET /rmANWge110.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /rmANWge110.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: familytherapycenter.rs

Source: Anfrage244384.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: Anfrage244384.exe	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: Anfrage244384.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Anfrage244384.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Anfrage244384.exe	String found in binary or memory: http://www.apple.com/appleca0
Source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: Anfrage244384.exe, 00000004.00000001.1922306058.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Anfrage244384.exe, 00000004.00000001.1922306058.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: Anfrage244384.exe, 00000004.00000002.2361009105.0000000004C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/
Source: Anfrage244384.exe, 00000004.00000002.2361009105.0000000004C13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/L
Source: Anfrage244384.exe, 00000004.00000002.2361009105.0000000004C13000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2361009105.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/rmANWge110.bin
Source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: Anfrage244384.exe	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736

Source: unknown

HTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.4:49736 version: TLS 1.2

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_0040511A GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040511A

E-Banking Fraud

Source: Yara match

File source: 00000004.00000002.2357676631.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Anfrage244384.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED35C0 NtCreateMutant,LdrInitializeThunk,	4_2_34ED35C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2C70 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_34ED2C70
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED3090 NtSetValueKey,	4_2_34ED3090
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED3010 NtOpenDirectoryObject,	4_2_34ED3010
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED3D70 NtOpenThread,	4_2_34ED3D70
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED3D10 NtOpenProcessToken,	4_2_34ED3D10
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED39B0 NtGetContextThread,	4_2_34ED39B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED4650 NtSuspendThread,	4_2_34ED4650
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED4340 NtSetContextThread,	4_2_34ED4340
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2CF0 NtOpenProcess,	4_2_34ED2CF0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2CC0 NtQueryVirtualMemory,	4_2_34ED2CC0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2CA0 NtQueryInformationToken,	4_2_34ED2CA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2C60 NtCreateKey,	4_2_34ED2C60
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2C00 NtQueryInformationProcess,	4_2_34ED2C00
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2DF0 NtQuerySystemInformation,	4_2_34ED2DF0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2DD0 NtDelayExecution,	4_2_34ED2DD0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2DB0 NtEnumerateKey,	4_2_34ED2DB0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2D30 NtUnmapViewOfSection,	4_2_34ED2D30
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2D00 NtSetInformationFile,	4_2_34ED2D00
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2D10 NtMapViewOfSection,	4_2_34ED2D10
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2EE0 NtQueueApcThread,	4_2_34ED2EE0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2EA0 NtAdjustPrivilegesToken,	4_2_34ED2EA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2E80 NtReadVirtualMemory,	4_2_34ED2E80
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2E30 NtWriteVirtualMemory,	4_2_34ED2E30
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2FE0 NtCreateFile,	4_2_34ED2FE0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2FA0 NtQuerySection,	4_2_34ED2FA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2FB0 NtResumeThread,	4_2_34ED2FB0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2F90 NtProtectVirtualMemory,	4_2_34ED2F90
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2F60 NtCreateProcessEx,	4_2_34ED2F60
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2F30 NtCreateSection,	4_2_34ED2F30
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2AF0 NtWriteFile,	4_2_34ED2AF0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2AD0 NtReadFile,	4_2_34ED2AD0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2AB0 NtWaitForSingleObject,	4_2_34ED2AB0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2BE0 NtQueryValueKey,	4_2_34ED2BE0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2BF0 NtAllocateVirtualMemory,	4_2_34ED2BF0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2BA0 NtEnumerateValueKey,	4_2_34ED2BA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2B80 NtQueryInformationFile,	4_2_34ED2B80
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED2B60 NtClose,	4_2_34ED2B60

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_004031A3 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004031A3

Source: C:\Users\user\Desktop\Anfrage244384.exe

File created: C:\Windows\resources\soenderbro.ini

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_00404959	0_2_00404959
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_0040655F	0_2_0040655F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_00406D36	0_2_00406D36
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5F43F	4_2_34F5F43F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3D5B0	4_2_34F3D5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F57571	4_2_34F57571
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F516CC	4_2_34F516CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5F7B0	4_2_34F5F7B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5F0E0	4_2_34F5F0E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F570E9	4_2_34F570E9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F0CC	4_2_34F4F0CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAB1B0	4_2_34EAB1B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED516C	4_2_34ED516C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6B16B	4_2_34F6B16B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD2F0	4_2_34EBD2F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA52A0	4_2_34EA52A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE739A	4_2_34EE739A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D34C	4_2_34E8D34C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5132D	4_2_34F5132D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5FCF2	4_2_34F5FCF2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F19C32	4_2_34F19C32
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFDC0	4_2_34EBFDC0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F57D73	4_2_34F57D73
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA3D40	4_2_34EA3D40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F51D5A	4_2_34F51D5A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA9EB0	4_2_34EA9EB0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5FFB1	4_2_34F5FFB1
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1F92	4_2_34EA1F92
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5FF09	4_2_34F5FF09
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA38E0	4_2_34EA38E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D800	4_2_34F0D800
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA9950	4_2_34EA9950
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB950	4_2_34EBB950
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F35910	4_2_34F35910
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4DAC6	4_2_34F4DAC6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE5AA0	4_2_34EE5AA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F41AA3	4_2_34F41AA3
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3DAAC	4_2_34F3DAAC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F13A6C	4_2_34F13A6C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F57A46	4_2_34F57A46
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5FA49	4_2_34F5FA49
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F15BF0	4_2_34F15BF0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EDDBF9	4_2_34EDDBF9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFB80	4_2_34EBFB80
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5FB76	4_2_34F5FB76
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4E4F6	4_2_34F4E4F6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F52446	4_2_34F52446
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F44420	4_2_34F44420
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F60591	4_2_34F60591
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA0535	4_2_34EA0535
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBC6E0	4_2_34EBC6E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9C7C0	4_2_34E9C7C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA0770	4_2_34EA0770
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC4750	4_2_34EC4750
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F32000	4_2_34F32000
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F581CC	4_2_34F581CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F541A2	4_2_34F541A2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F601AA	4_2_34F601AA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F28158	4_2_34F28158
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E90100	4_2_34E90100
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3A118	4_2_34F3A118
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F202C0	4_2_34F202C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F40274	4_2_34F40274
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F603E6	4_2_34F603E6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAE3F0	4_2_34EAE3F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5A352	4_2_34F5A352
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E90CF2	4_2_34E90CF2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F40CB5	4_2_34F40CB5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA0C00	4_2_34EA0C00
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9ADE0	4_2_34E9ADE0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB8DBF	4_2_34EB8DBF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAAD00	4_2_34EAAD00
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3CD1F	4_2_34F3CD1F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5EEDB	4_2_34F5EEDB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5CE93	4_2_34F5CE93
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB2E90	4_2_34EB2E90
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA0E59	4_2_34EA0E59
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5EE26	4_2_34F5EE26
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EACFE0	4_2_34EACFE0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E92FC8	4_2_34E92FC8
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1EFA0	4_2_34F1EFA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F14F40	4_2_34F14F40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F42F30	4_2_34F42F30
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE2F28	4_2_34EE2F28
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC0F30	4_2_34EC0F30
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECE8F0	4_2_34ECE8F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E868B8	4_2_34E868B8
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA2840	4_2_34EA2840
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAA840	4_2_34EAA840
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA29A0	4_2_34EA29A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6A9A6	4_2_34F6A9A6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB6962	4_2_34EB6962
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9EA80	4_2_34E9EA80
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F56BD7	4_2_34F56BD7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5AB40	4_2_34F5AB40

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: String function: 34EE7E54 appears 101 times
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: String function: 34F1F290 appears 105 times
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: String function: 34ED5130 appears 58 times
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: String function: 34E8B970 appears 280 times
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: String function: 34F0EA12 appears 84 times

Source: Anfrage244384.exe

Static PE information: invalid certificate

Source: Anfrage244384.exe, 00000004.00000002.2379748407.0000000034F8D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage244384.exe
Source: Anfrage244384.exe, 00000004.00000003.2319937495.0000000034DD9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage244384.exe
Source: Anfrage244384.exe, 00000004.00000003.2317765702.0000000034C1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage244384.exe

Source: Anfrage244384.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal84.troj.evad.winEXE@3/10@1/1

Source: C:\Users\user\Desktop\Anfrage244384.exe

0_2_004031A3

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_004043E6 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004043E6

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_004020CD CoCreateInstance,MultiByteToWideChar,

0_2_004020CD

Source: C:\Users\user\Desktop\Anfrage244384.exe

File created: C:\Users\user\AppData\Roaming\secretaryships

Source: C:\Users\user\Desktop\Anfrage244384.exe

File created: C:\Users\user\AppData\Local\Temp\nsg67A.tmp

Source: Anfrage244384.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Anfrage244384.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Anfrage244384.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: Anfrage244384.exe

ReversingLabs: Detection: 31%

Source: C:\Users\user\Desktop\Anfrage244384.exe

File read: C:\Users\user\Desktop\Anfrage244384.exe

Source: unknown	Process created: C:\Users\user\Desktop\Anfrage244384.exe "C:\Users\user\Desktop\Anfrage244384.exe"
Source: C:\Users\user\Desktop\Anfrage244384.exe	Process created: C:\Users\user\Desktop\Anfrage244384.exe "C:\Users\user\Desktop\Anfrage244384.exe"
Source: C:\Users\user\Desktop\Anfrage244384.exe	Process created: C:\Users\user\Desktop\Anfrage244384.exe "C:\Users\user\Desktop\Anfrage244384.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Anfrage244384.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Switches to a custom stack to bypass stack traces

Source: Anfrage244384.exe

Static file information: File size 1235192 > 1048576

Source: Anfrage244384.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Anfrage244384.exe, 00000004.00000003.2319937495.0000000034CAC000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000003.2317765702.0000000034AF7000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034E60000.00000040.00001000.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034FFE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Anfrage244384.exe, Anfrage244384.exe, 00000004.00000003.2319937495.0000000034CAC000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000003.2317765702.0000000034AF7000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034E60000.00000040.00001000.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2379748407.0000000034FFE000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1923188964.0000000003E32000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_10002D20 push eax; ret		0_2_10002D4E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E909AD push ecx; mov dword ptr [esp], ecx		4_2_34E909B6

Source: C:\Users\user\Desktop\Anfrage244384.exe

File created: C:\Users\user\AppData\Local\Temp\nsq755.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Anfrage244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\Anfrage244384.exe	API/Special instruction interceptor: Address: 40FEB98
Source: C:\Users\user\Desktop\Anfrage244384.exe	API/Special instruction interceptor: Address: 2DFEB98

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Anfrage244384.exe	RDTSC instruction interceptor: First address: 40C40EF second address: 40C40EF instructions: 0x00000000 rdtsc 0x00000002 test ch, bh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F1F3CD5C856h 0x00000008 inc ebp 0x00000009 test bl, cl 0x0000000b inc ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\Anfrage244384.exe	RDTSC instruction interceptor: First address: 2DC40EF second address: 2DC40EF instructions: 0x00000000 rdtsc 0x00000002 test ch, bh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F1F3CDAD006h 0x00000008 inc ebp 0x00000009 test bl, cl 0x0000000b inc ebx 0x0000000c rdtsc

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 4_2_34F0D1C0 rdtsc

4_2_34F0D1C0

Source: C:\Users\user\Desktop\Anfrage244384.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsq755.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Anfrage244384.exe

API coverage: 0.1 %

Source: C:\Users\user\Desktop\Anfrage244384.exe TID: 7980

Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405665
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_0040270B FindFirstFileA,	0_2_0040270B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 0_2_004060C7 FindFirstFileA,FindClose,	0_2_004060C7

Source: Anfrage244384.exe, 00000004.00000003.2317987528.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp, Anfrage244384.exe, 00000004.00000002.2361060766.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Anfrage244384.exe, 00000004.00000002.2361009105.0000000004BD8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx!

Source: C:\Users\user\Desktop\Anfrage244384.exe	API call chain: ExitProcess graph end node			graph_0-3754
Source: C:\Users\user\Desktop\Anfrage244384.exe	API call chain: ExitProcess graph end node			graph_0-3940

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 4_2_34F0D1C0 rdtsc

4_2_34F0D1C0

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 4_2_34ED35C0 NtCreateMutant,LdrInitializeThunk,

4_2_34ED35C0

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F394E0 mov eax, dword ptr fs:[00000030h]	4_2_34F394E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F654DB mov eax, dword ptr fs:[00000030h]	4_2_34F654DB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E874B0 mov eax, dword ptr fs:[00000030h]	4_2_34E874B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E874B0 mov eax, dword ptr fs:[00000030h]	4_2_34E874B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC34B0 mov eax, dword ptr fs:[00000030h]	4_2_34EC34B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B480 mov eax, dword ptr fs:[00000030h]	4_2_34E8B480
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E99486 mov eax, dword ptr fs:[00000030h]	4_2_34E99486
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E99486 mov eax, dword ptr fs:[00000030h]	4_2_34E99486
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460 mov eax, dword ptr fs:[00000030h]	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460 mov eax, dword ptr fs:[00000030h]	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460 mov eax, dword ptr fs:[00000030h]	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460 mov eax, dword ptr fs:[00000030h]	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91460 mov eax, dword ptr fs:[00000030h]	4_2_34E91460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6547F mov eax, dword ptr fs:[00000030h]	4_2_34F6547F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF460 mov eax, dword ptr fs:[00000030h]	4_2_34EAF460
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B450 mov eax, dword ptr fs:[00000030h]	4_2_34F3B450
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B450 mov eax, dword ptr fs:[00000030h]	4_2_34F3B450
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B450 mov eax, dword ptr fs:[00000030h]	4_2_34F3B450
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B450 mov eax, dword ptr fs:[00000030h]	4_2_34F3B450
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F453 mov eax, dword ptr fs:[00000030h]	4_2_34F4F453
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B440 mov eax, dword ptr fs:[00000030h]	4_2_34E9B440
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F17410 mov eax, dword ptr fs:[00000030h]	4_2_34F17410
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB340D mov eax, dword ptr fs:[00000030h]	4_2_34EB340D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15F4 mov eax, dword ptr fs:[00000030h]	4_2_34EB15F4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D5D0 mov eax, dword ptr fs:[00000030h]	4_2_34F0D5D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D5D0 mov ecx, dword ptr fs:[00000030h]	4_2_34F0D5D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F635D7 mov eax, dword ptr fs:[00000030h]	4_2_34F635D7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F635D7 mov eax, dword ptr fs:[00000030h]	4_2_34F635D7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F635D7 mov eax, dword ptr fs:[00000030h]	4_2_34F635D7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC55C0 mov eax, dword ptr fs:[00000030h]	4_2_34EC55C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB95DA mov eax, dword ptr fs:[00000030h]	4_2_34EB95DA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F655C9 mov eax, dword ptr fs:[00000030h]	4_2_34F655C9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15A9 mov eax, dword ptr fs:[00000030h]	4_2_34EB15A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15A9 mov eax, dword ptr fs:[00000030h]	4_2_34EB15A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15A9 mov eax, dword ptr fs:[00000030h]	4_2_34EB15A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15A9 mov eax, dword ptr fs:[00000030h]	4_2_34EB15A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB15A9 mov eax, dword ptr fs:[00000030h]	4_2_34EB15A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F2D5B0 mov eax, dword ptr fs:[00000030h]	4_2_34F2D5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F2D5B0 mov eax, dword ptr fs:[00000030h]	4_2_34F2D5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F235BA mov eax, dword ptr fs:[00000030h]	4_2_34F235BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F235BA mov eax, dword ptr fs:[00000030h]	4_2_34F235BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F235BA mov eax, dword ptr fs:[00000030h]	4_2_34F235BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F235BA mov eax, dword ptr fs:[00000030h]	4_2_34F235BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F5BE mov eax, dword ptr fs:[00000030h]	4_2_34F4F5BE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF5B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF5B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1B594 mov eax, dword ptr fs:[00000030h]	4_2_34F1B594
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1B594 mov eax, dword ptr fs:[00000030h]	4_2_34F1B594
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8758F mov eax, dword ptr fs:[00000030h]	4_2_34E8758F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8758F mov eax, dword ptr fs:[00000030h]	4_2_34E8758F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8758F mov eax, dword ptr fs:[00000030h]	4_2_34E8758F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B562 mov eax, dword ptr fs:[00000030h]	4_2_34E8B562
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECB570 mov eax, dword ptr fs:[00000030h]	4_2_34ECB570
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECB570 mov eax, dword ptr fs:[00000030h]	4_2_34ECB570
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B550 mov eax, dword ptr fs:[00000030h]	4_2_34F3B550
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B550 mov eax, dword ptr fs:[00000030h]	4_2_34F3B550
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B550 mov eax, dword ptr fs:[00000030h]	4_2_34F3B550
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65537 mov eax, dword ptr fs:[00000030h]	4_2_34F65537
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3F525 mov eax, dword ptr fs:[00000030h]	4_2_34F3F525
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4B52F mov eax, dword ptr fs:[00000030h]	4_2_34F4B52F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECD530 mov eax, dword ptr fs:[00000030h]	4_2_34ECD530
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECD530 mov eax, dword ptr fs:[00000030h]	4_2_34ECD530
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D534 mov eax, dword ptr fs:[00000030h]	4_2_34E9D534
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC7505 mov eax, dword ptr fs:[00000030h]	4_2_34EC7505
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC7505 mov ecx, dword ptr fs:[00000030h]	4_2_34EC7505
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4D6F0 mov eax, dword ptr fs:[00000030h]	4_2_34F4D6F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD6E0 mov eax, dword ptr fs:[00000030h]	4_2_34EBD6E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD6E0 mov eax, dword ptr fs:[00000030h]	4_2_34EBD6E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F236EE mov eax, dword ptr fs:[00000030h]	4_2_34F236EE
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC16CF mov eax, dword ptr fs:[00000030h]	4_2_34EC16CF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9B6C0 mov eax, dword ptr fs:[00000030h]	4_2_34E9B6C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F6C7 mov eax, dword ptr fs:[00000030h]	4_2_34F4F6C7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F516CC mov eax, dword ptr fs:[00000030h]	4_2_34F516CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F516CC mov eax, dword ptr fs:[00000030h]	4_2_34F516CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F516CC mov eax, dword ptr fs:[00000030h]	4_2_34F516CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F516CC mov eax, dword ptr fs:[00000030h]	4_2_34F516CC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D6AA mov eax, dword ptr fs:[00000030h]	4_2_34E8D6AA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D6AA mov eax, dword ptr fs:[00000030h]	4_2_34E8D6AA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E876B2 mov eax, dword ptr fs:[00000030h]	4_2_34E876B2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E876B2 mov eax, dword ptr fs:[00000030h]	4_2_34E876B2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E876B2 mov eax, dword ptr fs:[00000030h]	4_2_34E876B2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1368C mov eax, dword ptr fs:[00000030h]	4_2_34F1368C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1368C mov eax, dword ptr fs:[00000030h]	4_2_34F1368C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1368C mov eax, dword ptr fs:[00000030h]	4_2_34F1368C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1368C mov eax, dword ptr fs:[00000030h]	4_2_34F1368C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC9660 mov eax, dword ptr fs:[00000030h]	4_2_34EC9660
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC9660 mov eax, dword ptr fs:[00000030h]	4_2_34EC9660
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F2D660 mov eax, dword ptr fs:[00000030h]	4_2_34F2D660
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65636 mov eax, dword ptr fs:[00000030h]	4_2_34F65636
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F626 mov eax, dword ptr fs:[00000030h]	4_2_34E8F626
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC1607 mov eax, dword ptr fs:[00000030h]	4_2_34EC1607
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECF603 mov eax, dword ptr fs:[00000030h]	4_2_34ECF603
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93616 mov eax, dword ptr fs:[00000030h]	4_2_34E93616
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93616 mov eax, dword ptr fs:[00000030h]	4_2_34E93616
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9D7E0 mov ecx, dword ptr fs:[00000030h]	4_2_34E9D7E0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E957C0 mov eax, dword ptr fs:[00000030h]	4_2_34E957C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E957C0 mov eax, dword ptr fs:[00000030h]	4_2_34E957C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E957C0 mov eax, dword ptr fs:[00000030h]	4_2_34E957C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F637B6 mov eax, dword ptr fs:[00000030h]	4_2_34F637B6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4D7B0 mov eax, dword ptr fs:[00000030h]	4_2_34F4D7B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4D7B0 mov eax, dword ptr fs:[00000030h]	4_2_34F4D7B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F7BA mov eax, dword ptr fs:[00000030h]	4_2_34E8F7BA
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F197A9 mov eax, dword ptr fs:[00000030h]	4_2_34F197A9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD7B0 mov eax, dword ptr fs:[00000030h]	4_2_34EBD7B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1F7AF mov eax, dword ptr fs:[00000030h]	4_2_34F1F7AF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1F7AF mov eax, dword ptr fs:[00000030h]	4_2_34F1F7AF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1F7AF mov eax, dword ptr fs:[00000030h]	4_2_34F1F7AF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1F7AF mov eax, dword ptr fs:[00000030h]	4_2_34F1F7AF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1F7AF mov eax, dword ptr fs:[00000030h]	4_2_34F1F7AF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F78A mov eax, dword ptr fs:[00000030h]	4_2_34F4F78A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B765 mov eax, dword ptr fs:[00000030h]	4_2_34E8B765
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B765 mov eax, dword ptr fs:[00000030h]	4_2_34E8B765
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B765 mov eax, dword ptr fs:[00000030h]	4_2_34E8B765
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B765 mov eax, dword ptr fs:[00000030h]	4_2_34E8B765
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA3740 mov eax, dword ptr fs:[00000030h]	4_2_34EA3740
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA3740 mov eax, dword ptr fs:[00000030h]	4_2_34EA3740
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA3740 mov eax, dword ptr fs:[00000030h]	4_2_34EA3740
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3375F mov eax, dword ptr fs:[00000030h]	4_2_34F3375F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3375F mov eax, dword ptr fs:[00000030h]	4_2_34F3375F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3375F mov eax, dword ptr fs:[00000030h]	4_2_34F3375F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3375F mov eax, dword ptr fs:[00000030h]	4_2_34F3375F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3375F mov eax, dword ptr fs:[00000030h]	4_2_34F3375F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F63749 mov eax, dword ptr fs:[00000030h]	4_2_34F63749
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93720 mov eax, dword ptr fs:[00000030h]	4_2_34E93720
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6B73C mov eax, dword ptr fs:[00000030h]	4_2_34F6B73C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6B73C mov eax, dword ptr fs:[00000030h]	4_2_34F6B73C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6B73C mov eax, dword ptr fs:[00000030h]	4_2_34F6B73C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6B73C mov eax, dword ptr fs:[00000030h]	4_2_34F6B73C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF720 mov eax, dword ptr fs:[00000030h]	4_2_34EAF720
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF720 mov eax, dword ptr fs:[00000030h]	4_2_34EAF720
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAF720 mov eax, dword ptr fs:[00000030h]	4_2_34EAF720
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9973A mov eax, dword ptr fs:[00000030h]	4_2_34E9973A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9973A mov eax, dword ptr fs:[00000030h]	4_2_34E9973A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89730 mov eax, dword ptr fs:[00000030h]	4_2_34E89730
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89730 mov eax, dword ptr fs:[00000030h]	4_2_34E89730
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC5734 mov eax, dword ptr fs:[00000030h]	4_2_34EC5734
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F72E mov eax, dword ptr fs:[00000030h]	4_2_34F4F72E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5972B mov eax, dword ptr fs:[00000030h]	4_2_34F5972B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E97703 mov eax, dword ptr fs:[00000030h]	4_2_34E97703
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E95702 mov eax, dword ptr fs:[00000030h]	4_2_34E95702
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E95702 mov eax, dword ptr fs:[00000030h]	4_2_34E95702
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECF71F mov eax, dword ptr fs:[00000030h]	4_2_34ECF71F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECF71F mov eax, dword ptr fs:[00000030h]	4_2_34ECF71F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB50E4 mov eax, dword ptr fs:[00000030h]	4_2_34EB50E4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB50E4 mov ecx, dword ptr fs:[00000030h]	4_2_34EB50E4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov ecx, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov ecx, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov ecx, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov ecx, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA70C0 mov eax, dword ptr fs:[00000030h]	4_2_34EA70C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F650D9 mov eax, dword ptr fs:[00000030h]	4_2_34F650D9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB90DB mov eax, dword ptr fs:[00000030h]	4_2_34EB90DB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D0C0 mov eax, dword ptr fs:[00000030h]	4_2_34F0D0C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D0C0 mov eax, dword ptr fs:[00000030h]	4_2_34F0D0C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D08D mov eax, dword ptr fs:[00000030h]	4_2_34E8D08D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC909C mov eax, dword ptr fs:[00000030h]	4_2_34EC909C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1D080 mov eax, dword ptr fs:[00000030h]	4_2_34F1D080
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1D080 mov eax, dword ptr fs:[00000030h]	4_2_34F1D080
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD090 mov eax, dword ptr fs:[00000030h]	4_2_34EBD090
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBD090 mov eax, dword ptr fs:[00000030h]	4_2_34EBD090
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E95096 mov eax, dword ptr fs:[00000030h]	4_2_34E95096
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F0D070 mov ecx, dword ptr fs:[00000030h]	4_2_34F0D070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65060 mov eax, dword ptr fs:[00000030h]	4_2_34F65060
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov ecx, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1070 mov eax, dword ptr fs:[00000030h]	4_2_34EA1070
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1106E mov eax, dword ptr fs:[00000030h]	4_2_34F1106E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3705E mov ebx, dword ptr fs:[00000030h]	4_2_34F3705E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3705E mov eax, dword ptr fs:[00000030h]	4_2_34F3705E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB052 mov eax, dword ptr fs:[00000030h]	4_2_34EBB052
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5903E mov eax, dword ptr fs:[00000030h]	4_2_34F5903E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5903E mov eax, dword ptr fs:[00000030h]	4_2_34F5903E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5903E mov eax, dword ptr fs:[00000030h]	4_2_34F5903E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5903E mov eax, dword ptr fs:[00000030h]	4_2_34F5903E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB51EF mov eax, dword ptr fs:[00000030h]	4_2_34EB51EF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E951ED mov eax, dword ptr fs:[00000030h]	4_2_34E951ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F371F9 mov esi, dword ptr fs:[00000030h]	4_2_34F371F9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECD1D0 mov eax, dword ptr fs:[00000030h]	4_2_34ECD1D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECD1D0 mov ecx, dword ptr fs:[00000030h]	4_2_34ECD1D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F651CB mov eax, dword ptr fs:[00000030h]	4_2_34F651CB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F411A4 mov eax, dword ptr fs:[00000030h]	4_2_34F411A4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F411A4 mov eax, dword ptr fs:[00000030h]	4_2_34F411A4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F411A4 mov eax, dword ptr fs:[00000030h]	4_2_34F411A4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F411A4 mov eax, dword ptr fs:[00000030h]	4_2_34F411A4
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EAB1B0 mov eax, dword ptr fs:[00000030h]	4_2_34EAB1B0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F45180 mov eax, dword ptr fs:[00000030h]	4_2_34F45180
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F45180 mov eax, dword ptr fs:[00000030h]	4_2_34F45180
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE7190 mov eax, dword ptr fs:[00000030h]	4_2_34EE7190
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F29179 mov eax, dword ptr fs:[00000030h]	4_2_34F29179
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8F172 mov eax, dword ptr fs:[00000030h]	4_2_34E8F172
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89148 mov eax, dword ptr fs:[00000030h]	4_2_34E89148
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89148 mov eax, dword ptr fs:[00000030h]	4_2_34E89148
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89148 mov eax, dword ptr fs:[00000030h]	4_2_34E89148
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89148 mov eax, dword ptr fs:[00000030h]	4_2_34E89148
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65152 mov eax, dword ptr fs:[00000030h]	4_2_34F65152
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F23140 mov eax, dword ptr fs:[00000030h]	4_2_34F23140
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F23140 mov eax, dword ptr fs:[00000030h]	4_2_34F23140
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F23140 mov eax, dword ptr fs:[00000030h]	4_2_34F23140
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E97152 mov eax, dword ptr fs:[00000030h]	4_2_34E97152
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91131 mov eax, dword ptr fs:[00000030h]	4_2_34E91131
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E91131 mov eax, dword ptr fs:[00000030h]	4_2_34E91131
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B136 mov eax, dword ptr fs:[00000030h]	4_2_34E8B136
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B136 mov eax, dword ptr fs:[00000030h]	4_2_34E8B136
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B136 mov eax, dword ptr fs:[00000030h]	4_2_34E8B136
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B136 mov eax, dword ptr fs:[00000030h]	4_2_34E8B136
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B2F0 mov eax, dword ptr fs:[00000030h]	4_2_34F3B2F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3B2F0 mov eax, dword ptr fs:[00000030h]	4_2_34F3B2F0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F2F8 mov eax, dword ptr fs:[00000030h]	4_2_34F4F2F8
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F652E2 mov eax, dword ptr fs:[00000030h]	4_2_34F652E2
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E892FF mov eax, dword ptr fs:[00000030h]	4_2_34E892FF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F412ED mov eax, dword ptr fs:[00000030h]	4_2_34F412ED
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBB2C0 mov eax, dword ptr fs:[00000030h]	4_2_34EBB2C0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E992C5 mov eax, dword ptr fs:[00000030h]	4_2_34E992C5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E992C5 mov eax, dword ptr fs:[00000030h]	4_2_34E992C5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B2D3 mov eax, dword ptr fs:[00000030h]	4_2_34E8B2D3
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B2D3 mov eax, dword ptr fs:[00000030h]	4_2_34E8B2D3
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8B2D3 mov eax, dword ptr fs:[00000030h]	4_2_34E8B2D3
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF2D0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF2D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF2D0 mov eax, dword ptr fs:[00000030h]	4_2_34EBF2D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA52A0 mov eax, dword ptr fs:[00000030h]	4_2_34EA52A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA52A0 mov eax, dword ptr fs:[00000030h]	4_2_34EA52A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA52A0 mov eax, dword ptr fs:[00000030h]	4_2_34EA52A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA52A0 mov eax, dword ptr fs:[00000030h]	4_2_34EA52A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F192BC mov eax, dword ptr fs:[00000030h]	4_2_34F192BC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F192BC mov eax, dword ptr fs:[00000030h]	4_2_34F192BC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F192BC mov ecx, dword ptr fs:[00000030h]	4_2_34F192BC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F192BC mov ecx, dword ptr fs:[00000030h]	4_2_34F192BC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F272A0 mov eax, dword ptr fs:[00000030h]	4_2_34F272A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F272A0 mov eax, dword ptr fs:[00000030h]	4_2_34F272A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F592A6 mov eax, dword ptr fs:[00000030h]	4_2_34F592A6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F592A6 mov eax, dword ptr fs:[00000030h]	4_2_34F592A6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F592A6 mov eax, dword ptr fs:[00000030h]	4_2_34F592A6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F592A6 mov eax, dword ptr fs:[00000030h]	4_2_34F592A6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC329E mov eax, dword ptr fs:[00000030h]	4_2_34EC329E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC329E mov eax, dword ptr fs:[00000030h]	4_2_34EC329E
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65283 mov eax, dword ptr fs:[00000030h]	4_2_34F65283
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED1270 mov eax, dword ptr fs:[00000030h]	4_2_34ED1270
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ED1270 mov eax, dword ptr fs:[00000030h]	4_2_34ED1270
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5D26B mov eax, dword ptr fs:[00000030h]	4_2_34F5D26B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5D26B mov eax, dword ptr fs:[00000030h]	4_2_34F5D26B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB9274 mov eax, dword ptr fs:[00000030h]	4_2_34EB9274
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC724D mov eax, dword ptr fs:[00000030h]	4_2_34EC724D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4B256 mov eax, dword ptr fs:[00000030h]	4_2_34F4B256
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4B256 mov eax, dword ptr fs:[00000030h]	4_2_34F4B256
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89240 mov eax, dword ptr fs:[00000030h]	4_2_34E89240
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89240 mov eax, dword ptr fs:[00000030h]	4_2_34E89240
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65227 mov eax, dword ptr fs:[00000030h]	4_2_34F65227
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC7208 mov eax, dword ptr fs:[00000030h]	4_2_34EC7208
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC7208 mov eax, dword ptr fs:[00000030h]	4_2_34EC7208
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F653FC mov eax, dword ptr fs:[00000030h]	4_2_34F653FC
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F3E6 mov eax, dword ptr fs:[00000030h]	4_2_34F4F3E6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4B3D0 mov ecx, dword ptr fs:[00000030h]	4_2_34F4B3D0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F313B9 mov eax, dword ptr fs:[00000030h]	4_2_34F313B9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F313B9 mov eax, dword ptr fs:[00000030h]	4_2_34F313B9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F313B9 mov eax, dword ptr fs:[00000030h]	4_2_34F313B9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC33A0 mov eax, dword ptr fs:[00000030h]	4_2_34EC33A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC33A0 mov eax, dword ptr fs:[00000030h]	4_2_34EC33A0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EB33A5 mov eax, dword ptr fs:[00000030h]	4_2_34EB33A5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6539D mov eax, dword ptr fs:[00000030h]	4_2_34F6539D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE739A mov eax, dword ptr fs:[00000030h]	4_2_34EE739A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EE739A mov eax, dword ptr fs:[00000030h]	4_2_34EE739A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F33370 mov eax, dword ptr fs:[00000030h]	4_2_34F33370
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4F367 mov eax, dword ptr fs:[00000030h]	4_2_34F4F367
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E97370 mov eax, dword ptr fs:[00000030h]	4_2_34E97370
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E97370 mov eax, dword ptr fs:[00000030h]	4_2_34E97370
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E97370 mov eax, dword ptr fs:[00000030h]	4_2_34E97370
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D34C mov eax, dword ptr fs:[00000030h]	4_2_34E8D34C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8D34C mov eax, dword ptr fs:[00000030h]	4_2_34E8D34C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F65341 mov eax, dword ptr fs:[00000030h]	4_2_34F65341
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89353 mov eax, dword ptr fs:[00000030h]	4_2_34E89353
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89353 mov eax, dword ptr fs:[00000030h]	4_2_34E89353
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBF32A mov eax, dword ptr fs:[00000030h]	4_2_34EBF32A
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87330 mov eax, dword ptr fs:[00000030h]	4_2_34E87330
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5132D mov eax, dword ptr fs:[00000030h]	4_2_34F5132D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5132D mov eax, dword ptr fs:[00000030h]	4_2_34F5132D
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1930B mov eax, dword ptr fs:[00000030h]	4_2_34F1930B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1930B mov eax, dword ptr fs:[00000030h]	4_2_34F1930B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1930B mov eax, dword ptr fs:[00000030h]	4_2_34F1930B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F31CF9 mov eax, dword ptr fs:[00000030h]	4_2_34F31CF9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F31CF9 mov eax, dword ptr fs:[00000030h]	4_2_34F31CF9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F31CF9 mov eax, dword ptr fs:[00000030h]	4_2_34F31CF9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F13CDB mov eax, dword ptr fs:[00000030h]	4_2_34F13CDB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F13CDB mov eax, dword ptr fs:[00000030h]	4_2_34F13CDB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F13CDB mov eax, dword ptr fs:[00000030h]	4_2_34F13CDB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC5CC0 mov eax, dword ptr fs:[00000030h]	4_2_34EC5CC0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC5CC0 mov eax, dword ptr fs:[00000030h]	4_2_34EC5CC0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FCDF mov eax, dword ptr fs:[00000030h]	4_2_34F3FCDF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FCDF mov eax, dword ptr fs:[00000030h]	4_2_34F3FCDF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FCDF mov eax, dword ptr fs:[00000030h]	4_2_34F3FCDF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1CC7 mov eax, dword ptr fs:[00000030h]	4_2_34EA1CC7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1CC7 mov eax, dword ptr fs:[00000030h]	4_2_34EA1CC7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87CD5 mov eax, dword ptr fs:[00000030h]	4_2_34E87CD5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87CD5 mov eax, dword ptr fs:[00000030h]	4_2_34E87CD5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87CD5 mov eax, dword ptr fs:[00000030h]	4_2_34E87CD5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87CD5 mov eax, dword ptr fs:[00000030h]	4_2_34E87CD5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87CD5 mov eax, dword ptr fs:[00000030h]	4_2_34E87CD5
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8DCA0 mov eax, dword ptr fs:[00000030h]	4_2_34E8DCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFCA0 mov ecx, dword ptr fs:[00000030h]	4_2_34EBFCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFCA0 mov eax, dword ptr fs:[00000030h]	4_2_34EBFCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFCA0 mov eax, dword ptr fs:[00000030h]	4_2_34EBFCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFCA0 mov eax, dword ptr fs:[00000030h]	4_2_34EBFCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EBFCA0 mov eax, dword ptr fs:[00000030h]	4_2_34EBFCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECBCA0 mov eax, dword ptr fs:[00000030h]	4_2_34ECBCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECBCA0 mov eax, dword ptr fs:[00000030h]	4_2_34ECBCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECBCA0 mov ecx, dword ptr fs:[00000030h]	4_2_34ECBCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECBCA0 mov eax, dword ptr fs:[00000030h]	4_2_34ECBCA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FCAB mov eax, dword ptr fs:[00000030h]	4_2_34F4FCAB
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93C84 mov eax, dword ptr fs:[00000030h]	4_2_34E93C84
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93C84 mov eax, dword ptr fs:[00000030h]	4_2_34E93C84
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93C84 mov eax, dword ptr fs:[00000030h]	4_2_34E93C84
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93C84 mov eax, dword ptr fs:[00000030h]	4_2_34E93C84
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EA1C60 mov eax, dword ptr fs:[00000030h]	4_2_34EA1C60
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC1C7C mov eax, dword ptr fs:[00000030h]	4_2_34EC1C7C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87C40 mov eax, dword ptr fs:[00000030h]	4_2_34E87C40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87C40 mov ecx, dword ptr fs:[00000030h]	4_2_34E87C40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87C40 mov eax, dword ptr fs:[00000030h]	4_2_34E87C40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E87C40 mov eax, dword ptr fs:[00000030h]	4_2_34E87C40
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4FC4F mov eax, dword ptr fs:[00000030h]	4_2_34F4FC4F
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F19C32 mov eax, dword ptr fs:[00000030h]	4_2_34F19C32
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F61C3C mov eax, dword ptr fs:[00000030h]	4_2_34F61C3C
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5DC27 mov eax, dword ptr fs:[00000030h]	4_2_34F5DC27
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5DC27 mov eax, dword ptr fs:[00000030h]	4_2_34F5DC27
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5DC27 mov eax, dword ptr fs:[00000030h]	4_2_34F5DC27
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34ECBC3B mov esi, dword ptr fs:[00000030h]	4_2_34ECBC3B
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1BC10 mov eax, dword ptr fs:[00000030h]	4_2_34F1BC10
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1BC10 mov eax, dword ptr fs:[00000030h]	4_2_34F1BC10
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1BC10 mov ecx, dword ptr fs:[00000030h]	4_2_34F1BC10
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6BC01 mov eax, dword ptr fs:[00000030h]	4_2_34F6BC01
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F6BC01 mov eax, dword ptr fs:[00000030h]	4_2_34F6BC01
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1DDC0 mov eax, dword ptr fs:[00000030h]	4_2_34F1DDC0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F4DDC7 mov eax, dword ptr fs:[00000030h]	4_2_34F4DDC7
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F5DDC6 mov eax, dword ptr fs:[00000030h]	4_2_34F5DDC6
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93DD0 mov eax, dword ptr fs:[00000030h]	4_2_34E93DD0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E93DD0 mov eax, dword ptr fs:[00000030h]	4_2_34E93DD0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E9FDA9 mov eax, dword ptr fs:[00000030h]	4_2_34E9FDA9
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F1DDB1 mov eax, dword ptr fs:[00000030h]	4_2_34F1DDB1
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EC9DAF mov eax, dword ptr fs:[00000030h]	4_2_34EC9DAF
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F25DA0 mov eax, dword ptr fs:[00000030h]	4_2_34F25DA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F25DA0 mov eax, dword ptr fs:[00000030h]	4_2_34F25DA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F25DA0 mov eax, dword ptr fs:[00000030h]	4_2_34F25DA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F25DA0 mov ecx, dword ptr fs:[00000030h]	4_2_34F25DA0
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EADDB1 mov eax, dword ptr fs:[00000030h]	4_2_34EADDB1
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EADDB1 mov eax, dword ptr fs:[00000030h]	4_2_34EADDB1
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34EADDB1 mov eax, dword ptr fs:[00000030h]	4_2_34EADDB1
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E8FD80 mov eax, dword ptr fs:[00000030h]	4_2_34E8FD80
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89D96 mov eax, dword ptr fs:[00000030h]	4_2_34E89D96
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89D96 mov eax, dword ptr fs:[00000030h]	4_2_34E89D96
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34E89D96 mov ecx, dword ptr fs:[00000030h]	4_2_34E89D96
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F49D70 mov eax, dword ptr fs:[00000030h]	4_2_34F49D70
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F49D70 mov eax, dword ptr fs:[00000030h]	4_2_34F49D70
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FD78 mov eax, dword ptr fs:[00000030h]	4_2_34F3FD78
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FD78 mov eax, dword ptr fs:[00000030h]	4_2_34F3FD78
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FD78 mov eax, dword ptr fs:[00000030h]	4_2_34F3FD78
Source: C:\Users\user\Desktop\Anfrage244384.exe	Code function: 4_2_34F3FD78 mov eax, dword ptr fs:[00000030h]	4_2_34F3FD78

Source: C:\Users\user\Desktop\Anfrage244384.exe

Process created: C:\Users\user\Desktop\Anfrage244384.exe "C:\Users\user\Desktop\Anfrage244384.exe"

Source: C:\Users\user\Desktop\Anfrage244384.exe

Code function: 0_2_00405DE5 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405DE5

Stealing of Sensitive Information

Source: Yara match

File source: 00000004.00000002.2357676631.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match

File source: 00000004.00000002.2357676631.0000000000060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	211 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	11 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Access Token Manipulation	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Anfrage244384.exe	32%	ReversingLabs	Win32.Trojan.Guloader
Anfrage244384.exe	100%	Avira	HEUR/AGEN.1361137

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsq755.tmp\System.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://familytherapycenter.rs/L	0%	Avira URL Cloud	safe
https://familytherapycenter.rs/	0%	Avira URL Cloud	safe
https://familytherapycenter.rs/rmANWge110.bin	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
familytherapycenter.rs	188.40.95.144	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://familytherapycenter.rs/rmANWge110.bin	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	Anfrage244384.exe, 00000004.00000001.1922306058.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	false		high
http://www.ftp.ftp://ftp.gopher.	Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp	false		high
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	Anfrage244384.exe, 00000004.00000001.1922306058.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	false		high
http://nsis.sf.net/NSIS_Error	Anfrage244384.exe	false		high
http://nsis.sf.net/NSIS_ErrorError	Anfrage244384.exe	false		high
https://familytherapycenter.rs/	Anfrage244384.exe, 00000004.00000002.2361009105.0000000004C13000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://familytherapycenter.rs/L	Anfrage244384.exe, 00000004.00000002.2361009105.0000000004C13000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	Anfrage244384.exe, 00000004.00000001.1922306058.0000000000649000.00000008.00000001.01000000.00000007.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.40.95.144	familytherapycenter.rs	Germany		24940	HETZNER-ASDE	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550563
Start date and time:	2024-11-06 20:40:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Anfrage244384.exe
Detection:	MAL
Classification:	mal84.troj.evad.winEXE@3/10@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 89% Number of executed functions: 47 Number of non-executed functions: 291
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Anfrage244384.exe

Simulations

Behavior and APIs

Time	Type	Description
14:42:02	API Interceptor	3x Sleep call for process: Anfrage244384.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
188.40.95.144	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
familytherapycenter.rs	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HETZNER-ASDE	https://me-qr.com/f/signaramadeerfield?hash=	Get hash	malicious	Unknown	Browse	49.12.126.78
	Payment Confirmation (237 KB).msg	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	159.69.48.31
	vhUjPXL0wV.exe	Get hash	malicious	AsyncRAT	Browse	91.107.210.50
	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	getscreen-868841125.exe	Get hash	malicious	Unknown	Browse	78.47.165.25
	getscreen-868841125.exe	Get hash	malicious	Unknown	Browse	78.47.165.25
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	FmmYUD4pt7.wsf	Get hash	malicious	Unknown	Browse	188.40.95.144
	rA01_278 Check list#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	188.40.95.144
	VZ7xFmeuPX.exe	Get hash	malicious	Unknown	Browse	188.40.95.144
	2ULrUoVwTx.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	2ULrUoVwTx.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	p7cCXP3hDz.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsq755.tmp\System.dll	Anfrage_244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	21st OCTOBER 2024 234876sdf ORDER_PDF.exe	Get hash	malicious	FormBook, GuLoader	Browse
	21st OCTOBER 2024 234876sdf ORDER_PDF.exe	Get hash	malicious	FormBook, GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsq755.tmp\System.dll

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.7711167426271945
Encrypted:	false
SSDEEP:	192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
MD5:	3F176D1EE13B0D7D6BD92E1C7A0B9BAE
SHA1:	FE582246792774C2C9DD15639FFA0ACA90D6FD0B
SHA-256:	FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
SHA-512:	0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Anfrage_244384.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: Anfrage24438.zip, Detection: malicious, Browse Filename: Anfrage24438.exe, Detection: malicious, Browse Filename: Anfrage24438.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: 21st OCTOBER 2024 234876sdf ORDER_PDF.exe, Detection: malicious, Browse Filename: 21st OCTOBER 2024 234876sdf ORDER_PDF.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\secretaryships\Directionless.Bro

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	277033
Entropy (8bit):	7.782355189986513
Encrypted:	false
SSDEEP:	3072:ytWxv7/0J4n/D/l6vHIN47V1bgsNhtyyRB367YYxtUurNRqr5kl+WhbkPknsWmrK:pR/06n/Fs8UlFIVNcW+W6ms4h895cL
MD5:	78F99B2860C20AB074E6127DE24B909A
SHA1:	0A3670E16770DC770353B15BDF592AE0A339701E
SHA-256:	90B7191F16A8D9BEA6975C7893328EF03EDEA95EB8AB2BFEC8824D2616F0316F
SHA-512:	EA08CF813FF839768DB72856E95AB852170F6C4837F026B070CAFC86CB1ACF28627EBF963F3FED0796C630B01AD1309CABD1299986FA1EEF081C8AD8EA4F0FE3
Malicious:	false
Reputation:	low
Preview:	.......QQQ......b......c..................................................\|.....UU......................v..sss.,,,..ff..................!!!!.....KKKK..Q.......)......RRR...........;.....333....................w.+................aa............aa..............****..................\|\|.........~..{{{{{.eeeee.j....lll./..........(...........\.........\\\\\\....22.dd....................................................!!!!.K..................................#.2.p..cc.N.8.m...........1.....Y.%..rr.................................//......................XX.'''....AAA.E.P.H..................................s......}.........................................Y......nn.UUUUUU...??..................EE..................!......xxx...U..%%%%%...(.......[[[.....".D.....$.FFF.......rr.#.....................000000..E.............4......................................\\\.`......r...........&.......>>>>>>...............oo..................--.......................///...............+....MM..M..............O..

C:\Users\user\AppData\Roaming\secretaryships\Khami\anya.por

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	448073
Entropy (8bit):	1.2554221597008608
Encrypted:	false
SSDEEP:	1536:i9EUBeeNEu//hQg77ea6OP/B1p7to4APRUYZAkxe:qFZO5u/B1pBo510
MD5:	3AD8D5763CA124C7392D1F4F53D24F0E
SHA1:	17D48EF1AB8D52A31821A069C225D45201535899
SHA-256:	3965D74DBD296AA8E7524C773FE81FE63A78355145502153CB577E9CB136DDA0
SHA-512:	EE8BDE196A33297BFD4E51ED01E7D0178CF457497E822771D2BE3C58A97681AC52CD19A2BBBB71220F06F6D936A6AA67966295DF3C676104B9643F07CBE37EC8
Malicious:	false
Reputation:	low
Preview:	............y...k......... ....L..............................................................c....................d...........................p..............R.................................................5...............f.......{......................................................................................J...........@.................E....h...............0................M.................'..............................................-...............Z.........................{...............T............c.W..............n....................H...........................................\|...................................^...........w.................c...............................).....................................y.....<.......................................T........................................................3.....S..<.......?........................................1!......^.............................t................................................G........

C:\Users\user\AppData\Roaming\secretaryships\Khami\besiddertrang.gra

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	362911
Entropy (8bit):	1.2562704713226092
Encrypted:	false
SSDEEP:	768:uFKWW9YiDlIMhmjVacve6tEvHBLNB3tQsrTpPH8mZLAUFwsahGF48hDpWRcKthwz:u5W9yMJLNbJ1CbFV3Gd6Ie48dPs
MD5:	8AB9852274FA64E09B5711A2E7D94AAB
SHA1:	2C39272B969040B4C185EE4A69A5F04FD1F7C0DB
SHA-256:	FCD149788A3530E5E2CF5E17A09B1DE51EB67B51F3E8941E7091F88B610373F1
SHA-512:	6761208A22E8D93D70465E6DD9CF1B53826AA6BF0418DCCB0A6E5816A183790A61AD67EDCF52D21366975014701107563CE47A0465CEE801300493AEB566CC69
Malicious:	false
Reputation:	low
Preview:	....-......................................................................?d..........\.a.....................................8...............x...........e...................................)...............+..............................................i...................................................................................................................4......j................................................................................"......................................Z.....%...................................................................................................F............................................................................g...............................E./.....................................................................................Y........#.......F.......n.M.........................................................................................................................W..................................................

C:\Users\user\AppData\Roaming\secretaryships\Khami\darbyite.txt

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	497
Entropy (8bit):	4.296439217688297
Encrypted:	false
SSDEEP:	12:kdESMQrs7ZnIyxrqlLIRF0+UAkN0lCGsMqejQlJ8:QjMfpIuqPAEsOi
MD5:	1560371431CEB91914AF5B9D0D307EE1
SHA1:	182B8979D4D0F9F26366653638A9C92FDAFF0D56
SHA-256:	72A2010CDB6ED407FCA17CDB181D5F01801F16040C2C9443BD7CB5032CDAAEF7
SHA-512:	865EF0F7636149A47043183583635C2A4306BF49565166760672B88F0F9DA89A529FE4166DFF496327304E56A8A460B8113E5F3D58601C0B8A3EFAABD792AF3D
Malicious:	false
Reputation:	low
Preview:	avenging piktogrammernes duecento korsedderkop skurvognsudlejningernes fnges ranaria..kavitet ubetalelige forhalingen passado nautically formaalsbestemmelsernes admiralsuniformers..franchot unimposing rimfire.bemba barsac unflaked skbnesvanger.tige backchats leveret viktualieforretningernes processal dignitas altica epoxyharpikset sergenter forureningsbegrnsedes..sforsvaret antiquating photomechanically enighedernes firepot megrez almon aeneus madrassen thrallborn denoteres slipup tvebakken..

C:\Users\user\AppData\Roaming\secretaryships\Khami\nilgedde.mes

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	Matlab v4 mat-file (little endian) Y, numeric, rows 0, columns 0
Category:	dropped
Size (bytes):	354845
Entropy (8bit):	1.2446363869824946
Encrypted:	false
SSDEEP:	768:E2oz5FNvncy2DZRau7W0sxOvPfSfpg5rWuWAAUIdde/FwPPMk/FOuyQv9biuPia6:opho02mYrKiKLFyJ1AIu2
MD5:	DF7A44909B03AB5BC45910B405D9977A
SHA1:	3D0583A7DFB39E559827189E02123F2C983A21D5
SHA-256:	5A3B61A0BC8E81E756374D2A9FF5087FA4496543A635738ACA8911E95D6340D9
SHA-512:	C2B4E951A185FC3FB75109B5CAA554431C1517588D04B8F2BA865F75BE448A0448364BCB84253C9B44579078787DDA616F33666C0C1BF902EC644EBC9A6FE621
Malicious:	false
Reputation:	low
Preview:	..................%.Y.............................[......................z...........................................8.................{................b.......W..........................................#.........................................%....z..................7......................................x.i...+............................................................................8......................................................................................................................-..3..................................................................................\|............T...........................#...........\.....A.............................................7..........'.................... ...................].................J.J..........s................................g..............W........................................................................................................$...g..........................................................

C:\Users\user\AppData\Roaming\secretaryships\Khami\selefant.kri

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	298017
Entropy (8bit):	1.245520550165085
Encrypted:	false
SSDEEP:	768:nLoDoRi0SWvTrmnVqvh6dzfCaci65UhXqjMctTGA3QBgdRWqrw3q3LFPRvx7H155:DStBsLk6gsifeQIGA0iYRwvy8n
MD5:	B4C9FC75BAB8C9F006A7D9DDBC249F79
SHA1:	70D4047E7E3BB10CF237B82775C89A1D92700162
SHA-256:	1D84F9462C244A4500C213DF8DD79971B286392CA02BC536F5F6C3EEBC94E7E3
SHA-512:	2E2279CB3755AC5708ABB30E8342235B7F0A24223E3D6F4B2B21B62E59012A5126ADC1BD73D7B64E72634728DECCE7A049D3E6F5055F8D74E959BEE54EDBEA4C
Malicious:	false
Preview:	............................_..,...........................................................;...........................................................7...O..................'.........................................P.........L................@....................8....................v..................G.....h.............................................m..+b.....................................................m.......C.....................................i..........................................................................................,................................C..........a...........Y......,...........q....................................................................................................................................................................................................................p................S................L..........)..............................................kF........^........E.................................................

C:\Users\user\AppData\Roaming\secretaryships\Khami\speil.int

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	497497
Entropy (8bit):	1.2525295412969446
Encrypted:	false
SSDEEP:	1536:rbNZ/Rg8JCCgxT2eIgde/lBWTTBwGceukAdTYz91n6n:9NRg836IVLWHeGxKYQ
MD5:	F3F6C6E37EAB51D3B9B9C059C1EB874C
SHA1:	401E5740CCFBC1DA83BD9B426C11020C812986F2
SHA-256:	B5A607F50C65E41B2BFF7F852F27373177D326D9DFA1040E1C2B3AF62F757BAB
SHA-512:	060B328595ADAF9E85B390AA2AACEEFE4C6197294B7C45594798755C5E04BE1E2110F617B51E38D7DF423CD807FA81B30702CE2548563980B9CA195ECF2C11A7
Malicious:	false
Preview:	.........................................o................j........................................c..6......................................../....................................................m...............................r.D................................T.........................................................8....................x...................................................................!.....O....\................G.........................................G........n....."................:.........................................................................................................@.......<..................................................i.......k..............................................................................................................................=.........g.........................k.............A.......[........................)...........e................................b.............................................6.............

C:\Users\user\AppData\Roaming\secretaryships\Tingid.pig

Process:	C:\Users\user\Desktop\Anfrage244384.exe
File Type:	data
Category:	dropped
Size (bytes):	476422
Entropy (8bit):	1.2552031449987011
Encrypted:	false
SSDEEP:	1536:zGmPxn4XjZOVebnJjvYbTUBhGKcjnO/EeMHPm:Sm6zYVb849nH6
MD5:	F236A74F28F6F32F81F1347D9F129268
SHA1:	D5BE521661EE4BF3C186C3EAA0411DD5DF6F3EBA
SHA-256:	BEED12F00B12156FF9FA63595DE11A5C01493CF5F85488CB2E159CF1A8236778
SHA-512:	D6AD37DDF7B6B38B90F09186AC81C6A76F16F9A4613D6113F10D7B2A4F68129E570EFFC77A19B04F276277B7A569EBD5FD4A48D2E2E72CEA8CEE5A8F67CC5EF4
Malicious:	false
Preview:	.................................................................7...........................).....$....%..........................#.....M.....................................6.........N.........).......................................................................................a..............t..................................................T.........................................@...........................+..U...................A'..............L..................................................../.............2..............k.........................................................................................................&.............................................>...........................................................\|..........................?...............................&...................................n.q......}....................................E......................................................p........................................6..........

C:\Users\user\AppData\Roaming\secretaryships\epipactis.God