Windows Analysis Report
Anfrage_244384.exe

AI detected suspicious sample

Source: Yara match

File source: 00000005.00000002.2738186207.00000000342E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Anfrage_244384.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.8:50284 version: TLS 1.2

Source: Anfrage_244384.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Anfrage_244384.exe, 00000005.00000002.2738210193.00000000347DE000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2738210193.0000000034640000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364363349.00000000342E1000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2366829406.0000000034490000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Anfrage_244384.exe, Anfrage_244384.exe, 00000005.00000002.2738210193.00000000347DE000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2738210193.0000000034640000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364363349.00000000342E1000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2366829406.0000000034490000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405665
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_0040270B FindFirstFileA,	0_2_0040270B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_004060C7 FindFirstFileA,FindClose,	0_2_004060C7

Source: Joe Sandbox View

IP Address: 188.40.95.144 188.40.95.144

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:50284 -> 188.40.95.144:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:49705
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:50283

Source: global traffic

HTTP traffic detected: GET /LxuQG254.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /LxuQG254.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: familytherapycenter.rs

Source: Anfrage_244384.exe	String found in binary or memory: http://crl.apple.com/root.crl0
Source: Anfrage_244384.exe	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: Anfrage_244384.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Anfrage_244384.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Anfrage_244384.exe	String found in binary or memory: http://www.apple.com/appleca0
Source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: Anfrage_244384.exe, 00000005.00000001.1973135397.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: Anfrage_244384.exe, 00000005.00000001.1973135397.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: Anfrage_244384.exe, 00000005.00000002.2710632001.00000000045C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/
Source: Anfrage_244384.exe, 00000005.00000002.2710942583.00000000046B0000.00000004.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2710632001.00000000045C4000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2710632001.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/LxuQG254.bin
Source: Anfrage_244384.exe, 00000005.00000002.2710632001.00000000045C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/LxuQG254.bina
Source: Anfrage_244384.exe, 00000005.00000002.2710632001.0000000004588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://familytherapycenter.rs/LxuQG254.binv
Source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: Anfrage_244384.exe	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284

Source: unknown

HTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.8:50284 version: TLS 1.2

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_0040511A GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040511A

E-Banking Fraud

Found detection on Joe Sandbox Cloud Basic

Source: Yara match

File source: 00000005.00000002.2738186207.00000000342E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

System Summary

Source: Anfrage_244384.exe

Joe Sandbox Cloud Basic: Detection: malicious Score: 100 Threat Name: FormBook, GuLoader Analyzer: w10x64

Perma Link

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B35C0 NtCreateMutant,LdrInitializeThunk,	5_2_346B35C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2DF0 NtQuerySystemInformation,LdrInitializeThunk,	5_2_346B2DF0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B3010 NtOpenDirectoryObject,	5_2_346B3010
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B3090 NtSetValueKey,	5_2_346B3090
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B3D70 NtOpenThread,	5_2_346B3D70
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B3D10 NtOpenProcessToken,	5_2_346B3D10
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B39B0 NtGetContextThread,	5_2_346B39B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B4650 NtSuspendThread,	5_2_346B4650
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B4340 NtSetContextThread,	5_2_346B4340
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2C60 NtCreateKey,	5_2_346B2C60
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2C70 NtFreeVirtualMemory,	5_2_346B2C70
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2C00 NtQueryInformationProcess,	5_2_346B2C00
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2CF0 NtOpenProcess,	5_2_346B2CF0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2CC0 NtQueryVirtualMemory,	5_2_346B2CC0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2CA0 NtQueryInformationToken,	5_2_346B2CA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2D30 NtUnmapViewOfSection,	5_2_346B2D30
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2D00 NtSetInformationFile,	5_2_346B2D00
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2D10 NtMapViewOfSection,	5_2_346B2D10
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2DD0 NtDelayExecution,	5_2_346B2DD0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2DB0 NtEnumerateKey,	5_2_346B2DB0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2E30 NtWriteVirtualMemory,	5_2_346B2E30
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2EE0 NtQueueApcThread,	5_2_346B2EE0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2EA0 NtAdjustPrivilegesToken,	5_2_346B2EA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2E80 NtReadVirtualMemory,	5_2_346B2E80
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2F60 NtCreateProcessEx,	5_2_346B2F60
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2F30 NtCreateSection,	5_2_346B2F30
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2FE0 NtCreateFile,	5_2_346B2FE0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2FA0 NtQuerySection,	5_2_346B2FA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2FB0 NtResumeThread,	5_2_346B2FB0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2F90 NtProtectVirtualMemory,	5_2_346B2F90
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2AF0 NtWriteFile,	5_2_346B2AF0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2AD0 NtReadFile,	5_2_346B2AD0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2AB0 NtWaitForSingleObject,	5_2_346B2AB0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2B60 NtClose,	5_2_346B2B60
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2BE0 NtQueryValueKey,	5_2_346B2BE0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2BF0 NtAllocateVirtualMemory,	5_2_346B2BF0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2BA0 NtEnumerateValueKey,	5_2_346B2BA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B2B80 NtQueryInformationFile,	5_2_346B2B80

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_004031A3 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004031A3

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File created: C:\Windows\resources\soenderbro.ini

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_00404959	0_2_00404959
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_0040655F	0_2_0040655F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_00406D36	0_2_00406D36
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473F43F	5_2_3473F43F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34737571	5_2_34737571
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471D5B0	5_2_3471D5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347316CC	5_2_347316CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473F7B0	5_2_3473F7B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473F0E0	5_2_3473F0E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347370E9	5_2_347370E9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F0CC	5_2_3472F0CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B516C	5_2_346B516C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474B16B	5_2_3474B16B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468B1B0	5_2_3468B1B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346852A0	5_2_346852A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D34C	5_2_3466D34C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473132D	5_2_3473132D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C739A	5_2_346C739A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F9C32	5_2_346F9C32
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473FCF2	5_2_3473FCF2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34737D73	5_2_34737D73
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34731D5A	5_2_34731D5A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FDC0	5_2_3469FDC0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34689EB0	5_2_34689EB0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473FF09	5_2_3473FF09
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473FFB1	5_2_3473FFB1
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681F92	5_2_34681F92
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED800	5_2_346ED800
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346838E0	5_2_346838E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34689950	5_2_34689950
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B950	5_2_3469B950
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34715910	5_2_34715910
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F3A6C	5_2_346F3A6C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34737A46	5_2_34737A46
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473FA49	5_2_3473FA49
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472DAC6	5_2_3472DAC6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C5AA0	5_2_346C5AA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34721AA3	5_2_34721AA3
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471DAAC	5_2_3471DAAC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473FB76	5_2_3473FB76
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346BDBF9	5_2_346BDBF9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F5BF0	5_2_346F5BF0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FB80	5_2_3469FB80
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34732446	5_2_34732446
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34724420	5_2_34724420
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472E4F6	5_2_3472E4F6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34680535	5_2_34680535
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34740591	5_2_34740591
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469C6E0	5_2_3469C6E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34680770	5_2_34680770
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A4750	5_2_346A4750
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467C7C0	5_2_3467C7C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34712000	5_2_34712000
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34708158	5_2_34708158
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34670100	5_2_34670100
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471A118	5_2_3471A118
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347381CC	5_2_347381CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347401AA	5_2_347401AA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34720274	5_2_34720274
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347002C0	5_2_347002C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473A352	5_2_3473A352
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347403E6	5_2_347403E6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468E3F0	5_2_3468E3F0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34680C00	5_2_34680C00
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34670CF2	5_2_34670CF2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34720CB5	5_2_34720CB5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468AD00	5_2_3468AD00
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471CD1F	5_2_3471CD1F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467ADE0	5_2_3467ADE0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34698DBF	5_2_34698DBF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34680E59	5_2_34680E59
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473EE26	5_2_3473EE26
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473EEDB	5_2_3473EEDB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473CE93	5_2_3473CE93
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34692E90	5_2_34692E90
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F4F40	5_2_346F4F40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34722F30	5_2_34722F30
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C2F28	5_2_346C2F28
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A0F30	5_2_346A0F30
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468CFE0	5_2_3468CFE0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34672FC8	5_2_34672FC8
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FEFA0	5_2_346FEFA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468A840	5_2_3468A840
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34682840	5_2_34682840
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AE8F0	5_2_346AE8F0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346668B8	5_2_346668B8
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34696962	5_2_34696962
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346829A0	5_2_346829A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474A9A6	5_2_3474A9A6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467EA80	5_2_3467EA80
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473AB40	5_2_3473AB40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34736BD7	5_2_34736BD7

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: String function: 346EEA12 appears 81 times
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: String function: 3466B970 appears 280 times
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: String function: 346C7E54 appears 102 times
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: String function: 346B5130 appears 58 times
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: String function: 346FF290 appears 103 times

Source: Anfrage_244384.exe

Static PE information: invalid certificate

Source: Anfrage_244384.exe, 00000005.00000003.2364363349.0000000034404000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage_244384.exe
Source: Anfrage_244384.exe, 00000005.00000003.2366829406.00000000345BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage_244384.exe
Source: Anfrage_244384.exe, 00000005.00000002.2738210193.000000003476D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Anfrage_244384.exe

Source: Anfrage_244384.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal84.troj.evad.winEXE@3/10@1/1

Source: C:\Users\user\Desktop\Anfrage_244384.exe

0_2_004031A3

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_004043E6 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004043E6

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_004020CD CoCreateInstance,MultiByteToWideChar,

0_2_004020CD

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File created: C:\Users\user\AppData\Roaming\secretaryships

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File created: C:\Users\user\AppData\Local\Temp\nsx530B.tmp

Source: Anfrage_244384.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: Anfrage_244384.exe

ReversingLabs: Detection: 15%

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File read: C:\Users\user\Desktop\Anfrage_244384.exe

Source: unknown	Process created: C:\Users\user\Desktop\Anfrage_244384.exe "C:\Users\user\Desktop\Anfrage_244384.exe"
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Process created: C:\Users\user\Desktop\Anfrage_244384.exe "C:\Users\user\Desktop\Anfrage_244384.exe"
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Process created: C:\Users\user\Desktop\Anfrage_244384.exe "C:\Users\user\Desktop\Anfrage_244384.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Switches to a custom stack to bypass stack traces

Source: Anfrage_244384.exe

Static file information: File size 1240824 > 1048576

Source: Anfrage_244384.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: Anfrage_244384.exe, 00000005.00000002.2738210193.00000000347DE000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2738210193.0000000034640000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364363349.00000000342E1000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2366829406.0000000034490000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Anfrage_244384.exe, Anfrage_244384.exe, 00000005.00000002.2738210193.00000000347DE000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2738210193.0000000034640000.00000040.00001000.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364363349.00000000342E1000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2366829406.0000000034490000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.1980580817.00000000048C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_10002D20 push eax; ret		0_2_10002D4E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346709AD push ecx; mov dword ptr [esp], ecx		5_2_346709B6

Source: C:\Users\user\Desktop\Anfrage_244384.exe

File created: C:\Users\user\AppData\Local\Temp\nsd5416.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\Anfrage_244384.exe	API/Special instruction interceptor: Address: 4BD02F6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	API/Special instruction interceptor: Address: 38D02F6

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\Anfrage_244384.exe	RDTSC instruction interceptor: First address: 4B93731 second address: 4B93731 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD81CF5A41Bh 0x00000004 test bh, ah 0x00000006 cmp ebx, ecx 0x00000008 jc 00007FD81CF5A3F5h 0x0000000a test dl, bl 0x0000000c inc ebp 0x0000000d test edx, 1E38E0C7h 0x00000013 inc ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\Anfrage_244384.exe	RDTSC instruction interceptor: First address: 3893731 second address: 3893731 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD81C71B3DBh 0x00000004 test bh, ah 0x00000006 cmp ebx, ecx 0x00000008 jc 00007FD81C71B3B5h 0x0000000a test dl, bl 0x0000000c inc ebp 0x0000000d test edx, 1E38E0C7h 0x00000013 inc ebx 0x00000014 rdtsc

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 5_2_346ED1C0 rdtsc

5_2_346ED1C0

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd5416.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Anfrage_244384.exe

API coverage: 0.1 %

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405665
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_0040270B FindFirstFileA,	0_2_0040270B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 0_2_004060C7 FindFirstFileA,FindClose,	0_2_004060C7

Source: Anfrage_244384.exe, 00000005.00000003.2364916055.00000000045ED000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364734954.00000000045ED000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2710632001.0000000004588000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2710708625.00000000045ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Anfrage_244384.exe, 00000005.00000003.2364916055.00000000045ED000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000003.2364734954.00000000045ED000.00000004.00000020.00020000.00000000.sdmp, Anfrage_244384.exe, 00000005.00000002.2710708625.00000000045ED000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWoy

Source: C:\Users\user\Desktop\Anfrage_244384.exe	API call chain: ExitProcess graph end node			graph_0-3753
Source: C:\Users\user\Desktop\Anfrage_244384.exe	API call chain: ExitProcess graph end node			graph_0-3939

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 5_2_346ED1C0 rdtsc

5_2_346ED1C0

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 5_2_346B35C0 NtCreateMutant,LdrInitializeThunk,

5_2_346B35C0

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460 mov eax, dword ptr fs:[00000030h]	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460 mov eax, dword ptr fs:[00000030h]	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460 mov eax, dword ptr fs:[00000030h]	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460 mov eax, dword ptr fs:[00000030h]	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671460 mov eax, dword ptr fs:[00000030h]	5_2_34671460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F460 mov eax, dword ptr fs:[00000030h]	5_2_3468F460
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474547F mov eax, dword ptr fs:[00000030h]	5_2_3474547F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F453 mov eax, dword ptr fs:[00000030h]	5_2_3472F453
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B450 mov eax, dword ptr fs:[00000030h]	5_2_3471B450
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B450 mov eax, dword ptr fs:[00000030h]	5_2_3471B450
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B450 mov eax, dword ptr fs:[00000030h]	5_2_3471B450
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B450 mov eax, dword ptr fs:[00000030h]	5_2_3471B450
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B440 mov eax, dword ptr fs:[00000030h]	5_2_3467B440
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469340D mov eax, dword ptr fs:[00000030h]	5_2_3469340D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F7410 mov eax, dword ptr fs:[00000030h]	5_2_346F7410
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347194E0 mov eax, dword ptr fs:[00000030h]	5_2_347194E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347454DB mov eax, dword ptr fs:[00000030h]	5_2_347454DB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346674B0 mov eax, dword ptr fs:[00000030h]	5_2_346674B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346674B0 mov eax, dword ptr fs:[00000030h]	5_2_346674B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A34B0 mov eax, dword ptr fs:[00000030h]	5_2_346A34B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34679486 mov eax, dword ptr fs:[00000030h]	5_2_34679486
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34679486 mov eax, dword ptr fs:[00000030h]	5_2_34679486
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B480 mov eax, dword ptr fs:[00000030h]	5_2_3466B480
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B562 mov eax, dword ptr fs:[00000030h]	5_2_3466B562
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AB570 mov eax, dword ptr fs:[00000030h]	5_2_346AB570
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AB570 mov eax, dword ptr fs:[00000030h]	5_2_346AB570
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B550 mov eax, dword ptr fs:[00000030h]	5_2_3471B550
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B550 mov eax, dword ptr fs:[00000030h]	5_2_3471B550
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B550 mov eax, dword ptr fs:[00000030h]	5_2_3471B550
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745537 mov eax, dword ptr fs:[00000030h]	5_2_34745537
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D534 mov eax, dword ptr fs:[00000030h]	5_2_3467D534
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471F525 mov eax, dword ptr fs:[00000030h]	5_2_3471F525
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AD530 mov eax, dword ptr fs:[00000030h]	5_2_346AD530
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AD530 mov eax, dword ptr fs:[00000030h]	5_2_346AD530
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472B52F mov eax, dword ptr fs:[00000030h]	5_2_3472B52F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A7505 mov eax, dword ptr fs:[00000030h]	5_2_346A7505
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A7505 mov ecx, dword ptr fs:[00000030h]	5_2_346A7505
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915F4 mov eax, dword ptr fs:[00000030h]	5_2_346915F4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347435D7 mov eax, dword ptr fs:[00000030h]	5_2_347435D7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347435D7 mov eax, dword ptr fs:[00000030h]	5_2_347435D7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347435D7 mov eax, dword ptr fs:[00000030h]	5_2_347435D7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A55C0 mov eax, dword ptr fs:[00000030h]	5_2_346A55C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346995DA mov eax, dword ptr fs:[00000030h]	5_2_346995DA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347455C9 mov eax, dword ptr fs:[00000030h]	5_2_347455C9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED5D0 mov eax, dword ptr fs:[00000030h]	5_2_346ED5D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED5D0 mov ecx, dword ptr fs:[00000030h]	5_2_346ED5D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915A9 mov eax, dword ptr fs:[00000030h]	5_2_346915A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915A9 mov eax, dword ptr fs:[00000030h]	5_2_346915A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915A9 mov eax, dword ptr fs:[00000030h]	5_2_346915A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915A9 mov eax, dword ptr fs:[00000030h]	5_2_346915A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346915A9 mov eax, dword ptr fs:[00000030h]	5_2_346915A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3470D5B0 mov eax, dword ptr fs:[00000030h]	5_2_3470D5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3470D5B0 mov eax, dword ptr fs:[00000030h]	5_2_3470D5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347035BA mov eax, dword ptr fs:[00000030h]	5_2_347035BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347035BA mov eax, dword ptr fs:[00000030h]	5_2_347035BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347035BA mov eax, dword ptr fs:[00000030h]	5_2_347035BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347035BA mov eax, dword ptr fs:[00000030h]	5_2_347035BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F5BE mov eax, dword ptr fs:[00000030h]	5_2_3472F5BE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F5B0 mov eax, dword ptr fs:[00000030h]	5_2_3469F5B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466758F mov eax, dword ptr fs:[00000030h]	5_2_3466758F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466758F mov eax, dword ptr fs:[00000030h]	5_2_3466758F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466758F mov eax, dword ptr fs:[00000030h]	5_2_3466758F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FB594 mov eax, dword ptr fs:[00000030h]	5_2_346FB594
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FB594 mov eax, dword ptr fs:[00000030h]	5_2_346FB594
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A9660 mov eax, dword ptr fs:[00000030h]	5_2_346A9660
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A9660 mov eax, dword ptr fs:[00000030h]	5_2_346A9660
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3470D660 mov eax, dword ptr fs:[00000030h]	5_2_3470D660
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F626 mov eax, dword ptr fs:[00000030h]	5_2_3466F626
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745636 mov eax, dword ptr fs:[00000030h]	5_2_34745636
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AF603 mov eax, dword ptr fs:[00000030h]	5_2_346AF603
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A1607 mov eax, dword ptr fs:[00000030h]	5_2_346A1607
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673616 mov eax, dword ptr fs:[00000030h]	5_2_34673616
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673616 mov eax, dword ptr fs:[00000030h]	5_2_34673616
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472D6F0 mov eax, dword ptr fs:[00000030h]	5_2_3472D6F0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A36EF mov eax, dword ptr fs:[00000030h]	5_2_346A36EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469D6E0 mov eax, dword ptr fs:[00000030h]	5_2_3469D6E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469D6E0 mov eax, dword ptr fs:[00000030h]	5_2_3469D6E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347036EE mov eax, dword ptr fs:[00000030h]	5_2_347036EE
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A16CF mov eax, dword ptr fs:[00000030h]	5_2_346A16CF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467B6C0 mov eax, dword ptr fs:[00000030h]	5_2_3467B6C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F6C7 mov eax, dword ptr fs:[00000030h]	5_2_3472F6C7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347316CC mov eax, dword ptr fs:[00000030h]	5_2_347316CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347316CC mov eax, dword ptr fs:[00000030h]	5_2_347316CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347316CC mov eax, dword ptr fs:[00000030h]	5_2_347316CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347316CC mov eax, dword ptr fs:[00000030h]	5_2_347316CC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D6AA mov eax, dword ptr fs:[00000030h]	5_2_3466D6AA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D6AA mov eax, dword ptr fs:[00000030h]	5_2_3466D6AA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346676B2 mov eax, dword ptr fs:[00000030h]	5_2_346676B2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346676B2 mov eax, dword ptr fs:[00000030h]	5_2_346676B2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346676B2 mov eax, dword ptr fs:[00000030h]	5_2_346676B2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F368C mov eax, dword ptr fs:[00000030h]	5_2_346F368C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F368C mov eax, dword ptr fs:[00000030h]	5_2_346F368C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F368C mov eax, dword ptr fs:[00000030h]	5_2_346F368C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F368C mov eax, dword ptr fs:[00000030h]	5_2_346F368C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B765 mov eax, dword ptr fs:[00000030h]	5_2_3466B765
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B765 mov eax, dword ptr fs:[00000030h]	5_2_3466B765
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B765 mov eax, dword ptr fs:[00000030h]	5_2_3466B765
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B765 mov eax, dword ptr fs:[00000030h]	5_2_3466B765
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683740 mov eax, dword ptr fs:[00000030h]	5_2_34683740
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683740 mov eax, dword ptr fs:[00000030h]	5_2_34683740
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683740 mov eax, dword ptr fs:[00000030h]	5_2_34683740
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471375F mov eax, dword ptr fs:[00000030h]	5_2_3471375F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471375F mov eax, dword ptr fs:[00000030h]	5_2_3471375F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471375F mov eax, dword ptr fs:[00000030h]	5_2_3471375F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471375F mov eax, dword ptr fs:[00000030h]	5_2_3471375F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471375F mov eax, dword ptr fs:[00000030h]	5_2_3471375F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34743749 mov eax, dword ptr fs:[00000030h]	5_2_34743749
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673720 mov eax, dword ptr fs:[00000030h]	5_2_34673720
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474B73C mov eax, dword ptr fs:[00000030h]	5_2_3474B73C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474B73C mov eax, dword ptr fs:[00000030h]	5_2_3474B73C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474B73C mov eax, dword ptr fs:[00000030h]	5_2_3474B73C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474B73C mov eax, dword ptr fs:[00000030h]	5_2_3474B73C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F720 mov eax, dword ptr fs:[00000030h]	5_2_3468F720
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F720 mov eax, dword ptr fs:[00000030h]	5_2_3468F720
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468F720 mov eax, dword ptr fs:[00000030h]	5_2_3468F720
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669730 mov eax, dword ptr fs:[00000030h]	5_2_34669730
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669730 mov eax, dword ptr fs:[00000030h]	5_2_34669730
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473972B mov eax, dword ptr fs:[00000030h]	5_2_3473972B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F72E mov eax, dword ptr fs:[00000030h]	5_2_3472F72E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467973A mov eax, dword ptr fs:[00000030h]	5_2_3467973A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467973A mov eax, dword ptr fs:[00000030h]	5_2_3467973A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A5734 mov eax, dword ptr fs:[00000030h]	5_2_346A5734
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677703 mov eax, dword ptr fs:[00000030h]	5_2_34677703
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34675702 mov eax, dword ptr fs:[00000030h]	5_2_34675702
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34675702 mov eax, dword ptr fs:[00000030h]	5_2_34675702
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AF71F mov eax, dword ptr fs:[00000030h]	5_2_346AF71F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AF71F mov eax, dword ptr fs:[00000030h]	5_2_346AF71F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3467D7E0 mov ecx, dword ptr fs:[00000030h]	5_2_3467D7E0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346757C0 mov eax, dword ptr fs:[00000030h]	5_2_346757C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346757C0 mov eax, dword ptr fs:[00000030h]	5_2_346757C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346757C0 mov eax, dword ptr fs:[00000030h]	5_2_346757C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FF7AF mov eax, dword ptr fs:[00000030h]	5_2_346FF7AF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FF7AF mov eax, dword ptr fs:[00000030h]	5_2_346FF7AF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FF7AF mov eax, dword ptr fs:[00000030h]	5_2_346FF7AF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FF7AF mov eax, dword ptr fs:[00000030h]	5_2_346FF7AF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FF7AF mov eax, dword ptr fs:[00000030h]	5_2_346FF7AF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347437B6 mov eax, dword ptr fs:[00000030h]	5_2_347437B6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F97A9 mov eax, dword ptr fs:[00000030h]	5_2_346F97A9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469D7B0 mov eax, dword ptr fs:[00000030h]	5_2_3469D7B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F7BA mov eax, dword ptr fs:[00000030h]	5_2_3466F7BA
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F78A mov eax, dword ptr fs:[00000030h]	5_2_3472F78A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F106E mov eax, dword ptr fs:[00000030h]	5_2_346F106E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745060 mov eax, dword ptr fs:[00000030h]	5_2_34745060
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov ecx, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681070 mov eax, dword ptr fs:[00000030h]	5_2_34681070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED070 mov ecx, dword ptr fs:[00000030h]	5_2_346ED070
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471705E mov ebx, dword ptr fs:[00000030h]	5_2_3471705E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471705E mov eax, dword ptr fs:[00000030h]	5_2_3471705E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B052 mov eax, dword ptr fs:[00000030h]	5_2_3469B052
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473903E mov eax, dword ptr fs:[00000030h]	5_2_3473903E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473903E mov eax, dword ptr fs:[00000030h]	5_2_3473903E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473903E mov eax, dword ptr fs:[00000030h]	5_2_3473903E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473903E mov eax, dword ptr fs:[00000030h]	5_2_3473903E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346950E4 mov eax, dword ptr fs:[00000030h]	5_2_346950E4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346950E4 mov ecx, dword ptr fs:[00000030h]	5_2_346950E4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov ecx, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov ecx, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov ecx, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov ecx, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346870C0 mov eax, dword ptr fs:[00000030h]	5_2_346870C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347450D9 mov eax, dword ptr fs:[00000030h]	5_2_347450D9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED0C0 mov eax, dword ptr fs:[00000030h]	5_2_346ED0C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ED0C0 mov eax, dword ptr fs:[00000030h]	5_2_346ED0C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346990DB mov eax, dword ptr fs:[00000030h]	5_2_346990DB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D08D mov eax, dword ptr fs:[00000030h]	5_2_3466D08D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FD080 mov eax, dword ptr fs:[00000030h]	5_2_346FD080
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FD080 mov eax, dword ptr fs:[00000030h]	5_2_346FD080
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34675096 mov eax, dword ptr fs:[00000030h]	5_2_34675096
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A909C mov eax, dword ptr fs:[00000030h]	5_2_346A909C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469D090 mov eax, dword ptr fs:[00000030h]	5_2_3469D090
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469D090 mov eax, dword ptr fs:[00000030h]	5_2_3469D090
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34709179 mov eax, dword ptr fs:[00000030h]	5_2_34709179
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466F172 mov eax, dword ptr fs:[00000030h]	5_2_3466F172
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745152 mov eax, dword ptr fs:[00000030h]	5_2_34745152
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669148 mov eax, dword ptr fs:[00000030h]	5_2_34669148
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669148 mov eax, dword ptr fs:[00000030h]	5_2_34669148
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669148 mov eax, dword ptr fs:[00000030h]	5_2_34669148
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669148 mov eax, dword ptr fs:[00000030h]	5_2_34669148
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34703140 mov eax, dword ptr fs:[00000030h]	5_2_34703140
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34703140 mov eax, dword ptr fs:[00000030h]	5_2_34703140
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34703140 mov eax, dword ptr fs:[00000030h]	5_2_34703140
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677152 mov eax, dword ptr fs:[00000030h]	5_2_34677152
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B136 mov eax, dword ptr fs:[00000030h]	5_2_3466B136
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B136 mov eax, dword ptr fs:[00000030h]	5_2_3466B136
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B136 mov eax, dword ptr fs:[00000030h]	5_2_3466B136
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B136 mov eax, dword ptr fs:[00000030h]	5_2_3466B136
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671131 mov eax, dword ptr fs:[00000030h]	5_2_34671131
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34671131 mov eax, dword ptr fs:[00000030h]	5_2_34671131
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346951EF mov eax, dword ptr fs:[00000030h]	5_2_346951EF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347171F9 mov esi, dword ptr fs:[00000030h]	5_2_347171F9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346751ED mov eax, dword ptr fs:[00000030h]	5_2_346751ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AD1D0 mov eax, dword ptr fs:[00000030h]	5_2_346AD1D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346AD1D0 mov ecx, dword ptr fs:[00000030h]	5_2_346AD1D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347451CB mov eax, dword ptr fs:[00000030h]	5_2_347451CB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347211A4 mov eax, dword ptr fs:[00000030h]	5_2_347211A4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347211A4 mov eax, dword ptr fs:[00000030h]	5_2_347211A4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347211A4 mov eax, dword ptr fs:[00000030h]	5_2_347211A4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347211A4 mov eax, dword ptr fs:[00000030h]	5_2_347211A4
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3468B1B0 mov eax, dword ptr fs:[00000030h]	5_2_3468B1B0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34725180 mov eax, dword ptr fs:[00000030h]	5_2_34725180
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34725180 mov eax, dword ptr fs:[00000030h]	5_2_34725180
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C7190 mov eax, dword ptr fs:[00000030h]	5_2_346C7190
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473D26B mov eax, dword ptr fs:[00000030h]	5_2_3473D26B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473D26B mov eax, dword ptr fs:[00000030h]	5_2_3473D26B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B1270 mov eax, dword ptr fs:[00000030h]	5_2_346B1270
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346B1270 mov eax, dword ptr fs:[00000030h]	5_2_346B1270
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34699274 mov eax, dword ptr fs:[00000030h]	5_2_34699274
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472B256 mov eax, dword ptr fs:[00000030h]	5_2_3472B256
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472B256 mov eax, dword ptr fs:[00000030h]	5_2_3472B256
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669240 mov eax, dword ptr fs:[00000030h]	5_2_34669240
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669240 mov eax, dword ptr fs:[00000030h]	5_2_34669240
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A724D mov eax, dword ptr fs:[00000030h]	5_2_346A724D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FD250 mov ecx, dword ptr fs:[00000030h]	5_2_346FD250
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745227 mov eax, dword ptr fs:[00000030h]	5_2_34745227
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A7208 mov eax, dword ptr fs:[00000030h]	5_2_346A7208
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A7208 mov eax, dword ptr fs:[00000030h]	5_2_346A7208
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B2F0 mov eax, dword ptr fs:[00000030h]	5_2_3471B2F0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471B2F0 mov eax, dword ptr fs:[00000030h]	5_2_3471B2F0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F2F8 mov eax, dword ptr fs:[00000030h]	5_2_3472F2F8
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347452E2 mov eax, dword ptr fs:[00000030h]	5_2_347452E2
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346692FF mov eax, dword ptr fs:[00000030h]	5_2_346692FF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347212ED mov eax, dword ptr fs:[00000030h]	5_2_347212ED
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346792C5 mov eax, dword ptr fs:[00000030h]	5_2_346792C5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346792C5 mov eax, dword ptr fs:[00000030h]	5_2_346792C5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469B2C0 mov eax, dword ptr fs:[00000030h]	5_2_3469B2C0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B2D3 mov eax, dword ptr fs:[00000030h]	5_2_3466B2D3
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B2D3 mov eax, dword ptr fs:[00000030h]	5_2_3466B2D3
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466B2D3 mov eax, dword ptr fs:[00000030h]	5_2_3466B2D3
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F2D0 mov eax, dword ptr fs:[00000030h]	5_2_3469F2D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F2D0 mov eax, dword ptr fs:[00000030h]	5_2_3469F2D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346852A0 mov eax, dword ptr fs:[00000030h]	5_2_346852A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346852A0 mov eax, dword ptr fs:[00000030h]	5_2_346852A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346852A0 mov eax, dword ptr fs:[00000030h]	5_2_346852A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346852A0 mov eax, dword ptr fs:[00000030h]	5_2_346852A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347072A0 mov eax, dword ptr fs:[00000030h]	5_2_347072A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347072A0 mov eax, dword ptr fs:[00000030h]	5_2_347072A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F92BC mov eax, dword ptr fs:[00000030h]	5_2_346F92BC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F92BC mov eax, dword ptr fs:[00000030h]	5_2_346F92BC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F92BC mov ecx, dword ptr fs:[00000030h]	5_2_346F92BC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F92BC mov ecx, dword ptr fs:[00000030h]	5_2_346F92BC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347392A6 mov eax, dword ptr fs:[00000030h]	5_2_347392A6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347392A6 mov eax, dword ptr fs:[00000030h]	5_2_347392A6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347392A6 mov eax, dword ptr fs:[00000030h]	5_2_347392A6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347392A6 mov eax, dword ptr fs:[00000030h]	5_2_347392A6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A329E mov eax, dword ptr fs:[00000030h]	5_2_346A329E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A329E mov eax, dword ptr fs:[00000030h]	5_2_346A329E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745283 mov eax, dword ptr fs:[00000030h]	5_2_34745283
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34713370 mov eax, dword ptr fs:[00000030h]	5_2_34713370
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F367 mov eax, dword ptr fs:[00000030h]	5_2_3472F367
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677370 mov eax, dword ptr fs:[00000030h]	5_2_34677370
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677370 mov eax, dword ptr fs:[00000030h]	5_2_34677370
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677370 mov eax, dword ptr fs:[00000030h]	5_2_34677370
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D34C mov eax, dword ptr fs:[00000030h]	5_2_3466D34C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466D34C mov eax, dword ptr fs:[00000030h]	5_2_3466D34C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34745341 mov eax, dword ptr fs:[00000030h]	5_2_34745341
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669353 mov eax, dword ptr fs:[00000030h]	5_2_34669353
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34669353 mov eax, dword ptr fs:[00000030h]	5_2_34669353
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469F32A mov eax, dword ptr fs:[00000030h]	5_2_3469F32A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667330 mov eax, dword ptr fs:[00000030h]	5_2_34667330
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473132D mov eax, dword ptr fs:[00000030h]	5_2_3473132D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473132D mov eax, dword ptr fs:[00000030h]	5_2_3473132D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F930B mov eax, dword ptr fs:[00000030h]	5_2_346F930B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F930B mov eax, dword ptr fs:[00000030h]	5_2_346F930B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F930B mov eax, dword ptr fs:[00000030h]	5_2_346F930B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347453FC mov eax, dword ptr fs:[00000030h]	5_2_347453FC
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472F3E6 mov eax, dword ptr fs:[00000030h]	5_2_3472F3E6
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472B3D0 mov ecx, dword ptr fs:[00000030h]	5_2_3472B3D0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347113B9 mov eax, dword ptr fs:[00000030h]	5_2_347113B9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347113B9 mov eax, dword ptr fs:[00000030h]	5_2_347113B9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_347113B9 mov eax, dword ptr fs:[00000030h]	5_2_347113B9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A33A0 mov eax, dword ptr fs:[00000030h]	5_2_346A33A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A33A0 mov eax, dword ptr fs:[00000030h]	5_2_346A33A0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346933A5 mov eax, dword ptr fs:[00000030h]	5_2_346933A5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474539D mov eax, dword ptr fs:[00000030h]	5_2_3474539D
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C739A mov eax, dword ptr fs:[00000030h]	5_2_346C739A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346C739A mov eax, dword ptr fs:[00000030h]	5_2_346C739A
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681C60 mov eax, dword ptr fs:[00000030h]	5_2_34681C60
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A1C7C mov eax, dword ptr fs:[00000030h]	5_2_346A1C7C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667C40 mov eax, dword ptr fs:[00000030h]	5_2_34667C40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667C40 mov ecx, dword ptr fs:[00000030h]	5_2_34667C40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667C40 mov eax, dword ptr fs:[00000030h]	5_2_34667C40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667C40 mov eax, dword ptr fs:[00000030h]	5_2_34667C40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FC4F mov eax, dword ptr fs:[00000030h]	5_2_3472FC4F
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34741C3C mov eax, dword ptr fs:[00000030h]	5_2_34741C3C
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABC3B mov esi, dword ptr fs:[00000030h]	5_2_346ABC3B
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473DC27 mov eax, dword ptr fs:[00000030h]	5_2_3473DC27
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473DC27 mov eax, dword ptr fs:[00000030h]	5_2_3473DC27
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3473DC27 mov eax, dword ptr fs:[00000030h]	5_2_3473DC27
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F9C32 mov eax, dword ptr fs:[00000030h]	5_2_346F9C32
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474BC01 mov eax, dword ptr fs:[00000030h]	5_2_3474BC01
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3474BC01 mov eax, dword ptr fs:[00000030h]	5_2_3474BC01
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FBC10 mov eax, dword ptr fs:[00000030h]	5_2_346FBC10
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FBC10 mov eax, dword ptr fs:[00000030h]	5_2_346FBC10
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346FBC10 mov ecx, dword ptr fs:[00000030h]	5_2_346FBC10
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34711CF9 mov eax, dword ptr fs:[00000030h]	5_2_34711CF9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34711CF9 mov eax, dword ptr fs:[00000030h]	5_2_34711CF9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34711CF9 mov eax, dword ptr fs:[00000030h]	5_2_34711CF9
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A5CC0 mov eax, dword ptr fs:[00000030h]	5_2_346A5CC0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346A5CC0 mov eax, dword ptr fs:[00000030h]	5_2_346A5CC0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FCDF mov eax, dword ptr fs:[00000030h]	5_2_3471FCDF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FCDF mov eax, dword ptr fs:[00000030h]	5_2_3471FCDF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FCDF mov eax, dword ptr fs:[00000030h]	5_2_3471FCDF
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681CC7 mov eax, dword ptr fs:[00000030h]	5_2_34681CC7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34681CC7 mov eax, dword ptr fs:[00000030h]	5_2_34681CC7
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667CD5 mov eax, dword ptr fs:[00000030h]	5_2_34667CD5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667CD5 mov eax, dword ptr fs:[00000030h]	5_2_34667CD5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667CD5 mov eax, dword ptr fs:[00000030h]	5_2_34667CD5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667CD5 mov eax, dword ptr fs:[00000030h]	5_2_34667CD5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667CD5 mov eax, dword ptr fs:[00000030h]	5_2_34667CD5
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F3CDB mov eax, dword ptr fs:[00000030h]	5_2_346F3CDB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F3CDB mov eax, dword ptr fs:[00000030h]	5_2_346F3CDB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346F3CDB mov eax, dword ptr fs:[00000030h]	5_2_346F3CDB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3466DCA0 mov eax, dword ptr fs:[00000030h]	5_2_3466DCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FCA0 mov ecx, dword ptr fs:[00000030h]	5_2_3469FCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FCA0 mov eax, dword ptr fs:[00000030h]	5_2_3469FCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FCA0 mov eax, dword ptr fs:[00000030h]	5_2_3469FCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FCA0 mov eax, dword ptr fs:[00000030h]	5_2_3469FCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3469FCA0 mov eax, dword ptr fs:[00000030h]	5_2_3469FCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABCA0 mov eax, dword ptr fs:[00000030h]	5_2_346ABCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABCA0 mov eax, dword ptr fs:[00000030h]	5_2_346ABCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABCA0 mov ecx, dword ptr fs:[00000030h]	5_2_346ABCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABCA0 mov eax, dword ptr fs:[00000030h]	5_2_346ABCA0
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3472FCAB mov eax, dword ptr fs:[00000030h]	5_2_3472FCAB
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673C84 mov eax, dword ptr fs:[00000030h]	5_2_34673C84
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673C84 mov eax, dword ptr fs:[00000030h]	5_2_34673C84
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673C84 mov eax, dword ptr fs:[00000030h]	5_2_34673C84
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34673C84 mov eax, dword ptr fs:[00000030h]	5_2_34673C84
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34729D70 mov eax, dword ptr fs:[00000030h]	5_2_34729D70
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34729D70 mov eax, dword ptr fs:[00000030h]	5_2_34729D70
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FD78 mov eax, dword ptr fs:[00000030h]	5_2_3471FD78
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FD78 mov eax, dword ptr fs:[00000030h]	5_2_3471FD78
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FD78 mov eax, dword ptr fs:[00000030h]	5_2_3471FD78
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FD78 mov eax, dword ptr fs:[00000030h]	5_2_3471FD78
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_3471FD78 mov eax, dword ptr fs:[00000030h]	5_2_3471FD78
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677D75 mov eax, dword ptr fs:[00000030h]	5_2_34677D75
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34677D75 mov eax, dword ptr fs:[00000030h]	5_2_34677D75
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABD4E mov eax, dword ptr fs:[00000030h]	5_2_346ABD4E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_346ABD4E mov eax, dword ptr fs:[00000030h]	5_2_346ABD4E
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34667D41 mov eax, dword ptr fs:[00000030h]	5_2_34667D41
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov ecx, dword ptr fs:[00000030h]	5_2_34683D40
Source: C:\Users\user\Desktop\Anfrage_244384.exe	Code function: 5_2_34683D40 mov eax, dword ptr fs:[00000030h]	5_2_34683D40

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Process created: C:\Users\user\Desktop\Anfrage_244384.exe "C:\Users\user\Desktop\Anfrage_244384.exe"

Source: C:\Users\user\Desktop\Anfrage_244384.exe

Code function: 0_2_00405DE5 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405DE5

Stealing of Sensitive Information

Source: Yara match

File source: 00000005.00000002.2738186207.00000000342E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match

File source: 00000005.00000002.2738186207.00000000342E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	11 Process Injection	1 Access Token Manipulation	LSASS Memory	211 Security Software Discovery	Remote Desktop Protocol	1 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Process Injection	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Anfrage_244384.exe	16%	ReversingLabs	Win32.Trojan.InjectorX
Anfrage_244384.exe	100%	Avira	HEUR/AGEN.1361137

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsd5416.tmp\System.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://familytherapycenter.rs/LxuQG254.bina	0%	Avira URL Cloud	safe
https://familytherapycenter.rs/LxuQG254.bin	0%	Avira URL Cloud	safe
https://familytherapycenter.rs/LxuQG254.binv	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
familytherapycenter.rs	188.40.95.144	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://familytherapycenter.rs/LxuQG254.bin	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	Anfrage_244384.exe, 00000005.00000001.1973135397.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	false		high
http://www.ftp.ftp://ftp.gopher.	Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp	false		high
https://familytherapycenter.rs/LxuQG254.bina	Anfrage_244384.exe, 00000005.00000002.2710632001.00000000045C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	Anfrage_244384.exe, 00000005.00000001.1973135397.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	false		high
http://nsis.sf.net/NSIS_Error	Anfrage_244384.exe	false		high
http://nsis.sf.net/NSIS_ErrorError	Anfrage_244384.exe	false		high
https://familytherapycenter.rs/LxuQG254.binv	Anfrage_244384.exe, 00000005.00000002.2710632001.0000000004588000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://familytherapycenter.rs/	Anfrage_244384.exe, 00000005.00000002.2710632001.00000000045C4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	Anfrage_244384.exe, 00000005.00000001.1973135397.0000000000649000.00000020.00000001.01000000.00000007.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.40.95.144	familytherapycenter.rs	Germany		24940	HETZNER-ASDE	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1552316
Start date and time:	2024-11-08 16:04:50 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Anfrage_244384.exe
Detection:	MAL
Classification:	mal84.troj.evad.winEXE@3/10@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 88% Number of executed functions: 47 Number of non-executed functions: 288
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Anfrage_244384.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
188.40.95.144	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
familytherapycenter.rs	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HETZNER-ASDE	scripttodo.ps1	Get hash	malicious	Unknown	Browse	46.4.134.23
	scripttodo (3).ps1	Get hash	malicious	Unknown	Browse	46.4.134.23
	https://assets-fra.mkt.dynamics.com/899008e9-019b-ef11-8a66-6045bd6cbcf8/digitalassets/standaloneforms/eef8cd2b-b69d-ef11-a72c-000d3ae7186c	Get hash	malicious	Unknown	Browse	94.130.67.118
	AWB_NO_907853880911.exe	Get hash	malicious	FormBook	Browse	144.76.190.39
	https://login-zendesk-account.servz.com.pk	Get hash	malicious	HTMLPhisher	Browse	85.10.196.124
	https://login-zendesk-account.servz.com.pk	Get hash	malicious	HTMLPhisher	Browse	85.10.196.124
	https://login-zendesk-account.servz.com.pk	Get hash	malicious	HTMLPhisher	Browse	85.10.196.124
	https://google.com:login@login-zendesk-account.servz.com.pk/index.html	Get hash	malicious	HTMLPhisher	Browse	85.10.196.124
	ch89yHIa99.exe	Get hash	malicious	Ducktail	Browse	138.201.8.186

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	LkzvfB4VFj.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	gjbrNWQeg1.exe	Get hash	malicious	GuLoader	Browse	188.40.95.144
	kJyOzzBNim.exe	Get hash	malicious	GuLoader	Browse	188.40.95.144
	7DqFctwwsk.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.40.95.144
	6cUI1ZCp5E.exe	Get hash	malicious	GuLoader	Browse	188.40.95.144
	FcRCSylOMs.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	kChWJJNUHz.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.40.95.144
	Y725GT96z1.exe	Get hash	malicious	FormBook, GuLoader	Browse	188.40.95.144
	RAINBOW_ tlumaczenie dokumentow dostawy do CEBI PL_ 11.08.24.exe	Get hash	malicious	GuLoader, Remcos	Browse	188.40.95.144

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsd5416.tmp\System.dll	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage244384.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.zip	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Anfrage24438.exe	Get hash	malicious	FormBook, GuLoader	Browse
	5112024976.exe	Get hash	malicious	FormBook, GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nsd5416.tmp\System.dll

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.7711167426271945
Encrypted:	false
SSDEEP:	192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
MD5:	3F176D1EE13B0D7D6BD92E1C7A0B9BAE
SHA1:	FE582246792774C2C9DD15639FFA0ACA90D6FD0B
SHA-256:	FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
SHA-512:	0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Anfrage244384.exe, Detection: malicious, Browse Filename: Anfrage244384.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse Filename: Anfrage24438.zip, Detection: malicious, Browse Filename: Anfrage24438.exe, Detection: malicious, Browse Filename: Anfrage24438.exe, Detection: malicious, Browse Filename: 5112024976.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\secretaryships\Angoragedernes\nilgedde.mes

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	Matlab v4 mat-file (little endian) Y, numeric, rows 0, columns 0
Category:	dropped
Size (bytes):	354845
Entropy (8bit):	1.2446363869824946
Encrypted:	false
SSDEEP:	768:E2oz5FNvncy2DZRau7W0sxOvPfSfpg5rWuWAAUIdde/FwPPMk/FOuyQv9biuPia6:opho02mYrKiKLFyJ1AIu2
MD5:	DF7A44909B03AB5BC45910B405D9977A
SHA1:	3D0583A7DFB39E559827189E02123F2C983A21D5
SHA-256:	5A3B61A0BC8E81E756374D2A9FF5087FA4496543A635738ACA8911E95D6340D9
SHA-512:	C2B4E951A185FC3FB75109B5CAA554431C1517588D04B8F2BA865F75BE448A0448364BCB84253C9B44579078787DDA616F33666C0C1BF902EC644EBC9A6FE621
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	..................%.Y.............................[......................z...........................................8.................{................b.......W..........................................#.........................................%....z..................7......................................x.i...+............................................................................8......................................................................................................................-..3..................................................................................\|............T...........................#...........\.....A.............................................7..........'.................... ...................].................J.J..........s................................g..............W........................................................................................................$...g..........................................................

C:\Users\user\AppData\Roaming\secretaryships\Angoragedernes\selefant.kri

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	298017
Entropy (8bit):	1.245520550165085
Encrypted:	false
SSDEEP:	768:nLoDoRi0SWvTrmnVqvh6dzfCaci65UhXqjMctTGA3QBgdRWqrw3q3LFPRvx7H155:DStBsLk6gsifeQIGA0iYRwvy8n
MD5:	B4C9FC75BAB8C9F006A7D9DDBC249F79
SHA1:	70D4047E7E3BB10CF237B82775C89A1D92700162
SHA-256:	1D84F9462C244A4500C213DF8DD79971B286392CA02BC536F5F6C3EEBC94E7E3
SHA-512:	2E2279CB3755AC5708ABB30E8342235B7F0A24223E3D6F4B2B21B62E59012A5126ADC1BD73D7B64E72634728DECCE7A049D3E6F5055F8D74E959BEE54EDBEA4C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	............................_..,...........................................................;...........................................................7...O..................'.........................................P.........L................@....................8....................v..................G.....h.............................................m..+b.....................................................m.......C.....................................i..........................................................................................,................................C..........a...........Y......,...........q....................................................................................................................................................................................................................p................S................L..........)..............................................kF........^........E.................................................

C:\Users\user\AppData\Roaming\secretaryships\Angoragedernes\speil.int

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	497497
Entropy (8bit):	1.2525295412969446
Encrypted:	false
SSDEEP:	1536:rbNZ/Rg8JCCgxT2eIgde/lBWTTBwGceukAdTYz91n6n:9NRg836IVLWHeGxKYQ
MD5:	F3F6C6E37EAB51D3B9B9C059C1EB874C
SHA1:	401E5740CCFBC1DA83BD9B426C11020C812986F2
SHA-256:	B5A607F50C65E41B2BFF7F852F27373177D326D9DFA1040E1C2B3AF62F757BAB
SHA-512:	060B328595ADAF9E85B390AA2AACEEFE4C6197294B7C45594798755C5E04BE1E2110F617B51E38D7DF423CD807FA81B30702CE2548563980B9CA195ECF2C11A7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.........................................o................j........................................c..6......................................../....................................................m...............................r.D................................T.........................................................8....................x...................................................................!.....O....\................G.........................................G........n....."................:.........................................................................................................@.......<..................................................i.......k..............................................................................................................................=.........g.........................k.............A.......[........................)...........e................................b.............................................6.............

C:\Users\user\AppData\Roaming\secretaryships\Hemmeligt70.Bly

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	58676
Entropy (8bit):	4.585503260397429
Encrypted:	false
SSDEEP:	768:hUm9EMv+RHOORqqYH3VEwnRnXNcmhdmPJPU9FLd86+qWhTeFVk6t6MmaEEXrDH9S:Om9chszXJlVdmPJuTWcJ6+3O9Rh
MD5:	CED0BE5E2D0028EFD3F1249AC1126BA3
SHA1:	3902CD952EA81D8A7D9E0FC1F17972967DDD917D
SHA-256:	4B029ECD2CE2EB26D9686573D7D891E689A717672BB8F76903BC44EC43DA2955
SHA-512:	7F14E8FD856D1D1E2FD89C692685EB70C462BC1C202C4946CC1B0D27E59264278264C3C7EA72E63F9B9BA35C434FAAB305724827A4C8D63ADBE78D8C4E4759FD
Malicious:	false
Preview:	..ll..__.....\|.....VVVVVV.........b...........YY...33333333333.A.KK.---........].{{{{...KK.....T.....................rr...................333.............Q..5....................11.............'........................7...\|\|\|\|\|\|\|..............V.........j.E.......................}....///................''''.......y....>............YYYY...ff.<.....WWWW............................................................................H.....................qq..'''.~..Y.....................@.....mmm.....;..kkkk.......RRRRR...........zz.............UU.....7777...........jj....n...............9.p....,...........Z....s.;..............BBBBBBBB..>.Q.......W........CCCC.xxxx.....FFFF........)......,,.............:::..[[[........TTT.[........PPPP.........S............////.......................^............!..JJ.,.\\\.........ff.........._........ ......hh.................``......................kkkkkk..................................f.Z.........DDDD...z..................R.].;.......R...OO............

C:\Users\user\AppData\Roaming\secretaryships\Tingid.pig

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	476422
Entropy (8bit):	1.2552031449987011
Encrypted:	false
SSDEEP:	1536:zGmPxn4XjZOVebnJjvYbTUBhGKcjnO/EeMHPm:Sm6zYVb849nH6
MD5:	F236A74F28F6F32F81F1347D9F129268
SHA1:	D5BE521661EE4BF3C186C3EAA0411DD5DF6F3EBA
SHA-256:	BEED12F00B12156FF9FA63595DE11A5C01493CF5F85488CB2E159CF1A8236778
SHA-512:	D6AD37DDF7B6B38B90F09186AC81C6A76F16F9A4613D6113F10D7B2A4F68129E570EFFC77A19B04F276277B7A569EBD5FD4A48D2E2E72CEA8CEE5A8F67CC5EF4
Malicious:	false
Preview:	.................................................................7...........................).....$....%..........................#.....M.....................................6.........N.........).......................................................................................a..............t..................................................T.........................................@...........................+..U...................A'..............L..................................................../.............2..............k.........................................................................................................&.............................................>...........................................................\|..........................?...............................&...................................n.q......}....................................E......................................................p........................................6..........

C:\Users\user\AppData\Roaming\secretaryships\anya.por

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	448073
Entropy (8bit):	1.2554221597008608
Encrypted:	false
SSDEEP:	1536:i9EUBeeNEu//hQg77ea6OP/B1p7to4APRUYZAkxe:qFZO5u/B1pBo510
MD5:	3AD8D5763CA124C7392D1F4F53D24F0E
SHA1:	17D48EF1AB8D52A31821A069C225D45201535899
SHA-256:	3965D74DBD296AA8E7524C773FE81FE63A78355145502153CB577E9CB136DDA0
SHA-512:	EE8BDE196A33297BFD4E51ED01E7D0178CF457497E822771D2BE3C58A97681AC52CD19A2BBBB71220F06F6D936A6AA67966295DF3C676104B9643F07CBE37EC8
Malicious:	false
Preview:	............y...k......... ....L..............................................................c....................d...........................p..............R.................................................5...............f.......{......................................................................................J...........@.................E....h...............0................M.................'..............................................-...............Z.........................{...............T............c.W..............n....................H...........................................\|...................................^...........w.................c...............................).....................................y.....<.......................................T........................................................3.....S..<.......?........................................1!......^.............................t................................................G........

C:\Users\user\AppData\Roaming\secretaryships\besiddertrang.gra

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	data
Category:	dropped
Size (bytes):	362911
Entropy (8bit):	1.2562704713226092
Encrypted:	false
SSDEEP:	768:uFKWW9YiDlIMhmjVacve6tEvHBLNB3tQsrTpPH8mZLAUFwsahGF48hDpWRcKthwz:u5W9yMJLNbJ1CbFV3Gd6Ie48dPs
MD5:	8AB9852274FA64E09B5711A2E7D94AAB
SHA1:	2C39272B969040B4C185EE4A69A5F04FD1F7C0DB
SHA-256:	FCD149788A3530E5E2CF5E17A09B1DE51EB67B51F3E8941E7091F88B610373F1
SHA-512:	6761208A22E8D93D70465E6DD9CF1B53826AA6BF0418DCCB0A6E5816A183790A61AD67EDCF52D21366975014701107563CE47A0465CEE801300493AEB566CC69
Malicious:	false
Preview:	....-......................................................................?d..........\.a.....................................8...............x...........e...................................)...............+..............................................i...................................................................................................................4......j................................................................................"......................................Z.....%...................................................................................................F............................................................................g...............................E./.....................................................................................Y........#.......F.......n.M.........................................................................................................................W..................................................

C:\Users\user\AppData\Roaming\secretaryships\darbyite.txt

Process:	C:\Users\user\Desktop\Anfrage_244384.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	497
Entropy (8bit):	4.296439217688297
Encrypted:	false
SSDEEP:	12:kdESMQrs7ZnIyxrqlLIRF0+UAkN0lCGsMqejQlJ8:QjMfpIuqPAEsOi
MD5:	1560371431CEB91914AF5B9D0D307EE1
SHA1:	182B8979D4D0F9F26366653638A9C92FDAFF0D56
SHA-256:	72A2010CDB6ED407FCA17CDB181D5F01801F16040C2C9443BD7CB5032CDAAEF7
SHA-512:	865EF0F7636149A47043183583635C2A4306BF49565166760672B88F0F9DA89A529FE4166DFF496327304E56A8A460B8113E5F3D58601C0B8A3EFAABD792AF3D
Malicious:	false
Preview:	avenging piktogrammernes duecento korsedderkop skurvognsudlejningernes fnges ranaria..kavitet ubetalelige forhalingen passado nautically formaalsbestemmelsernes admiralsuniformers..franchot unimposing rimfire.bemba barsac unflaked skbnesvanger.tige backchats leveret viktualieforretningernes processal dignitas altica epoxyharpikset sergenter forureningsbegrnsedes..sforsvaret antiquating photomechanically enighedernes firepot megrez almon aeneus madrassen thrallborn denoteres slipup tvebakken..

C:\Users\user\AppData\Roaming\secretaryships\straffespark.Sek