Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe

Overview

General Information

Sample URL:https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe
Analysis ID:401517
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Startup

  • System is w10x64
  • cmd.exe (PID: 6392 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 6440 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • Tftpd64-4.64-setup.exe (PID: 7140 cmdline: 'C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe' MD5: 044CC568B52CE2E65EB82D3D3B7FFA2F)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for dropped fileShow sources
Source: C:\Program Files\Tftpd64\tftpd64.exeVirustotal: Detection: 8%Perma Link
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd64.exeJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd32.chmJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\EUPL-EN.pdfJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd32.iniJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\uninstall.exeJump to behavior
Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.128.89:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00405EC2 FindFirstFileA,FindClose,5_2_00405EC2
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00402671 FindFirstFileA,5_2_00402671
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,5_2_004054EC
Source: unknownDNS traffic detected: queries for: bitbucket.org
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt
Source: wget.exe, 00000002.00000002.339741494.00000000012B9000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crt0
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertBaltimoreCA-2G2.crtna
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl0:
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crlqg
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl
Source: wget.exe, 00000002.00000002.339741494.00000000012B9000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl
Source: wget.exe, 00000002.00000002.339741494.00000000012B9000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl0K
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.336864547.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: Tftpd64-4.64-setup.exe, Tftpd64-4.64-setup.exe, 00000005.00000000.343792672.0000000000409000.00000008.00020000.sdmp, uninstall.exe.5.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Tftpd64-4.64-setup.exe, 00000005.00000000.343792672.0000000000409000.00000008.00020000.sdmp, uninstall.exe.5.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com
Source: wget.exe, 00000002.00000002.339741494.00000000012B9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0R
Source: wget.exe, 00000002.00000002.339702945.000000000126C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comy
Source: tftpd64.exe.5.drString found in binary or memory: http://tftpd32.jounin.net
Source: wget.exe, 00000002.00000002.339741494.00000000012B9000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: https://aui-cdn.atlassian.com
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2e
Source: cmdline.out.2.drString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2e4d-
Source: wget.exe, 00000002.00000002.339757198.00000000013D0000.00000004.00000040.sdmp, cmdline.out.2.drString found in binary or memory: https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: https://d301sr5gafysq2.cloudfront.n
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpString found in binary or memory: https://d301sr5gafysq2.cloudfront.net;
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website;
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS
Source: wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPSWW
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.217.128.89:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_00404FF1
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,5_2_0040312A
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_004048025_2_00404802
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_004063545_2_00406354
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00406B2B5_2_00406B2B
Source: Tftpd64-4.64-setup.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: uninstall.exe.5.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: classification engineClassification label: mal48.win@5/12@2/2
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_004042C1 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,5_2_004042C1
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00402053 CoCreateInstance,MultiByteToWideChar,5_2_00402053
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Program Files\Tftpd64Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6408:120:WilError_01
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsk9E8A.tmpJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe'
Source: unknownProcess created: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe 'C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe'
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe' Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile written: C:\Program Files\Tftpd64\tftpd32.iniJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeAutomated click: Next >
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd64.exeJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd32.chmJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\EUPL-EN.pdfJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\tftpd32.iniJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDirectory created: C:\Program Files\Tftpd64\uninstall.exeJump to behavior
Source: tftpd64.exe.5.drStatic PE information: section name: _RDATA
Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Program Files\Tftpd64\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Program Files\Tftpd64\tftpd64.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Tftpd64.lnkJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Tftpd64 Settings.lnkJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDropped PE file which has not been started: C:\Program Files\Tftpd64\uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeDropped PE file which has not been started: C:\Program Files\Tftpd64\tftpd64.exeJump to dropped file
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeFile Volume queried: C:\Program Files FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00405EC2 FindFirstFileA,FindClose,5_2_00405EC2
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_00402671 FindFirstFileA,5_2_00402671
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,5_2_004054EC
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeAPI call chain: ExitProcess graph end nodegraph_5-3309
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeAPI call chain: ExitProcess graph end nodegraph_5-3311
Source: Tftpd64-4.64-setup.exe, 00000005.00000002.606518853.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: Tftpd64-4.64-setup.exe, 00000005.00000002.606518853.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: Tftpd64-4.64-setup.exe, 00000005.00000002.606518853.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
Source: Tftpd64-4.64-setup.exe, 00000005.00000002.606518853.0000000000DE0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exeCode function: 5_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,5_2_0040312A
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationRegistry Run Keys / Startup Folder1Process Injection2Masquerading3OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Virtualization/Sandbox Evasion1LSASS MemorySecurity Software Discovery11Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection2Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsFile and Directory Discovery3VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery15Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe1%VirustotalBrowse
https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Tftpd64\tftpd64.exe9%VirustotalBrowse
C:\Program Files\Tftpd64\tftpd64.exe11%MetadefenderBrowse
C:\Program Files\Tftpd64\tftpd64.exe7%ReversingLabs
C:\Program Files\Tftpd64\uninstall.exe0%MetadefenderBrowse
C:\Program Files\Tftpd64\uninstall.exe7%ReversingLabs
C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe5%MetadefenderBrowse
C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe10%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
5.0.Tftpd64-4.64-setup.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
5.2.Tftpd64-4.64-setup.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://d301sr5gafysq2.cloudfront.net;0%Avira URL Cloudsafe
https://d301sr5gafysq2.cloudfront.n0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bitbucket.org
104.192.141.1
truefalse
    		high
    s3-1-w.amazonaws.com
    		52.217.128.89
    		truefalse
      		high
      bbuseruploads.s3.amazonaws.com
      		unknown
      		unknownfalse
        		high

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exewget.exe, 00000002.00000002.339757198.00000000013D0000.00000004.00000040.sdmp, cmdline.out.2.drfalse
          		high
          https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2e4d-cmdline.out.2.drfalse
            		high
            https://d301sr5gafysq2.cloudfront.net;wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		low
            http://tftpd32.jounin.nettftpd64.exe.5.drfalse
              		high
              https://d301sr5gafysq2.cloudfront.nwget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://nsis.sf.net/NSIS_ErrorTftpd64-4.64-setup.exe, Tftpd64-4.64-setup.exe, 00000005.00000000.343792672.0000000000409000.00000008.00020000.sdmp, uninstall.exe.5.drfalse
                		high
                http://nsis.sf.net/NSIS_ErrorErrorTftpd64-4.64-setup.exe, 00000005.00000000.343792672.0000000000409000.00000008.00020000.sdmp, uninstall.exe.5.drfalse
                  		high
                  https://aui-cdn.atlassian.comwget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmp, wget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpfalse
                    		high
                    https://web-security-reports.services.atlassian.com/csp-report/bb-website;wget.exe, 00000002.00000003.336855620.000000000129F000.00000004.00000001.sdmpfalse
                      		high
                      https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2ewget.exe, 00000002.00000003.339327377.00000000012A8000.00000004.00000001.sdmpfalse
                        		high

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        104.192.141.1
                        		bitbucket.orgUnited States
                        		16509AMAZON-02USfalse
                        52.217.128.89
                        		s3-1-w.amazonaws.comUnited States
                        		16509AMAZON-02USfalse

                        General Information

                        Joe Sandbox Version:32.0.0 Black Diamond
                        Analysis ID:401517
                        Start date:30.04.2021
                        Start time:18:19:12
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 5m 43s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:urldownload.jbs
                        Sample URL:https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:26
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal48.win@5/12@2/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 100% (good quality ratio 97.4%)
                        • Quality average: 83.9%
                        • Quality standard deviation: 24.5%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        Warnings:
                        Show All
                        • Excluded IPs from analysis (whitelisted): 40.88.32.150, 168.61.161.212, 92.122.145.220, 205.185.216.10, 205.185.216.42, 20.82.210.154, 92.122.213.194, 92.122.213.247, 2.20.142.209, 2.20.142.210, 52.155.217.156, 52.254.96.93, 20.54.26.129, 184.30.24.56
                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, 2-01-3cf7-0009.cdx.cedexis.net, store-images.s-microsoft.com-c.edgekey.net, bn2eap.displaycatalog.md.mp.microsoft.com.akadns.net, wu-fg-shim.trafficmanager.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, consumerrp-displaycatalog-aks2eap-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, download.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dscg3.akamai.net, displaycatalog-uswesteap.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASN

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Program Files\Tftpd64\EUPL-EN.pdf
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:PDF document, version 1.4
                        Category:dropped
                        Size (bytes):34312
                        Entropy (8bit):7.865880855522421
                        Encrypted:false
                        SSDEEP:768:XWSMyoY3GnGTmerMqJoOunEg5ADW7+1DTsPVMAgjTLRzp/rFQ248gYT23:/93GXovsE+Anm+hJrZL23
                        MD5:254B5DDBC15269E72BA3A0508681A70C
                        SHA1:2263AE4C0B71BF7BE09707D8FFE1176807E8C69E
                        SHA-256:CD5D9E2A925D8DAA92D083FD8C1CEA48DF1BCFFFD857F4F93E2148FDDC5001EC
                        SHA-512:9BB5A4BF1B5167725E2126CE5152E3BE11B7288C743C0D7C71B98D0551E47BCE417B0B1C0A14FF523A7C90EC9D0B930A0879B31B22F10B0A068F635103FAF504
                        Malicious:false
                        Reputation:low
                        Preview: %PDF-1.4..%......1 0 obj..<</Type /Catalog /Pages 3 0 R /Metadata 38 0 R >>endobj....2 0 obj..<</Producer (GPL Ghostscript 8.54)/CreationDate (D:20090119165348+02'00')/ModDate (D:20090119165348)/Title (...e.u.p.l. .v. . .1. .1. .-. .E.N. .f.i.n.a.l)/Creator (...P.D.F.C.r.e.a.t.o.r. .V.e.r.s.i.o.n. .0...9...3)/Author (...e.k.a.m.a)/Keywords ()/Subject ()>>endobj....3 0 obj..<</Type /Pages /Kids [4 0 R 11 0 R 16 0 R 20 0 R 24 0 R 28 0 R 32 0 R ]/Count 7 /Rotate 0 >>endobj....4 0 obj..<</Type /Page /MediaBox [0 0 612 792 ]/Rotate 0 /Parent 3 0 R /Resources <</ProcSet [/PDF /Text ]/Font 10 0 R >>/Contents 5 0 R >>endobj....5 0 obj..<</Length 6 0 R /Filter /FlateDecode >>stream..x..\Ys...~.....1.FyJlU*)U....9..%..(..D.....Lcpu.....\.....F._..7. .f....'........'nP.....|.v......<(..^...<;1.e..Lz.X=..lN.l7.......9O...zs.2~-G5X._<.._N.AJX"/'E\N.q....9(YV|...i..C/)._.8.13......;.............n...B...^.WZN.....N.S5..Yy|.|i..t.'XVn._>X.,z.........&|.rN...._{...t../...2...<...z.
                        C:\Program Files\Tftpd64\tftpd32.chm
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:MS Windows HtmlHelp Data
                        Category:dropped
                        Size (bytes):364722
                        Entropy (8bit):7.965464243492042
                        Encrypted:false
                        SSDEEP:6144:jU06ChpcJshdgk7fEPOgZLrBOhw8B84J3pCARzcy7sbqtr2YhS60gTurOQrVm:z6EcJAe3POgBTO84Hpcy+qtr22SoT4xo
                        MD5:DE0095E371874836FB50CD3400D7B204
                        SHA1:8A1000443A71417C6233F277B87CA6585BEBCA2A
                        SHA-256:810A0F52703D051B30D5ECD219C72B0599964DE34D1C1912367271C87D4725BF
                        SHA-512:0BD27DCF930DF12D4FC2F29CAAE8809BE74D124946561D60A6FA0E8D775AB3BAF34DBDE2560BB483A348D769D39C79B9AF9666DAA6EB87770053736D1DF474DB
                        Malicious:false
                        Reputation:low
                        Preview: ITSF....`.........(@.......|.{.......".....|.{......."..`...............x.......T.......................................ITSP....T...........................................j..].!......."..T...............PMGL................./..../#IDXHDR...'.../#ITBITS..../#STRINGS...B.@./#SYSTEM..&.T./#TOPICS...'.p./#URLSTR...K.w./#URLTBL.....4./$FIftiMain..../$OBJINST...h.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...d../$WWKeywordLinks/..../$WWKeywordLinks/Property...`../address clipboard.jpg...z..]./dhcp port bound.jpg...5..W./drag and drop.GIF...x..../FAQ.html..e.../file clipboard.jpg...W..!./Getting Started.html..w.../Help Index.html..%.7./History.html..\..../Index.hhk....K./it_works.jpg...D..)./License.html...t..F./overview.html...:.E./Protocols Description.html......./Settings Entries.html...e.P./setup DHCP.html.....(./setup dhcp.jpg...m..../setup global.html.....)./setup global.jpg...l..../setup syslog.html...W.U./setup syslog.jpg...|..+./setup tftpd.html...,.../setup tftpd.jpg..
                        C:\Program Files\Tftpd64\tftpd32.ini
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):616
                        Entropy (8bit):5.1459656060648875
                        Encrypted:false
                        SSDEEP:12:5syEarNucIYlr7gFngXIHsxp0/m4EhEAFYD3CBTv:SyEydtr7gFngXIMxp6mpFYD30
                        MD5:C973075D00B0BF2D5C4CB18155AD92FB
                        SHA1:0B1D0A6C40DA12B81E6BAB942A6631F19E18F1FC
                        SHA-256:0C00CBDAE4E3F2F430CA803E2E08BB3CBBA4E83CF9024DBB64DA212B8034E60D
                        SHA-512:B987AA69A90FC14D0C4E7EBCD7DB6A3C9580F705CE6753104163017975B4E8A1F09C302123C83421943E33A591B509F8EDC398A00FE4932132D32C169DB34FC9
                        Malicious:false
                        Reputation:low
                        Preview: [DHCP]..Lease_NumLeases=0..[TFTPD32]..BaseDirectory=...TftpPort=69..Hide=0..WinSize=0..Negociate=1..PXECompatibility=0..DirText=0..ShowProgressBar=1..Timeout=3..MaxRetransmit=6..SecurityLevel=1..UnixStrings=1..Beep=0..VirtualRoot=0..MD5=0..LocalIP=..Services=15..TftpLogFile=..SaveSyslogFile=..PipeSyslogMsg=0..LowestUDPPort=0..HighestUDPPort=0..MulticastPort=0..MulticastAddress=..PersistantLeases=1..DHCP Ping=1..DHCP LocalIP=..Max Simultaneous Transfers=100..UseEventLog=0..Console Password=tftpd32..Support for port Option=0..UseEventLog=0..Keep transfer Gui=5..Ignore ack for last TFTP packet=0..Enable IPv6=0..
                        C:\Program Files\Tftpd64\tftpd64.exe
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):392704
                        Entropy (8bit):6.13463524328579
                        Encrypted:false
                        SSDEEP:3072:2UANSGQV9/2Q2ZE1nEDBRjDds0FmgMUIpipKfHEZji+jbqLvInpmU9tqx2sFnU59:QsqE1nEDPlTFmkpckZW8qbIZpsX9
                        MD5:3C1E3215ACC69F06F044802ED4695333
                        SHA1:EA34A6BAD04BC5A1FCB494668347CD302557F327
                        SHA-256:34DE53B43C32E3ED5231A57683103ACAD1AEBEEF08309CF8E770C27ACC90E4E7
                        SHA-512:82ED2EDBB7286AAC00B946F7F4C79E59079994FE8385E961ABD1291440FDF26E14C724943EAABEBB517E921ECE4B384B9D50905898D71F2EFAA427BE7082D2D0
                        Malicious:true
                        Antivirus:
                        • Antivirus: Virustotal, Detection: 9%, Browse
                        • Antivirus: Metadefender, Detection: 11%, Browse
                        • Antivirus: ReversingLabs, Detection: 7%
                        Reputation:low
                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........j`..j`..j`...d..j`...c..j`...e.4j`.2.e..j`.2.d..j`.2.c..j`.=.d..j`...a..j`..ja..k`.=.h..j`.=....j`..j...j`.=.b..j`.Rich.j`.................PE..d.....v\.........."............................@..................@.......................`.................................................X................p...%..............$... s..8...........................`s...............................................text............................... ..`.rdata..............................@..@.data............0..................@....pdata...%...p...&..................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................
                        C:\Program Files\Tftpd64\uninstall.exe
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):38385
                        Entropy (8bit):6.2288934788345305
                        Encrypted:false
                        SSDEEP:768:FaKoIAEPaXHQe5cDOnLT6OSKQGg1qtOqGVfmMk0D3/jIp3KlcEJRnYlCd8:UKJAES3bS2L6KbuVfmMk0DCwctlCd8
                        MD5:078DAF9669EF12A368F1AED5A21B1CD1
                        SHA1:FC4D9A58D42089D6E7C42F45B92D87F978958DEA
                        SHA-256:0A91E2FAB1DE979C8BD0816C5A709DEB7BDB80A198C9163D58A5CE377607FB9D
                        SHA-512:7A18DCF41E30278CC1348C51AD904F9024DD431C48FAA576484F8B189E53BCCFFADE0A94563D0BF76FB07A0CBDC6033DEC95EC8F1AD59C32518967B8D59DF30D
                        Malicious:false
                        Antivirus:
                        • Antivirus: Metadefender, Detection: 0%, Browse
                        • Antivirus: ReversingLabs, Detection: 7%
                        Reputation:low
                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@.........................................................................$u.......p...............................................................................p..|............................text...f^.......`.................. ..`.rdata.......p.......d..............@..@.data....]...........x..............@....ndata...................................rsrc........p.......~..............@..@................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Tftpd64 Settings.lnk
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 28 07:08:04 2013, mtime=Sat May 1 00:20:21 2021, atime=Thu Nov 28 07:08:04 2013, length=616, window=hide
                        Category:dropped
                        Size (bytes):873
                        Entropy (8bit):4.527405762311043
                        Encrypted:false
                        SSDEEP:12:8mH3i0YXxA1hAqjqRdpF4e/xV+lb3al9tKlhYjAYJ/bdp/lybdpU62RJ7RJHm:8mHWtrRd5JVab4k8AMdqdRS/1m
                        MD5:F095A6D1795D8FD8B930CB0480D4DA76
                        SHA1:0090BFBE8DB6163B19694FB8E81CEA4CF4503877
                        SHA-256:06BC702685988C304C3C19E204F05A42F98008AAEC0C7E5537E7815682A215A7
                        SHA-512:9F74AF431F00C16B6729AF8F6913C2B16CC9AFFDF859869520269567BBFB48865BDE84050FF7271F1028F1413901C2AB8C4F4DD8EE0DF66A12E80E72262F5F93
                        Malicious:false
                        Reputation:low
                        Preview: L..................F.... .............'(>..........h.......................s....P.O. .:i.....+00.../C:\.....................1......R....PROGRA~1..t......L..R......E...............J.......U.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1......R....Tftpd64.@......R...R.......S....................&.I.T.f.t.p.d.6.4.....b.2.h...|C.A .tftpd32.ini.H......|C.A.R.......V........................t.f.t.p.d.3.2...i.n.i.......S...............-.......R...........3..s.....C:\Program Files\Tftpd64\tftpd32.ini..<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.t.f.t.p.d.3.2...i.n.i...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.`.......X.......549163...........!a..%.H.VZAj...K...1........-$..!a..%.H.VZAj...K...1........-$.E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Tftpd64.lnk
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Feb 27 13:07:32 2019, mtime=Sat May 1 00:20:21 2021, atime=Wed Feb 27 13:07:32 2019, length=392704, window=hide
                        Category:dropped
                        Size (bytes):1735
                        Entropy (8bit):3.1692603227693086
                        Encrypted:false
                        SSDEEP:12:8FUt1i0YXxA1hAqjqRdpF4e/xV+lb3aAqnYjAYJybdplbdpDbdpXBRlpbdp12VmV:8FUmtrRd5JVaby8AtdndRdZfdL/S1m
                        MD5:CBE2E7FDCABBDFDC47084737CBBF3130
                        SHA1:FD9D862804ED8F30E31E231A48A89B100DDEBF90
                        SHA-256:3F77B3C5B35AADF69E607B775339ACB69816617C7798CF442A206CFCBAB809D2
                        SHA-512:58903AFEF917D097A76EF7BADD1057E2611946F50A52DF95982AFB1C35CE13DE88B4C2A6EF1E288D774F7D0E8156949238A82213F07437B670B17DCA66E60A38
                        Malicious:false
                        Reputation:low
                        Preview: L..................F.@.. ....j.......'(>...j.............................s....P.O. .:i.....+00.../C:\.....................1......R....PROGRA~1..t......L..R......E...............J.......U.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1......R....Tftpd64.@......R...R.......S....................&.I.T.f.t.p.d.6.4.....b.2.....[N.p .tftpd64.exe.H......[N.p.R.......V........................t.f.t.p.d.6.4...e.x.e.......S...............-.......R...........3..s.....C:\Program Files\Tftpd64\tftpd64.exe..<.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.t.f.t.p.d.6.4...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.T.f.t.p.d.6.4...e.x.e.........%SystemDrive%\Program Files\Tftpd64\Tftpd64.exe.......................................................................................................................................................................
                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tftpd64\Uninstall.lnk
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat May 1 00:20:21 2021, mtime=Sat May 1 00:20:21 2021, atime=Sat May 1 00:20:21 2021, length=38385, window=hide
                        Category:dropped
                        Size (bytes):1751
                        Entropy (8bit):3.249922589236249
                        Encrypted:false
                        SSDEEP:24:8gdNd5JVab9AC5L3UAi4diodK4diSNfdi6Gj1m:8gdNd1YAuLzHdiodDdiIdi7j1
                        MD5:EDFCCDEB068BEFB9ECA1F72EBD2B78AA
                        SHA1:A21C2BD085FFE3E48E1AF4D839C30E6913CF7614
                        SHA-256:1E690F80C915FC63C660CE93B7677247CFE1BECCEB45349769FA712D8C4977A4
                        SHA-512:81CA66B1F156BB387B0537F969E0AE0B6A39643C2B49E8CC94C4EC7626397D70C96C711243395439DD2C8DF3716CD70F545C5351BE8C7B822495FFFC1786848C
                        Malicious:false
                        Reputation:low
                        Preview: L..................F.@.. .....'(>....'(>....'(>.........................y....P.O. .:i.....+00.../C:\.....................1.....>Q.z..PROGRA~1..t......L..R......E...............J.....\...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1......R....Tftpd64.@......R...R.......S......................U.T.f.t.p.d.6.4.....h.2.....R.. .UNINST~1.EXE..L......R...R.......V....................&.I.u.n.i.n.s.t.a.l.l...e.x.e.......U...............-.......T...........3..s.....C:\Program Files\Tftpd64\uninstall.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.u.n.i.n.s.t.a.l.l...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.&.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.u.n.i.n.s.t.a.l.l...e.x.e.........%SystemDrive%\Program Files\Tftpd64\uninstall.exe.....................................................................................................................................................
                        C:\Users\user\Desktop\Tftpd64.lnk
                        Process:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Feb 27 13:07:32 2019, mtime=Sat May 1 00:20:21 2021, atime=Wed Feb 27 13:07:32 2019, length=392704, window=hide
                        Category:dropped
                        Size (bytes):1699
                        Entropy (8bit):3.1630838030467165
                        Encrypted:false
                        SSDEEP:12:8FUt1i0YXxA1hAqjqRdpF4e/xV+lb3aAqnYjAYJEbdplbdpDbdpXBRlpbdp12VmV:8FUmtrRd5JVaby8ALdndRdZfdL/S1m
                        MD5:C7B4833D2D3ABDB1AA5956B227937D15
                        SHA1:66EBB124D9028A68647EC480FB81E79E7A50656F
                        SHA-256:8EF7D2E3EBCC95DC92325F280FE707646DD9125047BD1B832047CD00AC9CB1F1
                        SHA-512:3F1C23AB7C0EB26E5C1AA6A6D5A0336D608789E618DB7E8C533F71590B5F5953F39BAE7D6210ED815DF0521EFEA97AEEF2B4B0F9E0B02BBB2EA9988EDA746FAD
                        Malicious:false
                        Reputation:low
                        Preview: L..................F.@.. ....j.......'(>...j.............................s....P.O. .:i.....+00.../C:\.....................1......R....PROGRA~1..t......L..R......E...............J.......U.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....V.1......R....Tftpd64.@......R...R.......S....................&.I.T.f.t.p.d.6.4.....b.2.....[N.p .tftpd64.exe.H......[N.p.R.......V........................t.f.t.p.d.6.4...e.x.e.......S...............-.......R...........3..s.....C:\Program Files\Tftpd64\tftpd64.exe..*.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.t.f.t.p.d.6.4...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.$.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.T.f.t.p.d.6.4.\.T.f.t.p.d.6.4...e.x.e.........%SystemDrive%\Program Files\Tftpd64\Tftpd64.exe...........................................................................................................................................................................................................
                        C:\Users\user\Desktop\cmdline.out
                        Process:C:\Windows\SysWOW64\wget.exe
                        File Type:ASCII text, with very long lines, with CRLF line terminators
                        Category:modified
                        Size (bytes):2573
                        Entropy (8bit):4.806534160380414
                        Encrypted:false
                        SSDEEP:48:pSC2RornMZvjSgQBpZvjSgQplH/Bw8n8jWB8f1:piRorKjSg03jSgwGVn1
                        MD5:D4A0F2EB65CFA22C8B5DFADC7F6D075D
                        SHA1:5F3DD69540829429153870614B78907326D862D3
                        SHA-256:7A21017EC7C6F3E4EBB36EAF785D4045BD20AE8C498460F8E3A0E21EF699B009
                        SHA-512:15E06488F14E97F998568753B259800B80360D9ADCFE45CFD66C98DADB1F595FB8AD443A75252192E1145E51F4C436E784EC70640AA276607D3E4FF5699F4D25
                        Malicious:false
                        Reputation:low
                        Preview: --2021-04-30 18:20:05-- https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe..Resolving bitbucket.org (bitbucket.org)... 104.192.141.1..Connecting to bitbucket.org (bitbucket.org)|104.192.141.1|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2e4d-4520-a318-860978b44567/Tftpd64-4.64-setup.exe?Signature=dbFRwgZEGFMfpOzlaK8pZA95Exw%3D&Expires=1619801325&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=ua5NnCEtNN47EdZckEbQYAj0o_XoI.Q5&response-content-disposition=attachment%3B%20filename%3D%22Tftpd64-4.64-setup.exe%22 [following]..--2021-04-30 18:20:06-- https://bbuseruploads.s3.amazonaws.com/0d2c3bf4-a97c-40b5-b347-2c7c47f5335d/downloads/17389c4c-2e4d-4520-a318-860978b44567/Tftpd64-4.64-setup.exe?Signature=dbFRwgZEGFMfpOzlaK8pZA95Exw%3D&Expires=1619801325&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=ua5NnCEtNN47EdZckEbQYAj0o_XoI.Q5&response-con
                        C:\Users\user\Desktop\download\.wget-hsts
                        Process:C:\Windows\SysWOW64\wget.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):172
                        Entropy (8bit):5.134475753724453
                        Encrypted:false
                        SSDEEP:3:SY2FyFARLlbwFAM9CxnOLVFzDwIVhyyJxWQ5RdkA8dysRwGvRoC0mP/9Mov:SYeRLlbA0noH9VhyyJQQ5oA8UsRj2mPn
                        MD5:CFF178297E558AE87261543E8988E774
                        SHA1:F4C5C6BC7C7A79FD74CDC135A5EE594FA45C82AA
                        SHA-256:B1C976DF9B12561A19E378BB017048F1E5BB376805796EF8FE906611965C52C8
                        SHA-512:401597C2D3BC40B673161BC715FF0EB6F5FB0E5DADA59431E0F0EEB5CE130CC3F9568E9EEF4D3310E375A460305913FF320996FFE7F347EBB221AFEAF051C09B
                        Malicious:false
                        Reputation:low
                        Preview: # HSTS 1.0 Known Hosts database for GNU Wget...# Edit at your own risk...# <hostname>.<port>.<incl. subdomains>.<created>.<max-age>..bitbucket.org.0.1.1619832006.31536000..
                        C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        Process:C:\Windows\SysWOW64\wget.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):648405
                        Entropy (8bit):7.978113945483615
                        Encrypted:false
                        SSDEEP:12288:slKyxovP4Jw+ULNC0IVfG5IAeKPOFwTM84qpcy+qtv2tSoTqLQby4q:sMyavP4Jhg7IWWFA4qphN28o+LQe4q
                        MD5:044CC568B52CE2E65EB82D3D3B7FFA2F
                        SHA1:E53DF45B9994F7D02B48B0E002D5E06F00535BC6
                        SHA-256:525A2EB43F2A4C702213723541335DC0391B42A01177E1FAF5873E0CB7540CE0
                        SHA-512:1EE71BA4BA71FAF0F1BC4FC4B3F5292FFEF6CFA19D08B169534260DAAF2BF99960DB364382039F45FB17E44295D9C2473A747779A21CB35375666C08AF3ED4BE
                        Malicious:true
                        Antivirus:
                        • Antivirus: Metadefender, Detection: 5%, Browse
                        • Antivirus: ReversingLabs, Detection: 10%
                        Reputation:low
                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@.........................................................................$u.......p...............................................................................p..|............................text...f^.......`.................. ..`.rdata.......p.......d..............@..@.data....]...........x..............@....ndata...................................rsrc........p.......~..............@..@................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        No static file info

                        Network Behavior

                        Snort IDS Alerts

                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                        04/30/21-18:20:02.185604ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.220585ICMP449ICMP Time-To-Live Exceeded in Transit84.17.52.126192.168.2.6
                        04/30/21-18:20:02.221291ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.256387ICMP449ICMP Time-To-Live Exceeded in Transit5.56.20.161192.168.2.6
                        04/30/21-18:20:02.256891ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.305062ICMP449ICMP Time-To-Live Exceeded in Transit81.95.2.138192.168.2.6
                        04/30/21-18:20:02.305493ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.356994ICMP449ICMP Time-To-Live Exceeded in Transit151.139.80.6192.168.2.6
                        04/30/21-18:20:02.360653ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.410402ICMP449ICMP Time-To-Live Exceeded in Transit151.139.80.13192.168.2.6
                        04/30/21-18:20:02.410871ICMP384ICMP PING192.168.2.6205.185.216.10
                        04/30/21-18:20:02.461101ICMP408ICMP Echo Reply205.185.216.10192.168.2.6

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Apr 30, 2021 18:20:06.633518934 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.675328970 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.675463915 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.679863930 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.722001076 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.854526043 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.854548931 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.854558945 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.854748964 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.858370066 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.880028009 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.880098104 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:06.901000977 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.990330935 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:06.993110895 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.033632040 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.191334963 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.191371918 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.191514969 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.220135927 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.220303059 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.274220943 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.406632900 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.406783104 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.409737110 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.542402983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.542438984 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.542467117 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.542491913 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.542510986 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.542526960 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.542566061 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.543801069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.543833017 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.543908119 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.544979095 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.573050976 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.573174000 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.679461956 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.679507971 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.679537058 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.679625988 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.681341887 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.793106079 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.793251038 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.861599922 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861629963 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861646891 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861669064 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861690998 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861709118 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861728907 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861741066 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.861749887 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861769915 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861788988 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861808062 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861813068 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.861830950 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.861846924 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.861874104 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.866058111 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.880712032 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.906513929 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.921184063 CEST44349711104.192.141.1192.168.2.6
                        Apr 30, 2021 18:20:07.921271086 CEST49711443192.168.2.6104.192.141.1
                        Apr 30, 2021 18:20:07.994360924 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994394064 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994414091 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994432926 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994455099 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994477034 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994497061 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994510889 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994528055 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994549036 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994549990 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994565010 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994587898 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994628906 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994631052 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994649887 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994668961 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994673014 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994688988 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994702101 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994708061 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994726896 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994745970 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994759083 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994765043 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994786978 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994806051 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994807959 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994836092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994839907 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994854927 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:07.994888067 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:07.994927883 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129334927 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129375935 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129411936 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129434109 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129436016 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129458904 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129477978 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129488945 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129501104 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129527092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129535913 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129549980 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129569054 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129573107 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129596949 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129618883 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129621029 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129640102 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129662037 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129662991 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129683018 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129708052 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129709959 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129733086 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129755020 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129755974 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129776955 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129797935 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129801035 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129822969 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129844904 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129846096 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129867077 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129889011 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129890919 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129915953 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129937887 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129939079 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129960060 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.129981041 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.129982948 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130006075 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130027056 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130029917 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130050898 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130075932 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130079031 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130100012 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130117893 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130120993 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130141973 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130162954 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130163908 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130183935 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130204916 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130206108 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130228043 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130250931 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130254984 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130279064 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130295992 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130300999 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130322933 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130338907 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130346060 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130377054 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130388021 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130398989 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130422115 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130443096 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.130451918 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.130490065 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264451027 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264492035 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264523983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264548063 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264570951 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264595032 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264607906 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264617920 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264631987 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264642954 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264667034 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264678001 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264689922 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264710903 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264712095 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264728069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264749050 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264750004 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264770985 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264781952 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264794111 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264816046 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264826059 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264847040 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264892101 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264900923 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264925957 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264947891 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264955997 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.264970064 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264996052 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.264997959 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265021086 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265044928 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265059948 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265068054 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265090942 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265100002 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265114069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265137911 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265145063 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265160084 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265182972 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265185118 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265208006 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265225887 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265230894 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265254021 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265275955 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265278101 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265300989 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265325069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265328884 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265347958 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265364885 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265371084 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265418053 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265418053 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265444040 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265469074 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265489101 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265491009 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265515089 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265532017 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265537024 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265559912 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265580893 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265585899 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265604019 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265623093 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.265630960 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265655041 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.265685081 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.318125963 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398273945 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398315907 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398335934 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398360968 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398382902 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398406029 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398427010 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398431063 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398447990 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398471117 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398493052 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398504972 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398514986 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398531914 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398538113 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398555040 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398561001 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398586035 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398588896 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398611069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398626089 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398633957 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398657084 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398678064 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398688078 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398700953 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398726940 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398742914 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398762941 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398787022 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398803949 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398804903 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398833036 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398833990 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398859024 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398883104 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398905993 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398906946 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398929119 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398943901 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398952007 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398974895 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.398983955 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.398998022 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399023056 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399029016 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399045944 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399069071 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399074078 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399091005 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399113894 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399115086 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399136066 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399158955 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399158955 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399180889 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399198055 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399208069 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399231911 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399249077 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399255037 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399279118 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399296999 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399302959 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399326086 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399344921 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.399348974 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399372101 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.399390936 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.443075895 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.450720072 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.505593061 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.531991005 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532018900 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532037973 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532059908 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532080889 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532099962 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532124043 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532129049 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532160997 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532181025 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532202005 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532207012 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532224894 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532237053 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532249928 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532268047 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532279968 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532295942 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532306910 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532326937 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532356024 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532358885 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532381058 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532402039 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532406092 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532433033 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532455921 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532460928 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532480001 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532500029 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532504082 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532526016 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532548904 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532551050 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532576084 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532599926 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532604933 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532627106 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532649040 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532651901 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532675028 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532696962 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532706976 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532728910 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532747984 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532771111 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532795906 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532819986 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532821894 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532845020 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532850027 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532867908 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532883883 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532893896 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532913923 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532932043 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532953978 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532960892 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.532972097 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.532988071 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.533009052 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.533036947 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.533041000 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.533061981 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.533080101 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.533107042 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.533133984 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.575740099 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.630610943 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.639710903 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665713072 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665746927 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665775061 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665793896 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.665797949 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665822983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665853977 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665863037 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.665875912 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665893078 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665908098 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665927887 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665950060 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.665971994 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666057110 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666071892 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666080952 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666105032 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666126966 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666142941 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666150093 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666172981 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666198015 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666217089 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666223049 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666248083 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666266918 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666275978 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666301012 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666316032 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666335106 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666361094 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666383982 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666397095 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666408062 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666435957 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666460991 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666471958 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666484118 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666508913 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666533947 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666543961 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666557074 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666579962 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666594982 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666603088 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666630030 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666651964 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666654110 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666677952 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666701078 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666723967 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666743994 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666747093 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666770935 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666794062 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666820049 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666830063 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.666845083 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666867971 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.666924000 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.708744049 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763235092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763267994 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763288975 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763307095 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763329983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763346910 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763351917 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763375998 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763394117 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763396978 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763453007 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763463020 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763484955 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763509035 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763528109 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763546944 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763551950 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763566971 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763573885 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763582945 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763600111 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763614893 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763616085 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763633966 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763655901 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763657093 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763678074 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763685942 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763703108 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763725996 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763727903 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763748884 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763768911 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763772011 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763796091 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763817072 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763829947 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763839960 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763855934 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763860941 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763895988 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.763910055 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763935089 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763957977 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763979912 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.763993025 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764003038 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764024019 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764029026 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764050961 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764075041 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764095068 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764096975 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764110088 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764126062 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764142036 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764149904 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764175892 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764213085 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764215946 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764241934 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764265060 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764286995 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764290094 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764308929 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764332056 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764337063 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764353991 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764375925 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764377117 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764400005 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764417887 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764419079 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764436007 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764458895 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.764471054 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.764611006 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.798517942 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798562050 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798609018 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798628092 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.798671961 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798724890 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798732996 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.798803091 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798846006 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798866034 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.798880100 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798923016 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.798934937 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.798969030 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799020052 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.799606085 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799644947 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799683094 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799706936 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.799737930 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799794912 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799798965 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.799849033 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799901009 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.799904108 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799959898 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.799999952 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800020933 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800039053 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800075054 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800092936 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800110102 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800159931 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800160885 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800221920 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800273895 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800278902 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800343037 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800395012 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800403118 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800455093 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800492048 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800515890 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800528049 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800568104 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800580978 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800621986 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800671101 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800683022 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800746918 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800801039 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800806999 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800847054 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800883055 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800904036 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.800919056 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800957918 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.800968885 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801031113 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801090956 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801105976 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801148891 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801191092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801206112 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801227093 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801273108 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801275015 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801331997 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801397085 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801426888 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801492929 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801547050 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801554918 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801584959 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801626921 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801641941 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801666975 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801702023 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801724911 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801737070 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801773071 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801783085 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801805973 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801841021 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801852942 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801883936 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801918983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.801933050 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.801954985 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.802000046 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.821830034 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.841550112 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.860656977 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.896462917 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896503925 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896574020 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.896675110 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896702051 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896724939 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896747112 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896747112 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.896770954 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896790981 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.896791935 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896814108 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896833897 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.896846056 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.896883011 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897181034 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897209883 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897233009 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897255898 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897277117 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897299051 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897373915 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897416115 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897440910 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897454023 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897464037 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897490025 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897491932 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897516012 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897522926 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897537947 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897559881 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897581100 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897584915 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897599936 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897618055 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897634983 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897650957 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897672892 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897687912 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897694111 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897718906 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897723913 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897742987 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897764921 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897787094 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897787094 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897809982 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897831917 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897839069 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897854090 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897867918 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897876978 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897902966 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897907972 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897926092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897945881 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897957087 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.897967100 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897989035 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.897991896 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.898010015 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898032904 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898046970 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.898056030 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898080111 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898087978 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.898103952 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898124933 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898133993 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.898145914 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898189068 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.898523092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.898968935 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.899930000 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931579113 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931607962 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931624889 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931641102 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931667089 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931684017 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931703091 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931721926 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931731939 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931751013 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931767941 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931792021 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931799889 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931808949 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931827068 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931843996 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931852102 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931860924 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931876898 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931879044 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931911945 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931930065 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931941032 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.931950092 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.931967020 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932003021 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932005882 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932022095 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932054996 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932111025 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932135105 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932154894 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932167053 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932178974 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932198048 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932210922 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932214975 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932231903 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932257891 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932274103 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932292938 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932293892 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932329893 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932343960 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932349920 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932372093 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932379007 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932396889 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932410002 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932420015 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932445049 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932463884 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932482004 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932502985 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932509899 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932518959 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932534933 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932538986 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932580948 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932637930 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932671070 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932693005 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932712078 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932744026 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932761908 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932784081 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932801008 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932813883 CEST4434971352.217.128.89192.168.2.6
                        Apr 30, 2021 18:20:08.932820082 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.932873011 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:08.934767962 CEST49713443192.168.2.652.217.128.89
                        Apr 30, 2021 18:20:09.504354000 CEST49713443192.168.2.652.217.128.89

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Apr 30, 2021 18:19:58.042047977 CEST5451353192.168.2.68.8.8.8
                        Apr 30, 2021 18:19:58.092384100 CEST53545138.8.8.8192.168.2.6
                        Apr 30, 2021 18:19:58.849200964 CEST6204453192.168.2.68.8.8.8
                        Apr 30, 2021 18:19:58.899096012 CEST53620448.8.8.8192.168.2.6
                        Apr 30, 2021 18:19:59.513087034 CEST6379153192.168.2.68.8.8.8
                        Apr 30, 2021 18:19:59.572611094 CEST53637918.8.8.8192.168.2.6
                        Apr 30, 2021 18:19:59.743933916 CEST6426753192.168.2.68.8.8.8
                        Apr 30, 2021 18:19:59.793296099 CEST53642678.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:00.640599012 CEST4944853192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:00.689508915 CEST53494488.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:01.492469072 CEST6034253192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:01.543960094 CEST53603428.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:02.133615017 CEST6134653192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:02.184557915 CEST53613468.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:02.633157015 CEST5177453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:02.681941986 CEST53517748.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:03.767236948 CEST5602353192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:03.815912962 CEST53560238.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:04.692224026 CEST5838453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:04.744694948 CEST53583848.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:06.175848007 CEST6026153192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:06.236305952 CEST53602618.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:06.563827038 CEST5606153192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:06.622735023 CEST53560618.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:07.072493076 CEST5833653192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:07.121118069 CEST53583368.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:07.210222960 CEST5378153192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:07.267581940 CEST53537818.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:07.984560966 CEST5406453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:08.035227060 CEST53540648.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:09.051702976 CEST5281153192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:09.103662014 CEST53528118.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:09.860764980 CEST5529953192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:09.913640022 CEST53552998.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:10.872627020 CEST6374553192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:10.921626091 CEST53637458.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:12.033530951 CEST5005553192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:12.082496881 CEST53500558.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:12.843164921 CEST6137453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:12.891961098 CEST53613748.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:13.863610029 CEST5033953192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:13.912511110 CEST53503398.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:34.164999008 CEST6330753192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:34.213651896 CEST53633078.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:39.120606899 CEST4969453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:39.179419994 CEST53496948.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:53.413853884 CEST5498253192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:53.472991943 CEST53549828.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:55.755631924 CEST5001053192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:55.884962082 CEST53500108.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:56.464293957 CEST6371853192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:56.584089041 CEST53637188.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:57.215049982 CEST6211653192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:57.343107939 CEST53621168.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:57.837466002 CEST6381653192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:57.908659935 CEST53638168.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:58.115330935 CEST5501453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:58.174782991 CEST53550148.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:58.980777025 CEST6220853192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:59.040884972 CEST53622088.8.8.8192.168.2.6
                        Apr 30, 2021 18:20:59.595702887 CEST5757453192.168.2.68.8.8.8
                        Apr 30, 2021 18:20:59.644575119 CEST53575748.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:00.893296957 CEST5181853192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:01.169003010 CEST53518188.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:03.273210049 CEST5662853192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:03.334933043 CEST53566288.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:04.141432047 CEST6077853192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:04.200443983 CEST53607788.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:04.639820099 CEST5379953192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:04.699635983 CEST53537998.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:11.276011944 CEST5468353192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:11.335813999 CEST53546838.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:35.381795883 CEST5932953192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:35.451894045 CEST53593298.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:43.065218925 CEST6402153192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:43.118138075 CEST53640218.8.8.8192.168.2.6
                        Apr 30, 2021 18:21:44.983540058 CEST5612953192.168.2.68.8.8.8
                        Apr 30, 2021 18:21:45.056149006 CEST53561298.8.8.8192.168.2.6

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                        Apr 30, 2021 18:20:06.563827038 CEST192.168.2.68.8.8.80x8cdeStandard query (0)bitbucket.orgA (IP address)IN (0x0001)
                        Apr 30, 2021 18:20:07.210222960 CEST192.168.2.68.8.8.80xe2cfStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                        Apr 30, 2021 18:20:06.622735023 CEST8.8.8.8192.168.2.60x8cdeNo error (0)bitbucket.org104.192.141.1A (IP address)IN (0x0001)
                        Apr 30, 2021 18:20:07.267581940 CEST8.8.8.8192.168.2.60xe2cfNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)
                        Apr 30, 2021 18:20:07.267581940 CEST8.8.8.8192.168.2.60xe2cfNo error (0)s3-1-w.amazonaws.com52.217.128.89A (IP address)IN (0x0001)

                        HTTPS Packets

                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                        Apr 30, 2021 18:20:06.854558945 CEST104.192.141.1443192.168.2.649711CN=bitbucket.org, OU=Bitbucket, O="Atlassian, Inc.", L=San Francisco, ST=California, C=US, SERIALNUMBER=3928449, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Mar 27 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013Mon May 23 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-35-22-23-13,29-23-25-24,0-1-2807fca46d9d0cf63adf4e5e80e414bbe
                        CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USTue Oct 22 14:00:00 CEST 2013Sun Oct 22 14:00:00 CEST 2028
                        Apr 30, 2021 18:20:07.542510986 CEST52.217.128.89443192.168.2.649713CN=*.s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 11 01:00:00 CET 2021 Tue Dec 08 13:05:07 CET 2015Sat Feb 12 00:59:59 CET 2022 Sat May 10 14:00:00 CEST 2025771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,0-11-10-35-22-23-13,29-23-25-24,0-1-2807fca46d9d0cf63adf4e5e80e414bbe
                        CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Dec 08 13:05:07 CET 2015Sat May 10 14:00:00 CEST 2025

                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: cmd.exe PID: 6392 Parent PID: 4756

                        General

                        Start time:18:20:03
                        Start date:30/04/2021
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe' > cmdline.out 2>&1
                        Imagebase:0x2a0000
                        File size:232960 bytes
                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Chronological Activities

                        Analysis Process: conhost.exe PID: 6408 Parent PID: 6392

                        General

                        Start time:18:20:04
                        Start date:30/04/2021
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff61de10000
                        File size:625664 bytes
                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Chronological Activities

                        Analysis Process: wget.exe PID: 6440 Parent PID: 6392

                        General

                        Start time:18:20:05
                        Start date:30/04/2021
                        Path:C:\Windows\SysWOW64\wget.exe
                        Wow64 process (32bit):true
                        Commandline:wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd64-4.64-setup.exe'
                        Imagebase:0x400000
                        File size:3895184 bytes
                        MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Chronological Activities

                        Analysis Process: Tftpd64-4.64-setup.exe PID: 7140 Parent PID: 5844

                        General

                        Start time:18:20:10
                        Start date:30/04/2021
                        Path:C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe
                        Wow64 process (32bit):true
                        Commandline:'C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe'
                        Imagebase:0x400000
                        File size:648405 bytes
                        MD5 hash:044CC568B52CE2E65EB82D3D3B7FFA2F
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 5%, Metadefender, Browse
                        • Detection: 10%, ReversingLabs
                        Reputation:low

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: Tftpd64-4.64-setup.exe PID: 7140 Parent PID: 5844 Tftpd64-4.64-setup.exeCOMMON

                          Execution Graph

                          Execution Coverage:30.7%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:22%
                          Total number of Nodes:1279
                          Total number of Limit Nodes:35

                          Graph

                          execution_graph 2843 4042c1 2844 4042ed 2843->2844 2845 4042fe 2843->2845 2932 40546c GetDlgItemTextA 2844->2932 2846 40430a GetDlgItem 2845->2846 2854 404376 2845->2854 2848 40431e 2846->2848 2852 404332 SetWindowTextA 2848->2852 2933 40574e CharNextA CharNextA 2848->2933 2849 40444d 2853 4045f7 2849->2853 2916 40546c GetDlgItemTextA 2849->2916 2850 4042f8 2851 405e29 5 API calls 2850->2851 2851->2845 2860 403e83 19 API calls 2852->2860 2856 403eea 8 API calls 2853->2856 2854->2849 2854->2853 2858 405be9 18 API calls 2854->2858 2861 40460b 2856->2861 2863 4043dd SHBrowseForFolderA 2858->2863 2859 40447d 2917 40579b 2859->2917 2865 40434e 2860->2865 2863->2849 2866 4043f5 CoTaskMemFree 2863->2866 2868 403e83 19 API calls 2865->2868 2870 4056ba 3 API calls 2866->2870 2871 40435c 2868->2871 2872 404402 2870->2872 2909 403eb8 SendMessageA 2871->2909 2875 404439 SetDlgItemTextA 2872->2875 2880 405be9 18 API calls 2872->2880 2875->2849 2876 40449a 2878 405f57 5 API calls 2876->2878 2877 404362 2910 405f57 GetModuleHandleA 2877->2910 2888 4044a1 2878->2888 2882 404421 lstrcmpiA 2880->2882 2882->2875 2885 404432 lstrcatA 2882->2885 2883 4044dd 2946 405bc7 lstrcpynA 2883->2946 2884 404371 SHAutoComplete 2884->2854 2885->2875 2886 4044b0 GetDiskFreeSpaceExA 2886->2888 2896 404535 2886->2896 2888->2883 2888->2886 2942 405701 lstrlenA 2888->2942 2889 4044e4 2890 40574e 4 API calls 2889->2890 2892 4044ea 2890->2892 2893 4044f0 2892->2893 2894 4044f3 GetDiskFreeSpaceA 2892->2894 2893->2894 2895 40450e MulDiv 2894->2895 2894->2896 2895->2896 2897 4045a6 2896->2897 2947 40473d 2896->2947 2898 4045c9 2897->2898 2900 40140b 2 API calls 2897->2900 2958 403ea5 KiUserCallbackDispatcher 2898->2958 2900->2898 2903 4045a8 SetDlgItemTextA 2903->2897 2904 404598 2950 404678 2904->2950 2905 4045e5 2905->2853 2907 4045f2 2905->2907 2959 404256 2907->2959 2909->2877 2911 405f73 2910->2911 2912 405f7d GetProcAddress 2910->2912 2962 405ee9 GetSystemDirectoryA 2911->2962 2914 404369 2912->2914 2914->2853 2914->2884 2915 405f79 2915->2912 2915->2914 2916->2859 2965 405bc7 lstrcpynA 2917->2965 2919 4057ac 2920 40574e 4 API calls 2919->2920 2921 4057b2 2920->2921 2922 404483 2921->2922 2923 405e29 5 API calls 2921->2923 2931 405bc7 lstrcpynA 2922->2931 2929 4057c2 2923->2929 2924 4057ed lstrlenA 2925 4057f8 2924->2925 2924->2929 2927 4056ba 3 API calls 2925->2927 2928 4057fd GetFileAttributesA 2927->2928 2928->2922 2929->2922 2929->2924 2930 405701 2 API calls 2929->2930 2966 405ec2 FindFirstFileA 2929->2966 2930->2924 2931->2876 2932->2850 2934 405768 2933->2934 2936 405774 2933->2936 2935 40576f CharNextA 2934->2935 2934->2936 2938 404328 2935->2938 2937 4056e5 CharNextA 2936->2937 2936->2938 2937->2936 2938->2852 2939 4056ba lstrlenA CharPrevA 2938->2939 2940 4056d4 lstrcatA 2939->2940 2941 4056df 2939->2941 2940->2941 2941->2852 2943 40570e 2942->2943 2944 405713 CharPrevA 2943->2944 2945 40571f 2943->2945 2944->2943 2944->2945 2945->2888 2946->2889 2948 404678 21 API calls 2947->2948 2949 404593 2948->2949 2949->2903 2949->2904 2951 40468e 2950->2951 2952 405be9 18 API calls 2951->2952 2953 4046f2 2952->2953 2954 405be9 18 API calls 2953->2954 2955 4046fd 2954->2955 2956 405be9 18 API calls 2955->2956 2957 404713 lstrlenA wsprintfA SetDlgItemTextA 2956->2957 2957->2897 2958->2905 2960 404264 2959->2960 2961 404269 SendMessageA 2959->2961 2960->2961 2961->2853 2963 405f0b wsprintfA LoadLibraryExA 2962->2963 2963->2915 2965->2919 2967 405ee3 2966->2967 2968 405ed8 FindClose 2966->2968 2967->2929 2968->2967 3644 401cc2 3645 402a0c 18 API calls 3644->3645 3646 401cd2 SetWindowLongA 3645->3646 3647 4028be 3646->3647 3648 401a43 3649 402a0c 18 API calls 3648->3649 3650 401a49 3649->3650 3651 402a0c 18 API calls 3650->3651 3652 4019f3 3651->3652 3653 402648 3654 40264b 3653->3654 3655 402663 3653->3655 3656 402658 FindNextFileA 3654->3656 3656->3655 3657 4026a2 3656->3657 3659 405bc7 lstrcpynA 3657->3659 3659->3655 3663 401bca 3664 402a0c 18 API calls 3663->3664 3665 401bd1 3664->3665 3666 402a0c 18 API calls 3665->3666 3667 401bdb 3666->3667 3668 402a29 18 API calls 3667->3668 3669 401beb 3667->3669 3668->3669 3670 402a29 18 API calls 3669->3670 3675 401bfb 3669->3675 3670->3675 3671 401c06 3673 402a0c 18 API calls 3671->3673 3672 401c4a 3674 402a29 18 API calls 3672->3674 3676 401c0b 3673->3676 3677 401c4f 3674->3677 3675->3671 3675->3672 3678 402a0c 18 API calls 3676->3678 3679 402a29 18 API calls 3677->3679 3680 401c14 3678->3680 3681 401c58 FindWindowExA 3679->3681 3682 401c3a SendMessageA 3680->3682 3683 401c1c SendMessageTimeoutA 3680->3683 3684 401c76 3681->3684 3682->3684 3683->3684 3584 403fcb 3585 403fe1 3584->3585 3589 4040ee 3584->3589 3587 403e83 19 API calls 3585->3587 3586 40415d 3588 404167 GetDlgItem 3586->3588 3590 404231 3586->3590 3591 404037 3587->3591 3592 40417d 3588->3592 3593 4041ef 3588->3593 3589->3586 3589->3590 3594 404132 GetDlgItem SendMessageA 3589->3594 3596 403eea 8 API calls 3590->3596 3595 403e83 19 API calls 3591->3595 3592->3593 3600 4041a3 6 API calls 3592->3600 3593->3590 3601 404201 3593->3601 3615 403ea5 KiUserCallbackDispatcher 3594->3615 3598 404044 CheckDlgButton 3595->3598 3599 40422c 3596->3599 3613 403ea5 KiUserCallbackDispatcher 3598->3613 3600->3593 3604 404207 SendMessageA 3601->3604 3605 404218 3601->3605 3602 404158 3606 404256 SendMessageA 3602->3606 3604->3605 3605->3599 3608 40421e SendMessageA 3605->3608 3606->3586 3607 404062 GetDlgItem 3614 403eb8 SendMessageA 3607->3614 3608->3599 3610 404078 SendMessageA 3611 404096 GetSysColor 3610->3611 3612 40409f SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3610->3612 3611->3612 3612->3599 3613->3607 3614->3610 3615->3602 3685 4024cf 3686 402a29 18 API calls 3685->3686 3687 4024d6 3686->3687 3690 40589e GetFileAttributesA CreateFileA 3687->3690 3689 4024e2 3690->3689 2969 401751 3007 402a29 2969->3007 2971 401758 2972 401776 2971->2972 2973 40177e 2971->2973 3045 405bc7 lstrcpynA 2972->3045 3046 405bc7 lstrcpynA 2973->3046 2976 40177c 2979 405e29 5 API calls 2976->2979 2977 401789 2978 4056ba 3 API calls 2977->2978 2980 40178f lstrcatA 2978->2980 2993 40179b 2979->2993 2980->2976 2981 405ec2 2 API calls 2981->2993 2984 4017b2 CompareFileTime 2984->2993 2985 401876 3014 404eb3 2985->3014 2987 405bc7 lstrcpynA 2987->2993 2989 404eb3 25 API calls 2990 401862 2989->2990 2993->2981 2993->2984 2993->2985 2993->2987 2995 405be9 18 API calls 2993->2995 3006 40184d 2993->3006 3013 40589e GetFileAttributesA CreateFileA 2993->3013 3047 40587f GetFileAttributesA 2993->3047 3050 405488 2993->3050 2994 4018a7 SetFileTime 2996 4018b9 FindCloseChangeNotification 2994->2996 2995->2993 2996->2990 2997 4018ca 2996->2997 2998 4018e2 2997->2998 2999 4018cf 2997->2999 3000 405be9 18 API calls 2998->3000 3001 405be9 18 API calls 2999->3001 3004 4018ea 3000->3004 3003 4018d7 lstrcatA 3001->3003 3003->3004 3005 405488 MessageBoxIndirectA 3004->3005 3005->2990 3006->2989 3006->2990 3008 402a35 3007->3008 3009 405be9 18 API calls 3008->3009 3010 402a56 3009->3010 3011 402a62 3010->3011 3012 405e29 5 API calls 3010->3012 3011->2971 3012->3011 3013->2993 3015 404ece 3014->3015 3023 401880 3014->3023 3016 404eeb lstrlenA 3015->3016 3017 405be9 18 API calls 3015->3017 3018 404f14 3016->3018 3019 404ef9 lstrlenA 3016->3019 3017->3016 3021 404f27 3018->3021 3022 404f1a SetWindowTextA 3018->3022 3020 404f0b lstrcatA 3019->3020 3019->3023 3020->3018 3021->3023 3024 404f2d SendMessageA SendMessageA SendMessageA 3021->3024 3022->3021 3025 402e8e 3023->3025 3024->3023 3027 402ea4 3025->3027 3026 402ed2 3054 4030b0 ReadFile 3026->3054 3027->3026 3056 4030e2 SetFilePointer 3027->3056 3031 401893 3031->2994 3031->2996 3032 403044 3034 403048 3032->3034 3035 403060 3032->3035 3033 402eef GetTickCount 3033->3031 3038 402f3e 3033->3038 3036 4030b0 ReadFile 3034->3036 3035->3031 3039 4030b0 ReadFile 3035->3039 3040 40307b WriteFile 3035->3040 3036->3031 3037 4030b0 ReadFile 3037->3038 3038->3031 3038->3037 3041 402f94 GetTickCount 3038->3041 3042 402fb9 MulDiv wsprintfA 3038->3042 3044 402ff7 WriteFile 3038->3044 3039->3035 3040->3031 3040->3035 3041->3038 3043 404eb3 25 API calls 3042->3043 3043->3038 3044->3031 3044->3038 3045->2976 3046->2977 3048 40589b 3047->3048 3049 40588e SetFileAttributesA 3047->3049 3048->2993 3049->3048 3051 40549d 3050->3051 3052 4054e9 3051->3052 3053 4054b1 MessageBoxIndirectA 3051->3053 3052->2993 3053->3052 3055 402edd 3054->3055 3055->3031 3055->3032 3055->3033 3056->3026 3691 401651 3692 402a29 18 API calls 3691->3692 3693 401657 3692->3693 3694 405ec2 2 API calls 3693->3694 3695 40165d 3694->3695 3696 401951 3697 402a0c 18 API calls 3696->3697 3698 401958 3697->3698 3699 402a0c 18 API calls 3698->3699 3700 401962 3699->3700 3701 402a29 18 API calls 3700->3701 3702 40196b 3701->3702 3703 40197e lstrlenA 3702->3703 3705 4019b9 3702->3705 3704 401988 3703->3704 3704->3705 3709 405bc7 lstrcpynA 3704->3709 3707 4019a2 3707->3705 3708 4019af lstrlenA 3707->3708 3708->3705 3709->3707 3710 4019d2 3711 402a29 18 API calls 3710->3711 3712 4019d9 3711->3712 3713 402a29 18 API calls 3712->3713 3714 4019e2 3713->3714 3715 4019e9 lstrcmpiA 3714->3715 3716 4019fb lstrcmpA 3714->3716 3717 4019ef 3715->3717 3716->3717 3173 402053 3174 402a29 18 API calls 3173->3174 3175 40205a 3174->3175 3176 402a29 18 API calls 3175->3176 3177 402064 3176->3177 3178 402a29 18 API calls 3177->3178 3179 40206d 3178->3179 3180 402a29 18 API calls 3179->3180 3181 402077 3180->3181 3182 402a29 18 API calls 3181->3182 3184 402081 3182->3184 3183 402095 CoCreateInstance 3188 4020b4 3183->3188 3190 40216a 3183->3190 3184->3183 3185 402a29 18 API calls 3184->3185 3185->3183 3187 40219c 3189 402149 MultiByteToWideChar 3188->3189 3188->3190 3189->3190 3190->3187 3191 401423 3190->3191 3192 404eb3 25 API calls 3191->3192 3193 401431 3192->3193 3193->3187 3718 402256 3719 402264 3718->3719 3720 40225e 3718->3720 3722 402274 3719->3722 3723 402a29 18 API calls 3719->3723 3721 402a29 18 API calls 3720->3721 3721->3719 3724 402a29 18 API calls 3722->3724 3726 402282 3722->3726 3723->3722 3724->3726 3725 402a29 18 API calls 3727 40228b WritePrivateProfileStringA 3725->3727 3726->3725 3728 4014d6 3729 402a0c 18 API calls 3728->3729 3730 4014dc Sleep 3729->3730 3732 4028be 3730->3732 3733 4035d8 3734 4035e3 3733->3734 3735 4035e7 3734->3735 3736 4035ea GlobalAlloc 3734->3736 3736->3735 3737 40245a 3747 402b33 3737->3747 3739 402464 3740 402a0c 18 API calls 3739->3740 3741 40246d 3740->3741 3742 402490 RegEnumValueA 3741->3742 3743 402484 RegEnumKeyA 3741->3743 3744 40268f 3741->3744 3742->3744 3745 4024a9 RegCloseKey 3742->3745 3743->3745 3745->3744 3748 402a29 18 API calls 3747->3748 3749 402b4c 3748->3749 3750 402b5a RegOpenKeyExA 3749->3750 3750->3739 3751 4022da 3752 40230a 3751->3752 3753 4022df 3751->3753 3754 402a29 18 API calls 3752->3754 3755 402b33 19 API calls 3753->3755 3756 402311 3754->3756 3757 4022e6 3755->3757 3762 402a69 RegOpenKeyExA 3756->3762 3758 402a29 18 API calls 3757->3758 3760 402327 3757->3760 3759 4022f7 RegDeleteValueA RegCloseKey 3758->3759 3759->3760 3768 402ae0 3762->3768 3770 402a94 3762->3770 3763 402aba RegEnumKeyA 3764 402acc RegCloseKey 3763->3764 3763->3770 3765 405f57 5 API calls 3764->3765 3769 402adc 3765->3769 3766 402af1 RegCloseKey 3766->3768 3767 402a69 5 API calls 3767->3770 3768->3760 3769->3768 3771 402b0c RegDeleteKeyA 3769->3771 3770->3763 3770->3764 3770->3766 3770->3767 3771->3768 3772 40155b 3773 402866 3772->3773 3776 405b25 wsprintfA 3773->3776 3775 40286b 3776->3775 3777 401cde GetDlgItem GetClientRect 3778 402a29 18 API calls 3777->3778 3779 401d0e LoadImageA SendMessageA 3778->3779 3780 401d2c DeleteObject 3779->3780 3781 4028be 3779->3781 3780->3781 3782 401dde 3783 402a29 18 API calls 3782->3783 3784 401de4 3783->3784 3785 402a29 18 API calls 3784->3785 3786 401ded 3785->3786 3787 402a29 18 API calls 3786->3787 3788 401df6 3787->3788 3789 402a29 18 API calls 3788->3789 3790 401dff 3789->3790 3791 401423 25 API calls 3790->3791 3792 401e06 ShellExecuteA 3791->3792 3793 401e33 3792->3793 3794 401662 3795 402a29 18 API calls 3794->3795 3796 401669 3795->3796 3797 402a29 18 API calls 3796->3797 3798 401672 3797->3798 3799 402a29 18 API calls 3798->3799 3800 40167b MoveFileA 3799->3800 3801 401687 3800->3801 3802 40168e 3800->3802 3804 401423 25 API calls 3801->3804 3803 405ec2 2 API calls 3802->3803 3806 40219c 3802->3806 3805 40169d 3803->3805 3804->3806 3805->3806 3807 405915 40 API calls 3805->3807 3807->3801 3808 401ee2 3809 402a29 18 API calls 3808->3809 3810 401ee9 3809->3810 3811 405f57 5 API calls 3810->3811 3812 401ef8 3811->3812 3813 401f10 GlobalAlloc 3812->3813 3814 401f78 3812->3814 3813->3814 3815 401f24 3813->3815 3816 405f57 5 API calls 3815->3816 3817 401f2b 3816->3817 3818 405f57 5 API calls 3817->3818 3819 401f35 3818->3819 3819->3814 3823 405b25 wsprintfA 3819->3823 3821 401f6c 3824 405b25 wsprintfA 3821->3824 3823->3821 3824->3814 3825 4023e2 3826 402b33 19 API calls 3825->3826 3827 4023ec 3826->3827 3828 402a29 18 API calls 3827->3828 3829 4023f5 3828->3829 3830 4023ff RegQueryValueExA 3829->3830 3833 40268f 3829->3833 3831 402425 RegCloseKey 3830->3831 3832 40241f 3830->3832 3831->3833 3832->3831 3836 405b25 wsprintfA 3832->3836 3836->3831 3837 401567 3838 401577 ShowWindow 3837->3838 3839 40157e 3837->3839 3838->3839 3840 40158c ShowWindow 3839->3840 3841 4028be 3839->3841 3840->3841 3842 402b6e 3843 402b96 3842->3843 3844 402b7d SetTimer 3842->3844 3845 402beb 3843->3845 3846 402bb0 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3843->3846 3844->3843 3846->3845 3847 4014f0 SetForegroundWindow 3848 4028be 3847->3848 3057 404ff1 3058 405012 GetDlgItem GetDlgItem GetDlgItem 3057->3058 3059 40519d 3057->3059 3103 403eb8 SendMessageA 3058->3103 3060 4051a6 GetDlgItem CreateThread FindCloseChangeNotification 3059->3060 3061 4051ce 3059->3061 3060->3061 3106 404f85 OleInitialize 3060->3106 3063 4051f9 3061->3063 3065 4051e5 ShowWindow ShowWindow 3061->3065 3066 40521b 3061->3066 3067 405257 3063->3067 3070 405230 ShowWindow 3063->3070 3071 40520a 3063->3071 3064 405083 3068 40508a GetClientRect GetSystemMetrics SendMessageA SendMessageA 3064->3068 3105 403eb8 SendMessageA 3065->3105 3072 403eea 8 API calls 3066->3072 3067->3066 3075 405262 SendMessageA 3067->3075 3073 4050f9 3068->3073 3074 4050dd SendMessageA SendMessageA 3068->3074 3078 405250 3070->3078 3079 405242 3070->3079 3076 403e5c SendMessageA 3071->3076 3077 405229 3072->3077 3081 40510c 3073->3081 3082 4050fe SendMessageA 3073->3082 3074->3073 3075->3077 3083 40527b CreatePopupMenu 3075->3083 3076->3066 3080 403e5c SendMessageA 3078->3080 3084 404eb3 25 API calls 3079->3084 3080->3067 3086 403e83 19 API calls 3081->3086 3082->3081 3085 405be9 18 API calls 3083->3085 3084->3078 3087 40528b AppendMenuA 3085->3087 3088 40511c 3086->3088 3089 4052b1 3087->3089 3090 40529e GetWindowRect 3087->3090 3091 405125 ShowWindow 3088->3091 3092 405159 GetDlgItem SendMessageA 3088->3092 3093 4052ba TrackPopupMenu 3089->3093 3090->3093 3094 405148 3091->3094 3095 40513b ShowWindow 3091->3095 3092->3077 3096 405180 SendMessageA SendMessageA 3092->3096 3093->3077 3097 4052d8 3093->3097 3104 403eb8 SendMessageA 3094->3104 3095->3094 3096->3077 3098 4052f4 SendMessageA 3097->3098 3098->3098 3100 405311 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3098->3100 3101 405333 SendMessageA 3100->3101 3101->3101 3102 405354 GlobalUnlock SetClipboardData CloseClipboard 3101->3102 3102->3077 3103->3064 3104->3092 3105->3063 3107 403ecf SendMessageA 3106->3107 3108 404fa8 3107->3108 3111 401389 2 API calls 3108->3111 3112 404fcf 3108->3112 3109 403ecf SendMessageA 3110 404fe1 OleUninitialize 3109->3110 3111->3108 3112->3109 3849 402671 3850 402a29 18 API calls 3849->3850 3851 402678 FindFirstFileA 3850->3851 3852 40269b 3851->3852 3856 40268b 3851->3856 3854 4026a2 3852->3854 3857 405b25 wsprintfA 3852->3857 3858 405bc7 lstrcpynA 3854->3858 3857->3854 3858->3856 3859 4024f1 3860 4024f6 3859->3860 3861 402507 3859->3861 3863 402a0c 18 API calls 3860->3863 3862 402a29 18 API calls 3861->3862 3864 40250e lstrlenA 3862->3864 3865 4024fd 3863->3865 3864->3865 3866 40252d WriteFile 3865->3866 3867 40268f 3865->3867 3866->3867 3873 4018f5 3874 40192c 3873->3874 3875 402a29 18 API calls 3874->3875 3876 401931 3875->3876 3877 4054ec 70 API calls 3876->3877 3878 40193a 3877->3878 3879 4018f8 3880 402a29 18 API calls 3879->3880 3881 4018ff 3880->3881 3882 405488 MessageBoxIndirectA 3881->3882 3883 401908 3882->3883 3884 40427a 3885 4042b0 3884->3885 3886 40428a 3884->3886 3888 403eea 8 API calls 3885->3888 3887 403e83 19 API calls 3886->3887 3890 404297 SetDlgItemTextA 3887->3890 3889 4042bc 3888->3889 3890->3885 3891 4014fe 3892 401506 3891->3892 3894 401519 3891->3894 3893 402a0c 18 API calls 3892->3893 3893->3894 3895 4025ff 3896 402606 3895->3896 3898 40286b 3895->3898 3897 402a0c 18 API calls 3896->3897 3899 402611 3897->3899 3900 402618 SetFilePointer 3899->3900 3900->3898 3901 402628 3900->3901 3903 405b25 wsprintfA 3901->3903 3903->3898 3904 401000 3905 401037 BeginPaint GetClientRect 3904->3905 3906 40100c DefWindowProcA 3904->3906 3908 4010f3 3905->3908 3909 401179 3906->3909 3910 401073 CreateBrushIndirect FillRect DeleteObject 3908->3910 3911 4010fc 3908->3911 3910->3908 3912 401102 CreateFontIndirectA 3911->3912 3913 401167 EndPaint 3911->3913 3912->3913 3914 401112 6 API calls 3912->3914 3913->3909 3914->3913 3113 404802 GetDlgItem GetDlgItem 3114 404856 7 API calls 3113->3114 3117 404a73 3113->3117 3115 4048fc DeleteObject 3114->3115 3116 4048ef SendMessageA 3114->3116 3118 404907 3115->3118 3116->3115 3121 404b3e 3117->3121 3124 404b5d 3117->3124 3127 404ad6 3117->3127 3119 40493e 3118->3119 3120 405be9 18 API calls 3118->3120 3122 403e83 19 API calls 3119->3122 3125 404920 SendMessageA SendMessageA 3120->3125 3121->3124 3131 404b4f SendMessageA 3121->3131 3128 404952 3122->3128 3123 404c0c 3126 404c15 SendMessageA 3123->3126 3132 404c21 3123->3132 3124->3123 3129 404bb6 SendMessageA 3124->3129 3158 404a66 3124->3158 3125->3118 3126->3132 3168 404782 SendMessageA 3127->3168 3134 403e83 19 API calls 3128->3134 3136 404bcb SendMessageA 3129->3136 3129->3158 3130 403eea 8 API calls 3137 404dfc 3130->3137 3131->3124 3138 404c33 ImageList_Destroy 3132->3138 3139 404c3a 3132->3139 3143 404c4a 3132->3143 3147 404960 3134->3147 3135 404db0 3144 404dc2 ShowWindow GetDlgItem ShowWindow 3135->3144 3135->3158 3141 404bde 3136->3141 3138->3139 3142 404c43 GlobalFree 3139->3142 3139->3143 3140 404a34 GetWindowLongA SetWindowLongA 3145 404a4d 3140->3145 3152 404bef SendMessageA 3141->3152 3142->3143 3143->3135 3151 40140b 2 API calls 3143->3151 3162 404c7c 3143->3162 3144->3158 3148 404a53 ShowWindow 3145->3148 3149 404a6b 3145->3149 3146 404ae7 3146->3121 3147->3140 3150 4049af SendMessageA 3147->3150 3153 404a2e 3147->3153 3156 4049eb SendMessageA 3147->3156 3157 4049fc SendMessageA 3147->3157 3166 403eb8 SendMessageA 3148->3166 3167 403eb8 SendMessageA 3149->3167 3150->3147 3151->3162 3152->3123 3153->3140 3153->3145 3156->3147 3157->3147 3158->3130 3159 404d86 InvalidateRect 3159->3135 3160 404d9c 3159->3160 3163 40473d 21 API calls 3160->3163 3161 404caa SendMessageA 3165 404cc0 3161->3165 3162->3161 3162->3165 3163->3135 3164 404d34 SendMessageA SendMessageA 3164->3165 3165->3159 3165->3164 3166->3158 3167->3117 3169 4047e1 SendMessageA 3168->3169 3170 4047a5 GetMessagePos ScreenToClient SendMessageA 3168->3170 3172 4047d9 3169->3172 3171 4047de 3170->3171 3170->3172 3171->3169 3172->3146 3915 401b02 3916 402a29 18 API calls 3915->3916 3917 401b09 3916->3917 3918 402a0c 18 API calls 3917->3918 3919 401b12 wsprintfA 3918->3919 3920 4028be 3919->3920 3194 404e03 3195 404e11 3194->3195 3196 404e28 3194->3196 3198 404e91 3195->3198 3199 404e17 3195->3199 3197 404e36 IsWindowVisible 3196->3197 3206 404e54 3196->3206 3197->3198 3201 404e43 3197->3201 3202 404e97 CallWindowProcA 3198->3202 3200 403ecf SendMessageA 3199->3200 3203 404e21 3200->3203 3204 404782 5 API calls 3201->3204 3202->3203 3205 404e4d 3204->3205 3205->3206 3206->3202 3214 405bc7 lstrcpynA 3206->3214 3208 404e7c 3215 405b25 wsprintfA 3208->3215 3210 404e83 3211 40140b 2 API calls 3210->3211 3212 404e8a 3211->3212 3216 405bc7 lstrcpynA 3212->3216 3214->3208 3215->3210 3216->3198 3921 401a03 3922 402a29 18 API calls 3921->3922 3923 401a0c ExpandEnvironmentStringsA 3922->3923 3924 401a20 3923->3924 3926 401a33 3923->3926 3925 401a25 lstrcmpA 3924->3925 3924->3926 3925->3926 3927 401f84 3928 401f96 3927->3928 3929 402045 3927->3929 3930 402a29 18 API calls 3928->3930 3931 401423 25 API calls 3929->3931 3932 401f9d 3930->3932 3937 40219c 3931->3937 3933 402a29 18 API calls 3932->3933 3934 401fa6 3933->3934 3935 401fbb LoadLibraryExA 3934->3935 3936 401fae GetModuleHandleA 3934->3936 3935->3929 3938 401fcb GetProcAddress 3935->3938 3936->3935 3936->3938 3939 402018 3938->3939 3940 401fdb 3938->3940 3941 404eb3 25 API calls 3939->3941 3942 401feb 3940->3942 3943 401423 25 API calls 3940->3943 3941->3942 3942->3937 3944 402039 FreeLibrary 3942->3944 3943->3942 3944->3937 3945 401c8a 3946 402a0c 18 API calls 3945->3946 3947 401c90 IsWindow 3946->3947 3948 4019f3 3947->3948 3949 401490 3950 404eb3 25 API calls 3949->3950 3951 401497 3950->3951 3952 404612 3953 404622 3952->3953 3954 40463e 3952->3954 3963 40546c GetDlgItemTextA 3953->3963 3955 404671 3954->3955 3956 404644 SHGetPathFromIDListA 3954->3956 3959 40465b SendMessageA 3956->3959 3960 404654 3956->3960 3958 40462f SendMessageA 3958->3954 3959->3955 3961 40140b 2 API calls 3960->3961 3961->3959 3963->3958 3964 401595 3965 402a29 18 API calls 3964->3965 3966 40159c SetFileAttributesA 3965->3966 3967 4015ae 3966->3967 3968 401717 3969 402a29 18 API calls 3968->3969 3970 40171e SearchPathA 3969->3970 3971 401739 3970->3971 3972 403f97 lstrcpynA lstrlenA 3973 402899 SendMessageA 3974 4028b3 InvalidateRect 3973->3974 3975 4028be 3973->3975 3974->3975 3976 40229a 3977 402a29 18 API calls 3976->3977 3978 4022a8 3977->3978 3979 402a29 18 API calls 3978->3979 3980 4022b1 3979->3980 3981 402a29 18 API calls 3980->3981 3982 4022bb GetPrivateProfileStringA 3981->3982 3983 40149d 3984 402241 3983->3984 3985 4014ab PostQuitMessage 3983->3985 3985->3984 3986 401b23 3987 401b30 3986->3987 3988 401b74 3986->3988 3989 40222e 3987->3989 3995 401b47 3987->3995 3990 401b78 3988->3990 3991 401b9d GlobalAlloc 3988->3991 3992 405be9 18 API calls 3989->3992 4001 401bb8 3990->4001 4007 405bc7 lstrcpynA 3990->4007 3993 405be9 18 API calls 3991->3993 3994 40223b 3992->3994 3993->4001 3999 405488 MessageBoxIndirectA 3994->3999 4005 405bc7 lstrcpynA 3995->4005 3998 401b8a GlobalFree 3998->4001 3999->4001 4000 401b56 4006 405bc7 lstrcpynA 4000->4006 4003 401b65 4008 405bc7 lstrcpynA 4003->4008 4005->4000 4006->4003 4007->3998 4008->4001 4009 4021a5 4010 402a29 18 API calls 4009->4010 4011 4021ab 4010->4011 4012 402a29 18 API calls 4011->4012 4013 4021b4 4012->4013 4014 402a29 18 API calls 4013->4014 4015 4021bd 4014->4015 4016 405ec2 2 API calls 4015->4016 4017 4021c6 4016->4017 4018 4021d7 lstrlenA lstrlenA 4017->4018 4019 4021ca 4017->4019 4021 404eb3 25 API calls 4018->4021 4020 404eb3 25 API calls 4019->4020 4023 4021d2 4019->4023 4020->4023 4022 402213 SHFileOperationA 4021->4022 4022->4019 4022->4023 4024 402227 4025 40222e 4024->4025 4027 402241 4024->4027 4026 405be9 18 API calls 4025->4026 4028 40223b 4026->4028 4029 405488 MessageBoxIndirectA 4028->4029 4029->4027 4030 401ca7 4031 402a0c 18 API calls 4030->4031 4032 401cae 4031->4032 4033 402a0c 18 API calls 4032->4033 4034 401cb6 GetDlgItem 4033->4034 4035 4024eb 4034->4035 3269 40312a SetErrorMode GetVersion 3270 403162 3269->3270 3271 403168 3269->3271 3272 405f57 5 API calls 3270->3272 3273 405ee9 3 API calls 3271->3273 3272->3271 3274 40317e lstrlenA 3273->3274 3274->3271 3275 40318d 3274->3275 3276 405f57 5 API calls 3275->3276 3277 403194 3276->3277 3278 405f57 5 API calls 3277->3278 3279 40319b #17 OleInitialize SHGetFileInfoA 3278->3279 3359 405bc7 lstrcpynA 3279->3359 3281 4031d8 GetCommandLineA 3360 405bc7 lstrcpynA 3281->3360 3283 4031ea GetModuleHandleA 3284 403201 3283->3284 3285 4056e5 CharNextA 3284->3285 3286 403215 CharNextA 3285->3286 3291 403222 3286->3291 3287 40328f 3288 4032a2 GetTempPathA 3287->3288 3361 4030f9 3288->3361 3290 4032b8 3292 4032e0 DeleteFileA 3290->3292 3293 4032bc GetWindowsDirectoryA lstrcatA 3290->3293 3291->3287 3294 4056e5 CharNextA 3291->3294 3298 403291 3291->3298 3371 402c55 GetTickCount GetModuleFileNameA 3292->3371 3295 4030f9 12 API calls 3293->3295 3294->3291 3297 4032d8 3295->3297 3297->3292 3354 40335d 3297->3354 3455 405bc7 lstrcpynA 3298->3455 3299 4032f4 3301 40334d 3299->3301 3304 4056e5 CharNextA 3299->3304 3299->3354 3399 40361a 3301->3399 3306 40330b 3304->3306 3314 403328 3306->3314 3315 40338c 3306->3315 3307 403485 3309 403528 ExitProcess 3307->3309 3312 405f57 5 API calls 3307->3312 3308 403376 3310 405488 MessageBoxIndirectA 3308->3310 3311 403384 ExitProcess 3310->3311 3316 403498 3312->3316 3317 40579b 18 API calls 3314->3317 3318 40540f 5 API calls 3315->3318 3319 405f57 5 API calls 3316->3319 3320 403333 3317->3320 3321 403391 lstrcatA 3318->3321 3322 4034a1 3319->3322 3320->3354 3456 405bc7 lstrcpynA 3320->3456 3323 4033a2 lstrcatA 3321->3323 3324 4033ad lstrcatA lstrcmpiA 3321->3324 3325 405f57 5 API calls 3322->3325 3323->3324 3327 4033c9 3324->3327 3324->3354 3328 4034aa 3325->3328 3330 4033d5 3327->3330 3331 4033ce 3327->3331 3338 4034b8 GetCurrentProcess 3328->3338 3347 4034c8 3328->3347 3329 403342 3457 405bc7 lstrcpynA 3329->3457 3335 4053f2 2 API calls 3330->3335 3334 405375 4 API calls 3331->3334 3332 405f57 5 API calls 3345 4034ff 3332->3345 3336 4033d3 3334->3336 3337 4033da SetCurrentDirectoryA 3335->3337 3336->3337 3340 4033f4 3337->3340 3341 4033e9 3337->3341 3338->3347 3339 403514 ExitWindowsEx 3339->3309 3343 403521 3339->3343 3466 405bc7 lstrcpynA 3340->3466 3465 405bc7 lstrcpynA 3341->3465 3346 40140b 2 API calls 3343->3346 3345->3339 3345->3343 3346->3309 3347->3332 3348 405be9 18 API calls 3349 403424 DeleteFileA 3348->3349 3350 403431 CopyFileA 3349->3350 3356 403402 3349->3356 3350->3356 3351 403479 3352 405915 40 API calls 3351->3352 3352->3354 3458 403540 3354->3458 3355 405be9 18 API calls 3355->3356 3356->3348 3356->3351 3356->3355 3358 403465 CloseHandle 3356->3358 3467 405915 3356->3467 3493 405427 CreateProcessA 3356->3493 3358->3356 3359->3281 3360->3283 3362 405e29 5 API calls 3361->3362 3363 403105 3362->3363 3364 40310f 3363->3364 3365 4056ba 3 API calls 3363->3365 3364->3290 3366 403117 3365->3366 3367 4053f2 2 API calls 3366->3367 3368 40311d 3367->3368 3496 4058cd 3368->3496 3500 40589e GetFileAttributesA CreateFileA 3371->3500 3373 402c95 3391 402ca5 3373->3391 3501 405bc7 lstrcpynA 3373->3501 3375 402cbb 3376 405701 2 API calls 3375->3376 3377 402cc1 3376->3377 3502 405bc7 lstrcpynA 3377->3502 3379 402ccc GetFileSize 3380 402dc8 3379->3380 3393 402ce3 3379->3393 3503 402bf1 3380->3503 3382 402dd1 3384 402e01 GlobalAlloc 3382->3384 3382->3391 3514 4030e2 SetFilePointer 3382->3514 3383 4030b0 ReadFile 3383->3393 3515 4030e2 SetFilePointer 3384->3515 3386 402e34 3388 402bf1 6 API calls 3386->3388 3388->3391 3389 402dea 3392 4030b0 ReadFile 3389->3392 3390 402e1c 3394 402e8e 33 API calls 3390->3394 3391->3299 3395 402df5 3392->3395 3393->3380 3393->3383 3393->3386 3393->3391 3396 402bf1 6 API calls 3393->3396 3397 402e28 3394->3397 3395->3384 3395->3391 3396->3393 3397->3391 3397->3397 3398 402e65 SetFilePointer 3397->3398 3398->3391 3400 405f57 5 API calls 3399->3400 3401 40362e 3400->3401 3402 403634 3401->3402 3403 403646 3401->3403 3529 405b25 wsprintfA 3402->3529 3404 405aae 3 API calls 3403->3404 3405 403667 3404->3405 3407 403685 lstrcatA 3405->3407 3409 405aae 3 API calls 3405->3409 3408 403644 3407->3408 3520 4038e3 3408->3520 3409->3407 3412 40579b 18 API calls 3413 4036b7 3412->3413 3414 403740 3413->3414 3416 405aae 3 API calls 3413->3416 3415 40579b 18 API calls 3414->3415 3417 403746 3415->3417 3418 4036e3 3416->3418 3419 403756 LoadImageA 3417->3419 3420 405be9 18 API calls 3417->3420 3418->3414 3423 4036ff lstrlenA 3418->3423 3426 4056e5 CharNextA 3418->3426 3421 403781 RegisterClassA 3419->3421 3422 40380a 3419->3422 3420->3419 3424 4037bd SystemParametersInfoA CreateWindowExA 3421->3424 3454 403814 3421->3454 3425 40140b 2 API calls 3422->3425 3427 403733 3423->3427 3428 40370d lstrcmpiA 3423->3428 3424->3422 3432 403810 3425->3432 3430 4036fd 3426->3430 3429 4056ba 3 API calls 3427->3429 3428->3427 3431 40371d GetFileAttributesA 3428->3431 3434 403739 3429->3434 3430->3423 3435 403729 3431->3435 3433 4038e3 19 API calls 3432->3433 3432->3454 3436 403821 3433->3436 3530 405bc7 lstrcpynA 3434->3530 3435->3427 3438 405701 2 API calls 3435->3438 3439 4038b0 3436->3439 3440 40382d ShowWindow 3436->3440 3438->3427 3442 404f85 5 API calls 3439->3442 3441 405ee9 3 API calls 3440->3441 3444 403845 3441->3444 3443 4038b6 3442->3443 3445 4038d2 3443->3445 3446 4038ba 3443->3446 3447 403853 GetClassInfoA 3444->3447 3449 405ee9 3 API calls 3444->3449 3448 40140b 2 API calls 3445->3448 3452 40140b 2 API calls 3446->3452 3446->3454 3450 403867 GetClassInfoA RegisterClassA 3447->3450 3451 40387d DialogBoxParamA 3447->3451 3448->3454 3449->3447 3450->3451 3453 40140b 2 API calls 3451->3453 3452->3454 3453->3454 3454->3354 3455->3288 3456->3329 3457->3301 3459 403558 3458->3459 3460 40354a CloseHandle 3458->3460 3532 403585 3459->3532 3460->3459 3465->3340 3466->3356 3468 405f57 5 API calls 3467->3468 3469 405920 3468->3469 3470 40597d GetShortPathNameA 3469->3470 3473 405a72 3469->3473 3576 40589e GetFileAttributesA CreateFileA 3469->3576 3472 405992 3470->3472 3470->3473 3472->3473 3475 40599a wsprintfA 3472->3475 3473->3356 3474 405961 CloseHandle GetShortPathNameA 3474->3473 3476 405975 3474->3476 3477 405be9 18 API calls 3475->3477 3476->3470 3476->3473 3478 4059c2 3477->3478 3577 40589e GetFileAttributesA CreateFileA 3478->3577 3480 4059cf 3480->3473 3481 4059de GetFileSize GlobalAlloc 3480->3481 3482 405a6b CloseHandle 3481->3482 3483 4059fc ReadFile 3481->3483 3482->3473 3483->3482 3484 405a10 3483->3484 3484->3482 3578 405813 lstrlenA 3484->3578 3487 405a25 3583 405bc7 lstrcpynA 3487->3583 3488 405a7f 3489 405813 4 API calls 3488->3489 3491 405a33 3489->3491 3492 405a46 SetFilePointer WriteFile GlobalFree 3491->3492 3492->3482 3494 405462 3493->3494 3495 405456 CloseHandle 3493->3495 3494->3356 3495->3494 3497 4058d8 GetTickCount GetTempFileNameA 3496->3497 3498 405904 3497->3498 3499 403128 3497->3499 3498->3497 3498->3499 3499->3290 3500->3373 3501->3375 3502->3379 3504 402c12 3503->3504 3505 402bfa 3503->3505 3508 402c22 GetTickCount 3504->3508 3509 402c1a 3504->3509 3506 402c03 DestroyWindow 3505->3506 3507 402c0a 3505->3507 3506->3507 3507->3382 3511 402c30 CreateDialogParamA ShowWindow 3508->3511 3512 402c53 3508->3512 3516 405f93 3509->3516 3511->3512 3512->3382 3514->3389 3515->3390 3517 405fb0 PeekMessageA 3516->3517 3518 402c20 3517->3518 3519 405fa6 DispatchMessageA 3517->3519 3518->3382 3519->3517 3521 4038f7 3520->3521 3531 405b25 wsprintfA 3521->3531 3523 403968 3524 405be9 18 API calls 3523->3524 3525 403974 SetWindowTextA 3524->3525 3526 403990 3525->3526 3527 403695 3525->3527 3526->3527 3528 405be9 18 API calls 3526->3528 3527->3412 3528->3526 3529->3408 3530->3414 3531->3523 3533 403593 3532->3533 3534 40355d 3533->3534 3535 403598 FreeLibrary GlobalFree 3533->3535 3536 4054ec 3534->3536 3535->3534 3535->3535 3537 40579b 18 API calls 3536->3537 3538 405500 3537->3538 3539 405520 3538->3539 3540 405509 DeleteFileA 3538->3540 3541 405655 3539->3541 3574 405bc7 lstrcpynA 3539->3574 3568 403366 OleUninitialize 3540->3568 3546 405ec2 2 API calls 3541->3546 3541->3568 3543 40554a 3544 40555b 3543->3544 3545 40554e lstrcatA 3543->3545 3548 405701 2 API calls 3544->3548 3547 405561 3545->3547 3549 40567a 3546->3549 3550 40556f lstrcatA 3547->3550 3551 40557a lstrlenA FindFirstFileA 3547->3551 3548->3547 3552 4056ba 3 API calls 3549->3552 3549->3568 3550->3551 3551->3541 3570 40559e 3551->3570 3554 405684 3552->3554 3553 4056e5 CharNextA 3553->3570 3555 40587f 2 API calls 3554->3555 3556 40568a RemoveDirectoryA 3555->3556 3557 405695 3556->3557 3558 4056ac 3556->3558 3563 404eb3 25 API calls 3557->3563 3557->3568 3559 404eb3 25 API calls 3558->3559 3559->3568 3560 405634 FindNextFileA 3562 40564c FindClose 3560->3562 3560->3570 3562->3541 3564 4056a3 3563->3564 3565 405915 40 API calls 3564->3565 3565->3568 3566 40587f 2 API calls 3569 405601 DeleteFileA 3566->3569 3567 4054ec 61 API calls 3567->3570 3568->3307 3568->3308 3569->3570 3570->3553 3570->3560 3570->3566 3570->3567 3571 404eb3 25 API calls 3570->3571 3572 404eb3 25 API calls 3570->3572 3573 405915 40 API calls 3570->3573 3575 405bc7 lstrcpynA 3570->3575 3571->3560 3572->3570 3573->3570 3574->3543 3575->3570 3576->3474 3577->3480 3579 405849 lstrlenA 3578->3579 3580 405853 3579->3580 3581 405827 lstrcmpiA 3579->3581 3580->3487 3580->3488 3581->3580 3582 405840 CharNextA 3581->3582 3582->3579 3583->3491 4042 40262e 4043 402635 4042->4043 4044 4028be 4042->4044 4045 40263b FindClose 4043->4045 4045->4044 3616 4026af 3617 402a29 18 API calls 3616->3617 3618 4026bd 3617->3618 3619 4026d3 3618->3619 3620 402a29 18 API calls 3618->3620 3621 40587f 2 API calls 3619->3621 3620->3619 3622 4026d9 3621->3622 3642 40589e GetFileAttributesA CreateFileA 3622->3642 3624 4026e6 3625 4026f2 GlobalAlloc 3624->3625 3626 40278f 3624->3626 3627 402786 FindCloseChangeNotification 3625->3627 3628 40270b 3625->3628 3629 402797 DeleteFileA 3626->3629 3630 4027aa 3626->3630 3627->3626 3643 4030e2 SetFilePointer 3628->3643 3629->3630 3632 402711 3633 4030b0 ReadFile 3632->3633 3634 40271a GlobalAlloc 3633->3634 3635 40272a 3634->3635 3636 40275e WriteFile GlobalFree 3634->3636 3638 402e8e 33 API calls 3635->3638 3637 402e8e 33 API calls 3636->3637 3639 402783 3637->3639 3641 402737 3638->3641 3639->3627 3640 402755 GlobalFree 3640->3636 3641->3640 3642->3624 3643->3632 2701 4039b0 2702 403b03 2701->2702 2703 4039c8 2701->2703 2705 403b54 2702->2705 2706 403b14 GetDlgItem GetDlgItem 2702->2706 2703->2702 2704 4039d4 2703->2704 2707 4039f2 2704->2707 2708 4039df SetWindowPos 2704->2708 2710 403bae 2705->2710 2719 401389 2 API calls 2705->2719 2771 403e83 2706->2771 2712 4039f7 ShowWindow 2707->2712 2713 403a0f 2707->2713 2708->2707 2715 403afe 2710->2715 2777 403ecf 2710->2777 2712->2713 2716 403a31 2713->2716 2717 403a17 DestroyWindow 2713->2717 2714 403b3e KiUserCallbackDispatcher 2774 40140b 2714->2774 2720 403a36 SetWindowLongA 2716->2720 2721 403a47 2716->2721 2770 403e0c 2717->2770 2722 403b86 2719->2722 2720->2715 2726 403af0 2721->2726 2727 403a53 GetDlgItem 2721->2727 2722->2710 2723 403b8a SendMessageA 2722->2723 2723->2715 2724 40140b 2 API calls 2741 403bc0 2724->2741 2725 403e0e DestroyWindow EndDialog 2725->2770 2808 403eea 2726->2808 2730 403a83 2727->2730 2731 403a66 SendMessageA IsWindowEnabled 2727->2731 2729 403e3d ShowWindow 2729->2715 2733 403a90 2730->2733 2734 403ad7 SendMessageA 2730->2734 2735 403aa3 2730->2735 2744 403a88 2730->2744 2731->2715 2731->2730 2733->2734 2733->2744 2734->2726 2738 403ac0 2735->2738 2739 403aab 2735->2739 2737 403e83 19 API calls 2737->2741 2743 40140b 2 API calls 2738->2743 2742 40140b 2 API calls 2739->2742 2740 403abe 2740->2726 2741->2715 2741->2724 2741->2725 2741->2737 2746 403e83 19 API calls 2741->2746 2761 403d4e KiUserCallbackDispatcher 2741->2761 2780 405be9 2741->2780 2742->2744 2745 403ac7 2743->2745 2805 403e5c 2744->2805 2745->2726 2745->2744 2747 403c3b GetDlgItem 2746->2747 2748 403c50 2747->2748 2749 403c58 ShowWindow KiUserCallbackDispatcher 2747->2749 2748->2749 2798 403ea5 KiUserCallbackDispatcher 2749->2798 2751 403c82 EnableWindow 2754 403c96 2751->2754 2752 403c9b GetSystemMenu EnableMenuItem SendMessageA 2753 403ccb SendMessageA 2752->2753 2752->2754 2753->2754 2754->2752 2799 403eb8 SendMessageA 2754->2799 2800 405bc7 lstrcpynA 2754->2800 2757 403cf9 lstrlenA 2758 405be9 18 API calls 2757->2758 2759 403d0a SetWindowTextA 2758->2759 2801 401389 2759->2801 2762 403d68 CreateDialogParamA 2761->2762 2761->2770 2763 403d9b 2762->2763 2762->2770 2764 403e83 19 API calls 2763->2764 2765 403da6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2764->2765 2766 401389 2 API calls 2765->2766 2767 403dec 2766->2767 2767->2715 2768 403df4 ShowWindow 2767->2768 2769 403ecf SendMessageA 2768->2769 2769->2770 2770->2715 2770->2729 2772 405be9 18 API calls 2771->2772 2773 403e8e SetDlgItemTextA 2772->2773 2773->2714 2775 401389 2 API calls 2774->2775 2776 401420 2775->2776 2776->2705 2778 403ee7 2777->2778 2779 403ed8 SendMessageA 2777->2779 2778->2741 2779->2778 2786 405bf6 2780->2786 2781 405e10 2782 405e25 2781->2782 2838 405bc7 lstrcpynA 2781->2838 2782->2741 2784 405c8e GetVersion 2784->2786 2785 405de7 lstrlenA 2785->2786 2786->2781 2786->2784 2786->2785 2788 405be9 10 API calls 2786->2788 2791 405d06 GetSystemDirectoryA 2786->2791 2792 405d19 GetWindowsDirectoryA 2786->2792 2794 405be9 10 API calls 2786->2794 2795 405d90 lstrcatA 2786->2795 2796 405d4d SHGetSpecialFolderLocation 2786->2796 2822 405aae RegOpenKeyExA 2786->2822 2827 405e29 2786->2827 2836 405b25 wsprintfA 2786->2836 2837 405bc7 lstrcpynA 2786->2837 2788->2785 2791->2786 2792->2786 2794->2786 2795->2786 2796->2786 2797 405d65 SHGetPathFromIDListA CoTaskMemFree 2796->2797 2797->2786 2798->2751 2799->2754 2800->2757 2803 401390 2801->2803 2802 4013fe 2802->2741 2803->2802 2804 4013cb MulDiv SendMessageA 2803->2804 2804->2803 2806 403e63 2805->2806 2807 403e69 SendMessageA 2805->2807 2806->2807 2807->2740 2809 403f8b 2808->2809 2810 403f02 GetWindowLongA 2808->2810 2809->2715 2810->2809 2811 403f13 2810->2811 2812 403f22 GetSysColor 2811->2812 2813 403f25 2811->2813 2812->2813 2814 403f35 SetBkMode 2813->2814 2815 403f2b SetTextColor 2813->2815 2816 403f53 2814->2816 2817 403f4d GetSysColor 2814->2817 2815->2814 2818 403f64 2816->2818 2819 403f5a SetBkColor 2816->2819 2817->2816 2818->2809 2820 403f77 DeleteObject 2818->2820 2821 403f7e CreateBrushIndirect 2818->2821 2819->2818 2820->2821 2821->2809 2823 405ae1 RegQueryValueExA 2822->2823 2824 405b1f 2822->2824 2825 405b02 RegCloseKey 2823->2825 2824->2786 2825->2824 2834 405e35 2827->2834 2828 405e9d 2829 405ea1 CharPrevA 2828->2829 2831 405ebc 2828->2831 2829->2828 2830 405e92 CharNextA 2830->2828 2830->2834 2831->2786 2833 405e80 CharNextA 2833->2834 2834->2828 2834->2830 2834->2833 2835 405e8d CharNextA 2834->2835 2839 4056e5 2834->2839 2835->2830 2836->2786 2837->2786 2838->2782 2840 4056eb 2839->2840 2841 4056fe 2840->2841 2842 4056f1 CharNextA 2840->2842 2841->2834 2842->2840 4046 4027b0 4047 402a0c 18 API calls 4046->4047 4048 4027b6 4047->4048 4049 4027f1 4048->4049 4050 4027da 4048->4050 4057 40268f 4048->4057 4051 402807 4049->4051 4052 4027fb 4049->4052 4053 4027ee 4050->4053 4054 4027df 4050->4054 4056 405be9 18 API calls 4051->4056 4055 402a0c 18 API calls 4052->4055 4053->4057 4061 405b25 wsprintfA 4053->4061 4060 405bc7 lstrcpynA 4054->4060 4055->4053 4056->4053 4060->4057 4061->4057 4062 401eb2 4063 402a29 18 API calls 4062->4063 4064 401eb9 4063->4064 4065 405ec2 2 API calls 4064->4065 4066 401ebf 4065->4066 4067 401ed1 4066->4067 4069 405b25 wsprintfA 4066->4069 4069->4067 3217 4015b3 3218 402a29 18 API calls 3217->3218 3219 4015ba 3218->3219 3220 40574e 4 API calls 3219->3220 3232 4015c2 3220->3232 3221 40161c 3223 401621 3221->3223 3224 40164a 3221->3224 3222 4056e5 CharNextA 3222->3232 3225 401423 25 API calls 3223->3225 3226 401423 25 API calls 3224->3226 3227 401628 3225->3227 3234 401642 3226->3234 3237 405bc7 lstrcpynA 3227->3237 3230 401633 SetCurrentDirectoryA 3230->3234 3232->3221 3232->3222 3233 4015eb 3232->3233 3235 401604 GetFileAttributesA 3232->3235 3238 40540f 3232->3238 3246 4053f2 CreateDirectoryA 3232->3246 3233->3232 3241 405375 CreateDirectoryA 3233->3241 3235->3232 3237->3230 3239 405f57 5 API calls 3238->3239 3240 405416 3239->3240 3240->3232 3242 4053c2 3241->3242 3243 4053c6 GetLastError 3241->3243 3242->3233 3243->3242 3244 4053d5 SetFileSecurityA 3243->3244 3244->3242 3245 4053eb GetLastError 3244->3245 3245->3242 3247 405406 GetLastError 3246->3247 3248 405402 3246->3248 3247->3248 3248->3232 4070 4016b3 4071 402a29 18 API calls 4070->4071 4072 4016b9 GetFullPathNameA 4071->4072 4073 4016d0 4072->4073 4079 4016f1 4072->4079 4075 405ec2 2 API calls 4073->4075 4073->4079 4074 401705 GetShortPathNameA 4076 4028be 4074->4076 4077 4016e1 4075->4077 4077->4079 4080 405bc7 lstrcpynA 4077->4080 4079->4074 4079->4076 4080->4079 3249 402336 3250 40233c 3249->3250 3251 402a29 18 API calls 3250->3251 3252 40234e 3251->3252 3253 402a29 18 API calls 3252->3253 3254 402358 RegCreateKeyExA 3253->3254 3256 402382 3254->3256 3257 4028be 3254->3257 3255 40239a 3259 4023a6 3255->3259 3266 402a0c 3255->3266 3256->3255 3258 402a29 18 API calls 3256->3258 3260 402393 lstrlenA 3258->3260 3262 4023c1 RegSetValueExA 3259->3262 3263 402e8e 33 API calls 3259->3263 3260->3255 3264 4023d7 RegCloseKey 3262->3264 3263->3262 3264->3257 3267 405be9 18 API calls 3266->3267 3268 402a20 3267->3268 3268->3259 4081 402836 4082 402a0c 18 API calls 4081->4082 4083 40283c 4082->4083 4084 40286d 4083->4084 4086 40268f 4083->4086 4087 40284a 4083->4087 4085 405be9 18 API calls 4084->4085 4084->4086 4085->4086 4087->4086 4089 405b25 wsprintfA 4087->4089 4089->4086 4090 4014b7 4091 4014bd 4090->4091 4092 401389 2 API calls 4091->4092 4093 4014c5 4092->4093 4094 401d38 GetDC GetDeviceCaps 4095 402a0c 18 API calls 4094->4095 4096 401d54 MulDiv 4095->4096 4097 402a0c 18 API calls 4096->4097 4098 401d69 4097->4098 4099 405be9 18 API calls 4098->4099 4100 401da2 CreateFontIndirectA 4099->4100 4101 4024eb 4100->4101 4102 401e38 4103 402a29 18 API calls 4102->4103 4104 401e3e 4103->4104 4105 404eb3 25 API calls 4104->4105 4106 401e48 4105->4106 4107 405427 2 API calls 4106->4107 4108 401e4e 4107->4108 4109 401ea4 CloseHandle 4108->4109 4110 401e6d WaitForSingleObject 4108->4110 4111 40268f 4108->4111 4113 405f93 2 API calls 4108->4113 4109->4111 4110->4108 4112 401e7b GetExitCodeProcess 4110->4112 4114 401e96 4112->4114 4115 401e8d 4112->4115 4113->4110 4114->4109 4117 405b25 wsprintfA 4115->4117 4117->4114 4118 402539 4119 402a0c 18 API calls 4118->4119 4122 402543 4119->4122 4120 4025b9 4121 402577 ReadFile 4121->4120 4121->4122 4122->4120 4122->4121 4123 4025bb 4122->4123 4125 4025cb 4122->4125 4127 405b25 wsprintfA 4123->4127 4125->4120 4126 4025e1 SetFilePointer 4125->4126 4126->4120 4127->4120 4128 40173e 4129 402a29 18 API calls 4128->4129 4130 401745 4129->4130 4131 4058cd 2 API calls 4130->4131 4132 40174c 4131->4132 4132->4132 4133 40193f 4134 402a29 18 API calls 4133->4134 4135 401946 lstrlenA 4134->4135 4136 4024eb 4135->4136

                          Executed Functions

                          Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 40312a-403160 SetErrorMode GetVersion 1 403162-40316a call 405f57 0->1 2 403173 0->2 1->2 7 40316c 1->7 4 403178-40318b call 405ee9 lstrlenA 2->4 9 40318d-4031ff call 405f57 * 2 #17 OleInitialize SHGetFileInfoA call 405bc7 GetCommandLineA call 405bc7 GetModuleHandleA 4->9 7->2 18 403201-403206 9->18 19 40320b-403220 call 4056e5 CharNextA 9->19 18->19 22 403289-40328d 19->22 23 403222-403225 22->23 24 40328f 22->24 25 403227-40322b 23->25 26 40322d-403235 23->26 27 4032a2-4032ba GetTempPathA call 4030f9 24->27 25->25 25->26 29 403237-403238 26->29 30 40323d-403240 26->30 36 4032e0-4032fa DeleteFileA call 402c55 27->36 37 4032bc-4032da GetWindowsDirectoryA lstrcatA call 4030f9 27->37 29->30 31 403242-403246 30->31 32 403279-403286 call 4056e5 30->32 34 403258-40325e 31->34 35 403248-403251 31->35 32->22 49 403288 32->49 41 403270-403277 34->41 42 403260-403269 34->42 35->34 39 403253 35->39 50 403361-403370 call 403540 OleUninitialize 36->50 51 4032fc-403302 36->51 37->36 37->50 39->34 41->32 47 403291-40329d call 405bc7 41->47 42->41 46 40326b 42->46 46->41 47->27 49->22 61 403485-40348b 50->61 62 403376-403386 call 405488 ExitProcess 50->62 53 403351-403358 call 40361a 51->53 54 403304-40330d call 4056e5 51->54 59 40335d 53->59 65 403318-40331a 54->65 59->50 63 403491-4034ae call 405f57 * 3 61->63 64 403528-403530 61->64 93 4034b0-4034b2 63->93 94 4034f8-403506 call 405f57 63->94 69 403532 64->69 70 403536-40353a ExitProcess 64->70 71 40331c-403326 65->71 72 40330f-403315 65->72 69->70 73 403328-403335 call 40579b 71->73 74 40338c-4033a0 call 40540f lstrcatA 71->74 72->71 76 403317 72->76 73->50 83 403337-40334d call 405bc7 * 2 73->83 84 4033a2-4033a8 lstrcatA 74->84 85 4033ad-4033c7 lstrcatA lstrcmpiA 74->85 76->65 83->53 84->85 85->50 88 4033c9-4033cc 85->88 91 4033d5 call 4053f2 88->91 92 4033ce-4033d3 call 405375 88->92 103 4033da-4033e7 SetCurrentDirectoryA 91->103 92->103 93->94 99 4034b4-4034b6 93->99 105 403514-40351f ExitWindowsEx 94->105 106 403508-403512 94->106 99->94 104 4034b8-4034ca GetCurrentProcess 99->104 107 4033f4-40340e call 405bc7 103->107 108 4033e9-4033ef call 405bc7 103->108 104->94 116 4034cc-4034ee 104->116 105->64 110 403521-403523 call 40140b 105->110 106->105 106->110 117 403413-40342f call 405be9 DeleteFileA 107->117 108->107 110->64 116->94 121 403470-403477 117->121 122 403431-403441 CopyFileA 117->122 121->117 124 403479-403480 call 405915 121->124 122->121 123 403443-403463 call 405915 call 405be9 call 405427 122->123 123->121 133 403465-40346c CloseHandle 123->133 124->50 133->121
                          C-Code - Quality: 78%
                          			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F57(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056E5(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405BC7("C:\\Program Files\\Tftpd64", _t57);
								L25:
								_t116 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030F9(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403540();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x42ecb4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x42eccc; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F57(5);
											_t119 = E00405F57(6);
											_t67 = E00405F57(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F57(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405488( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x42ec3c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x42eccc =  *0x42eccc | 0xffffffff;
										 *(_t129 + 0x1c) = E0040361A( *0x42eccc);
										goto L37;
									}
									_t123 = E004056E5(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E0040540F(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\engineer\\Desktop\\download";
										if(lstrcmpiA(_t116, "C:\\Users\\engineer\\Desktop\\download") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053F2();
											} else {
												E00405375();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Program Files\\Tftpd64"; // 0x43
											if(_t147 == 0) {
												E00405BC7("C:\\Program Files\\Tftpd64", _t127);
											}
											E00405BC7(0x42f000,  *(_t129 + 0x20));
											 *0x42f400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x42ec30; // 0x2814020
												E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x428c58);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\engineer\\Desktop\\download\\Tftpd64-4.64-setup.exe", 0x428c58, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x428c58);
														E00405915(_t149);
														_t93 =  *0x42ec30; // 0x2814020
														E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E00405427(0x428c58);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x42f400 =  *0x42f400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E00405915(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040579B(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405BC7("C:\\Program Files\\Tftpd64", _t124);
									E00405BC7("C:\\Program Files\\Tftpd64", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030F9(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EE9(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F57(0xd);
					_t47 = E00405F57(0xb);
					 *0x42ec24 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x42ecd8 = _t47;
					SHGetFileInfoA(0x429058, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405BC7("Tftpd64 Standalone Edition Install", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\engineer\\Desktop\\download\\Tftpd64-4.64-setup.exe\" ";
					E00405BC7(_t125, _t51);
					 *0x42ec20 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\engineer\\Desktop\\download\\Tftpd64-4.64-setup.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M00434001;
					}
					_t56 = CharNextA(E004056E5(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                          0x0040313b
                          0x0040313f
                          0x00403147
                          0x0040314b
                          0x00403150
                          0x00403160
                          0x00403163
                          0x0040316a
                          0x00403171
                          0x00403171
                          0x0040316a
                          0x00403173
                          0x00403173
                          0x00403289
                          0x00403289
                          0x00403289
                          0x0040328b
                          0x0040328d
                          0x00000000
                          0x00000000
                          0x00403222
                          0x00403225
                          0x0040322d
                          0x0040322d
                          0x00403230
                          0x00403235
                          0x00403237
                          0x00403237
                          0x00403238
                          0x00403238
                          0x0040323d
                          0x00403240
                          0x00403279
                          0x0040327e
                          0x00403283
                          0x00403286
                          0x00403288
                          0x00403288
                          0x00403288
                          0x00000000
                          0x00403242
                          0x00403242
                          0x00403243
                          0x00403246
                          0x0040324e
                          0x00403251
                          0x00403253
                          0x00403253
                          0x00403253
                          0x00403253
                          0x00403251
                          0x00403258
                          0x0040325e
                          0x00403266
                          0x00403269
                          0x0040326b
                          0x0040326b
                          0x0040326b
                          0x0040326b
                          0x00403269
                          0x00403270
                          0x00403277
                          0x00403291
                          0x00403294
                          0x00403294
                          0x0040329d
                          0x004032a2
                          0x004032a2
                          0x004032ad
                          0x004032b3
                          0x004032b8
                          0x004032ba
                          0x004032e0
                          0x004032e5
                          0x004032ef
                          0x004032f6
                          0x004032fa
                          0x00403361
                          0x00403361
                          0x00403366
                          0x0040336c
                          0x00403370
                          0x00403485
                          0x0040348b
                          0x00403528
                          0x00403528
                          0x0040352d
                          0x00403530
                          0x00403532
                          0x00403532
                          0x0040353a
                          0x0040353a
                          0x0040349a
                          0x004034a3
                          0x004034a5
                          0x004034aa
                          0x004034ac
                          0x004034ae
                          0x004034b0
                          0x004034b2
                          0x004034b4
                          0x004034b6
                          0x004034c6
                          0x004034c8
                          0x004034ca
                          0x004034d7
                          0x004034e6
                          0x004034ee
                          0x004034f6
                          0x004034f6
                          0x004034ca
                          0x004034b6
                          0x004034b2
                          0x004034fa
                          0x004034ff
                          0x00403506
                          0x00403514
                          0x00403517
                          0x0040351d
                          0x0040351f
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403508
                          0x0040350e
                          0x00403510
                          0x00403512
                          0x00403521
                          0x00403523
                          0x00000000
                          0x00403523
                          0x00000000
                          0x00403512
                          0x00403506
                          0x0040337f
                          0x00403386
                          0x00403386
                          0x004032fc
                          0x00403302
                          0x00403351
                          0x00403351
                          0x0040335d
                          0x00000000
                          0x0040335d
                          0x0040330b
                          0x00403318
                          0x0040330f
                          0x00403315
                          0x00000000
                          0x00000000
                          0x00403317
                          0x00403317
                          0x00403317
                          0x0040331c
                          0x0040331e
                          0x00403326
                          0x00403397
                          0x00403399
                          0x004033a0
                          0x004033a8
                          0x004033a8
                          0x004033b3
                          0x004033b8
                          0x004033c7
                          0x004033cb
                          0x004033cc
                          0x004033d5
                          0x004033ce
                          0x004033ce
                          0x004033ce
                          0x004033db
                          0x004033e1
                          0x004033e7
                          0x004033ef
                          0x004033ef
                          0x004033fd
                          0x00403404
                          0x0040340d
                          0x00403413
                          0x00403413
                          0x0040341f
                          0x00403425
                          0x0040342f
                          0x00403439
                          0x0040343f
                          0x00403441
                          0x00403443
                          0x00403444
                          0x00403445
                          0x0040344a
                          0x00403456
                          0x0040345c
                          0x00403463
                          0x00403466
                          0x0040346c
                          0x0040346c
                          0x00403463
                          0x00403441
                          0x00403470
                          0x00403476
                          0x00403476
                          0x00403476
                          0x00403479
                          0x0040347a
                          0x0040347b
                          0x0040347b
                          0x00000000
                          0x004033c7
                          0x00403328
                          0x0040332a
                          0x00403335
                          0x00000000
                          0x00000000
                          0x0040333d
                          0x00403348
                          0x0040334d
                          0x00000000
                          0x0040334d
                          0x004032c2
                          0x004032ce
                          0x004032d3
                          0x004032d8
                          0x004032da
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403277
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403227
                          0x00403227
                          0x00403227
                          0x00403228
                          0x00403228
                          0x00000000
                          0x00403227
                          0x00000000
                          0x00403178
                          0x00403179
                          0x00403185
                          0x0040318b
                          0x00000000
                          0x0040318d
                          0x0040318f
                          0x00403196
                          0x0040319b
                          0x004031a0
                          0x004031a7
                          0x004031ad
                          0x004031c3
                          0x004031d3
                          0x004031d8
                          0x004031de
                          0x004031e5
                          0x004031f8
                          0x004031fd
                          0x004031ff
                          0x00403201
                          0x00403206
                          0x00403206
                          0x00403216
                          0x0040321c
                          0x00000000
                          0x0040321c

                          APIs
                          • SetErrorMode.KERNELBASE ref: 00403150
                          • GetVersion.KERNEL32 ref: 00403156
                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
                          • #17.COMCTL32(0000000B,0000000D), ref: 004031A0
                          • OleInitialize.OLE32(00000000), ref: 004031A7
                          • SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
                          • GetCommandLineA.KERNEL32(Tftpd64 Standalone Edition Install,NSIS Error), ref: 004031D8
                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000), ref: 004031EB
                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00409168), ref: 00403216
                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
                          • DeleteFileA.KERNELBASE(1033), ref: 004032E5
                            • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                            • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                          • OleUninitialize.OLE32(00000020), ref: 00403366
                          • ExitProcess.KERNEL32 ref: 00403386
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000,00000020), ref: 00403399
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000,00000020), ref: 004033A8
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000,00000020), ref: 004033B3
                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop\download,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000,00000020), ref: 004033BF
                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                          • DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,00428C58,00000001), ref: 00403439
                          • CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
                          • ExitProcess.KERNEL32 ref: 0040353A
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                          • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $.tmp$1033$C:\Program Files\Tftpd64$C:\Program Files\Tftpd64$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\download$C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$Tftpd64 Standalone Edition Install$UXTHEME$\Temp$~nsu
                          • API String ID: 3469842172-1953441640
                          • Opcode ID: 2fde9c190174eea5bff572d12735c7d5815a79fcc317721066f8967c44a74905
                          • Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
                          • Opcode Fuzzy Hash: 2fde9c190174eea5bff572d12735c7d5815a79fcc317721066f8967c44a74905
                          • Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 134 404ff1-40500c 135 405012-4050db GetDlgItem * 3 call 403eb8 call 404755 GetClientRect GetSystemMetrics SendMessageA * 2 134->135 136 40519d-4051a4 134->136 154 4050f9-4050fc 135->154 155 4050dd-4050f7 SendMessageA * 2 135->155 137 4051a6-4051c8 GetDlgItem CreateThread FindCloseChangeNotification 136->137 138 4051ce-4051db 136->138 137->138 140 4051f9-405200 138->140 141 4051dd-4051e3 138->141 146 405202-405208 140->146 147 405257-40525b 140->147 144 4051e5-4051f4 ShowWindow * 2 call 403eb8 141->144 145 40521b-405224 call 403eea 141->145 144->140 158 405229-40522d 145->158 151 405230-405240 ShowWindow 146->151 152 40520a-405216 call 403e5c 146->152 147->145 149 40525d-405260 147->149 149->145 156 405262-405275 SendMessageA 149->156 159 405250-405252 call 403e5c 151->159 160 405242-40524b call 404eb3 151->160 152->145 162 40510c-405123 call 403e83 154->162 163 4050fe-40510a SendMessageA 154->163 155->154 164 40527b-40529c CreatePopupMenu call 405be9 AppendMenuA 156->164 165 40536e-405370 156->165 159->147 160->159 173 405125-405139 ShowWindow 162->173 174 405159-40517a GetDlgItem SendMessageA 162->174 163->162 171 4052b1-4052b7 164->171 172 40529e-4052af GetWindowRect 164->172 165->158 175 4052ba-4052d2 TrackPopupMenu 171->175 172->175 176 405148 173->176 177 40513b-405146 ShowWindow 173->177 174->165 178 405180-405198 SendMessageA * 2 174->178 175->165 179 4052d8-4052ef 175->179 180 40514e-405154 call 403eb8 176->180 177->180 178->165 181 4052f4-40530f SendMessageA 179->181 180->174 181->181 183 405311-405331 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->183 184 405333-405352 SendMessageA 183->184 184->184 185 405354-405368 GlobalUnlock SetClipboardData CloseClipboard 184->185 185->165
                          C-Code - Quality: 96%
                          			E00404FF1(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x42e404; // 0x50412
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404F85, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t120); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BE9(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x42a0a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e3ec - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42ec28, 8);
							__eflags =  *0x42ecac - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x429870; // 0x281420c
								E00404EB3( *((intOrPtr*)(_t112 + 0x34)), _t149);
							}
							E00403E5C(1);
							goto L25;
						}
						 *0x429468 = 2;
						E00403E5C(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EEA(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e3f0, _t149);
						ShowWindow(_t154, 8);
						E00403EB8(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42ec30; // 0x2814020
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e3f0 = GetDlgItem(_a4, 0x403);
				 *0x42e3e8 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e404 = _t127;
				_v8 = _t127;
				E00403EB8( *0x42e3f0);
				 *0x42e3f4 = E00404755(4);
				 *0x42e40c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60); // executed
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E83(_a4);
				if(( *0x42ec38 & 0x00000003) != 0) {
					ShowWindow( *0x42e3f0, _t149);
					if(( *0x42ec38 & 0x00000002) != 0) {
						 *0x42e3f0 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403EB8( *0x42e3e8);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42ec38 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                          0x00404ffa
                          0x00405000
                          0x00405009
                          0x0040500c
                          0x0040519d
                          0x004051a4
                          0x004051c1
                          0x004051c8
                          0x004051c8
                          0x004051ce
                          0x004051db
                          0x004051f9
                          0x004051f9
                          0x00405200
                          0x00405257
                          0x00405257
                          0x0040525b
                          0x00000000
                          0x00000000
                          0x0040525d
                          0x00405260
                          0x00000000
                          0x00000000
                          0x0040526a
                          0x00405270
                          0x00405272
                          0x00405275
                          0x0040536e
                          0x00000000
                          0x0040536e
                          0x00405284
                          0x00405290
                          0x00405296
                          0x00405299
                          0x0040529c
                          0x004052b1
                          0x004052b4
                          0x004052b4
                          0x004052b7
                          0x0040529e
                          0x004052a3
                          0x004052a9
                          0x004052ac
                          0x004052ac
                          0x004052c7
                          0x004052cf
                          0x004052d0
                          0x004052d2
                          0x004052db
                          0x004052de
                          0x004052e5
                          0x004052ec
                          0x004052f4
                          0x004052f4
                          0x00405302
                          0x00405308
                          0x0040530b
                          0x0040530b
                          0x00405312
                          0x00405318
                          0x00405321
                          0x00405328
                          0x00405331
                          0x00405333
                          0x00405336
                          0x00405345
                          0x00405347
                          0x0040534d
                          0x0040534e
                          0x0040534f
                          0x0040534f
                          0x00405357
                          0x00405362
                          0x00405368
                          0x00405368
                          0x00000000
                          0x004052d2
                          0x00405202
                          0x00405208
                          0x00405238
                          0x0040523a
                          0x00405240
                          0x00405242
                          0x0040524b
                          0x0040524b
                          0x00405252
                          0x00000000
                          0x00405252
                          0x0040520c
                          0x00405216
                          0x00000000
                          0x004051dd
                          0x004051dd
                          0x004051e3
                          0x0040521b
                          0x00000000
                          0x00405224
                          0x004051ec
                          0x004051f1
                          0x004051f4
                          0x00000000
                          0x004051f4
                          0x004051db
                          0x00405012
                          0x00405016
                          0x0040501f
                          0x00405026
                          0x00405029
                          0x0040502c
                          0x0040502f
                          0x00405030
                          0x00405031
                          0x0040504a
                          0x0040504d
                          0x00405057
                          0x00405066
                          0x0040506e
                          0x00405076
                          0x0040507b
                          0x0040507e
                          0x0040508a
                          0x00405093
                          0x0040509c
                          0x004050bf
                          0x004050c5
                          0x004050d6
                          0x004050db
                          0x004050e9
                          0x004050f7
                          0x004050f7
                          0x004050fc
                          0x0040510a
                          0x0040510a
                          0x0040510f
                          0x00405112
                          0x00405117
                          0x00405123
                          0x0040512c
                          0x00405139
                          0x00405148
                          0x0040513b
                          0x00405140
                          0x00405140
                          0x00405154
                          0x00405154
                          0x00405168
                          0x00405171
                          0x0040517a
                          0x0040518a
                          0x00405196
                          0x00405196
                          0x00000000

                          APIs
                          • GetDlgItem.USER32 ref: 00405050
                          • GetDlgItem.USER32 ref: 0040505F
                          • GetClientRect.USER32 ref: 0040509C
                          • GetSystemMetrics.USER32 ref: 004050A4
                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
                          • ShowWindow.USER32(?,00000008), ref: 00405140
                          • GetDlgItem.USER32 ref: 00405161
                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
                          • GetDlgItem.USER32 ref: 0040506E
                            • Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                          • GetDlgItem.USER32 ref: 004051B3
                          • CreateThread.KERNELBASE ref: 004051C1
                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004051C8
                          • ShowWindow.USER32(00000000), ref: 004051EC
                          • ShowWindow.USER32(00050412,00000008), ref: 004051F1
                          • ShowWindow.USER32(00000008), ref: 00405238
                          • SendMessageA.USER32(00050412,00001004,00000000,00000000), ref: 0040526A
                          • CreatePopupMenu.USER32 ref: 0040527B
                          • AppendMenuA.USER32 ref: 00405290
                          • GetWindowRect.USER32 ref: 004052A3
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
                          • OpenClipboard.USER32(00000000), ref: 00405312
                          • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405318
                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
                          • GlobalLock.KERNEL32 ref: 0040532B
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
                          • SetClipboardData.USER32 ref: 00405362
                          • CloseClipboard.USER32 ref: 00405368
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                          • String ID: {
                          • API String ID: 4154960007-366298937
                          • Opcode ID: de49856ec82b57ca1132ba6a781c2e6765903cac602fd6c4a59dcde4861cfdc0
                          • Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
                          • Opcode Fuzzy Hash: de49856ec82b57ca1132ba6a781c2e6765903cac602fd6c4a59dcde4861cfdc0
                          • Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404802, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 186 404802-404850 GetDlgItem * 2 187 404856-4048ed GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 186->187 188 404a78-404a7f 186->188 189 4048fc-404905 DeleteObject 187->189 190 4048ef-4048fa SendMessageA 187->190 191 404a81-404a91 188->191 192 404a93 188->192 194 404907-40490f 189->194 190->189 193 404a96-404a9f 191->193 192->193 195 404aa1-404aa4 193->195 196 404aaa-404ab0 193->196 197 404911-404914 194->197 198 404938-40493c 194->198 195->196 199 404b91-404b98 195->199 202 404ab2-404ab9 196->202 203 404abf-404ac6 196->203 200 404916 197->200 201 404919-404936 call 405be9 SendMessageA * 2 197->201 198->194 204 40493e-40496a call 403e83 * 2 198->204 209 404b9a-404ba0 199->209 210 404c0c-404c13 199->210 200->201 201->198 202->199 202->203 206 404ac8-404acb 203->206 207 404b3e-404b41 203->207 237 404970-404976 204->237 238 404a34-404a47 GetWindowLongA SetWindowLongA 204->238 217 404ad6-404ae9 call 404782 206->217 218 404acd-404ad4 206->218 207->199 213 404b43-404b4d 207->213 211 404ba6-404bb0 209->211 212 404dee-404e00 call 403eea 209->212 215 404c21-404c28 210->215 216 404c15-404c1f SendMessageA 210->216 211->212 220 404bb6-404bc5 SendMessageA 211->220 222 404b5d-404b67 213->222 223 404b4f-404b5b SendMessageA 213->223 224 404c2a-404c31 215->224 225 404c5c-404c63 215->225 216->215 217->207 247 404aeb-404afc 217->247 218->207 218->217 220->212 230 404bcb-404bdc SendMessageA 220->230 222->199 232 404b69-404b6d 222->232 223->222 233 404c33-404c34 ImageList_Destroy 224->233 234 404c3a-404c41 224->234 228 404db0-404db7 225->228 229 404c69-404c73 call 4011ef 225->229 228->212 240 404db9-404dc0 228->240 258 404c75-404c77 call 40140b 229->258 259 404c7c-404c7f 229->259 241 404be6-404be8 230->241 242 404bde-404be4 230->242 243 404b81-404b8e 232->243 244 404b6f-404b7f 232->244 233->234 245 404c43-404c44 GlobalFree 234->245 246 404c4a-404c56 234->246 248 404979-40497f 237->248 252 404a4d-404a51 238->252 240->212 250 404dc2-404dec ShowWindow GetDlgItem ShowWindow 240->250 251 404be9-404c05 call 401299 SendMessageA 241->251 242->241 242->251 243->199 244->199 245->246 246->225 247->207 253 404afe-404b01 247->253 256 404a15-404a28 248->256 257 404985-4049ad 248->257 250->212 251->210 261 404a53-404a61 ShowWindow call 403eb8 252->261 262 404a6b-404a76 call 403eb8 252->262 254 404b03-404b0b 253->254 255 404b17 253->255 263 404b12-404b15 254->263 264 404b0d-404b10 254->264 267 404b1a-404b3b call 40117d 255->267 256->248 272 404a2e-404a32 256->272 265 4049e7-4049e9 257->265 266 4049af-4049e5 SendMessageA 257->266 258->259 269 404cc0-404ce4 call 4011ef 259->269 270 404c81-404c9a call 4012e2 call 401299 259->270 281 404a66 261->281 262->188 263->267 264->267 277 4049eb-4049fa SendMessageA 265->277 278 4049fc-404a12 SendMessageA 265->278 266->256 267->207 285 404d86-404d9a InvalidateRect 269->285 286 404cea 269->286 293 404caa-404cb9 SendMessageA 270->293 294 404c9c-404ca2 270->294 272->238 272->252 277->256 278->256 281->212 285->228 290 404d9c-404dab call 404755 call 40473d 285->290 288 404ced-404cf8 286->288 291 404cfa-404d09 288->291 292 404d6e-404d80 288->292 290->228 297 404d0b-404d18 291->297 298 404d1c-404d1f 291->298 292->285 292->288 293->269 299 404ca4 294->299 300 404ca5-404ca8 294->300 297->298 302 404d21-404d24 298->302 303 404d26-404d2f 298->303 299->300 300->293 300->294 304 404d34-404d6c SendMessageA * 2 302->304 303->304 305 404d31 303->305 304->292 305->304
                          C-Code - Quality: 98%
                          			E00404802(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t271;
				long _t274;
				int _t277;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x42ec48; // 0x281428c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x42ec30; // 0x2814020
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42ec39 & 0x00000002;
							if(( *0x42ec39 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404782(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x42ec38; // 0x84
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42a07c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42a094;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42a07c = _t315;
									 *0x42a094 = _t315;
									 *0x42ec80 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42ec39 & 0x00000001;
										if(( *0x42ec39 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x42ec4c - _t315; // 0x6
										_v32 =  *0x42a094;
										_t196 =  *0x42ec48; // 0x281428c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42e3fc; // 0x294873f
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040473D(0x3ff, 0xfffffffb, E00404755(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x2814294
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x28142a4
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72); // executed
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x42ec4c; // 0x6
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42a094);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x42ec80 = _a4;
					_t247 =  *0x42ec4c; // 0x6
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42a094 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x42ec20, 0x6e);
					 *0x42a088 =  *0x42a088 | 0xffffffff;
					_v24 = _t250;
					 *0x42a090 = SetWindowLongA(_v8, 0xfffffffc, E00404E03);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a07c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42a07c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							_t277 = SendMessageA(_v12, 0x143, _t315, E00405BE9(_t286, _t315, _t320, _t315, _t258)); // executed
							SendMessageA(_v12, 0x151, _t277, _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E83(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E83(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x42ec4c - _t318; // 0x6
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										_t271 = SendMessageA(_v8, 0x1100, 0,  &_v84); // executed
										 *( *0x42a094 + _t318 * 4) = _t271;
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42a094 + _t318 * 4) = _t274;
									_t288 =  *( *0x42a094 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x42ec4c; // 0x6
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403EB8(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5); // executed
								E00403EB8(_v12);
								L89:
								return E00403EEA(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}








































































                          0x00404820
                          0x00404826
                          0x00404828
                          0x0040482e
                          0x00404834
                          0x00404837
                          0x00404841
                          0x0040484a
                          0x0040484d
                          0x00404850
                          0x00404a78
                          0x00404a78
                          0x00404a7f
                          0x00404a93
                          0x00404a81
                          0x00404a83
                          0x00404a86
                          0x00404a87
                          0x00404a8e
                          0x00404a8e
                          0x00404a96
                          0x00404a9f
                          0x00404aaa
                          0x00404aaa
                          0x00404aad
                          0x00404ab0
                          0x00404abf
                          0x00404abf
                          0x00404ac6
                          0x00404b3e
                          0x00404b3e
                          0x00404b41
                          0x00404b43
                          0x00404b46
                          0x00404b4d
                          0x00404b5b
                          0x00404b5b
                          0x00404b5d
                          0x00404b60
                          0x00404b67
                          0x00404b69
                          0x00404b6d
                          0x00404b8a
                          0x00404b8e
                          0x00404b8e
                          0x00404b6f
                          0x00404b7c
                          0x00404b7c
                          0x00404b6d
                          0x00404b67
                          0x00000000
                          0x00404b41
                          0x00404ac8
                          0x00404acb
                          0x00404ad6
                          0x00404ad8
                          0x00404adb
                          0x00404ae2
                          0x00404ae7
                          0x00404ae9
                          0x00404af3
                          0x00404af3
                          0x00404af7
                          0x00404af9
                          0x00404afc
                          0x00404afe
                          0x00404b01
                          0x00404b17
                          0x00404b17
                          0x00404b03
                          0x00404b03
                          0x00404b09
                          0x00404b0b
                          0x00404b12
                          0x00404b0d
                          0x00404b0d
                          0x00404b0d
                          0x00404b0b
                          0x00404b1b
                          0x00404b1d
                          0x00404b22
                          0x00404b2b
                          0x00404b2c
                          0x00404b36
                          0x00404b36
                          0x00404b38
                          0x00404b3b
                          0x00404b3b
                          0x00404afc
                          0x00000000
                          0x00404ae9
                          0x00404acd
                          0x00404ad0
                          0x00404ad4
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404ad4
                          0x00404ab2
                          0x00404ab9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404aa1
                          0x00404aa1
                          0x00404aa4
                          0x00404b91
                          0x00404b91
                          0x00404b98
                          0x00404c0c
                          0x00404c0c
                          0x00404c13
                          0x00404c1f
                          0x00404c1f
                          0x00404c21
                          0x00404c28
                          0x00404c2a
                          0x00404c2f
                          0x00404c31
                          0x00404c34
                          0x00404c34
                          0x00404c3a
                          0x00404c3f
                          0x00404c41
                          0x00404c44
                          0x00404c44
                          0x00404c4a
                          0x00404c50
                          0x00404c56
                          0x00404c56
                          0x00404c5c
                          0x00404c63
                          0x00404db0
                          0x00404db0
                          0x00404db7
                          0x00404db9
                          0x00404dc0
                          0x00404dc4
                          0x00404dd1
                          0x00404dd1
                          0x00404dd4
                          0x00404dda
                          0x00404dec
                          0x00404dec
                          0x00404dc0
                          0x00000000
                          0x00404c69
                          0x00404c6b
                          0x00404c70
                          0x00404c73
                          0x00404c77
                          0x00404c77
                          0x00404c7c
                          0x00404c7f
                          0x00404cc0
                          0x00404cc2
                          0x00404ccc
                          0x00404cd2
                          0x00404cd5
                          0x00404cda
                          0x00404ce1
                          0x00404ce4
                          0x00404d86
                          0x00404d8c
                          0x00404d92
                          0x00404d97
                          0x00404d9a
                          0x00404dab
                          0x00404dab
                          0x00000000
                          0x00404cea
                          0x00404cea
                          0x00404cea
                          0x00404ced
                          0x00404cf3
                          0x00404cf6
                          0x00404cf8
                          0x00404cfa
                          0x00404cfc
                          0x00404cff
                          0x00404d02
                          0x00404d09
                          0x00404d0b
                          0x00404d0e
                          0x00404d15
                          0x00404d18
                          0x00404d18
                          0x00404d18
                          0x00404d18
                          0x00404d1c
                          0x00404d1f
                          0x00404d2b
                          0x00404d2c
                          0x00404d2f
                          0x00404d31
                          0x00404d31
                          0x00404d31
                          0x00404d21
                          0x00404d23
                          0x00404d23
                          0x00404d50
                          0x00404d50
                          0x00404d51
                          0x00404d5d
                          0x00404d6c
                          0x00404d6c
                          0x00404d6e
                          0x00404d71
                          0x00404d7a
                          0x00404d7a
                          0x00000000
                          0x00404ced
                          0x00404c81
                          0x00404c8c
                          0x00404c8f
                          0x00404c94
                          0x00404c96
                          0x00404c98
                          0x00404c9a
                          0x00404caa
                          0x00404cb4
                          0x00404cb6
                          0x00404cb9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404c9c
                          0x00404c9c
                          0x00404c9c
                          0x00404c9f
                          0x00404ca2
                          0x00404ca4
                          0x00404ca4
                          0x00404ca4
                          0x00404ca5
                          0x00404ca6
                          0x00404ca6
                          0x00000000
                          0x00404c9c
                          0x00404c7f
                          0x00404c63
                          0x00404b9a
                          0x00404ba0
                          0x00000000
                          0x00000000
                          0x00404bac
                          0x00404bb0
                          0x00000000
                          0x00000000
                          0x00404bc0
                          0x00404bc2
                          0x00404bc5
                          0x00000000
                          0x00000000
                          0x00404bd7
                          0x00404bd9
                          0x00404bdc
                          0x00404be6
                          0x00404be8
                          0x00404be9
                          0x00404bea
                          0x00404bf9
                          0x00404bfb
                          0x00404c02
                          0x00404c05
                          0x00000000
                          0x00404c05
                          0x00404bde
                          0x00404be1
                          0x00404be4
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404be4
                          0x00000000
                          0x00404aa4
                          0x00404856
                          0x0040485b
                          0x00404860
                          0x00404865
                          0x00404866
                          0x0040486f
                          0x0040487a
                          0x00404885
                          0x0040488b
                          0x00404899
                          0x004048ae
                          0x004048b3
                          0x004048be
                          0x004048c7
                          0x004048dc
                          0x004048ed
                          0x004048fa
                          0x004048fa
                          0x004048ff
                          0x00404905
                          0x00404907
                          0x0040490a
                          0x0040490f
                          0x00404914
                          0x00404916
                          0x00404916
                          0x0040492a
                          0x00404936
                          0x00404936
                          0x00404938
                          0x00404939
                          0x0040493e
                          0x00404941
                          0x00404944
                          0x00404948
                          0x0040494d
                          0x00404952
                          0x00404956
                          0x0040495b
                          0x00404960
                          0x00404962
                          0x00404964
                          0x0040496a
                          0x00404a34
                          0x00404a47
                          0x00000000
                          0x00404970
                          0x00404973
                          0x00404976
                          0x00404979
                          0x00404979
                          0x0040497f
                          0x00404985
                          0x00404988
                          0x0040498e
                          0x0040498f
                          0x00404994
                          0x0040499d
                          0x004049a4
                          0x004049a7
                          0x004049aa
                          0x004049ad
                          0x004049e7
                          0x004049e9
                          0x00404a0a
                          0x00404a12
                          0x004049eb
                          0x004049f8
                          0x004049f8
                          0x004049af
                          0x004049b2
                          0x004049c1
                          0x004049cb
                          0x004049d3
                          0x004049da
                          0x004049e2
                          0x004049e2
                          0x004049ad
                          0x00404a18
                          0x00404a19
                          0x00404a1f
                          0x00404a25
                          0x00404a25
                          0x00404a32
                          0x00404a4d
                          0x00404a51
                          0x00404a6e
                          0x00404a73
                          0x00404a76
                          0x00404a76
                          0x00000000
                          0x00404a53
                          0x00404a58
                          0x00404a61
                          0x00404dee
                          0x00404e00
                          0x00404e00
                          0x00404a51
                          0x00000000
                          0x00404a32
                          0x0040496a

                          APIs
                          • GetDlgItem.USER32 ref: 00404819
                          • GetDlgItem.USER32 ref: 00404826
                          • GlobalAlloc.KERNEL32(00000040,00000006), ref: 00404872
                          • LoadBitmapA.USER32 ref: 00404885
                          • SetWindowLongA.USER32 ref: 0040489F
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
                          • SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
                          • DeleteObject.GDI32(?), ref: 004048FF
                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
                          • GetWindowLongA.USER32 ref: 00404A39
                          • SetWindowLongA.USER32 ref: 00404A47
                          • ShowWindow.USER32(?,00000005), ref: 00404A58
                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
                          • ImageList_Destroy.COMCTL32(?), ref: 00404C34
                          • GlobalFree.KERNEL32 ref: 00404C44
                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
                          • ShowWindow.USER32(?,00000000), ref: 00404DDA
                          • GetDlgItem.USER32 ref: 00404DE5
                          • ShowWindow.USER32(00000000), ref: 00404DEC
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N
                          • API String ID: 1638840714-813528018
                          • Opcode ID: 28a3e41c6d1e1819ad851781c5ac447df817fcc90b22f98fb6f59d1076aeaf29
                          • Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
                          • Opcode Fuzzy Hash: 28a3e41c6d1e1819ad851781c5ac447df817fcc90b22f98fb6f59d1076aeaf29
                          • Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004042C1, Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 273stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 523 4042c1-4042eb 524 4042ed-4042f9 call 40546c call 405e29 523->524 525 4042fe-404308 523->525 524->525 526 404376-40437d 525->526 527 40430a-404320 GetDlgItem call 405727 525->527 530 404383-40438c 526->530 531 404454-40445b 526->531 539 404332-40436b SetWindowTextA call 403e83 * 2 call 403eb8 call 405f57 527->539 540 404322-40432a call 40574e 527->540 534 4043a6-4043ab 530->534 535 40438e-404399 530->535 536 40446a-404485 call 40546c call 40579b 531->536 537 40445d-404464 531->537 534->531 543 4043b1-4043f3 call 405be9 SHBrowseForFolderA 534->543 541 4045fd-40460f call 403eea 535->541 542 40439f 535->542 562 404487 536->562 563 40448e-4044a6 call 405bc7 call 405f57 536->563 537->536 537->541 539->541 581 404371-404374 SHAutoComplete 539->581 540->539 555 40432c-40432d call 4056ba 540->555 542->534 556 4043f5-40440f CoTaskMemFree call 4056ba 543->556 557 40444d 543->557 555->539 568 404411-404417 556->568 569 404439-40444b SetDlgItemTextA 556->569 557->531 562->563 579 4044a8-4044ae 563->579 580 4044dd-4044ee call 405bc7 call 40574e 563->580 568->569 574 404419-404430 call 405be9 lstrcmpiA 568->574 569->531 574->569 582 404432-404434 lstrcatA 574->582 579->580 583 4044b0-4044c2 GetDiskFreeSpaceExA 579->583 597 4044f0 580->597 598 4044f3-40450c GetDiskFreeSpaceA 580->598 581->526 582->569 585 4044c4-4044c6 583->585 586 404535-40454f 583->586 589 4044c8 585->589 590 4044cb-4044db call 405701 585->590 588 404551 586->588 592 404556-404560 call 404755 588->592 589->590 590->580 590->583 601 404562-404569 592->601 602 40457b-404584 592->602 597->598 598->588 599 40450e-404533 MulDiv 598->599 599->592 601->602 603 40456b 601->603 604 4045b6-4045c0 602->604 605 404586-404596 call 40473d 602->605 608 404574 603->608 609 40456d-404572 603->609 606 4045c2-4045c9 call 40140b 604->606 607 4045cc-4045d2 604->607 617 4045a8-4045b1 SetDlgItemTextA 605->617 618 404598-4045a6 call 404678 605->618 606->607 612 4045d4 607->612 613 4045d7-4045e8 call 403ea5 607->613 608->602 609->602 609->608 612->613 622 4045f7 613->622 623 4045ea-4045f0 613->623 617->604 618->604 622->541 623->622 624 4045f2 call 404256 623->624 624->622
                          C-Code - Quality: 84%
                          			E004042C1(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				union _ULARGE_INTEGER _v28;
				intOrPtr _v32;
				long _v36;
				union _ULARGE_INTEGER _v40;
				unsigned int _v44;
				union _ULARGE_INTEGER _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				struct %anon54 _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				long _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x429870; // 0x281420c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x42f000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040546C(0x3fb, _t146);
					E00405E29(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040546C(0x3fb, _t146);
							if(E0040579B(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405BC7(0x429068, _t146);
							_t87 = E00405F57(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405BC7(0x429068, _t146);
								_t89 = E0040574E(0x429068);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429068,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48.LowPart = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429068) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = GetDiskFreeSpaceExA(0x429068,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405701(0x429068) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429068) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48.LowPart = (_t150 << 0x00000020 | _v48.LowPart) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404755(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48.LowPart < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42e3fc; // 0x294873f
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040473D(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429058);
									} else {
										E00404678(_t168, 0xfffffffc, _v48.LowPart, _v44);
									}
								}
								_t96 = _v8;
								 *0x42ecc4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403EA5(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a08c == _t158) {
									E00404256();
								}
								 *0x42a08c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a0a0;
							_v60 = E00404612;
							_v56 = _t146;
							_v68 = E00405BE9(_t146, 0x42a0a0, _t166, 0x429470, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004056BA(_t146);
								_t124 =  *0x42ec30; // 0x2814020
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Program Files\\Tftpd64") {
									E00405BE9(_t146, 0x42a0a0, _t166, 0, _t125);
									if(lstrcmpiA(0x42dbc0, 0x42a0a0) != 0) {
										lstrcatA(_t146, 0x42dbc0);
									}
								}
								 *0x42a08c =  *0x42a08c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405727(_t146) != 0 && E0040574E(_t146) == 0) {
						E004056BA(_t146);
					}
					 *0x42e3f8 = _t166; // executed
					SetWindowTextA(_t165, _t146); // executed
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E83(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E83(_t166);
					E00403EB8(_t165);
					if(E00405F57(0xa) == 0) {
						L53:
						return E00403EEA(_a8, _a12, _a16);
					} else {
						SHAutoComplete(_t165, 1); // executed
						goto L8;
					}
				}
			}













































                          0x004042c1
                          0x004042c7
                          0x004042cd
                          0x004042da
                          0x004042e8
                          0x004042eb
                          0x004042f3
                          0x004042f9
                          0x004042f9
                          0x00404305
                          0x00404308
                          0x00404376
                          0x0040437d
                          0x00404454
                          0x0040445b
                          0x0040446a
                          0x0040446a
                          0x0040446e
                          0x00404478
                          0x00404485
                          0x00404487
                          0x00404487
                          0x00404495
                          0x0040449c
                          0x004044a3
                          0x004044a6
                          0x004044dd
                          0x004044df
                          0x004044e5
                          0x004044ea
                          0x004044ee
                          0x004044f0
                          0x004044f0
                          0x0040450c
                          0x00000000
                          0x0040450e
                          0x00404511
                          0x0040451f
                          0x00404525
                          0x00404526
                          0x00404529
                          0x0040452c
                          0x00000000
                          0x0040452c
                          0x004044a8
                          0x004044aa
                          0x004044ae
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004044b0
                          0x004044b0
                          0x004044bd
                          0x004044c2
                          0x00000000
                          0x00000000
                          0x004044c6
                          0x004044c8
                          0x004044c8
                          0x004044d3
                          0x004044d6
                          0x004044db
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004044db
                          0x00404538
                          0x00404542
                          0x00404545
                          0x00404548
                          0x0040454f
                          0x0040454f
                          0x00404551
                          0x00404551
                          0x00404556
                          0x00404558
                          0x00404560
                          0x00404567
                          0x00404569
                          0x00404574
                          0x00404574
                          0x00404569
                          0x0040457b
                          0x00404584
                          0x0040458e
                          0x00404596
                          0x004045b1
                          0x00404598
                          0x004045a1
                          0x004045a1
                          0x00404596
                          0x004045b6
                          0x004045bb
                          0x004045c0
                          0x004045c9
                          0x004045c9
                          0x004045d2
                          0x004045d4
                          0x004045d4
                          0x004045e0
                          0x004045e8
                          0x004045f2
                          0x004045f2
                          0x004045f7
                          0x00000000
                          0x004045f7
                          0x004044a6
                          0x0040445d
                          0x00404464
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00404464
                          0x00404383
                          0x0040438c
                          0x004043a6
                          0x004043ab
                          0x004043b5
                          0x004043bc
                          0x004043c8
                          0x004043cb
                          0x004043ce
                          0x004043d5
                          0x004043dd
                          0x004043e0
                          0x004043e4
                          0x004043eb
                          0x004043f3
                          0x0040444d
                          0x004043f5
                          0x004043f6
                          0x004043fd
                          0x00404402
                          0x00404407
                          0x0040440f
                          0x0040441c
                          0x00404430
                          0x00404434
                          0x00404434
                          0x00404430
                          0x00404439
                          0x00404446
                          0x00404446
                          0x004043f3
                          0x00000000
                          0x004043ab
                          0x00404399
                          0x00000000
                          0x00000000
                          0x0040439f
                          0x00000000
                          0x0040430a
                          0x00404317
                          0x00404320
                          0x0040432d
                          0x0040432d
                          0x00404334
                          0x0040433a
                          0x00404343
                          0x00404346
                          0x00404349
                          0x00404351
                          0x00404354
                          0x00404357
                          0x0040435d
                          0x0040436b
                          0x004045fd
                          0x0040460f
                          0x00404371
                          0x00404374
                          0x00000000
                          0x00404374
                          0x0040436b

                          APIs
                          • GetDlgItem.USER32 ref: 00404310
                          • SetWindowTextA.USER32(00000000,?), ref: 0040433A
                          • SHAutoComplete.SHLWAPI(00000000,00000001,0000000A,00000000,?,00000014,?,?,00000001,?), ref: 00404374
                          • SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
                          • CoTaskMemFree.OLE32(00000000), ref: 004043F6
                          • lstrcmpiA.KERNEL32(: Completed,0042A0A0,00000000,?,?), ref: 00404428
                          • lstrcatA.KERNEL32(?,: Completed), ref: 00404434
                          • SetDlgItemTextA.USER32 ref: 00404446
                            • Part of subcall function 0040546C: GetDlgItemTextA.USER32 ref: 0040547F
                            • Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                            • Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                            • Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                            • Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                          • GetDiskFreeSpaceExA.KERNELBASE(C:\Program Files\,?,?,?,00000001,C:\Program Files\,?,?,000003FB,?), ref: 004044BD
                          • GetDiskFreeSpaceA.KERNEL32(C:\Program Files\,?,?,0000040F,?,C:\Program Files\,C:\Program Files\,?,00000001,C:\Program Files\,?,?,000003FB,?), ref: 00404504
                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F
                            • Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                            • Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
                            • Part of subcall function 00404678: SetDlgItemTextA.USER32 ref: 00404731
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                          • String ID: : Completed$A$C:\Program Files\$C:\Program Files\Tftpd64
                          • API String ID: 4039761011-1482423947
                          • Opcode ID: 47e02a3d3fe5966b9e95f6b13e2c6bfee4bd18f053e98e68f4c1d201a8c3964d
                          • Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
                          • Opcode Fuzzy Hash: 47e02a3d3fe5966b9e95f6b13e2c6bfee4bd18f053e98e68f4c1d201a8c3964d
                          • Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402053, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				short* _t99;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E00405727(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407504, _t75, 1, 0x4074f4, _t44); // executed
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407514, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files\\Tftpd64");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t99 = L"C:\\Users\\engineer\\Desktop\\Tftpd64.lnk";
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, _t99, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, _t99, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}






















                          0x0040205c
                          0x00402066
                          0x0040206f
                          0x00402079
                          0x00402082
                          0x0040208c
                          0x00402090
                          0x00402090
                          0x00402095
                          0x004020a6
                          0x004020ae
                          0x0040218e
                          0x0040218e
                          0x00402195
                          0x004020b4
                          0x004020b4
                          0x004020c5
                          0x004020c9
                          0x004020cf
                          0x004020d9
                          0x004020db
                          0x004020e6
                          0x004020e9
                          0x004020f6
                          0x004020f8
                          0x004020fa
                          0x00402101
                          0x00402104
                          0x00402104
                          0x00402107
                          0x00402111
                          0x00402119
                          0x0040211e
                          0x0040212a
                          0x0040212a
                          0x0040212d
                          0x00402136
                          0x00402139
                          0x00402142
                          0x00402147
                          0x00402149
                          0x00402159
                          0x00402168
                          0x0040216a
                          0x00402176
                          0x00402176
                          0x00402168
                          0x00402178
                          0x0040217e
                          0x0040217e
                          0x00402181
                          0x00402187
                          0x0040218c
                          0x004021a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040218c
                          0x00402197
                          0x004028c1
                          0x004028cd

                          APIs
                          • CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\user\Desktop\Tftpd64.lnk,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: ByteCharCreateInstanceMultiWide
                          • String ID: C:\Program Files\Tftpd64$C:\Users\user\Desktop\Tftpd64.lnk
                          • API String ID: 123533781-2905258618
                          • Opcode ID: 238db720dd579948a37c42cc6b15e5169ad63cade71e7df01dab1c77489d401d
                          • Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
                          • Opcode Fuzzy Hash: 238db720dd579948a37c42cc6b15e5169ad63cade71e7df01dab1c77489d401d
                          • Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405EC2(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0f0;
			}




                          0x00405ecd
                          0x00405ed6
                          0x00000000
                          0x00405ee3
                          0x00405ed9
                          0x00000000

                          APIs
                          • FindFirstFileA.KERNELBASE(?,0042C0F0,0042B4A8,004057DE,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
                          • FindClose.KERNEL32(00000000), ref: 00405ED9
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID:
                          • API String ID: 2295610775-0
                          • Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                          • Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
                          • Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                          • Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 306 4039b0-4039c2 307 403b03-403b12 306->307 308 4039c8-4039ce 306->308 310 403b61-403b76 307->310 311 403b14-403b4f GetDlgItem * 2 call 403e83 KiUserCallbackDispatcher call 40140b 307->311 308->307 309 4039d4-4039dd 308->309 312 4039f2-4039f5 309->312 313 4039df-4039ec SetWindowPos 309->313 315 403bb6-403bbb call 403ecf 310->315 316 403b78-403b7b 310->316 333 403b54-403b5c 311->333 318 4039f7-403a09 ShowWindow 312->318 319 403a0f-403a15 312->319 313->312 324 403bc0-403bdb 315->324 321 403b7d-403b88 call 401389 316->321 322 403bae-403bb0 316->322 318->319 325 403a31-403a34 319->325 326 403a17-403a2c DestroyWindow 319->326 321->322 337 403b8a-403ba9 SendMessageA 321->337 322->315 323 403e50 322->323 331 403e52-403e59 323->331 329 403be4-403bea 324->329 330 403bdd-403bdf call 40140b 324->330 334 403a36-403a42 SetWindowLongA 325->334 335 403a47-403a4d 325->335 332 403e2d-403e33 326->332 340 403bf0-403bfb 329->340 341 403e0e-403e27 DestroyWindow EndDialog 329->341 330->329 332->323 338 403e35-403e3b 332->338 333->310 334->331 342 403af0-403afe call 403eea 335->342 343 403a53-403a64 GetDlgItem 335->343 337->331 338->323 345 403e3d-403e46 ShowWindow 338->345 340->341 346 403c01-403c4e call 405be9 call 403e83 * 3 GetDlgItem 340->346 341->332 342->331 347 403a83-403a86 343->347 348 403a66-403a7d SendMessageA IsWindowEnabled 343->348 345->323 376 403c50-403c55 346->376 377 403c58-403c94 ShowWindow KiUserCallbackDispatcher call 403ea5 EnableWindow 346->377 349 403a88-403a89 347->349 350 403a8b-403a8e 347->350 348->323 348->347 353 403ab9-403abe call 403e5c 349->353 354 403a90-403a96 350->354 355 403a9c-403aa1 350->355 353->342 357 403ad7-403aea SendMessageA 354->357 358 403a98-403a9a 354->358 355->357 359 403aa3-403aa9 355->359 357->342 358->353 362 403ac0-403ac9 call 40140b 359->362 363 403aab-403ab1 call 40140b 359->363 362->342 372 403acb-403ad5 362->372 374 403ab7 363->374 372->374 374->353 376->377 380 403c96-403c97 377->380 381 403c99 377->381 382 403c9b-403cc9 GetSystemMenu EnableMenuItem SendMessageA 380->382 381->382 383 403ccb-403cdc SendMessageA 382->383 384 403cde 382->384 385 403ce4-403d1d call 403eb8 call 405bc7 lstrlenA call 405be9 SetWindowTextA call 401389 383->385 384->385 385->324 394 403d23-403d25 385->394 394->324 395 403d2b-403d2f 394->395 396 403d31-403d37 395->396 397 403d4e-403d62 KiUserCallbackDispatcher 395->397 396->323 398 403d3d-403d43 396->398 397->332 399 403d68-403d95 CreateDialogParamA 397->399 398->324 400 403d49 398->400 399->332 401 403d9b-403df2 call 403e83 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 399->401 400->323 401->323 406 403df4-403e07 ShowWindow call 403ecf 401->406 408 403e0c 406->408 408->332
                          C-Code - Quality: 84%
                          			E004039B0(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42a084 = _t35;
					if(_t115 == 0x110) {
						 *0x42ec28 = _t125;
						 *0x42a098 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429060 = _t91;
						E00403E83(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e408); // executed
						 *0x42e3ec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a084 = 1;
					}
					_t122 =  *0x4091ac; // 0x4
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42ec40;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403ECF(0x40b);
						while(1) {
							_t37 =  *0x42a084;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0x4
							__eflags = _t39 -  *0x42ec44; // 0x5
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e3ec - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42ec44; // 0x5
							__eflags =  *0x4091ac - _t44; // 0x4
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BE9(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E83(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ecac - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403EA5(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x429060, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ecac - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x42a098);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x429060);
							}
							E00403EB8();
							E00405BC7(0x42a0a0, "Tftpd64 Standalone Edition Install");
							E00405BE9(0x42a0a0, _t125, _t130,  &(0x42a0a0[lstrlenA(0x42a0a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x42a0a0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e3f8); // executed
									 *0x429870 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42ec20,  *_t130 +  *0x42e400 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x42e3f8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E83(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e3f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e3ec - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e3f8, 8); // executed
									E00403ECF(0x405);
									goto L58;
								}
								__eflags =  *0x42ecac - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42eca0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e3f8);
						 *0x42ec28 = _t133;
						EndDialog(_t125,  *0x429468);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e3f8, 0x40f, 0, 1);
						__eflags =  *0x42e3ec - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x42a078, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a078,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EEA(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e3f8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ecac - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x429468 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E5C();
											goto L26;
										}
										E0040140B(_t127);
										 *0x429468 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0x4
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e3f8);
						 *0x42e3f8 = _a12;
						L58:
						if( *0x42b0a0 == _t133) {
							_t142 =  *0x42e3f8 - _t133; // 0x6023a
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x42b0a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                          0x004039b9
                          0x004039c2
                          0x00403b03
                          0x00403b07
                          0x00403b0b
                          0x00403b0d
                          0x00403b12
                          0x00403b1d
                          0x00403b28
                          0x00403b2d
                          0x00403b2f
                          0x00403b31
                          0x00403b34
                          0x00403b39
                          0x00403b47
                          0x00403b54
                          0x00403b5b
                          0x00403b5b
                          0x00403b5c
                          0x00403b5c
                          0x00403b61
                          0x00403b67
                          0x00403b6e
                          0x00403b74
                          0x00403b76
                          0x00403bb6
                          0x00403bbb
                          0x00403bc0
                          0x00403bc0
                          0x00403bc5
                          0x00403bce
                          0x00403bd0
                          0x00403bd5
                          0x00403bdb
                          0x00403bdf
                          0x00403bdf
                          0x00403be4
                          0x00403bea
                          0x00000000
                          0x00000000
                          0x00403bf0
                          0x00403bf5
                          0x00403bfb
                          0x00000000
                          0x00000000
                          0x00403c04
                          0x00403c0c
                          0x00403c11
                          0x00403c14
                          0x00403c1a
                          0x00403c1f
                          0x00403c22
                          0x00403c28
                          0x00403c2d
                          0x00403c30
                          0x00403c36
                          0x00403c3e
                          0x00403c44
                          0x00403c4a
                          0x00403c4e
                          0x00403c55
                          0x00403c55
                          0x00403c55
                          0x00403c5f
                          0x00403c71
                          0x00403c7d
                          0x00403c82
                          0x00403c8c
                          0x00403c92
                          0x00403c94
                          0x00403c99
                          0x00403c96
                          0x00403c96
                          0x00403c96
                          0x00403ca9
                          0x00403cc1
                          0x00403cc3
                          0x00403cc9
                          0x00403cde
                          0x00403ccb
                          0x00403cd4
                          0x00403cd6
                          0x00403cd6
                          0x00403ce4
                          0x00403cf4
                          0x00403d05
                          0x00403d0c
                          0x00403d12
                          0x00403d16
                          0x00403d1b
                          0x00403d1d
                          0x00000000
                          0x00403d23
                          0x00403d23
                          0x00403d25
                          0x00000000
                          0x00000000
                          0x00403d2b
                          0x00403d2f
                          0x00403d54
                          0x00403d5a
                          0x00403d60
                          0x00403d62
                          0x00000000
                          0x00000000
                          0x00403d88
                          0x00403d8e
                          0x00403d90
                          0x00403d95
                          0x00000000
                          0x00000000
                          0x00403d9b
                          0x00403d9e
                          0x00403da1
                          0x00403db8
                          0x00403dc4
                          0x00403ddd
                          0x00403de3
                          0x00403de7
                          0x00403dec
                          0x00403df2
                          0x00000000
                          0x00000000
                          0x00403dfc
                          0x00403e07
                          0x00000000
                          0x00403e07
                          0x00403d31
                          0x00403d37
                          0x00000000
                          0x00000000
                          0x00403d3d
                          0x00403d43
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403d49
                          0x00403d1d
                          0x00403e14
                          0x00403e20
                          0x00403e27
                          0x00000000
                          0x00403b78
                          0x00403b78
                          0x00403b7b
                          0x00403bae
                          0x00403bae
                          0x00403bb0
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403bb0
                          0x00403b7d
                          0x00403b81
                          0x00403b86
                          0x00403b88
                          0x00000000
                          0x00000000
                          0x00403b98
                          0x00403ba0
                          0x00000000
                          0x00403ba6
                          0x004039d4
                          0x004039d4
                          0x004039d8
                          0x004039dd
                          0x004039ec
                          0x004039ec
                          0x004039f5
                          0x004039fe
                          0x00403a09
                          0x00403a09
                          0x00403a15
                          0x00403a31
                          0x00403a34
                          0x00403a47
                          0x00403a4d
                          0x00403af0
                          0x00000000
                          0x00403af9
                          0x00403a53
                          0x00403a60
                          0x00403a62
                          0x00403a64
                          0x00403a83
                          0x00403a83
                          0x00403a86
                          0x00403a8b
                          0x00403a8e
                          0x00403a9e
                          0x00403a9f
                          0x00403aa1
                          0x00403ad7
                          0x00403aea
                          0x00000000
                          0x00403aea
                          0x00403aa3
                          0x00403aa9
                          0x00403ac2
                          0x00403ac7
                          0x00403ac9
                          0x00000000
                          0x00000000
                          0x00403acb
                          0x00403ab7
                          0x00403ab7
                          0x00403ab9
                          0x00403ab9
                          0x00000000
                          0x00403ab9
                          0x00403aac
                          0x00403ab1
                          0x00000000
                          0x00403ab1
                          0x00403a90
                          0x00403a96
                          0x00000000
                          0x00000000
                          0x00403a98
                          0x00000000
                          0x00403a98
                          0x00403a88
                          0x00000000
                          0x00403a88
                          0x00403a6e
                          0x00403a75
                          0x00403a7b
                          0x00403a7d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403a7d
                          0x00403a39
                          0x00000000
                          0x00403a17
                          0x00403a1d
                          0x00403a27
                          0x00403e2d
                          0x00403e33
                          0x00403e35
                          0x00403e3b
                          0x00403e40
                          0x00403e46
                          0x00403e46
                          0x00403e3b
                          0x00403e50
                          0x00000000
                          0x00403e50
                          0x00403a15

                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
                          • ShowWindow.USER32(?), ref: 00403A09
                          • DestroyWindow.USER32 ref: 00403A1D
                          • SetWindowLongA.USER32 ref: 00403A39
                          • GetDlgItem.USER32 ref: 00403A5A
                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
                          • IsWindowEnabled.USER32(00000000), ref: 00403A75
                          • GetDlgItem.USER32 ref: 00403B23
                          • GetDlgItem.USER32 ref: 00403B2D
                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B47
                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
                          • GetDlgItem.USER32 ref: 00403C3E
                          • ShowWindow.USER32(00000000,?), ref: 00403C5F
                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C71
                          • EnableWindow.USER32(?,?), ref: 00403C8C
                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
                          • EnableMenuItem.USER32 ref: 00403CA9
                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
                          • lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,Tftpd64 Standalone Edition Install), ref: 00403CFD
                          • SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
                          • ShowWindow.USER32(?,0000000A), ref: 00403E40
                          Strings
                          • Tftpd64 Standalone Edition Install, xrefs: 00403CEE
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                          • String ID: Tftpd64 Standalone Edition Install
                          • API String ID: 3906175533-4065860438
                          • Opcode ID: 7d6126d7642b0e61d65ff57ef31c97b1b1c70870f70edf64dad7e53f8cd68550
                          • Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
                          • Opcode Fuzzy Hash: 7d6126d7642b0e61d65ff57ef31c97b1b1c70870f70edf64dad7e53f8cd68550
                          • Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040361A, Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 409 40361a-403632 call 405f57 412 403634-403644 call 405b25 409->412 413 403646-40366d call 405aae 409->413 422 403690-4036b9 call 4038e3 call 40579b 412->422 418 403685-40368b lstrcatA 413->418 419 40366f-403680 call 405aae 413->419 418->422 419->418 427 403740-403748 call 40579b 422->427 428 4036bf-4036c4 422->428 434 403756-40377b LoadImageA 427->434 435 40374a-403751 call 405be9 427->435 428->427 429 4036c6-4036de call 405aae 428->429 433 4036e3-4036ea 429->433 433->427 436 4036ec-4036ee 433->436 438 403781-4037b7 RegisterClassA 434->438 439 40380a-403812 call 40140b 434->439 435->434 440 4036f0-4036fd call 4056e5 436->440 441 4036ff-40370b lstrlenA 436->441 442 4038d9 438->442 443 4037bd-403805 SystemParametersInfoA CreateWindowExA 438->443 453 403814-403817 439->453 454 40381c-403827 call 4038e3 439->454 440->441 447 403733-40373b call 4056ba call 405bc7 441->447 448 40370d-40371b lstrcmpiA 441->448 446 4038db-4038e2 442->446 443->439 447->427 448->447 452 40371d-403727 GetFileAttributesA 448->452 457 403729-40372b 452->457 458 40372d-40372e call 405701 452->458 453->446 462 4038b0-4038b1 call 404f85 454->462 463 40382d-403847 ShowWindow call 405ee9 454->463 457->447 457->458 458->447 466 4038b6-4038b8 462->466 470 403853-403865 GetClassInfoA 463->470 471 403849-40384e call 405ee9 463->471 468 4038d2-4038d4 call 40140b 466->468 469 4038ba-4038c0 466->469 468->442 469->453 472 4038c6-4038cd call 40140b 469->472 475 403867-403877 GetClassInfoA RegisterClassA 470->475 476 40387d-4038a0 DialogBoxParamA call 40140b 470->476 471->470 472->453 475->476 480 4038a5-4038ae call 40356a 476->480 480->446
                          C-Code - Quality: 96%
                          			E0040361A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x42ec30; // 0x2814020
				_t20 = E00405F57(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x42a0a0;
					"1033" = 0x7830;
					E00405AAE(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a0a0, 0);
					__eflags =  *0x42a0a0;
					if(__eflags == 0) {
						E00405AAE(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x42a0a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405B25("1033",  *_t20() & 0x0000ffff);
				}
				E004038E3(_t76, _t88);
				_t24 =  *0x42ec38; // 0x84
				_t84 = "C:\\Program Files\\Tftpd64";
				 *0x42eca0 = _t24 & 0x00000020;
				 *0x42ecbc = 0x10000;
				if(E0040579B(_t88, "C:\\Program Files\\Tftpd64") != 0) {
					L16:
					if(E0040579B(_t96, _t84) == 0) {
						E00405BE9(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x42ec20, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e408 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038E3(_t76, __eflags);
							__eflags =  *0x42ecc0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F85(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e3ec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a078, 5); // executed
							_t37 = E00405EE9("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EE9("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x42e3c0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e3c0);
								 *0x42e3e4 = _t85;
								RegisterClassA(0x42e3c0);
							}
							_t39 =  *0x42e400; // 0x0
							_t42 = DialogBoxParamA( *0x42ec20, _t39 + 0x00000069 & 0x0000ffff, 0, E004039B0, 0); // executed
							E0040356A(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x42ec20; // 0x400000
						 *0x42e3d4 = _t28;
						_v20 = 0x624e5f;
						 *0x42e3c4 = E00401000;
						 *0x42e3d0 = _t76;
						 *0x42e3e4 =  &_v20;
						if(RegisterClassA(0x42e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x42a078 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42ec20, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x42ec58; // 0x2815e2c
					_t79 = 0x42dbc0;
					E00405AAE( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x42dbc0, 0);
					_t62 =  *0x42dbc0; // 0x3a
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x42dbc1;
						 *((char*)(E004056E5(0x42dbc1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405BC7(_t84, E004056BA(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405701(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                          0x00403620
                          0x00403629
                          0x00403630
                          0x00403632
                          0x00403646
                          0x00403658
                          0x00403662
                          0x00403667
                          0x0040366d
                          0x00403680
                          0x00403680
                          0x0040368b
                          0x00403634
                          0x0040363f
                          0x0040363f
                          0x00403690
                          0x00403695
                          0x0040369a
                          0x004036a3
                          0x004036a8
                          0x004036b9
                          0x00403740
                          0x00403748
                          0x00403751
                          0x00403751
                          0x00403767
                          0x0040376d
                          0x0040377b
                          0x0040380a
                          0x00403812
                          0x0040381c
                          0x00403821
                          0x00403827
                          0x004038b1
                          0x004038b6
                          0x004038b8
                          0x004038d4
                          0x00000000
                          0x004038d4
                          0x004038ba
                          0x004038c0
                          0x004038c8
                          0x004038c8
                          0x00000000
                          0x004038c0
                          0x00403835
                          0x00403840
                          0x00403845
                          0x00403847
                          0x0040384e
                          0x0040384e
                          0x00403859
                          0x00403861
                          0x00403863
                          0x00403865
                          0x0040386e
                          0x00403871
                          0x00403877
                          0x00403877
                          0x0040387d
                          0x00403896
                          0x004038a7
                          0x00000000
                          0x004038ac
                          0x00403814
                          0x00403816
                          0x00000000
                          0x00403781
                          0x00403781
                          0x00403787
                          0x00403791
                          0x00403799
                          0x004037a3
                          0x004037a9
                          0x004037b7
                          0x004038d9
                          0x004038d9
                          0x00000000
                          0x004038d9
                          0x004037bd
                          0x004037c6
                          0x00403805
                          0x00000000
                          0x00403805
                          0x004036bf
                          0x004036bf
                          0x004036c4
                          0x00000000
                          0x00000000
                          0x004036c9
                          0x004036ce
                          0x004036de
                          0x004036e3
                          0x004036ea
                          0x00000000
                          0x00000000
                          0x004036ee
                          0x004036f0
                          0x004036fd
                          0x004036fd
                          0x00403705
                          0x0040370b
                          0x00403733
                          0x0040373b
                          0x00000000
                          0x0040371d
                          0x0040371e
                          0x00403727
                          0x0040372d
                          0x0040372e
                          0x00000000
                          0x0040372e
                          0x00403729
                          0x0040372b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040372b
                          0x0040370b

                          APIs
                            • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                            • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                          • lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,00000000), ref: 0040368B
                          • lstrlenA.KERNEL32(: Completed,?,?,?,: Completed,00000000,C:\Program Files\Tftpd64,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
                          • lstrcmpiA.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,C:\Program Files\Tftpd64,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000), ref: 00403713
                          • GetFileAttributesA.KERNEL32(: Completed), ref: 0040371E
                          • LoadImageA.USER32 ref: 00403767
                            • Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32
                          • RegisterClassA.USER32 ref: 004037AE
                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
                          • CreateWindowExA.USER32 ref: 004037FF
                          • ShowWindow.USER32(00000005,00000000), ref: 00403835
                          • GetClassInfoA.USER32 ref: 00403861
                          • GetClassInfoA.USER32 ref: 0040386E
                          • RegisterClassA.USER32 ref: 00403877
                          • DialogBoxParamA.USER32 ref: 00403896
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $.DEFAULT\Control Panel\International$.exe$1033$: Completed$C:\Program Files\Tftpd64$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                          • API String ID: 1975747703-1125628574
                          • Opcode ID: 46346a61fd7565c4fc051f76111245032180eb15bd1f2ecb4294bdc33ae76115
                          • Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
                          • Opcode Fuzzy Hash: 46346a61fd7565c4fc051f76111245032180eb15bd1f2ecb4294bdc33ae76115
                          • Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403FCB, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 483 403fcb-403fdb 484 403fe1-403fe9 483->484 485 4040ee-404101 483->485 486 403feb-403ffa 484->486 487 403ffc-404094 call 403e83 * 2 CheckDlgButton call 403ea5 GetDlgItem call 403eb8 SendMessageA 484->487 488 404103-40410c 485->488 489 40415d-404161 485->489 486->487 521 404096-404099 GetSysColor 487->521 522 40409f-4040e9 SendMessageA * 2 lstrlenA SendMessageA * 2 487->522 493 404240 488->493 494 404112-40411a 488->494 491 404231-404238 489->491 492 404167-40417b GetDlgItem 489->492 491->493 496 40423a 491->496 499 40417d-404184 492->499 500 4041ef-4041f6 492->500 498 404243-40424a call 403eea 493->498 494->493 495 404120-40412c 494->495 495->493 501 404132-404158 GetDlgItem SendMessageA call 403ea5 call 404256 495->501 496->493 508 40424f-404253 498->508 499->500 504 404186-4041a1 499->504 500->498 505 4041f8-4041ff 500->505 501->489 504->500 509 4041a3-4041ec SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 504->509 505->498 510 404201-404205 505->510 509->500 513 404207-404216 SendMessageA 510->513 514 404218-40421c 510->514 513->514 517 40422c-40422f 514->517 518 40421e-40422a SendMessageA 514->518 517->508 518->517 521->522 522->508
                          C-Code - Quality: 93%
                          			E00403FCB(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42a080 =  *0x42a080 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EEA(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42dbc0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42ec28, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42ec28, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42a080 != 0) {
						goto L25;
					} else {
						_t103 =  *0x429870; // 0x281420c
						_t25 = _t103 + 0x14; // 0x2814220
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403EA5(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404256();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42e3fc; // 0x294873f
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x42ec58; // 0x2815e2c
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F97;
				E00403E83(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E83(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403EA5( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403EB8(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x42ec30; // 0x2814020
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x429064 =  *0x429064 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x42a080 =  *0x42a080 & 0x00000000;
				return 0;
			}





















                          0x00403fdb
                          0x00404101
                          0x0040415d
                          0x00404161
                          0x00404238
                          0x0040423a
                          0x0040423a
                          0x00404240
                          0x00404240
                          0x00404243
                          0x00000000
                          0x0040424a
                          0x0040416f
                          0x00404171
                          0x0040417b
                          0x00404186
                          0x00404189
                          0x0040418c
                          0x00404197
                          0x0040419a
                          0x004041a1
                          0x004041af
                          0x004041c7
                          0x004041da
                          0x004041ea
                          0x004041ec
                          0x004041ec
                          0x004041a1
                          0x004041f6
                          0x00000000
                          0x00404201
                          0x00404205
                          0x00404216
                          0x00404216
                          0x0040421c
                          0x0040422a
                          0x0040422a
                          0x00000000
                          0x0040422e
                          0x004041f6
                          0x0040410c
                          0x00000000
                          0x00404120
                          0x00404120
                          0x00404126
                          0x00404126
                          0x0040412c
                          0x00000000
                          0x00000000
                          0x00404151
                          0x00404153
                          0x00404158
                          0x00000000
                          0x00404158
                          0x0040410c
                          0x00403fe1
                          0x00403fe4
                          0x00403fe9
                          0x00403feb
                          0x00403ffa
                          0x00403ffa
                          0x00403ffc
                          0x00404001
                          0x00404004
                          0x00404006
                          0x0040400b
                          0x00404014
                          0x0040401a
                          0x00404026
                          0x00404029
                          0x00404032
                          0x00404037
                          0x0040403a
                          0x0040403f
                          0x00404056
                          0x0040405d
                          0x00404070
                          0x00404073
                          0x00404088
                          0x0040408a
                          0x0040408f
                          0x00404094
                          0x00404099
                          0x00404099
                          0x004040a8
                          0x004040b7
                          0x004040b9
                          0x004040cf
                          0x004040de
                          0x004040e0
                          0x00000000

                          APIs
                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404056
                          • GetDlgItem.USER32 ref: 0040406A
                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
                          • GetSysColor.USER32(?), ref: 00404099
                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
                          • lstrlenA.KERNEL32(?), ref: 004040C1
                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
                          • GetDlgItem.USER32 ref: 00404141
                          • SendMessageA.USER32(00000000), ref: 00404144
                          • GetDlgItem.USER32 ref: 0040416F
                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
                          • LoadCursorA.USER32 ref: 004041BE
                          • SetCursor.USER32(00000000), ref: 004041C7
                          • ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
                          • LoadCursorA.USER32 ref: 004041E7
                          • SetCursor.USER32(00000000), ref: 004041EA
                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                          • String ID: : Completed$N$open
                          • API String ID: 3615053054-3069340868
                          • Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                          • Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
                          • Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                          • Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402C55, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 626 402c55-402ca3 GetTickCount GetModuleFileNameA call 40589e 629 402ca5-402caa 626->629 630 402caf-402cdd call 405bc7 call 405701 call 405bc7 GetFileSize 626->630 631 402e87-402e8b 629->631 638 402ce3 630->638 639 402dca-402dd8 call 402bf1 630->639 641 402ce8-402cff 638->641 645 402dda-402ddd 639->645 646 402e2d-402e32 639->646 643 402d01 641->643 644 402d03-402d05 call 4030b0 641->644 643->644 650 402d0a-402d0c 644->650 648 402e01-402e2b GlobalAlloc call 4030e2 call 402e8e 645->648 649 402ddf-402df0 call 4030e2 call 4030b0 645->649 646->631 648->646 673 402e3e-402e4f 648->673 666 402df5-402df7 649->666 652 402d12-402d19 650->652 653 402e34-402e3c call 402bf1 650->653 657 402d95-402d99 652->657 658 402d1b-402d2f call 40585f 652->658 653->646 662 402da3-402da9 657->662 663 402d9b-402da2 call 402bf1 657->663 658->662 677 402d31-402d38 658->677 668 402db8-402dc2 662->668 669 402dab-402db5 call 405fc6 662->669 663->662 666->646 674 402df9-402dff 666->674 668->641 672 402dc8 668->672 669->668 672->639 678 402e51 673->678 679 402e57-402e5c 673->679 674->646 674->648 677->662 681 402d3a-402d41 677->681 678->679 683 402e5d-402e63 679->683 681->662 682 402d43-402d4a 681->682 682->662 684 402d4c-402d53 682->684 683->683 685 402e65-402e80 SetFilePointer call 40585f 683->685 684->662 686 402d55-402d75 684->686 689 402e85 685->689 686->646 688 402d7b-402d7f 686->688 690 402d81-402d85 688->690 691 402d87-402d8f 688->691 689->631 690->672 690->691 691->662 692 402d91-402d93 691->692 692->662
                          C-Code - Quality: 80%
                          			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\engineer\\Desktop\\download\\Tftpd64-4.64-setup.exe";
				 *0x42ec2c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\download\\Tftpd64-4.64-setup.exe", 0x400);
				_t89 = E0040589E(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\engineer\\Desktop\\download";
				E00405BC7("C:\\Users\\engineer\\Desktop\\download", _t91);
				E00405BC7(0x436000, E00405701(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428c50 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x42ec34 - _t82; // 0x9200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42ec34; // 0x9200
						E004030E2(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff);
						_t57 = E00402E8E();
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42ec30 = _t94;
							 *0x42ec38 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42ec3c =  *0x42ec3c + 1;
								__eflags =  *0x42ec3c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E0040585F(0x42ec40, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030E2( *0x414c40);
					_t65 = E004030B0( &_a4, 4); // executed
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42ec34; // 0x9200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004030B0(0x420c50, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42ec34;
						if( *0x42ec34 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E0040585F( &_v44, 0x420c50, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414c40; // 0x9e4d1
						 *0x42ecc0 =  *0x42ecc0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42ec34 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428c50; // 0x9e4d5
						if(__eflags < 0) {
							_v12 = E00405FC6(_v12, 0x420c50, _t90);
						}
						 *0x414c40 =  *0x414c40 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                          0x00402c5d
                          0x00402c60
                          0x00402c63
                          0x00402c66
                          0x00402c6c
                          0x00402c7d
                          0x00402c82
                          0x00402c95
                          0x00402c9a
                          0x00402c9d
                          0x00402ca3
                          0x00000000
                          0x00402ca5
                          0x00402cb0
                          0x00402cb6
                          0x00402cc7
                          0x00402cce
                          0x00402cd4
                          0x00402cd6
                          0x00402cdb
                          0x00402cdd
                          0x00402dca
                          0x00402dcc
                          0x00402dd1
                          0x00402dd8
                          0x00000000
                          0x00000000
                          0x00402dda
                          0x00402ddd
                          0x00402e01
                          0x00402e06
                          0x00402e0c
                          0x00402e0e
                          0x00402e17
                          0x00402e1c
                          0x00402e1f
                          0x00402e20
                          0x00402e21
                          0x00402e23
                          0x00402e28
                          0x00402e2b
                          0x00402e3e
                          0x00402e42
                          0x00402e4a
                          0x00402e4f
                          0x00402e51
                          0x00402e51
                          0x00402e51
                          0x00402e59
                          0x00402e59
                          0x00402e5c
                          0x00402e5d
                          0x00402e5d
                          0x00402e60
                          0x00402e62
                          0x00402e62
                          0x00402e62
                          0x00402e6c
                          0x00402e72
                          0x00402e80
                          0x00402e85
                          0x00000000
                          0x00402e85
                          0x00000000
                          0x00402e2b
                          0x00402de5
                          0x00402df0
                          0x00402df5
                          0x00402df7
                          0x00000000
                          0x00000000
                          0x00402dfc
                          0x00402dff
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402ce3
                          0x00402ce8
                          0x00402ce8
                          0x00402ced
                          0x00402cf1
                          0x00402cf8
                          0x00402cfd
                          0x00402cff
                          0x00402d01
                          0x00402d01
                          0x00402d05
                          0x00402d0a
                          0x00402d0c
                          0x00402e36
                          0x00402e2d
                          0x00000000
                          0x00402e2d
                          0x00402d12
                          0x00402d19
                          0x00402d95
                          0x00402d99
                          0x00402d9d
                          0x00402da2
                          0x00000000
                          0x00402d99
                          0x00402d22
                          0x00402d27
                          0x00402d2a
                          0x00402d2f
                          0x00000000
                          0x00000000
                          0x00402d31
                          0x00402d38
                          0x00000000
                          0x00000000
                          0x00402d3a
                          0x00402d41
                          0x00000000
                          0x00000000
                          0x00402d43
                          0x00402d4a
                          0x00000000
                          0x00000000
                          0x00402d4c
                          0x00402d53
                          0x00000000
                          0x00000000
                          0x00402d55
                          0x00402d5b
                          0x00402d64
                          0x00402d6a
                          0x00402d6d
                          0x00402d6f
                          0x00402d75
                          0x00000000
                          0x00000000
                          0x00402d7b
                          0x00402d7f
                          0x00402d87
                          0x00402d87
                          0x00402d8a
                          0x00402d8d
                          0x00402d8f
                          0x00402d91
                          0x00402d91
                          0x00000000
                          0x00402d8f
                          0x00402d81
                          0x00402d85
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402da3
                          0x00402da3
                          0x00402da9
                          0x00402db5
                          0x00402db5
                          0x00402db8
                          0x00402dbe
                          0x00402dc0
                          0x00402dc0
                          0x00402dc8
                          0x00402dc8
                          0x00000000
                          0x00402dc8

                          APIs
                          • GetTickCount.KERNEL32 ref: 00402C66
                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,00000400), ref: 00402C82
                            • Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,80000000,00000003), ref: 004058A2
                            • Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                          • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,80000000,00000003), ref: 00402CCE
                          Strings
                          • Inst, xrefs: 00402D3A
                          • soft, xrefs: 00402D43
                          • "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" , xrefs: 00402C55
                          • Error launching installer, xrefs: 00402CA5
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                          • C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                          • C:\Users\user\Desktop\download, xrefs: 00402CB0, 00402CB5, 00402CBB
                          • Null, xrefs: 00402D4C
                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\download$C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                          • API String ID: 4283519449-17284016
                          • Opcode ID: c612054d15050489ea2984d2745b3251c1c34282ade2eb632728820ab94f6323
                          • Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
                          • Opcode Fuzzy Hash: c612054d15050489ea2984d2745b3251c1c34282ade2eb632728820ab94f6323
                          • Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405BE9, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 693 405be9-405bf4 694 405bf6-405c05 693->694 695 405c07-405c24 693->695 694->695 696 405e06-405e0a 695->696 697 405c2a-405c31 695->697 698 405e10-405e1a 696->698 699 405c36-405c40 696->699 697->696 701 405e25-405e26 698->701 702 405e1c-405e20 call 405bc7 698->702 699->698 700 405c46-405c4d 699->700 703 405c53-405c88 700->703 704 405df9 700->704 702->701 706 405da3-405da6 703->706 707 405c8e-405c99 GetVersion 703->707 708 405e03-405e05 704->708 709 405dfb-405e01 704->709 712 405dd6-405dd9 706->712 713 405da8-405dab 706->713 710 405cb3 707->710 711 405c9b-405c9f 707->711 708->696 709->696 719 405cba-405cc1 710->719 711->710 716 405ca1-405ca5 711->716 714 405de7-405df7 lstrlenA 712->714 715 405ddb-405de2 call 405be9 712->715 717 405dbb-405dc7 call 405bc7 713->717 718 405dad-405db9 call 405b25 713->718 714->696 715->714 716->710 724 405ca7-405cab 716->724 728 405dcc-405dd2 717->728 718->728 720 405cc3-405cc5 719->720 721 405cc6-405cc8 719->721 720->721 726 405d01-405d04 721->726 727 405cca-405ce5 call 405aae 721->727 724->710 729 405cad-405cb1 724->729 733 405d14-405d17 726->733 734 405d06-405d12 GetSystemDirectoryA 726->734 735 405cea-405ced 727->735 728->714 732 405dd4 728->732 729->719 736 405d9b-405da1 call 405e29 732->736 738 405d81-405d83 733->738 739 405d19-405d27 GetWindowsDirectoryA 733->739 737 405d85-405d88 734->737 740 405cf3-405cfc call 405be9 735->740 741 405d8a-405d8e 735->741 736->714 737->736 737->741 738->737 742 405d29-405d33 738->742 739->738 740->737 741->736 745 405d90-405d96 lstrcatA 741->745 747 405d35-405d38 742->747 748 405d4d-405d63 SHGetSpecialFolderLocation 742->748 745->736 747->748 752 405d3a-405d41 747->752 749 405d65-405d7c SHGetPathFromIDListA CoTaskMemFree 748->749 750 405d7e 748->750 749->737 749->750 750->738 753 405d49-405d4b 752->753 753->737 753->748
                          C-Code - Quality: 74%
                          			E00405BE9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42e3fc; // 0x294873f
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x42ec58; // 0x2815e2c
				_t74 = _t73 + _t36;
				_t37 = 0x42dbc0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x42dbc0;
				if(_a4 - 0x42dbc0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BE9(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x42dbc0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x42f000;
							E00405BC7(_t86, (_t95 << 0xa) + 0x42f000);
						} else {
							E00405B25(_t86,  *0x42ec28);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405E29(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x42eca4;
						if( *0x42eca4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x42ec24; // 0x74691340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86); // executed
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x42ec58;
							E00405AAE(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x42ec58, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BE9(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405BC7(_a4, _t37);
			}






























                          0x00405be9
                          0x00405be9
                          0x00405be9
                          0x00405bef
                          0x00405bf4
                          0x00405bf6
                          0x00405c05
                          0x00405c05
                          0x00405c07
                          0x00405c10
                          0x00405c12
                          0x00405c17
                          0x00405c1a
                          0x00405c1b
                          0x00405c22
                          0x00405c24
                          0x00405c2a
                          0x00405c2d
                          0x00405c2d
                          0x00405e06
                          0x00405e06
                          0x00405e0a
                          0x00000000
                          0x00000000
                          0x00405c3a
                          0x00405c40
                          0x00000000
                          0x00000000
                          0x00405c46
                          0x00405c47
                          0x00405c4a
                          0x00405c4d
                          0x00405df9
                          0x00405e03
                          0x00405e05
                          0x00405e05
                          0x00405dfb
                          0x00405dfd
                          0x00405dff
                          0x00405e00
                          0x00405e00
                          0x00000000
                          0x00405df9
                          0x00405c53
                          0x00405c57
                          0x00405c67
                          0x00405c6b
                          0x00405c72
                          0x00405c75
                          0x00405c79
                          0x00405c7f
                          0x00405c82
                          0x00405c85
                          0x00405c88
                          0x00405da3
                          0x00405da6
                          0x00405dd6
                          0x00405dd9
                          0x00405dde
                          0x00405de2
                          0x00405de2
                          0x00405de7
                          0x00405de8
                          0x00405ded
                          0x00405df0
                          0x00405df2
                          0x00000000
                          0x00405df2
                          0x00405da8
                          0x00405dab
                          0x00405dc0
                          0x00405dc7
                          0x00405dad
                          0x00405db4
                          0x00405db4
                          0x00405dcf
                          0x00405dd2
                          0x00405d9b
                          0x00405d9c
                          0x00405d9c
                          0x00000000
                          0x00405dd2
                          0x00405c90
                          0x00405c91
                          0x00405c97
                          0x00405c99
                          0x00405cb3
                          0x00405cb3
                          0x00405cba
                          0x00405cba
                          0x00405cc1
                          0x00405cc5
                          0x00405cc5
                          0x00405cc6
                          0x00405cc8
                          0x00405d01
                          0x00405d04
                          0x00405d14
                          0x00405d17
                          0x00405d1f
                          0x00405d25
                          0x00405d25
                          0x00405d81
                          0x00405d81
                          0x00405d83
                          0x00000000
                          0x00000000
                          0x00405d29
                          0x00405d30
                          0x00405d31
                          0x00405d33
                          0x00405d4d
                          0x00405d5b
                          0x00405d61
                          0x00405d63
                          0x00405d7e
                          0x00405d7e
                          0x00405d7e
                          0x00000000
                          0x00405d7e
                          0x00405d69
                          0x00405d74
                          0x00405d7a
                          0x00405d7c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405d7c
                          0x00405d35
                          0x00405d38
                          0x00000000
                          0x00000000
                          0x00405d47
                          0x00405d49
                          0x00405d4b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405d4b
                          0x00000000
                          0x00405d81
                          0x00405d0c
                          0x00000000
                          0x00405cca
                          0x00405ccf
                          0x00405ce5
                          0x00405cea
                          0x00405ced
                          0x00405d8a
                          0x00405d8a
                          0x00405d8e
                          0x00405d96
                          0x00405d96
                          0x00000000
                          0x00405d8e
                          0x00405cf7
                          0x00405d85
                          0x00405d85
                          0x00405d88
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405d88
                          0x00405cc8
                          0x00405c9b
                          0x00405c9f
                          0x00000000
                          0x00000000
                          0x00405ca1
                          0x00405ca5
                          0x00000000
                          0x00000000
                          0x00405ca7
                          0x00405cab
                          0x00000000
                          0x00405cad
                          0x00405cad
                          0x00000000
                          0x00405cad
                          0x00405cab
                          0x00405e10
                          0x00405e1a
                          0x00405e26
                          0x00405e26
                          0x00000000

                          APIs
                          • GetVersion.KERNEL32(00000000,Completed!,00000000,00404EEB,Completed!,00000000), ref: 00405C91
                          • GetSystemDirectoryA.KERNEL32 ref: 00405D0C
                          • GetWindowsDirectoryA.KERNEL32(: Completed,00000400), ref: 00405D1F
                          • SHGetSpecialFolderLocation.SHELL32(?,006617DE), ref: 00405D5B
                          • SHGetPathFromIDListA.SHELL32(006617DE,: Completed), ref: 00405D69
                          • CoTaskMemFree.OLE32(006617DE), ref: 00405D74
                          • lstrcatA.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
                          • lstrlenA.KERNEL32(: Completed,00000000,Completed!,00000000,00404EEB,Completed!,00000000), ref: 00405DE8
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                          • String ID: : Completed$Completed!$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                          • API String ID: 900638850-2593115246
                          • Opcode ID: e8ff7387220abfc0254a8dd160f9c75c675389606b3e44a595c416257d13762e
                          • Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
                          • Opcode Fuzzy Hash: e8ff7387220abfc0254a8dd160f9c75c675389606b3e44a595c416257d13762e
                          • Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402E8E, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 174fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 754 402e8e-402ea2 755 402ea4 754->755 756 402eab-402eb4 754->756 755->756 757 402eb6 756->757 758 402ebd-402ec2 756->758 757->758 759 402ed2-402edf call 4030b0 758->759 760 402ec4-402ecd call 4030e2 758->760 764 402ee5-402ee9 759->764 765 40305b 759->765 760->759 766 403044-403046 764->766 767 402eef-402f38 GetTickCount 764->767 768 40305d-40305e 765->768 772 403048-40304b 766->772 773 40309b-40309f 766->773 769 4030a6 767->769 770 402f3e-402f46 767->770 771 4030a9-4030ad 768->771 769->771 776 402f48 770->776 777 402f4b-402f59 call 4030b0 770->777 774 403050-403059 call 4030b0 772->774 775 40304d 772->775 778 403060-403066 773->778 779 4030a1 773->779 774->765 787 4030a3 774->787 775->774 776->777 777->765 788 402f5f-402f68 777->788 782 403068 778->782 783 40306b-403079 call 4030b0 778->783 779->769 782->783 783->765 791 40307b-40308e WriteFile 783->791 787->769 790 402f6e-402f8e call 406034 788->790 797 402f94-402fa7 GetTickCount 790->797 798 40303c-40303e 790->798 793 403040-403042 791->793 794 403090-403093 791->794 793->768 794->793 796 403095-403098 794->796 796->773 799 402fa9-402fb1 797->799 800 402fec-402ff0 797->800 798->768 803 402fb3-402fb7 799->803 804 402fb9-402fe4 MulDiv wsprintfA call 404eb3 799->804 801 403031-403034 800->801 802 402ff2-402ff5 800->802 801->770 808 40303a 801->808 806 403017-403022 802->806 807 402ff7-40300b WriteFile 802->807 803->800 803->804 809 402fe9 804->809 811 403025-403029 806->811 807->793 810 40300d-403010 807->810 808->769 809->800 810->793 812 403012-403015 810->812 811->790 813 40302f 811->813 812->811 813->769
                          C-Code - Quality: 95%
                          			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				int _t71;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418c48;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ec78; // 0x12da4
					E004030E2(_t95 + _t65);
				}
				_t67 = E004030B0( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E004030B0(0x414c48, _t103) == 0) {
									goto L34;
								} else {
									_t71 = WriteFile(_a8, 0x414c48, _t103,  &_a12, 0); // executed
									if(_t71 == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E004030B0(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b5ac =  *0x40b5ac & 0x00000000;
					 *0x40b5a8 =  *0x40b5a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40b090 = 8;
					 *0x414c38 = 0x40cc30;
					 *0x414c34 = 0x40cc30;
					 *0x414c30 = 0x414c30;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E004030B0(0x414c48, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40b080 = 0x414c48;
						 *0x40b084 = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40b088 = _t100;
							 *0x40b08c = _v12;
							_t79 = E00406034("aMA");
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40b088; // 0x6617de
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ecd4 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404EB3(0,  &_v92); // executed
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40b088; // 0x6617de
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}




























                          0x00402e96
                          0x00402e9a
                          0x00402e9d
                          0x00402ea2
                          0x00402ea4
                          0x00402ea4
                          0x00402eab
                          0x00402eaf
                          0x00402eb4
                          0x00402eb6
                          0x00402eb6
                          0x00402ebd
                          0x00402ec2
                          0x00402ec4
                          0x00402ecd
                          0x00402ecd
                          0x00402ed8
                          0x00402edf
                          0x0040305b
                          0x0040305b
                          0x00000000
                          0x00402ee5
                          0x00402ee9
                          0x00403046
                          0x0040309b
                          0x00403060
                          0x00403066
                          0x00403068
                          0x00403068
                          0x00403079
                          0x00000000
                          0x0040307b
                          0x00403086
                          0x0040308e
                          0x00403040
                          0x00403040
                          0x0040305d
                          0x0040305d
                          0x00000000
                          0x00403095
                          0x00403095
                          0x00403098
                          0x00000000
                          0x00403098
                          0x0040308e
                          0x00403079
                          0x004030a6
                          0x00000000
                          0x004030a6
                          0x0040304b
                          0x0040304d
                          0x0040304d
                          0x00403059
                          0x004030a3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00403059
                          0x00402ef5
                          0x00402ef7
                          0x00402efe
                          0x00402f05
                          0x00402f05
                          0x00402f0c
                          0x00402f14
                          0x00402f1e
                          0x00402f23
                          0x00402f2b
                          0x00402f35
                          0x00402f38
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402f3e
                          0x00402f3e
                          0x00402f3e
                          0x00402f46
                          0x00402f48
                          0x00402f48
                          0x00402f59
                          0x00000000
                          0x00000000
                          0x00402f5f
                          0x00402f62
                          0x00402f68
                          0x00402f6e
                          0x00402f6e
                          0x00402f79
                          0x00402f7f
                          0x00402f84
                          0x00402f8b
                          0x00402f8e
                          0x00000000
                          0x00000000
                          0x00402f94
                          0x00402f9a
                          0x00402f9c
                          0x00402fa5
                          0x00402fa7
                          0x00402fd5
                          0x00402fdb
                          0x00402fe4
                          0x00402fe9
                          0x00402fe9
                          0x00402ff0
                          0x00403034
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402ff2
                          0x00402ff5
                          0x00403017
                          0x0040301c
                          0x0040301f
                          0x00403022
                          0x00403025
                          0x00403029
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040302f
                          0x00403003
                          0x0040300b
                          0x00000000
                          0x00403012
                          0x00403012
                          0x00000000
                          0x00403012
                          0x0040300b
                          0x00402ff0
                          0x0040303c
                          0x00000000
                          0x0040303c
                          0x00000000
                          0x00402f3e

                          APIs
                          • GetTickCount.KERNEL32 ref: 00402EF5
                          • GetTickCount.KERNEL32 ref: 00402F9C
                          • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
                          • wsprintfA.USER32 ref: 00402FD5
                          • WriteFile.KERNELBASE(00000000,00000000,006617DE,7FFFFFFF,00000000), ref: 00403003
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CountTick$FileWritewsprintf
                          • String ID: ... %d%%$HLA$HLA$aMA
                          • API String ID: 4209647438-2568605107
                          • Opcode ID: dda3aa3df327daaf8f3aeacf59d0e7d34310fadb26b3236abbcabedbd2039d95
                          • Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
                          • Opcode Fuzzy Hash: dda3aa3df327daaf8f3aeacf59d0e7d34310fadb26b3236abbcabedbd2039d95
                          • Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401751, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 814 401751-401774 call 402a29 call 405727 819 401776-40177c call 405bc7 814->819 820 40177e-401790 call 405bc7 call 4056ba lstrcatA 814->820 825 401795-40179b call 405e29 819->825 820->825 830 4017a0-4017a4 825->830 831 4017a6-4017b0 call 405ec2 830->831 832 4017d7-4017da 830->832 839 4017c2-4017d4 831->839 840 4017b2-4017c0 CompareFileTime 831->840 834 4017e2-4017fe call 40589e 832->834 835 4017dc-4017dd call 40587f 832->835 842 401800-401803 834->842 843 401876-40189f call 404eb3 call 402e8e 834->843 835->834 839->832 840->839 844 401805-401847 call 405bc7 * 2 call 405be9 call 405bc7 call 405488 842->844 845 401858-401862 call 404eb3 842->845 857 4018a1-4018a5 843->857 858 4018a7-4018b3 SetFileTime 843->858 844->830 878 40184d-40184e 844->878 855 40186b-401871 845->855 859 4028c7 855->859 857->858 861 4018b9-4018c4 FindCloseChangeNotification 857->861 858->861 862 4028c9-4028cd 859->862 864 4018ca-4018cd 861->864 865 4028be-4028c1 861->865 867 4018e2-4018e5 call 405be9 864->867 868 4018cf-4018e0 call 405be9 lstrcatA 864->868 865->859 872 4018ea-402246 call 405488 867->872 868->872 872->862 872->865 878->855 880 401850-401851 878->880 880->845
                          C-Code - Quality: 73%
                          			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405727(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004056BA(E00405BC7(0x409c40, "C:\\Program Files\\Tftpd64")), ??);
				} else {
					_push(0x409c40);
					E00405BC7();
				}
				E00405E29(0x409c40);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405EC2(0x409c40);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040587F(0x409c40);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040589E(0x409c40, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404EB3(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42eca8;
						goto L32;
					} else {
						E00405BC7(0x40a440, 0x42f000);
						E00405BC7(0x42f000, 0x409c40);
						E00405BE9(_t75, 0x40a440, 0x409c40, "C:\Users\engineer\Desktop\Tftpd64.lnk",  *((intOrPtr*)(_t85 - 0x14)));
						E00405BC7(0x42f000, 0x40a440);
						_t62 = E00405488("C:\Users\engineer\Desktop\Tftpd64.lnk",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42eca8 =  &( *0x42eca8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c40);
								_push(0xfffffffa);
								E00404EB3();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404EB3(0xffffffea,  *(_t85 - 0xc)); // executed
				 *0x42ecd4 =  *0x42ecd4 + 1;
				_t43 = E00402E8E( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x42ecd4 =  *0x42ecd4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffee);
					} else {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffe9);
						lstrcatA(0x409c40,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c40);
					E00405488();
					goto L29;
				}
				goto L33;
			}
















                          0x00401751
                          0x00401758
                          0x00401761
                          0x00401764
                          0x00401767
                          0x0040176c
                          0x00401774
                          0x00401790
                          0x00401776
                          0x00401776
                          0x00401777
                          0x00401777
                          0x00401796
                          0x004017a0
                          0x004017a0
                          0x004017a4
                          0x004017a7
                          0x004017ac
                          0x004017ae
                          0x004017b0
                          0x004017b5
                          0x004017b5
                          0x004017c0
                          0x004017c0
                          0x004017d1
                          0x004017d3
                          0x004017d3
                          0x004017d4
                          0x004017d4
                          0x004017d7
                          0x004017da
                          0x004017dd
                          0x004017dd
                          0x004017e4
                          0x004017f3
                          0x004017f8
                          0x004017fb
                          0x004017fe
                          0x00000000
                          0x00000000
                          0x00401800
                          0x00401803
                          0x0040185d
                          0x00401862
                          0x004015a8
                          0x0040268f
                          0x0040268f
                          0x004028be
                          0x004028c1
                          0x004028c1
                          0x00000000
                          0x00401805
                          0x0040180b
                          0x00401816
                          0x00401823
                          0x0040182e
                          0x00401844
                          0x00401844
                          0x00401847
                          0x00000000
                          0x0040184d
                          0x0040184d
                          0x0040184e
                          0x0040186b
                          0x004028c7
                          0x004028c7
                          0x004028c7
                          0x00401850
                          0x00401850
                          0x00401851
                          0x00401492
                          0x00402241
                          0x00402241
                          0x00402241
                          0x0040184e
                          0x00401847
                          0x004028c9
                          0x004028cd
                          0x004028cd
                          0x0040187b
                          0x00401880
                          0x0040188e
                          0x00401893
                          0x00401899
                          0x0040189d
                          0x0040189f
                          0x004018a7
                          0x004018b3
                          0x004018a1
                          0x004018a1
                          0x004018a5
                          0x00000000
                          0x00000000
                          0x004018a5
                          0x004018bc
                          0x004018c2
                          0x004018c4
                          0x00000000
                          0x004018ca
                          0x004018ca
                          0x004018cd
                          0x004018e5
                          0x004018cf
                          0x004018d2
                          0x004018db
                          0x004018db
                          0x004018ea
                          0x004018ef
                          0x0040223c
                          0x00000000
                          0x0040223c
                          0x00000000

                          APIs
                          • lstrcatA.KERNEL32(00000000,00000000,00409C40,C:\Program Files\Tftpd64,00000000,00000000,00000031), ref: 00401790
                          • CompareFileTime.KERNEL32(-00000014,?,00409C40,00409C40,00000000,00000000,00409C40,C:\Program Files\Tftpd64,00000000,00000000,00000031), ref: 004017BA
                            • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,Tftpd64 Standalone Edition Install,NSIS Error), ref: 00405BD4
                            • Part of subcall function 00404EB3: lstrlenA.KERNEL32(Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                            • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                            • Part of subcall function 00404EB3: lstrcatA.KERNEL32(Completed!,00402FE9,00402FE9,Completed!,00000000,006617DE,747DEA30), ref: 00404F0F
                            • Part of subcall function 00404EB3: SetWindowTextA.USER32(Completed!,Completed!), ref: 00404F21
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: C:\Program Files\Tftpd64$C:\Program Files\Tftpd64\Tftpd64.exe$C:\Users\user\Desktop\Tftpd64.lnk
                          • API String ID: 1941528284-266184209
                          • Opcode ID: c68feba2f0b4331acfec6ddba4484b7e9dd624c0d36979df67d1dd9a0f0c6959
                          • Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
                          • Opcode Fuzzy Hash: c68feba2f0b4331acfec6ddba4484b7e9dd624c0d36979df67d1dd9a0f0c6959
                          • Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404EB3, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 881 404eb3-404ec8 882 404f7e-404f82 881->882 883 404ece-404ee0 881->883 884 404ee2-404ee6 call 405be9 883->884 885 404eeb-404ef7 lstrlenA 883->885 884->885 887 404f14-404f18 885->887 888 404ef9-404f09 lstrlenA 885->888 890 404f27-404f2b 887->890 891 404f1a-404f21 SetWindowTextA 887->891 888->882 889 404f0b-404f0f lstrcatA 888->889 889->887 892 404f71-404f73 890->892 893 404f2d-404f6f SendMessageA * 3 890->893 891->890 892->882 894 404f75-404f78 892->894 893->892 894->882
                          C-Code - Quality: 100%
                          			E00404EB3(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e404; // 0x50412
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ecd4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BE9(0, _t39, 0x429878, 0x429878, _a4);
					}
					_t26 = lstrlenA(0x429878);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e3e8, 0x429878); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x429878;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x429878)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x429878, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                          0x00404eb9
                          0x00404ec5
                          0x00404ec8
                          0x00404ece
                          0x00404eda
                          0x00404edd
                          0x00404ee0
                          0x00404ee6
                          0x00404ee6
                          0x00404eec
                          0x00404ef4
                          0x00404ef7
                          0x00404f14
                          0x00404f18
                          0x00404f21
                          0x00404f21
                          0x00404f2b
                          0x00404f34
                          0x00404f40
                          0x00404f47
                          0x00404f4b
                          0x00404f4e
                          0x00404f61
                          0x00404f6f
                          0x00404f6f
                          0x00404f73
                          0x00404f75
                          0x00404f78
                          0x00000000
                          0x00404f78
                          0x00404ef9
                          0x00404f01
                          0x00404f09
                          0x00404f0f
                          0x00000000
                          0x00404f0f
                          0x00404f09
                          0x00404ef7
                          0x00404f82

                          APIs
                          • lstrlenA.KERNEL32(Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                          • lstrlenA.KERNEL32(00402FE9,Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                          • lstrcatA.KERNEL32(Completed!,00402FE9,00402FE9,Completed!,00000000,006617DE,747DEA30), ref: 00404F0F
                          • SetWindowTextA.USER32(Completed!,Completed!), ref: 00404F21
                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID: Completed!
                          • API String ID: 2531174081-2064009216
                          • Opcode ID: 55e5bf593d57faa93d16a1664f1a38fe3a37b5f3af540cb3841c865059337078
                          • Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
                          • Opcode Fuzzy Hash: 55e5bf593d57faa93d16a1664f1a38fe3a37b5f3af540cb3841c865059337078
                          • Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          C-Code - Quality: 86%
                          			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				intOrPtr _t41;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E00405727(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E0040587F(_t52);
				_t27 = E0040589E(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42ec34; // 0x9200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030E2(_t47);
						E004030B0(_t51,  *(_t58 - 0x30)); // executed
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20)); // executed
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E0040585F( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47); // executed
						GlobalFree(_t51);
						_t41 = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47); // executed
						 *((intOrPtr*)(_t58 - 0xc)) = _t41;
					}
					FindCloseChangeNotification( *(_t58 + 8)); // executed
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}












                          0x004026af
                          0x004026b1
                          0x004026bd
                          0x004026c0
                          0x004026ca
                          0x004026ce
                          0x004026ce
                          0x004026d4
                          0x004026e1
                          0x004026e9
                          0x004026ec
                          0x004026f2
                          0x00402700
                          0x00402705
                          0x00402709
                          0x0040270c
                          0x00402715
                          0x00402721
                          0x00402725
                          0x00402728
                          0x00402732
                          0x00402751
                          0x00402739
                          0x0040273e
                          0x00402746
                          0x00402749
                          0x0040274e
                          0x0040274e
                          0x00402758
                          0x00402758
                          0x0040276a
                          0x00402771
                          0x0040277e
                          0x00402783
                          0x00402783
                          0x00402789
                          0x00402789
                          0x00402794
                          0x00402795
                          0x00402799
                          0x0040279d
                          0x004027a3
                          0x004027a3
                          0x004027aa
                          0x00402197
                          0x004028c1
                          0x004028cd

                          APIs
                          • GlobalAlloc.KERNEL32(00000040,00009200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                          • GlobalFree.KERNEL32 ref: 00402758
                          • WriteFile.KERNELBASE(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                          • GlobalFree.KERNEL32 ref: 00402771
                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,000000F0), ref: 00402789
                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Global$AllocFileFree$ChangeCloseDeleteFindNotificationWrite
                          • String ID:
                          • API String ID: 2326852265-0
                          • Opcode ID: f8d09adad74f0857229e66b0aed5420e4fd154ec140d331124978707cc36d9c5
                          • Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
                          • Opcode Fuzzy Hash: f8d09adad74f0857229e66b0aed5420e4fd154ec140d331124978707cc36d9c5
                          • Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 928 405ee9-405f09 GetSystemDirectoryA 929 405f0b 928->929 930 405f0d-405f0f 928->930 929->930 931 405f11-405f19 930->931 932 405f1f-405f21 930->932 931->932 934 405f1b-405f1d 931->934 933 405f22-405f54 wsprintfA LoadLibraryExA 932->933 934->933
                          C-Code - Quality: 100%
                          			E00405EE9(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                          0x00405f00
                          0x00405f09
                          0x00405f0b
                          0x00405f0b
                          0x00405f0f
                          0x00405f21
                          0x00405f1b
                          0x00405f1b
                          0x00405f1b
                          0x00405f25
                          0x00405f39
                          0x00405f4d
                          0x00405f54

                          APIs
                          • GetSystemDirectoryA.KERNEL32 ref: 00405F00
                          • wsprintfA.USER32 ref: 00405F39
                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: DirectoryLibraryLoadSystemwsprintf
                          • String ID: %s%s.dll$UXTHEME$\
                          • API String ID: 2200240437-4240819195
                          • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                          • Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
                          • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                          • Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 935 402336-40237c call 402b1e call 402a29 * 2 RegCreateKeyExA 942 402382-40238a 935->942 943 4028be-4028cd 935->943 944 40239a-40239d 942->944 945 40238c-402399 call 402a29 lstrlenA 942->945 948 4023ad-4023b0 944->948 949 40239f-4023ac call 402a0c 944->949 945->944 953 4023c1-4023d5 RegSetValueExA 948->953 954 4023b2-4023bc call 402e8e 948->954 949->948 957 4023d7 953->957 958 4023da-4024b6 RegCloseKey 953->958 954->953 957->958 958->943
                          C-Code - Quality: 85%
                          			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x42ecd0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a440) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a440 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a440, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a440, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42eca8 =  *0x42eca8 +  *(_t37 - 4);
				return 0;
			}












                          0x00402337
                          0x0040233c
                          0x00402346
                          0x00402350
                          0x00402353
                          0x0040235d
                          0x0040236d
                          0x00402374
                          0x0040237c
                          0x0040238a
                          0x0040238e
                          0x00402399
                          0x00402399
                          0x0040239d
                          0x004023a1
                          0x004023a7
                          0x004023ac
                          0x004023ac
                          0x004023b0
                          0x004023bc
                          0x004023bc
                          0x004023cd
                          0x004023d5
                          0x004023d7
                          0x004023d7
                          0x004023da
                          0x004024b0
                          0x004024b0
                          0x004028c1
                          0x004028cd

                          APIs
                          • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                          • lstrlenA.KERNEL32(C:\Program Files\Tftpd64\Tftpd64.exe,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Program Files\Tftpd64\Tftpd64.exe,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                          • RegCloseKey.ADVAPI32(?,?,?,C:\Program Files\Tftpd64\Tftpd64.exe,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CloseCreateValuelstrlen
                          • String ID: C:\Program Files\Tftpd64\Tftpd64.exe
                          • API String ID: 1356686001-3924421246
                          • Opcode ID: 9fdc96e5f05966b32c77db4b2c469585f1751cb7fc6f0d3f91ada42923d9054a
                          • Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
                          • Opcode Fuzzy Hash: 9fdc96e5f05966b32c77db4b2c469585f1751cb7fc6f0d3f91ada42923d9054a
                          • Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004058CD, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004058CD(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                          0x004058d1
                          0x004058d7
                          0x004058d8
                          0x004058d8
                          0x004058d9
                          0x004058e0
                          0x004058ea
                          0x004058f7
                          0x004058fa
                          0x00405902
                          0x00000000
                          0x00000000
                          0x00405906
                          0x00000000
                          0x00000000
                          0x00405908
                          0x00000000
                          0x00405908
                          0x00000000

                          APIs
                          • GetTickCount.KERNEL32 ref: 004058E0
                          • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-3812220428
                          • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                          • Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
                          • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                          • Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                          Download Yara Rule
                          C-Code - Quality: 87%
                          			E004015B3(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040574E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056E5(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053F2(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E0040540F(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405375(_t28);
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405BC7("C:\\Program Files\\Tftpd64", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                          0x004015b3
                          0x004015ba
                          0x004015bd
                          0x004015c2
                          0x004015c6
                          0x004015c8
                          0x004015d0
                          0x004015d2
                          0x004015d4
                          0x004015d8
                          0x004015db
                          0x004015f3
                          0x004015f4
                          0x004015dd
                          0x004015dd
                          0x004015e0
                          0x00000000
                          0x004015eb
                          0x004015ec
                          0x004015ec
                          0x004015e0
                          0x004015fb
                          0x00401602
                          0x0040160f
                          0x0040160f
                          0x00401604
                          0x00401605
                          0x0040160d
                          0x00000000
                          0x00000000
                          0x0040160d
                          0x00401602
                          0x00401612
                          0x00401615
                          0x00401617
                          0x00401618
                          0x004015c8
                          0x0040161f
                          0x0040164a
                          0x00402197
                          0x00401621
                          0x00401623
                          0x0040162e
                          0x00401634
                          0x0040163c
                          0x00401642
                          0x00401642
                          0x0040163c
                          0x004028c1
                          0x004028cd

                          APIs
                            • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                            • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                            • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                            • Part of subcall function 00405375: CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004053B8
                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files\Tftpd64,00000000,00000000,000000F0), ref: 00401634
                          Strings
                          • C:\Program Files\Tftpd64, xrefs: 00401629
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                          • String ID: C:\Program Files\Tftpd64
                          • API String ID: 1892508949-4076004651
                          • Opcode ID: 115f7ab2a394253e30ad3b1b291eb59404f6b85f8b4ed945a87068be26f5de75
                          • Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
                          • Opcode Fuzzy Hash: 115f7ab2a394253e30ad3b1b291eb59404f6b85f8b4ed945a87068be26f5de75
                          • Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404E03, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404E03(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t13;
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x42a088 != _t22) {
							 *0x42a088 = _t22;
							E00405BC7(0x42a0a0, 0x42f000);
							E00405B25(0x42f000, _t22);
							E0040140B(6);
							E00405BC7(0x42f000, 0x42a0a0);
						}
						L11:
						_t13 = CallWindowProcA( *0x42a090, _a4, _a8, _a12, _t22); // executed
						return _t13;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404782(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403ECF(0x413);
				return 0;
			}





                          0x00404e0f
                          0x00404e34
                          0x00404e54
                          0x00404e57
                          0x00404e5a
                          0x00404e71
                          0x00404e77
                          0x00404e7e
                          0x00404e85
                          0x00404e8c
                          0x00404e91
                          0x00404e97
                          0x00404ea7
                          0x00000000
                          0x00404ea7
                          0x00404e41
                          0x00404e94
                          0x00404e94
                          0x00000000
                          0x00404e94
                          0x00404e4d
                          0x00404e4f
                          0x00000000
                          0x00404e4f
                          0x00404e15
                          0x00000000
                          0x00000000
                          0x00404e1c
                          0x00000000

                          APIs
                          • IsWindowVisible.USER32(?), ref: 00404E39
                          • CallWindowProcA.USER32 ref: 00404EA7
                            • Part of subcall function 00403ECF: SendMessageA.USER32(0006023A,00000000,00000000,00000000), ref: 00403EE1
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                          • Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
                          • Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                          • Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405AAE, Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E00405AAE(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                          0x00405abe
                          0x00405ac0
                          0x00405acd
                          0x00405ad7
                          0x00405adf
                          0x00405ae4
                          0x00405af8
                          0x00405b00
                          0x00405b0e
                          0x00405b0e
                          0x00405b13
                          0x00405b19
                          0x00000000
                          0x00405b19
                          0x00405b22

                          APIs
                          • RegOpenKeyExA.KERNELBASE(80000002,00405CEA,00000000,00000002,?,00000002,023E71D5,?,00405CEA,80000002,Software\Microsoft\Windows\CurrentVersion,023E71D5,: Completed,02815E2D), ref: 00405AD7
                          • RegQueryValueExA.KERNELBASE(023E71D5,?,00000000,00405CEA,023E71D5,00405CEA), ref: 00405AF8
                          • RegCloseKey.KERNELBASE(?), ref: 00405B19
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CloseOpenQueryValue
                          • String ID:
                          • API String ID: 3677997916-0
                          • Opcode ID: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                          • Instruction ID: e35a04c83a5cb6edac6ab1ffc32421adec044fbe6e39722ba2f38ecaad0be51c
                          • Opcode Fuzzy Hash: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                          • Instruction Fuzzy Hash: 58015A7114020EEFDB129F64EC48EEB3FACEF14394F004436F905A6260D235E964DBA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040579B, Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 53%
                          			E0040579B(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405BC7(0x42b4a8, _a4);
				_t21 = E0040574E(0x42b4a8);
				if(_t21 != 0) {
					E00405E29(_t21);
					if(( *0x42ec38 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42b4a8;
						while(1) {
							_t11 = lstrlenA(0x42b4a8);
							_push(0x42b4a8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405EC2();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405701(0x42b4a8);
								continue;
							} else {
								goto L1;
							}
						}
						E004056BA();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                          0x004057a7
                          0x004057b2
                          0x004057b6
                          0x004057bd
                          0x004057c9
                          0x004057d5
                          0x004057d5
                          0x004057ed
                          0x004057ee
                          0x004057f5
                          0x004057f6
                          0x00000000
                          0x00000000
                          0x004057d9
                          0x004057e0
                          0x004057e8
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004057e0
                          0x004057f8
                          0x004057fe
                          0x00000000
                          0x0040580c
                          0x004057cb
                          0x004057cf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004057cf
                          0x004057b8
                          0x00000000

                          APIs
                            • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,Tftpd64 Standalone Edition Install,NSIS Error), ref: 00405BD4
                            • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                            • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                            • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                          • lstrlenA.KERNEL32(0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057EE
                          • GetFileAttributesA.KERNELBASE(0042B4A8,0042B4A8,0042B4A8,0042B4A8,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004057FE
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                          • String ID:
                          • API String ID: 3248276644-0
                          • Opcode ID: 23b4c1e045f8e95cfcd418ff1664a298a1bdaee650c8a20779d7746134bd3734
                          • Instruction ID: dbe731a3e552e7e8bf63b17cabef30e108f51aae268418cbcb714f920067e67f
                          • Opcode Fuzzy Hash: 23b4c1e045f8e95cfcd418ff1664a298a1bdaee650c8a20779d7746134bd3734
                          • Instruction Fuzzy Hash: 9FF0CD35105E5196D63233365C45A9F5A59CE46334F14053FF891B32D1DB3C8943ADBE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42ec50; // 0x2815b1c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e40c =  *0x42e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e40c, 0x7530,  *0x42e3f4), 0); // executed
					}
				}
				return 0;
			}












                          0x0040138a
                          0x004013fa
                          0x00401392
                          0x0040139b
                          0x004013a0
                          0x00000000
                          0x00000000
                          0x004013a2
                          0x004013a3
                          0x004013ad
                          0x00000000
                          0x00401404
                          0x004013b0
                          0x004013b7
                          0x004013bd
                          0x004013be
                          0x004013c0
                          0x004013c2
                          0x004013b9
                          0x004013b9
                          0x004013ba
                          0x004013ba
                          0x004013c9
                          0x004013cb
                          0x004013f4
                          0x004013f4
                          0x004013c9
                          0x00000000

                          APIs
                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                          • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                          • Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
                          • Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                          • Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404F85, Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                          Download Yara Rule
                          C-Code - Quality: 50%
                          			E00404F85(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42ec48; // 0x281428c
				_t10 =  *0x42ec4c; // 0x6
				__imp__OleInitialize(0);
				 *0x42ecd8 =  *0x42ecd8 | __eax;
				E00403ECF(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x42ecac =  *0x42ecac + 1;
				}
				L7:
				E00403ECF(0x404); // executed
				__imp__OleUninitialize();
				_t8 =  *0x42ecac; // 0x0
				return _t8;
			}








                          0x00404f86
                          0x00404f8d
                          0x00404f95
                          0x00404f9b
                          0x00404fa3
                          0x00404faa
                          0x00404fac
                          0x00404faf
                          0x00404faf
                          0x00404fb4
                          0x00000000
                          0x00000000
                          0x00404fc5
                          0x00404fcd
                          0x00000000
                          0x00000000
                          0x00404fcf
                          0x00000000
                          0x00404fcd
                          0x00404fd1
                          0x00404fd1
                          0x00404fd7
                          0x00404fdc
                          0x00404fe1
                          0x00404fe7
                          0x00404fee

                          APIs
                          • OleInitialize.OLE32(00000000), ref: 00404F95
                            • Part of subcall function 00403ECF: SendMessageA.USER32(0006023A,00000000,00000000,00000000), ref: 00403EE1
                          • OleUninitialize.OLE32(00000404,00000000), ref: 00404FE1
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: InitializeMessageSendUninitialize
                          • String ID:
                          • API String ID: 2896919175-0
                          • Opcode ID: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
                          • Instruction ID: 3412b2758c046384b18635310f82fde34dc1c24163575810483935c249b0902b
                          • Opcode Fuzzy Hash: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
                          • Instruction Fuzzy Hash: 70F0B4B36082019AE7116B96DD01B5A77A59FD0711F05403BFF44B23E0DB795842876D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405F57, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405F57(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EE9(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                          0x00405f5f
                          0x00405f62
                          0x00405f69
                          0x00405f71
                          0x00405f7d
                          0x00000000
                          0x00405f84
                          0x00405f74
                          0x00405f7b
                          0x00000000
                          0x00405f8c
                          0x00000000

                          APIs
                          • GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                            • Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32 ref: 00405F00
                            • Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
                            • Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                          • String ID:
                          • API String ID: 2547128583-0
                          • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                          • Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
                          • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                          • Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 68%
                          			E0040589E(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                          0x004058a2
                          0x004058af
                          0x004058c4
                          0x004058ca

                          APIs
                          • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,80000000,00000003), ref: 004058A2
                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                          • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                          • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                          • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040587F(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                          0x00405883
                          0x0040588c
                          0x00000000
                          0x00405895
                          0x0040589b

                          APIs
                          • GetFileAttributesA.KERNELBASE(?,0040568A,?,?,?), ref: 00405883
                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405895
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                          • Instruction ID: cb5a672fe6ba1e8618a417a0682e77d28f0f111bf9a29bd8adb2d3f05be15d2c
                          • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                          • Instruction Fuzzy Hash: FDC04C71C08501ABD6016B34EF0DC5F7B66EB50322B14CB35F469A01F0C7315C66DA2A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004053F2(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                          0x004053f8
                          0x00405400
                          0x00000000
                          0x00405406
                          0x00000000

                          APIs
                          • CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
                          • GetLastError.KERNEL32 ref: 00405406
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CreateDirectoryErrorLast
                          • String ID:
                          • API String ID: 1375471231-0
                          • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                          • Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
                          • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                          • Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004030B0(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                          0x004030b4
                          0x004030c7
                          0x004030cf
                          0x00000000
                          0x004030d6
                          0x00000000
                          0x004030d8

                          APIs
                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                          • Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
                          • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                          • Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403ECF, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403ECF(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42e3f8; // 0x6023a
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                          0x00403ecf
                          0x00403ed6
                          0x00403ee1
                          0x00000000
                          0x00403ee1
                          0x00403ee7

                          APIs
                          • SendMessageA.USER32(0006023A,00000000,00000000,00000000), ref: 00403EE1
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 54ce084dbacccefd660b8fdd19a3c77a1af082bd5621e00372044458a1dc4af5
                          • Instruction ID: 5ea9bb5b10547e2a8595ec113515c69249a3ff266a257cbc368a39f2117db26d
                          • Opcode Fuzzy Hash: 54ce084dbacccefd660b8fdd19a3c77a1af082bd5621e00372044458a1dc4af5
                          • Instruction Fuzzy Hash: 14C04C717443026BEA20CF519D45F177B58A754B01F254425B650A61D0C675E410DA5D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0040546C, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0040546C(int _a4, CHAR* _a8) {
				int _t3;

				_t3 = GetDlgItemTextA( *0x42e3f8, _a4, _a8, 0x400); // executed
				return _t3;
			}




                          0x0040547f
                          0x00405485

                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: ItemText
                          • String ID:
                          • API String ID: 3367045223-0
                          • Opcode ID: d2794ecf3a8f4c39e34823cd716742de8edaf7bb838b6cf05fbd6970250026ac
                          • Instruction ID: a44959f8501dd0bae775a0262732ab9b04d9a5c016ed4c97cb72fd89a5408a20
                          • Opcode Fuzzy Hash: d2794ecf3a8f4c39e34823cd716742de8edaf7bb838b6cf05fbd6970250026ac
                          • Instruction Fuzzy Hash: ECB09236508200FFDA029F40DD04E0ABB62FB98712F21C424B7A4250B082725422EF0A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004030E2(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                          0x004030f0
                          0x004030f6

                          APIs
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000091E4), ref: 004030F0
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                          • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                          • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                          • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403EB8, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403EB8(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42ec28, 0x28, _a4, 1); // executed
				return _t2;
			}




                          0x00403ec6
                          0x00403ecc

                          APIs
                          • SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: a854ada514ba576fe780ef9ac0426fe8247f9e3608bf6f02dd1ef5f0bf9bcaac
                          • Instruction ID: 772a348b3284c8c4520d05ecddc0f75b6e61a4b9f432f31c91208bb846608f0a
                          • Opcode Fuzzy Hash: a854ada514ba576fe780ef9ac0426fe8247f9e3608bf6f02dd1ef5f0bf9bcaac
                          • Instruction Fuzzy Hash: A6B09236688202AAEA214B41DD09F457E62A768701F008420B200280F1CAB210A1EB09
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403EA5, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403EA5(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a098, _a4); // executed
				return _t2;
			}




                          0x00403eaf
                          0x00403eb5

                          APIs
                          • KiUserCallbackDispatcher.NTDLL(?,00403C82), ref: 00403EAF
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID:
                          • API String ID: 2492992576-0
                          • Opcode ID: ec26f25bfd7335b033c655361d3596163887a7119e0598017e401dab6f0bc385
                          • Instruction ID: b6e4ef443f25cfbef073994debb563b728ed3333e517e04e009245cc3d1acc62
                          • Opcode Fuzzy Hash: ec26f25bfd7335b033c655361d3596163887a7119e0598017e401dab6f0bc385
                          • Instruction Fuzzy Hash: F0A002755041019BCB169F50DE04D057B62A7547017415435A64954574C6315575EB1E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 98%
                          			E004054EC(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040579B(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72);
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x42eca8 =  *0x42eca8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405BC7(0x42b0a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405701(_t72);
					} else {
						lstrcatA(0x42b0a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x42b0a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056E5( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405BC7(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040587F(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404EB3(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x42eca8 =  *0x42eca8 + 1;
										} else {
											E00404EB3(0xfffffff1, _t72);
											E00405915(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054EC(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x42b0a8 - 0x5c;
					if( *0x42b0a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405EC2(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004056BA(_t72);
							E0040587F(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404EB3(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404EB3(0xfffffff1, _t72);
							return E00405915(__eflags, _t72, 0);
						}
						L33:
						 *0x42eca8 =  *0x42eca8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                          0x004054f7
                          0x004054fb
                          0x00405504
                          0x00405507
                          0x0040550a
                          0x00405512
                          0x00405514
                          0x00405515
                          0x00000000
                          0x00405515
                          0x00405524
                          0x00405524
                          0x00405527
                          0x0040552a
                          0x0040553e
                          0x00405545
                          0x0040554a
                          0x0040554c
                          0x0040555c
                          0x0040554e
                          0x00405554
                          0x00405554
                          0x00405561
                          0x00405564
                          0x0040556f
                          0x00405575
                          0x0040557a
                          0x0040558a
                          0x0040558c
                          0x00405592
                          0x00405595
                          0x00405598
                          0x00405655
                          0x00405655
                          0x00405659
                          0x0040565b
                          0x0040565b
                          0x0040565b
                          0x0040565b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040559e
                          0x0040559e
                          0x004055a7
                          0x004055ad
                          0x004055b2
                          0x004055b5
                          0x004055b7
                          0x004055bb
                          0x004055bd
                          0x004055bd
                          0x004055bb
                          0x004055c0
                          0x004055c3
                          0x004055d6
                          0x004055d8
                          0x004055dd
                          0x004055e4
                          0x004055fc
                          0x00405602
                          0x00405608
                          0x0040560a
                          0x0040562f
                          0x0040560c
                          0x0040560c
                          0x00405610
                          0x00405624
                          0x00405612
                          0x00405615
                          0x0040561d
                          0x0040561d
                          0x00405610
                          0x004055e6
                          0x004055ec
                          0x004055ee
                          0x004055f4
                          0x004055f4
                          0x004055ee
                          0x00000000
                          0x004055e4
                          0x004055c5
                          0x004055c8
                          0x004055ca
                          0x00000000
                          0x00000000
                          0x004055cc
                          0x004055ce
                          0x00000000
                          0x00000000
                          0x004055d0
                          0x004055d4
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405634
                          0x0040563e
                          0x00405644
                          0x00405644
                          0x0040564f
                          0x00000000
                          0x0040564f
                          0x00405566
                          0x0040556d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040552c
                          0x0040552c
                          0x0040552e
                          0x0040565f
                          0x00405662
                          0x00405665
                          0x004056b7
                          0x004056b7
                          0x004056b7
                          0x00405667
                          0x0040566a
                          0x00405675
                          0x0040567a
                          0x0040567c
                          0x00000000
                          0x00000000
                          0x0040567f
                          0x00405685
                          0x0040568b
                          0x00405691
                          0x00405693
                          0x00000000
                          0x004056af
                          0x00405695
                          0x00405699
                          0x00000000
                          0x00000000
                          0x0040569e
                          0x00000000
                          0x004056a5
                          0x0040566c
                          0x0040566c
                          0x00000000
                          0x0040566c
                          0x00405534
                          0x00405538
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405538

                          APIs
                          • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
                          • lstrcatA.KERNEL32(0042B0A8,\*.*,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
                          • lstrcatA.KERNEL32(?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
                          • lstrlenA.KERNEL32(?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
                          • FindFirstFileA.KERNEL32(0042B0A8,?,?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
                          • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040563E
                          • FindClose.KERNEL32(?), ref: 0040564F
                          Strings
                          • "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" , xrefs: 004054EC
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004054F6
                          • \*.*, xrefs: 0040554E
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                          • API String ID: 2035342205-1312957809
                          • Opcode ID: 40143870f9552ccee50e4944eef29081e6212fcf3057c5d2d5961ee8f08c50da
                          • Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
                          • Opcode Fuzzy Hash: 40143870f9552ccee50e4944eef29081e6212fcf3057c5d2d5961ee8f08c50da
                          • Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405B25(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405BC7();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                          0x00402689
                          0x0040269d
                          0x004026a8
                          0x004026a9
                          0x004027e4
                          0x0040268b
                          0x0040268b
                          0x0040268d
                          0x0040268f
                          0x0040268f
                          0x004028c1
                          0x004028cd

                          APIs
                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: caa0eeaa398fc58c5e23304b0b6dc80ad013b8d48bd8cc049fc58d9679ab7eb1
                          • Instruction ID: d100cd6159f555773fbda265320c1ac67d2490096a0530dc8ee4140695772295
                          • Opcode Fuzzy Hash: caa0eeaa398fc58c5e23304b0b6dc80ad013b8d48bd8cc049fc58d9679ab7eb1
                          • Instruction Fuzzy Hash: 24F0A0326081049ED711EBA99A499EEB778DB11328F6045BFE101B61C1C7B859459A3A
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406354, Relevance: .3, Instructions: 334COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 79%
                          			E00406354(signed int __ebx, signed int* __esi) {
				signed int _t367;
				signed int _t396;
				signed int _t413;
				signed int _t414;
				signed int* _t417;
				void* _t419;

				L0:
				while(1) {
					L0:
					_t417 = __esi;
					_t396 = __ebx;
					if( *(_t419 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t414 = _t413 | 0xffffffff;
							 *_t417 = 0x11;
							L10:
							_t417[0x147] =  *(_t419 - 0x40);
							_t417[0x146] = _t396;
							( *(_t419 + 8))[1] =  *(_t419 - 0x34);
							L11:
							 *( *(_t419 + 8)) =  *(_t419 - 0x38);
							_t417[0x26ea] =  *(_t419 - 0x30);
							E00406AC3( *(_t419 + 8));
							return _t414;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L159;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4073e8; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4073e8; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406B2B( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L157:
									_t367 =  *_t417;
									if(_t367 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t367 * 4 +  &M00406A83))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L157;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L157;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L157;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L157;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L157;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											_push(__esi);
											__al = __al | 0x0000008b;
											asm("enter 0xce2b, 0x81");
											goto 0x4083ec;
										case 6:
											L133:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L149:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L134:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L140:
												__esi[0x26ea] = __edi;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L160;
												} else {
													goto L149;
												}
											}
											L135:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L140;
											}
											L136:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L149;
											} else {
												goto L140;
											}
										case 7:
											L150:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t351 = __ebp - 0x38;
												 *_t351 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t351;
											}
											goto L152;
										case 8:
											L4:
											while(_t396 < 3) {
												if( *(_t419 - 0x34) == 0) {
													goto L159;
												} else {
													 *(_t419 - 0x34) =  *(_t419 - 0x34) - 1;
													 *(_t419 - 0x40) =  *(_t419 - 0x40) | ( *( *(_t419 - 0x38)) & 0x000000ff) << _t396;
													 *(_t419 - 0x38) =  &(( *(_t419 - 0x38))[1]);
													_t396 = _t396 + 8;
													continue;
												}
											}
											_t396 = _t396 - 3;
											 *(_t419 - 0x40) =  *(_t419 - 0x40) >> 3;
											_t377 =  *(_t419 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t379 = _t377 >> 1;
											_t417[0x145] = ( ~(_t377 & 0x00000001) & 0x00000007) + 8;
											if(_t379 == 0) {
												L24:
												 *_t417 = 9;
												_t407 = _t396 & 0x00000007;
												 *(_t419 - 0x40) =  *(_t419 - 0x40) >> _t407;
												_t396 = _t396 - _t407;
												goto L157;
											}
											L6:
											_t382 = _t379 - 1;
											if(_t382 == 0) {
												L13:
												__eflags =  *0x42dbb8;
												if( *0x42dbb8 != 0) {
													L22:
													_t383 =  *0x40942c; // 0x9
													_t417[4] = _t383;
													_t384 =  *0x409430; // 0x5
													_t417[4] = _t384;
													_t385 =  *0x42ca34; // 0x0
													_t417[5] = _t385;
													_t386 =  *0x42ca30; // 0x0
													_t417[6] = _t386;
													L23:
													 *_t417 =  *_t417 & 0x00000000;
													goto L157;
												} else {
													_t26 = _t419 - 8;
													 *_t26 =  *(_t419 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t387 = 0x42ca38;
													do {
														L15:
														__eflags = _t387 - 0x42cc74;
														_t409 = 8;
														if(_t387 > 0x42cc74) {
															__eflags = _t387 - 0x42ce38;
															if(_t387 >= 0x42ce38) {
																__eflags = _t387 - 0x42ce98;
																if(_t387 < 0x42ce98) {
																	_t409 = 7;
																}
															} else {
																_t409 = 9;
															}
														}
														L20:
														 *_t387 = _t409;
														_t387 = _t387 + 4;
														__eflags = _t387 - 0x42ceb8;
													} while (_t387 < 0x42ceb8);
													E00406B2B(0x42ca38, 0x120, 0x101, 0x4073fc, 0x40743c, 0x42ca34, 0x40942c, 0x42d338, _t419 - 8);
													_push(0x1e);
													_pop(_t411);
													_push(5);
													_pop(_t390);
													memset(0x42ca38, _t390, _t411 << 2);
													_t421 = _t421 + 0xc;
													_t413 = 0x42ca38 + _t411;
													E00406B2B(0x42ca38, 0x1e, 0, 0x40747c, 0x4074b8, 0x42ca30, 0x409430, 0x42d338, _t419 - 8);
													 *0x42dbb8 =  *0x42dbb8 + 1;
													__eflags =  *0x42dbb8;
													goto L22;
												}
											}
											L7:
											_t394 = _t382 - 1;
											if(_t394 == 0) {
												 *_t417 = 0xb;
												goto L157;
											}
											L8:
											if(_t394 != 1) {
												goto L157;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x10;
												if(__ebx >= 0x10) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L159;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L159;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E0040585F( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L157;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L160;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L159;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L159;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406B2B( &(__esi[3]), __edi, 0x101, 0x4073fc, 0x40743c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406B2B(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40747c, 0x4074b8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L152:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L160:
												__edi = 0;
												goto L10;
											} else {
												L156:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L161:
													0 = 1;
													goto L10;
												}
												goto L157;
											}
									}
								}
								L158:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L159:
				_t414 = 0;
				_t417[0x147] =  *(_t419 - 0x40);
				_t417[0x146] = _t396;
				( *(_t419 + 8))[1] = 0;
				goto L11;
			}









                          0x00406354
                          0x00406354
                          0x00406354
                          0x00406354
                          0x00406354
                          0x00406358
                          0x00000000
                          0x00000000
                          0x0040635e
                          0x0040635e
                          0x00406361
                          0x00406364
                          0x00406369
                          0x0040636b
                          0x0040636e
                          0x00406371
                          0x00406374
                          0x00406374
                          0x00406377
                          0x00000000
                          0x00000000
                          0x00406379
                          0x00406379
                          0x0040637c
                          0x00406381
                          0x00406383
                          0x00406386
                          0x0040638c
                          0x004060eb
                          0x004060eb
                          0x004060ee
                          0x004060f4
                          0x004060fa
                          0x00406103
                          0x00406109
                          0x0040610c
                          0x00406113
                          0x00406118
                          0x0040611e
                          0x00406129
                          0x00406129
                          0x00406392
                          0x00406392
                          0x0040639c
                          0x00000000
                          0x00000000
                          0x004063a2
                          0x004063a2
                          0x004063a6
                          0x004063a9
                          0x004063a9
                          0x004063ad
                          0x004063b3
                          0x004063b3
                          0x004063b6
                          0x004063b9
                          0x004063bf
                          0x00000000
                          0x00000000
                          0x004063c1
                          0x004063e3
                          0x004063e3
                          0x004063e6
                          0x00000000
                          0x00000000
                          0x004063c3
                          0x004063c7
                          0x00000000
                          0x00000000
                          0x004063cd
                          0x004063cd
                          0x004063d0
                          0x004063d3
                          0x004063d8
                          0x004063da
                          0x004063dd
                          0x004063e0
                          0x004063e0
                          0x004063e8
                          0x004063e8
                          0x004063ee
                          0x004063f1
                          0x004063f4
                          0x004063f4
                          0x004063fb
                          0x004063ff
                          0x00406403
                          0x00406406
                          0x00406409
                          0x0040640f
                          0x00406414
                          0x00000000
                          0x00000000
                          0x00406416
                          0x0040642a
                          0x0040642a
                          0x0040642e
                          0x00000000
                          0x00000000
                          0x00406418
                          0x0040641b
                          0x0040641b
                          0x00406422
                          0x00406427
                          0x00406427
                          0x00406427
                          0x00406430
                          0x00406430
                          0x00406433
                          0x00406441
                          0x00406447
                          0x0040644c
                          0x00406452
                          0x00406458
                          0x0040645e
                          0x00406465
                          0x00406479
                          0x00406479
                          0x00406a48
                          0x00406a48
                          0x00406a48
                          0x00406a4d
                          0x00000000
                          0x00000000
                          0x00406085
                          0x00406085
                          0x00000000
                          0x00406680
                          0x00406680
                          0x00406684
                          0x00406687
                          0x0040668a
                          0x0040668d
                          0x00000000
                          0x00000000
                          0x00406693
                          0x00406693
                          0x004066b8
                          0x004066b8
                          0x004066b8
                          0x004066ba
                          0x00000000
                          0x00000000
                          0x00406698
                          0x00406698
                          0x0040669c
                          0x00000000
                          0x00000000
                          0x004066a2
                          0x004066a2
                          0x004066a5
                          0x004066a8
                          0x004066ab
                          0x004066ad
                          0x004066af
                          0x004066b2
                          0x004066b5
                          0x004066b5
                          0x004066b5
                          0x004066bc
                          0x004066bc
                          0x004066c4
                          0x004066c7
                          0x004066ca
                          0x004066cd
                          0x004066d1
                          0x004066d4
                          0x004066d6
                          0x004066d9
                          0x004066db
                          0x004066ef
                          0x004066ef
                          0x004066f2
                          0x0040670c
                          0x0040670c
                          0x0040670f
                          0x00000000
                          0x00000000
                          0x00406715
                          0x00406715
                          0x00406718
                          0x00000000
                          0x00000000
                          0x0040671e
                          0x0040671e
                          0x00000000
                          0x0040671e
                          0x004066f4
                          0x004066f7
                          0x004066fe
                          0x00406701
                          0x00000000
                          0x00406701
                          0x004066dd
                          0x004066e1
                          0x004066e4
                          0x00000000
                          0x00000000
                          0x00406729
                          0x00406729
                          0x0040674e
                          0x0040674e
                          0x0040674e
                          0x00406750
                          0x00000000
                          0x00000000
                          0x0040672e
                          0x0040672e
                          0x00406732
                          0x00000000
                          0x00000000
                          0x00406738
                          0x00406738
                          0x0040673b
                          0x0040673e
                          0x00406741
                          0x00406743
                          0x00406745
                          0x00406748
                          0x0040674b
                          0x0040674b
                          0x0040674b
                          0x00406752
                          0x0040675a
                          0x0040675d
                          0x00406760
                          0x00406762
                          0x00406765
                          0x00406765
                          0x00406767
                          0x0040676b
                          0x0040676e
                          0x00406771
                          0x00406774
                          0x00000000
                          0x00000000
                          0x0040677a
                          0x0040677a
                          0x0040679f
                          0x0040679f
                          0x0040679f
                          0x004067a1
                          0x00000000
                          0x00000000
                          0x0040677f
                          0x0040677f
                          0x00406783
                          0x00000000
                          0x00000000
                          0x00406789
                          0x00406789
                          0x0040678c
                          0x0040678f
                          0x00406792
                          0x00406794
                          0x00406796
                          0x00406799
                          0x0040679c
                          0x0040679c
                          0x0040679c
                          0x004067a3
                          0x004067a3
                          0x004067ab
                          0x004067ae
                          0x004067b1
                          0x004067b4
                          0x004067b8
                          0x004067bb
                          0x004067bd
                          0x004067c0
                          0x004067c3
                          0x004067dd
                          0x004067dd
                          0x004067e0
                          0x00000000
                          0x00000000
                          0x004067e6
                          0x004067e6
                          0x004067e9
                          0x004067f0
                          0x00000000
                          0x004067f0
                          0x004067c5
                          0x004067c8
                          0x004067cf
                          0x004067d2
                          0x00000000
                          0x00000000
                          0x004067f8
                          0x004067f8
                          0x0040681d
                          0x0040681d
                          0x0040681d
                          0x0040681f
                          0x00000000
                          0x00000000
                          0x004067fd
                          0x004067fd
                          0x00406801
                          0x00000000
                          0x00000000
                          0x00406807
                          0x00406807
                          0x0040680a
                          0x0040680d
                          0x00406810
                          0x00406812
                          0x00406814
                          0x00406817
                          0x0040681a
                          0x0040681a
                          0x0040681a
                          0x00406821
                          0x00406829
                          0x0040682c
                          0x0040682f
                          0x00406831
                          0x00406834
                          0x00406836
                          0x00000000
                          0x00000000
                          0x0040683c
                          0x0040683c
                          0x0040683f
                          0x00406840
                          0x00406841
                          0x00406843
                          0x00406847
                          0x00000000
                          0x00406942
                          0x00406942
                          0x00406945
                          0x00406948
                          0x0040694a
                          0x004069e1
                          0x004069e1
                          0x004069e4
                          0x004069e6
                          0x004069e7
                          0x004069e8
                          0x004069eb
                          0x00000000
                          0x004069eb
                          0x00406950
                          0x00406950
                          0x00406956
                          0x00406958
                          0x0040697d
                          0x00406980
                          0x00406986
                          0x0040698b
                          0x00406991
                          0x00406997
                          0x00406999
                          0x0040699c
                          0x004069a5
                          0x004069ab
                          0x004069ab
                          0x0040699e
                          0x004069a0
                          0x004069a2
                          0x004069a2
                          0x004069ad
                          0x004069b3
                          0x004069b5
                          0x004069b8
                          0x004069ba
                          0x004069c0
                          0x004069c2
                          0x004069c4
                          0x004069c6
                          0x004069c8
                          0x004069cb
                          0x004069d4
                          0x004069d7
                          0x004069d7
                          0x004069cd
                          0x004069cd
                          0x004069d0
                          0x004069d0
                          0x004069cb
                          0x004069c2
                          0x004069d9
                          0x004069db
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069db
                          0x0040695a
                          0x0040695a
                          0x00406960
                          0x00406966
                          0x00406968
                          0x00000000
                          0x00000000
                          0x0040696a
                          0x0040696a
                          0x0040696c
                          0x0040696e
                          0x00406975
                          0x00406975
                          0x00406977
                          0x00406970
                          0x00406970
                          0x00406972
                          0x00406972
                          0x00406979
                          0x0040697b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004069f3
                          0x004069f3
                          0x004069f6
                          0x004069f8
                          0x004069fb
                          0x004069fe
                          0x004069fe
                          0x004069fe
                          0x004069fe
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004060ac
                          0x00406090
                          0x00000000
                          0x00406096
                          0x00406099
                          0x004060a3
                          0x004060a6
                          0x004060a9
                          0x00000000
                          0x004060a9
                          0x00406090
                          0x004060b4
                          0x004060b7
                          0x004060bb
                          0x004060c5
                          0x004060cf
                          0x004060d2
                          0x004060d8
                          0x0040620c
                          0x0040620e
                          0x00406214
                          0x00406217
                          0x0040621a
                          0x00000000
                          0x0040621a
                          0x004060de
                          0x004060de
                          0x004060df
                          0x00406137
                          0x00406137
                          0x0040613e
                          0x004061e4
                          0x004061e4
                          0x004061e9
                          0x004061ec
                          0x004061f1
                          0x004061f4
                          0x004061f9
                          0x004061fc
                          0x00406201
                          0x00406204
                          0x00406204
                          0x00000000
                          0x00406144
                          0x00406144
                          0x00406144
                          0x00406144
                          0x00406148
                          0x0040614d
                          0x0040614d
                          0x0040614d
                          0x00406152
                          0x00406154
                          0x00406156
                          0x0040615b
                          0x00406161
                          0x00406166
                          0x00406168
                          0x00406168
                          0x0040615d
                          0x0040615d
                          0x0040615d
                          0x0040615b
                          0x0040616a
                          0x0040616d
                          0x0040616f
                          0x00406172
                          0x00406172
                          0x004061a6
                          0x004061ab
                          0x004061ad
                          0x004061ae
                          0x004061b0
                          0x004061b1
                          0x004061b1
                          0x004061b1
                          0x004061d9
                          0x004061de
                          0x004061de
                          0x00000000
                          0x004061de
                          0x0040613e
                          0x004060e1
                          0x004060e1
                          0x004060e2
                          0x0040612c
                          0x00000000
                          0x0040612c
                          0x004060e4
                          0x004060e5
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406241
                          0x00406241
                          0x00406241
                          0x00406244
                          0x00000000
                          0x00000000
                          0x00406221
                          0x00406221
                          0x00406225
                          0x00000000
                          0x00000000
                          0x0040622b
                          0x0040622b
                          0x0040622e
                          0x00406231
                          0x00406236
                          0x00406238
                          0x0040623b
                          0x0040623e
                          0x0040623e
                          0x0040623e
                          0x00406246
                          0x00406246
                          0x00406249
                          0x0040624b
                          0x00406250
                          0x00406253
                          0x00406255
                          0x00406258
                          0x00000000
                          0x00000000
                          0x0040625e
                          0x0040625e
                          0x00406260
                          0x00000000
                          0x00000000
                          0x00406266
                          0x00406266
                          0x0040626a
                          0x00000000
                          0x00000000
                          0x00406270
                          0x00406270
                          0x00406273
                          0x00406275
                          0x00406313
                          0x00406313
                          0x00406316
                          0x00406318
                          0x00406318
                          0x0040631b
                          0x0040631e
                          0x00406320
                          0x00406322
                          0x00406324
                          0x00406324
                          0x0040632d
                          0x00406332
                          0x00406335
                          0x00406338
                          0x0040633b
                          0x0040633e
                          0x0040633e
                          0x0040633e
                          0x00406341
                          0x00406347
                          0x00406347
                          0x0040634d
                          0x0040634d
                          0x0040634d
                          0x00000000
                          0x00406341
                          0x0040627b
                          0x0040627b
                          0x00406281
                          0x00406284
                          0x00406286
                          0x004062b1
                          0x004062b4
                          0x004062ba
                          0x004062bf
                          0x004062c5
                          0x004062cb
                          0x004062cd
                          0x004062d0
                          0x004062d9
                          0x004062df
                          0x004062df
                          0x004062d2
                          0x004062d4
                          0x004062d6
                          0x004062d6
                          0x004062e1
                          0x004062e7
                          0x004062ea
                          0x004062ec
                          0x004062ee
                          0x004062f4
                          0x004062f6
                          0x004062f8
                          0x004062fb
                          0x00406304
                          0x00406304
                          0x00406306
                          0x004062fd
                          0x004062fd
                          0x00406300
                          0x00406300
                          0x00406308
                          0x00406308
                          0x004062f6
                          0x0040630b
                          0x0040630d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040630d
                          0x00406288
                          0x00406288
                          0x0040628e
                          0x00406294
                          0x00406296
                          0x00000000
                          0x00000000
                          0x00406298
                          0x00406298
                          0x0040629a
                          0x0040629c
                          0x0040629f
                          0x004062a6
                          0x004062a6
                          0x004062a8
                          0x004062a1
                          0x004062a1
                          0x004062a3
                          0x004062a3
                          0x004062aa
                          0x004062ac
                          0x004062af
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004063b3
                          0x004063b6
                          0x004063b9
                          0x004063bf
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406596
                          0x00406596
                          0x00406596
                          0x00406599
                          0x0040659c
                          0x0040659e
                          0x004065a1
                          0x004065a7
                          0x004065ae
                          0x004065b0
                          0x00000000
                          0x00000000
                          0x00406484
                          0x00406484
                          0x004064ac
                          0x004064ac
                          0x004064ac
                          0x004064ae
                          0x00000000
                          0x00000000
                          0x0040648c
                          0x0040648c
                          0x00406490
                          0x00000000
                          0x00000000
                          0x00406496
                          0x00406496
                          0x00406499
                          0x0040649c
                          0x0040649f
                          0x004064a1
                          0x004064a3
                          0x004064a6
                          0x004064a9
                          0x004064a9
                          0x004064a9
                          0x004064b0
                          0x004064b0
                          0x004064b8
                          0x004064bb
                          0x004064c1
                          0x004064c4
                          0x004064c8
                          0x004064cc
                          0x004064cf
                          0x004064d2
                          0x004064ea
                          0x004064ea
                          0x004064ed
                          0x004064fb
                          0x004064fe
                          0x004064ef
                          0x004064ef
                          0x004064f1
                          0x004064f8
                          0x004064f8
                          0x00406527
                          0x00406527
                          0x00406527
                          0x0040652a
                          0x0040652c
                          0x00000000
                          0x00000000
                          0x00406507
                          0x00406507
                          0x0040650b
                          0x00000000
                          0x00000000
                          0x00406511
                          0x00406511
                          0x00406514
                          0x00406517
                          0x0040651a
                          0x0040651c
                          0x0040651e
                          0x00406521
                          0x00406524
                          0x00406524
                          0x00406524
                          0x0040652e
                          0x0040652e
                          0x00406530
                          0x00406532
                          0x0040653d
                          0x00406540
                          0x00406543
                          0x00406545
                          0x00406547
                          0x00406549
                          0x0040654c
                          0x0040654f
                          0x00406554
                          0x00406557
                          0x0040655a
                          0x0040655d
                          0x00406564
                          0x00406567
                          0x00406569
                          0x00000000
                          0x00000000
                          0x0040656f
                          0x0040656f
                          0x00406573
                          0x00406584
                          0x00406584
                          0x00406584
                          0x00406586
                          0x00406586
                          0x0040658a
                          0x0040658a
                          0x0040658a
                          0x0040658c
                          0x0040658d
                          0x00406590
                          0x00406590
                          0x00406590
                          0x00406593
                          0x00000000
                          0x00406593
                          0x00406575
                          0x00406575
                          0x00406578
                          0x00000000
                          0x00000000
                          0x0040657e
                          0x0040657e
                          0x00000000
                          0x0040657e
                          0x004064d4
                          0x004064d4
                          0x004064d6
                          0x004064d8
                          0x004064db
                          0x004064de
                          0x004064e2
                          0x004064e2
                          0x004065b6
                          0x004065b6
                          0x004065b9
                          0x004065c0
                          0x004065c4
                          0x004065c6
                          0x004065c9
                          0x004065cc
                          0x004065d1
                          0x004065d4
                          0x004065d6
                          0x004065d7
                          0x004065da
                          0x004065e5
                          0x004065e8
                          0x004065ff
                          0x00406604
                          0x0040660b
                          0x00406610
                          0x00406614
                          0x00406616
                          0x00406616
                          0x00406616
                          0x00406619
                          0x0040661b
                          0x00000000
                          0x00406621
                          0x00406621
                          0x00406625
                          0x00406630
                          0x00406643
                          0x00406648
                          0x0040664d
                          0x0040664f
                          0x00000000
                          0x00000000
                          0x00406655
                          0x00406655
                          0x00406658
                          0x0040665a
                          0x00406668
                          0x00406668
                          0x0040666b
                          0x0040666b
                          0x0040666e
                          0x00406671
                          0x00406674
                          0x00406677
                          0x0040667a
                          0x0040667d
                          0x00000000
                          0x0040667d
                          0x0040665c
                          0x0040665c
                          0x00406662
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406662
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406a01
                          0x00406a01
                          0x00406a07
                          0x00406a0d
                          0x00406a12
                          0x00406a18
                          0x00406a1e
                          0x00406a20
                          0x00406a23
                          0x00406a2c
                          0x00406a32
                          0x00406a32
                          0x00406a25
                          0x00406a27
                          0x00406a29
                          0x00406a29
                          0x00406a34
                          0x00406a36
                          0x00406a39
                          0x00406a74
                          0x00406a74
                          0x00000000
                          0x00406a3b
                          0x00406a3b
                          0x00406a3b
                          0x00406a41
                          0x00406a44
                          0x00406a46
                          0x00406a7b
                          0x00406a7d
                          0x00000000
                          0x00406a7d
                          0x00000000
                          0x00406a46
                          0x00000000
                          0x00406085
                          0x00406a53
                          0x00000000
                          0x00406a53
                          0x00406467
                          0x00406469
                          0x00000000
                          0x00000000
                          0x0040646b
                          0x0040646b
                          0x0040646e
                          0x00000000
                          0x0040646e
                          0x004063b3
                          0x00406374
                          0x00406a58
                          0x00406a5b
                          0x00406a5d
                          0x00406a66
                          0x00406a6c
                          0x00000000

                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                          • Instruction ID: 2fa80b96e0c3f2f9afba8e6e6bfd5b6e13d9d39ff7e82b1c07230a33620f403b
                          • Opcode Fuzzy Hash: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                          • Instruction Fuzzy Hash: 5BE1797190070ADFDB24CF58C980BAEBBF5EB45305F15892EE897A7291D338A991CF14
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00406B2B, Relevance: .3, Instructions: 300COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00406B2B(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42ceb8 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42ceb8;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42ceb8 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                          0x00406b36
                          0x00406b3e
                          0x00406b42
                          0x00406b44
                          0x00406b47
                          0x00406b49
                          0x00406b49
                          0x00406b4b
                          0x00406b52
                          0x00406b54
                          0x00406b54
                          0x00406b5a
                          0x00406b6f
                          0x00406b77
                          0x00406b79
                          0x00406b7b
                          0x00406b7e
                          0x00406b7f
                          0x00406b7f
                          0x00406b85
                          0x00000000
                          0x00000000
                          0x00406b87
                          0x00406b8a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406b8a
                          0x00406b8e
                          0x00406b91
                          0x00406b93
                          0x00406b93
                          0x00406b96
                          0x00406b9c
                          0x00406b9d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406b9d
                          0x00406ba2
                          0x00406ba5
                          0x00406ba7
                          0x00406ba7
                          0x00406bad
                          0x00406baf
                          0x00406bc0
                          0x00406bb3
                          0x00406bb7
                          0x00406e5c
                          0x00000000
                          0x00406e5c
                          0x00406bbd
                          0x00406bbe
                          0x00406bbe
                          0x00406bc6
                          0x00406bc9
                          0x00406bcd
                          0x00406bcf
                          0x00406bd1
                          0x00406bd4
                          0x00000000
                          0x00000000
                          0x00406bdc
                          0x00406be2
                          0x00406be4
                          0x00406be6
                          0x00406be7
                          0x00406bfc
                          0x00406bfc
                          0x00406bff
                          0x00406c01
                          0x00406c01
                          0x00406c03
                          0x00406c08
                          0x00406c0a
                          0x00406c11
                          0x00406c13
                          0x00406c1b
                          0x00406c1b
                          0x00406c1d
                          0x00406c1e
                          0x00406c2d
                          0x00406c31
                          0x00406c35
                          0x00406c38
                          0x00406c3b
                          0x00406c40
                          0x00406c43
                          0x00406c49
                          0x00406c50
                          0x00406c56
                          0x00406e4f
                          0x00406e4f
                          0x00406e54
                          0x00406e63
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406e54
                          0x00406c63
                          0x00406c66
                          0x00406c69
                          0x00406c6c
                          0x00406c70
                          0x00000000
                          0x00000000
                          0x00406c7b
                          0x00406c7e
                          0x00406c7f
                          0x00406c81
                          0x00406c87
                          0x00406c8a
                          0x00000000
                          0x00000000
                          0x00406c90
                          0x00406c91
                          0x00406c94
                          0x00406c97
                          0x00406c9a
                          0x00406ca0
                          0x00406ca2
                          0x00406ca2
                          0x00406caa
                          0x00406cae
                          0x00406cb3
                          0x00406cd8
                          0x00406cde
                          0x00406ce0
                          0x00406ce2
                          0x00406ce5
                          0x00406cee
                          0x00000000
                          0x00000000
                          0x00406cb5
                          0x00406cb5
                          0x00406cbe
                          0x00406cc2
                          0x00000000
                          0x00000000
                          0x00406cd3
                          0x00406cd3
                          0x00406cd6
                          0x00000000
                          0x00000000
                          0x00406cc6
                          0x00406cc9
                          0x00406ccb
                          0x00406ccf
                          0x00000000
                          0x00000000
                          0x00406cd1
                          0x00406cd1
                          0x00000000
                          0x00406cd3
                          0x00406cf7
                          0x00406cfd
                          0x00406d07
                          0x00406d09
                          0x00406d0e
                          0x00406d10
                          0x00406d46
                          0x00406d12
                          0x00406d12
                          0x00406d15
                          0x00406d18
                          0x00406d22
                          0x00406d25
                          0x00406d2c
                          0x00406d37
                          0x00406d3e
                          0x00406d3e
                          0x00406d48
                          0x00406d4b
                          0x00406d4d
                          0x00406d53
                          0x00406d53
                          0x00406d5c
                          0x00406d5f
                          0x00406d64
                          0x00406d73
                          0x00406d7b
                          0x00406d80
                          0x00406da4
                          0x00406dac
                          0x00406db0
                          0x00406db6
                          0x00406d82
                          0x00406d90
                          0x00406d93
                          0x00406d99
                          0x00406d99
                          0x00406dba
                          0x00406d75
                          0x00406d75
                          0x00406d75
                          0x00406dcb
                          0x00406dcf
                          0x00406ddb
                          0x00406dd6
                          0x00406dd9
                          0x00406dd9
                          0x00406de3
                          0x00406de8
                          0x00406df0
                          0x00406dec
                          0x00406dee
                          0x00406dee
                          0x00406df6
                          0x00406df8
                          0x00406dff
                          0x00406e09
                          0x00406e13
                          0x00406e2f
                          0x00406e33
                          0x00406c78
                          0x00406c7e
                          0x00406c7f
                          0x00406c81
                          0x00406c87
                          0x00406c8a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406c8a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00406e15
                          0x00406e15
                          0x00406e15
                          0x00406e1a
                          0x00406e23
                          0x00406e2c
                          0x00000000
                          0x00406e2c
                          0x00406e39
                          0x00406e39
                          0x00406e3c
                          0x00406e43
                          0x00406e46
                          0x00000000
                          0x00406c69
                          0x00406be9
                          0x00406beb
                          0x00406beb
                          0x00406bef
                          0x00406bf2
                          0x00406bf3
                          0x00406bf3
                          0x00000000
                          0x00406beb
                          0x00406b5f
                          0x00406b65
                          0x00000000

                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                          • Instruction ID: 226139066da84df80bc4b15dd4b3e380d67d521acd3bdc5c46ce9393f3ccc406
                          • Opcode Fuzzy Hash: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                          • Instruction Fuzzy Hash: 8BC13B71A00219CBDF14CF68C4905EEB7B2FF99314F26826AD856BB384D7346952CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 90%
                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42ec30; // 0x2814020
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Tftpd64 Standalone Edition Install", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42ec28; // 0x80134
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                          0x0040100a
                          0x00401039
                          0x00401047
                          0x0040104d
                          0x00401051
                          0x0040105b
                          0x00401061
                          0x00401064
                          0x004010f3
                          0x00401089
                          0x0040108c
                          0x004010a6
                          0x004010bd
                          0x004010cc
                          0x004010cf
                          0x004010d5
                          0x004010d9
                          0x004010e4
                          0x004010ed
                          0x004010ef
                          0x004010ef
                          0x00401100
                          0x00401105
                          0x0040110d
                          0x00401110
                          0x00401112
                          0x00401118
                          0x0040111f
                          0x00401126
                          0x00401130
                          0x00401142
                          0x00401156
                          0x00401160
                          0x00401165
                          0x00401165
                          0x00401110
                          0x0040116e
                          0x00000000
                          0x00401178
                          0x00401010
                          0x00401013
                          0x00401015
                          0x00401019
                          0x0040101f
                          0x0040101f
                          0x00000000

                          APIs
                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32 ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32 ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,?), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextA.USER32(00000000,Tftpd64 Standalone Edition Install,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: F$Tftpd64 Standalone Edition Install
                          • API String ID: 941294808-886467731
                          • Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                          • Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
                          • Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                          • Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E00405915(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F57(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x42ecb0 =  *0x42ecb0 + 1;
						return _t20;
					}
				}
				 *0x42c230 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bca8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b8a8, "%s=%s\r\n", 0x42c230, 0x42bca8);
						_t18 =  *0x42ec30; // 0x2814020
						_t56 = _t55 + 0x10;
						E00405BE9(_t43, 0x400, 0x42bca8, 0x42bca8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040589E(0x42bca8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405813(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405813(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040585F(_t51 + _t29, 0x42b8a8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405BC7(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040589E(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x42c230, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                          0x0040591b
                          0x00405922
                          0x00405926
                          0x0040592f
                          0x00405933
                          0x00405a72
                          0x00405a72
                          0x00000000
                          0x00405a72
                          0x00405933
                          0x0040593f
                          0x00405955
                          0x0040597d
                          0x00405988
                          0x0040598c
                          0x004059ac
                          0x004059ae
                          0x004059b3
                          0x004059bd
                          0x004059ca
                          0x004059cf
                          0x004059d4
                          0x004059d8
                          0x00000000
                          0x00000000
                          0x004059e7
                          0x004059e9
                          0x004059f6
                          0x004059fa
                          0x00405a6b
                          0x00405a6c
                          0x00000000
                          0x00405a16
                          0x00405a23
                          0x00405a88
                          0x00405a8f
                          0x00405a36
                          0x00405a36
                          0x00405a38
                          0x00405a41
                          0x00405a4c
                          0x00405a5e
                          0x00405a65
                          0x00000000
                          0x00405a65
                          0x00405a91
                          0x00405a92
                          0x00405a97
                          0x00405a99
                          0x00405aa6
                          0x00405aa6
                          0x00405aaa
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405a9b
                          0x00405a9b
                          0x00405a9e
                          0x00405aa1
                          0x00405aa2
                          0x00000000
                          0x00405a9b
                          0x00405a2e
                          0x00405a33
                          0x00000000
                          0x00405a33
                          0x004059fa
                          0x00405957
                          0x00405962
                          0x0040596b
                          0x0040596f
                          0x00000000
                          0x00000000
                          0x0040596f
                          0x00405a7c

                          APIs
                            • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                            • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
                          • GetShortPathNameA.KERNEL32 ref: 0040596B
                          • GetShortPathNameA.KERNEL32 ref: 00405988
                          • wsprintfA.USER32 ref: 004059A6
                          • GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
                          • GlobalFree.KERNEL32 ref: 00405A65
                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C
                            • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                            • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                          • String ID: %s=%s$[Rename]
                          • API String ID: 3445103937-1727408572
                          • Opcode ID: dd5f36ff1683cecaedc06a98f4c7ebca5133e00b433d723e877b9ad06c20ee00
                          • Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
                          • Opcode Fuzzy Hash: dd5f36ff1683cecaedc06a98f4c7ebca5133e00b433d723e877b9ad06c20ee00
                          • Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405E29, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405E29(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405727(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056E5("*?|<>/\":", _t5))) == 0) {
							E0040585F(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                          0x00405e2b
                          0x00405e33
                          0x00405e47
                          0x00405e47
                          0x00405e4d
                          0x00405e5a
                          0x00405e5a
                          0x00405e5b
                          0x00405e5d
                          0x00405e61
                          0x00405e63
                          0x00405e6c
                          0x00405e6e
                          0x00405e88
                          0x00405e90
                          0x00405e90
                          0x00405e95
                          0x00405e97
                          0x00405e99
                          0x00405e9d
                          0x00405e9e
                          0x00405ea1
                          0x00405ea9
                          0x00405eab
                          0x00405eaf
                          0x00000000
                          0x00000000
                          0x00405eb5
                          0x00405eba
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00405eba
                          0x00405ebf

                          APIs
                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                          • CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                          • CharNextA.USER32(?,"C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                          • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-650831577
                          • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                          • Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
                          • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                          • Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405375, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405375(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                          0x00405380
                          0x00405384
                          0x00405387
                          0x0040538d
                          0x00405391
                          0x00405395
                          0x0040539d
                          0x004053a4
                          0x004053aa
                          0x004053b1
                          0x004053c0
                          0x004053c2
                          0x00000000
                          0x004053c2
                          0x004053cc
                          0x004053d3
                          0x004053e9
                          0x00000000
                          0x00000000
                          0x00000000
                          0x004053eb
                          0x004053ef

                          APIs
                          • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004053B8
                          • GetLastError.KERNEL32 ref: 004053CC
                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
                          • GetLastError.KERNEL32 ref: 004053EB
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                          • String ID: C:\Users\user\Desktop\download$Ls@$\s@
                          • API String ID: 3449924974-1578548825
                          • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                          • Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
                          • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                          • Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403EEA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                          0x00403efc
                          0x00403f90
                          0x00000000
                          0x00403f90
                          0x00403f0d
                          0x00403f11
                          0x00000000
                          0x00000000
                          0x00403f17
                          0x00403f20
                          0x00403f23
                          0x00403f23
                          0x00403f29
                          0x00403f2f
                          0x00403f2f
                          0x00403f3b
                          0x00403f41
                          0x00403f48
                          0x00403f4b
                          0x00403f4e
                          0x00403f50
                          0x00403f50
                          0x00403f58
                          0x00403f5e
                          0x00403f5e
                          0x00403f68
                          0x00403f6d
                          0x00403f70
                          0x00403f75
                          0x00403f78
                          0x00403f78
                          0x00403f88
                          0x00403f88
                          0x00000000

                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                          • Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
                          • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                          • Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404782, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00404782(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                          0x00404790
                          0x0040479d
                          0x004047a3
                          0x004047e1
                          0x004047e1
                          0x004047f0
                          0x004047f7
                          0x00000000
                          0x004047f9
                          0x004047a5
                          0x004047b4
                          0x004047bc
                          0x004047bf
                          0x004047d1
                          0x004047d7
                          0x004047de
                          0x00000000
                          0x004047de
                          0x00000000

                          APIs
                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
                          • GetMessagePos.USER32 ref: 004047A5
                          • ScreenToClient.USER32 ref: 004047BF
                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                          • Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
                          • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                          • Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414c40; // 0x9e4d1
					_t11 =  *0x428c50; // 0x9e4d5
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                          0x00402b7b
                          0x00402b89
                          0x00402b8f
                          0x00402b8f
                          0x00402b9d
                          0x00402b9f
                          0x00402ba5
                          0x00402bac
                          0x00402bae
                          0x00402bae
                          0x00402bc4
                          0x00402bd4
                          0x00402be6
                          0x00402be6
                          0x00402bee

                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                          • MulDiv.KERNEL32(0009E4D1,00000064,0009E4D5), ref: 00402BB4
                          • wsprintfA.USER32 ref: 00402BC4
                          • SetWindowTextA.USER32(?,?), ref: 00402BD4
                          • SetDlgItemTextA.USER32 ref: 00402BE6
                          Strings
                          • verifying installer: %d%%, xrefs: 00402BBE
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: verifying installer: %d%%
                          • API String ID: 1451636040-82062127
                          • Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                          • Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
                          • Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                          • Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 84%
                          			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ecd0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F57(4);
					if(_t27 == 0) {
						__eflags =  *0x42ecd0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ecd0, 0);
				}
				return _t18;
			}










                          0x00402a79
                          0x00402a8a
                          0x00402a92
                          0x00402aba
                          0x00402aa1
                          0x00402aa4
                          0x00402af4
                          0x00402afa
                          0x00402afc
                          0x00000000
                          0x00402afc
                          0x00402ab1
                          0x00402ab6
                          0x00402ab8
                          0x00000000
                          0x00000000
                          0x00402ab8
                          0x00402acf
                          0x00402ad7
                          0x00402ade
                          0x00402b04
                          0x00402b0a
                          0x00000000
                          0x00000000
                          0x00402b12
                          0x00402b18
                          0x00402b1a
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00402b1a
                          0x00000000
                          0x00402aed
                          0x00402b01

                          APIs
                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                          • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                          • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Close$DeleteEnumOpen
                          • String ID:
                          • API String ID: 1912718029-0
                          • Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                          • Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
                          • Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                          • Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                          0x00401ce8
                          0x00401cef
                          0x00401d1e
                          0x00401d26
                          0x00401d2d
                          0x00401d2d
                          0x004028c1
                          0x004028cd

                          APIs
                          • GetDlgItem.USER32 ref: 00401CE2
                          • GetClientRect.USER32 ref: 00401CEF
                          • LoadImageA.USER32 ref: 00401D10
                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                          • DeleteObject.GDI32(00000000), ref: 00401D2D
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: 020452eb3921661a00a7f1dec221df2f45b9b93871aa410a8c2cf6622bf1c573
                          • Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
                          • Opcode Fuzzy Hash: 020452eb3921661a00a7f1dec221df2f45b9b93871aa410a8c2cf6622bf1c573
                          • Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00404678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E00404678(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BE9(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BE9(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BE9(_t41, _t47, 0x42a0a0, 0x42a0a0, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a0a0), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42e3f8, _a4, 0x42a0a0);
			}



















                          0x0040467e
                          0x00404683
                          0x0040468b
                          0x0040468c
                          0x00404699
                          0x004046a1
                          0x004046a2
                          0x004046a4
                          0x004046a6
                          0x004046a8
                          0x004046ab
                          0x004046ab
                          0x004046b2
                          0x004046b8
                          0x004046b8
                          0x004046bf
                          0x004046c6
                          0x004046c9
                          0x004046cc
                          0x004046cc
                          0x004046d0
                          0x004046e0
                          0x004046e2
                          0x004046e5
                          0x0040468e
                          0x0040468e
                          0x00404695
                          0x00404695
                          0x004046ed
                          0x004046f8
                          0x0040470e
                          0x0040471e
                          0x0040473a

                          APIs
                          • lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                          • wsprintfA.USER32 ref: 0040471E
                          • SetDlgItemTextA.USER32 ref: 00404731
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s
                          • API String ID: 3540041739-3551169577
                          • Opcode ID: 89310600854dc24232781d810703ab92f334f20b6177e88878092ebbba49473a
                          • Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
                          • Opcode Fuzzy Hash: 89310600854dc24232781d810703ab92f334f20b6177e88878092ebbba49473a
                          • Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                          Download Yara Rule
                          C-Code - Quality: 51%
                          			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405B25();
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                          0x00401bd3
                          0x00401bdf
                          0x00401be2
                          0x00401beb
                          0x00401beb
                          0x00401bee
                          0x00401bf2
                          0x00401bfb
                          0x00401bfb
                          0x00401bfe
                          0x00401c02
                          0x00401c04
                          0x00401c51
                          0x00401c53
                          0x00401c5c
                          0x00401c64
                          0x00401c67
                          0x00401c67
                          0x00401c70
                          0x00000000
                          0x00401c06
                          0x00401c0d
                          0x00401c0f
                          0x00401c17
                          0x00401c1a
                          0x00401c42
                          0x00401c76
                          0x00401c76
                          0x00401c1c
                          0x00401c2a
                          0x00401c32
                          0x00401c35
                          0x00401c35
                          0x00401c1a
                          0x00401c79
                          0x00401c7c
                          0x00401c82
                          0x00402866
                          0x00402866
                          0x004028c1
                          0x004028cd

                          APIs
                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                          • Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
                          • Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                          • Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004038E3, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004038E3(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B3E(__ecx, "1033");
				while(1) {
					_t26 =  *0x42ec64; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42ec30; // 0x2814020
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42ec60;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e400 = _t18[1];
					 *0x42ecc8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e3fc = _t23;
						E00405B25(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x42a078, E00405BE9(_t13, _t24, _t26, "Tftpd64 Standalone Edition Install", 0xfffffffe));
						_t11 =  *0x42ec4c; // 0x6
						_t27 =  *0x42ec48; // 0x281428c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x28142a4
								_t11 = E00405BE9(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                          0x004038e7
                          0x004038ec
                          0x004038f2
                          0x004038f7
                          0x004038f7
                          0x004038ff
                          0x00000000
                          0x00000000
                          0x00403901
                          0x00403907
                          0x0040390f
                          0x00403911
                          0x00403917
                          0x00403917
                          0x00403919
                          0x00403925
                          0x00000000
                          0x00000000
                          0x00403929
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040392b
                          0x00403930
                          0x00403939
                          0x0040393f
                          0x00403944
                          0x00403958
                          0x00403963
                          0x0040397b
                          0x00403981
                          0x00403986
                          0x0040398e
                          0x004039af
                          0x004039af
                          0x004039af
                          0x00403990
                          0x00403992
                          0x00403992
                          0x00403996
                          0x00403999
                          0x0040399d
                          0x0040399d
                          0x004039a2
                          0x004039a8
                          0x004039a8
                          0x00000000
                          0x00403992
                          0x00403946
                          0x0040394b
                          0x00403954
                          0x0040394d
                          0x0040394d
                          0x0040394d
                          0x0040394b

                          APIs
                          • SetWindowTextA.USER32(00000000,Tftpd64 Standalone Edition Install), ref: 0040397B
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: TextWindow
                          • String ID: "C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe" $1033$Tftpd64 Standalone Edition Install
                          • API String ID: 530164218-2423351526
                          • Opcode ID: cc90688c7fd63f2d8e4e371175a917324914262e2b57bfab3cebb0d9b58195c7
                          • Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
                          • Opcode Fuzzy Hash: cc90688c7fd63f2d8e4e371175a917324914262e2b57bfab3cebb0d9b58195c7
                          • Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004056BA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004056BA(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                          0x004056bb
                          0x004056d2
                          0x004056da
                          0x004056da
                          0x004056e2

                          APIs
                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
                          • lstrcatA.KERNEL32(?,00409010), ref: 004056DA
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-3936084776
                          • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                          • Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
                          • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                          • Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 59%
                          			E00401F84(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42ecd8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42eca8 =  *0x42eca8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404EB3(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x42f000, 0x40b040, 0x409000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004035BA(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                          0x00401f84
                          0x00401f84
                          0x00401f89
                          0x00401f90
                          0x0040204c
                          0x00402197
                          0x00402197
                          0x004028be
                          0x004028c1
                          0x004028cd
                          0x004028cd
                          0x00401f9f
                          0x00401fa9
                          0x00401fac
                          0x00401fbb
                          0x00401fc5
                          0x00401fc9
                          0x00402045
                          0x00000000
                          0x00402045
                          0x00401fcb
                          0x00401fd5
                          0x00401fd9
                          0x0040201d
                          0x00401fdb
                          0x00401fde
                          0x00401fe1
                          0x00402011
                          0x00401fe3
                          0x00401fe6
                          0x00401fef
                          0x00401ff1
                          0x00401ff1
                          0x00401fef
                          0x00401fe1
                          0x00402025
                          0x0040203a
                          0x0040203a
                          0x00000000
                          0x00402025
                          0x00401fb5
                          0x00401fb9
                          0x00000000
                          0x00000000
                          0x00000000

                          APIs
                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401FAF
                            • Part of subcall function 00404EB3: lstrlenA.KERNEL32(Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                            • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,Completed!,00000000,006617DE,747DEA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                            • Part of subcall function 00404EB3: lstrcatA.KERNEL32(Completed!,00402FE9,00402FE9,Completed!,00000000,006617DE,747DEA30), ref: 00404F0F
                            • Part of subcall function 00404EB3: SetWindowTextA.USER32(Completed!,Completed!), ref: 00404F21
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                            • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                          • String ID:
                          • API String ID: 2987980305-0
                          • Opcode ID: 6714c4503f1adaa9a7def2b486d4f4accadca0070fce7f062c20e8e3e2c0112c
                          • Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
                          • Opcode Fuzzy Hash: 6714c4503f1adaa9a7def2b486d4f4accadca0070fce7f062c20e8e3e2c0112c
                          • Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b044->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b054 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b05b = 1;
				 *0x40b058 = _t11 & 0x00000001;
				 *0x40b059 = _t11 & 0x00000002;
				 *0x40b05a = _t11 & 0x00000004;
				E00405BE9(_t18, _t24, _t26, 0x40b060,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b044);
				_push(_t14);
				_push(_t26);
				E00405B25();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                          0x00401d46
                          0x00401d5f
                          0x00401d69
                          0x00401d6e
                          0x00401d79
                          0x00401d80
                          0x00401d92
                          0x00401d98
                          0x00401d9d
                          0x00401da7
                          0x004024eb
                          0x00401561
                          0x00402866
                          0x004028c1
                          0x004028cd

                          APIs
                          • GetDC.USER32(?), ref: 00401D3F
                          • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                          • CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirect
                          • String ID:
                          • API String ID: 3272661963-0
                          • Opcode ID: eee95c2ae89bd490ee6049f93aeb5439302d2a47c0c113b9f37b05f67f77e603
                          • Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
                          • Opcode Fuzzy Hash: eee95c2ae89bd490ee6049f93aeb5439302d2a47c0c113b9f37b05f67f77e603
                          • Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420c48; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42ec2c;
						if(_t2 >  *0x42ec2c) {
							_t3 = CreateDialogParamA( *0x42ec20, 0x6f, 0, E00402B6E, 0);
							 *0x420c48 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F93(0);
					}
				} else {
					_t6 =  *0x420c48; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420c48 = 0;
					return _t6;
				}
			}






                          0x00402bf8
                          0x00402c12
                          0x00402c18
                          0x00402c22
                          0x00402c28
                          0x00402c2e
                          0x00402c3f
                          0x00402c48
                          0x00000000
                          0x00402c4d
                          0x00402c54
                          0x00402c1a
                          0x00402c21
                          0x00402c21
                          0x00402bfa
                          0x00402bfa
                          0x00402c01
                          0x00402c04
                          0x00402c04
                          0x00402c0a
                          0x00402c11
                          0x00402c11

                          APIs
                          • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                          • GetTickCount.KERNEL32 ref: 00402C22
                          • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                          • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                          • String ID:
                          • API String ID: 2102729457-0
                          • Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                          • Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
                          • Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                          • Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a040 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B3E(_t17 + 8, _t15), "C:\Users\engineer\Desktop\Tftpd64.lnk", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                          0x004024f1
                          0x004024f1
                          0x004024f4
                          0x0040250f
                          0x004024f6
                          0x004024f8
                          0x004024fd
                          0x00402504
                          0x00402516
                          0x0040268f
                          0x0040268f
                          0x0040251c
                          0x0040252e
                          0x004015a6
                          0x004015a8
                          0x00000000
                          0x004015ae
                          0x004015a8
                          0x004028c1
                          0x004028cd

                          APIs
                          • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\Desktop\Tftpd64.lnk,00000000,?,?,00000000,00000011), ref: 0040252E
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: FileWritelstrlen
                          • String ID: C:\Users\user\Desktop\Tftpd64.lnk
                          • API String ID: 427699356-1374709552
                          • Opcode ID: 7133162721a0328ad96605e5a28949c6253d28faaf5cce0d2074de9cbcddde72
                          • Instruction ID: 02596e95378ee295436ef63fdf7a12543175d591b2ab5856f5875b5858eb07cb
                          • Opcode Fuzzy Hash: 7133162721a0328ad96605e5a28949c6253d28faaf5cce0d2074de9cbcddde72
                          • Instruction Fuzzy Hash: A7F082B2A04244BFD710EFA59E49AEF7668DB40348F20043BF142B51C2E6BC99419B6E
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405427, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405427(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42c0a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                          0x00405430
                          0x0040544c
                          0x00405454
                          0x00405459
                          0x00000000
                          0x0040545f
                          0x00405463

                          APIs
                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                          • CloseHandle.KERNEL32(?), ref: 00405459
                          Strings
                          • Error launching installer, xrefs: 0040543A
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: Error launching installer
                          • API String ID: 3712363035-66219284
                          • Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                          • Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
                          • Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                          • Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00403585, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00403585() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42905c; // 0x0
				_t3 = E0040356A(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42905c =  *0x42905c & 0x00000000;
				return _t3;
			}







                          0x00403586
                          0x0040358e
                          0x00403595
                          0x00403598
                          0x00403598
                          0x0040359a
                          0x0040359f
                          0x004035a6
                          0x004035ac
                          0x004035b0
                          0x004035b1
                          0x004035b9

                          APIs
                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
                          • GlobalFree.KERNEL32 ref: 004035A6
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: Free$GlobalLibrary
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 1100898210-3936084776
                          • Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                          • Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
                          • Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                          • Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405701, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405701(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                          0x00405702
                          0x0040570c
                          0x0040570e
                          0x00405715
                          0x0040571d
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0040571d
                          0x0040571f
                          0x00405724

                          APIs
                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop\download,00402CC1,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,80000000,00000003), ref: 00405707
                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop\download,00402CC1,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,C:\Users\user\Desktop\download\Tftpd64-4.64-setup.exe,80000000,00000003), ref: 00405715
                          Strings
                          • C:\Users\user\Desktop\download, xrefs: 00405701
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\user\Desktop\download
                          • API String ID: 2709904686-871579865
                          • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                          • Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
                          • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                          • Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00405813, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E00405813(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                          0x0040581f
                          0x00405821
                          0x00405849
                          0x0040582e
                          0x00405833
                          0x0040583e
                          0x00000000
                          0x0040585b
                          0x00405847
                          0x00405847
                          0x00000000

                          APIs
                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405833
                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                          Memory Dump Source
                          • Source File: 00000005.00000002.605929555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000005.00000002.605920254.0000000000400000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605948695.0000000000407000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605961129.0000000000409000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605984154.000000000042C000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.605999422.0000000000434000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.606011620.0000000000437000.00000002.00020000.sdmp Download File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_400000_Tftpd64-4.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                          • Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
                          • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                          • Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB
                          Uniqueness

                          Uniqueness Score: -1.00%