Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'opengl.dat'

Incident Response

Risk Assessment

Remote Access: Hooks internet related APIs
Spyware: Hooks API calls
Hooks key cryptographic functions of the CryptoAPI
Persistence: Installs hooks/patches the running process
Spawns a lot of processes
Writes data to a remote process
Evasive: Possibly checks for the presence of an Antivirus engine
Possibly tries to evade analysis by sleeping many times

MITRE ATT&CK™ Techniques Detection

This report has 27 indicators that were mapped to 16 attack techniques and 7 tactics. View all details

Execution
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1106	Native API	Execution	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Learn more			Contains ability to dynamically determine API calls Imports GetCommandLine API
Privilege Escalation
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1055	Process Injection	Privilege Escalation Defense Evasion	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more	Writes data to a remote process
Defense Evasion
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1553.002	Code Signing	Defense Evasion	Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Learn more			The input sample is signed with a certificate The input sample is signed with a valid certificate
T1055	Process Injection	Privilege Escalation Defense Evasion	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Learn more	Writes data to a remote process
T1497.003	Time Based Evasion	Defense Evasion Discovery	Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. Learn more		Possibly tries to evade analysis by sleeping many times
T1027.002	Software Packing	Defense Evasion	Adversaries may perform software packing or virtual machine software protection to conceal their code. Learn more		1 confidential indicators	Matched Compiler/Packer signature
Credential Access
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1056.004	Credential API Hooking	Credential Access Collection	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Learn more	Hooks file system APIs Hooks key cryptographic functions of the CryptoAPI Hooks internet related APIs	Installs hooks/patches the running process Hooks API calls
Discovery
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1083	File and Directory Discovery	Discovery	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Learn more		Touches files in program files directory	Tries to access non-existent files Contains ability to enumerate files on disk (API string) Contains ability to verify if file exist on disk (API string)
T1057	Process Discovery	Discovery	Adversaries may attempt to get information about running processes on a system. Learn more		Calls an API typically used to enumerate process encountered in a system snapshot	Calls an API typically used for taking snapshot of the specified processes
T1082	System Information Discovery	Discovery	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Learn more			Calls an API typically used to get product type Calls an API typically used to get system version information Contains ability to read software policies
T1518.001	Security Software Discovery	Discovery	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. Learn more		Possibly checks for the presence of an Antivirus engine
T1497.003	Time Based Evasion	Defense Evasion Discovery	Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. Learn more		Possibly tries to evade analysis by sleeping many times
T1012	Query Registry	Discovery	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Learn more			Reads information about supported languages Reads the active computer name
Collection
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1056.004	Credential API Hooking	Credential Access Collection	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Learn more	Hooks file system APIs Hooks key cryptographic functions of the CryptoAPI Hooks internet related APIs	Installs hooks/patches the running process Hooks API calls
T1114	Email Collection	Collection	Adversaries may target user email to collect sensitive information. Learn more		Found a potential E-Mail address in binary/memory
Command and Control
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1573	Encrypted Channel	Command and Control	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Learn more			Possibly tries to communicate over SSL connection (HTTPS)

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 8
Anti-Detection/Stealthyness
- Hooks file system APIs
  
  details
  
  "FindFirstFileA@KERNEL32.DLL" in "rundll32.exe"
  "FindFirstFileW@KERNEL32.DLL" in "rundll32.exe"
  "FindNextFileA@KERNEL32.DLL" in "rundll32.exe"
  "FindNextFileW@KERNEL32.DLL" in "rundll32.exe"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
Cryptographic Related
- Hooks key cryptographic functions of the CryptoAPI
  
  details
  
  "DecryptMessage@SSPICLI.DLL" in "rundll32.exe"
  "EncryptMessage@SSPICLI.DLL" in "rundll32.exe"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
External Systems
- Sample was identified as malicious by a large number of Antivirus engines
  
  details
  
  31/71 Antivirus vendors marked sample as malicious (43% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by a trusted Antivirus engine
  
  details
  
  No specific details available
  
  source
  
  External System
  
  relevance
  
  10/10
Installation/Persistence
- Writes data to a remote process
  
  details
  
  "rundll32.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\wermgr.exe" (Handle: 664)
  "rundll32.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\wermgr.exe" (Handle: 664)
  "rundll32.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\wermgr.exe" (Handle: 664)
  "rundll32.exe" wrote 6852 bytes to a remote process "%WINDIR%\System32\wermgr.exe" (Handle: 664)
  "rundll32.exe" wrote 5 bytes to a remote process "%WINDIR%\System32\wermgr.exe" (Handle: 664)
  
  source
  
  API Call
  
  relevance
  
  6/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)
Spyware/Information Retrieval
- Hooks internet related APIs
  
  details
  
  "send@WS2_32.DLL" in "rundll32.exe"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Spawns a lot of processes
  
  details
  
  Spawned process "WerFault.exe" with commandline "-u -p 2148 -s 212" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 3884 -s 212" (Show Process)
  Spawned process "wermgr.exe" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 284 -s 212" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 2936 -s 212" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 11
Anti-Detection/Stealthyness
- Possibly checks for the presence of an Antivirus engine
  
  details
  
  "McAfee, Inc." (Indicator: "mcafee")
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1518.001 (Show technique in the MITRE ATT&CK™ matrix)
Environment Awareness
- Possibly tries to evade analysis by sleeping many times
  
  details
  
  "wermgr.exe" (Thread ID: 3880) slept "520" times (threshold: 500)
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1497.003 (Show technique in the MITRE ATT&CK™ matrix)
External Systems
- Sample detected by CrowdStrike Static Analysis and ML with relatively low confidence
  
  details
  
  CrowdStrike Static Analysis and ML (QuickScan) yielded detection: win/malicious_confidence_60% (W)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  31/71 Antivirus vendors marked sample as malicious (43% detection rate)
  
  source
  
  External System
General
- Found a potential E-Mail address in binary/memory
  
  details
  
  Pattern match: "offers@master-gadgets.com0"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1114 (Show technique in the MITRE ATT&CK™ matrix)
Spyware/Information Retrieval
- Calls an API typically used to enumerate process encountered in a system snapshot
  
  details
  
  "rundll32.exe" called "Process32FirstW" (UID: 00000000-00003116)
  "rundll32.exe" called "Process32NextW" (UID: 00000000-00003116)
  
  source
  
  API Call
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Touches files in program files directory
  
  details
  
  "rundll32.exe" trying to touch file "%PROGRAMFILES%\Wireshark\FDDBDBDFBDFBFD.DLL"
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
System Security
- Hooks API calls
  
  details
  
  "GetLogicalDriveStringsA@KERNEL32.DLL" in "rundll32.exe"
  "FindFirstFileA@KERNEL32.DLL" in "rundll32.exe"
  "FindFirstFileW@KERNEL32.DLL" in "rundll32.exe"
  "FindNextFileA@KERNEL32.DLL" in "rundll32.exe"
  "FindResourceW@KERNEL32.DLL" in "rundll32.exe"
  "FindNextFileW@KERNEL32.DLL" in "rundll32.exe"
  "GetLogicalDriveStringsW@KERNEL32.DLL" in "rundll32.exe"
  "LoadLibraryW@KERNEL32.DLL" in "rundll32.exe"
  "OpenMutexA@KERNEL32.DLL" in "rundll32.exe"
  "CreateDirectoryW@KERNEL32.DLL" in "rundll32.exe"
  "LoadLibraryExA@KERNEL32.DLL" in "rundll32.exe"
  "Process32FirstW@KERNEL32.DLL" in "rundll32.exe"
  "CreateToolhelp32Snapshot@KERNEL32.DLL" in "rundll32.exe"
  "GetNativeSystemInfo@KERNEL32.DLL" in "rundll32.exe"
  "CopyFileW@KERNEL32.DLL" in "rundll32.exe"
  "FindResourceA@KERNEL32.DLL" in "rundll32.exe"
  "RemoveDirectoryA@KERNEL32.DLL" in "rundll32.exe"
  "CreateDirectoryA@KERNEL32.DLL" in "rundll32.exe"
  "LoadResource@KERNEL32.DLL" in "rundll32.exe"
  "send@WS2_32.DLL" in "rundll32.exe"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Imports suspicious APIs
  
  details
  
  GetModuleFileNameW
  LoadLibraryA
  GetCommandLineW
  UnhandledExceptionFilter
  LoadLibraryExW
  GetStartupInfoW
  GetCommandLineA
  GetProcAddress
  GetTickCount64
  CreateThread
  GetModuleHandleA
  FindNextFileW
  WriteFile
  FindFirstFileExW
  GetModuleHandleW
  TerminateProcess
  GetModuleHandleExW
  CreateFileW
  IsDebuggerPresent
  VirtualAlloc
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Installs hooks/patches the running process
  
  details
  
  "rundll32.exe" wrote bytes "e91d0fcd89" to virtual address "0x76AF8D2E" ("GetLogicalDriveStringsA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e990c3cc89" to virtual address "0x76AFC1AB" ("FindFirstFileA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9b744cc89" to virtual address "0x76B04274" ("FindFirstFileW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9c2e0cc89" to virtual address "0x76AFA869" ("FindNextFileA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9b45bcd89" to virtual address "0x76AF5727" ("FindResourceW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e935eecc89" to virtual address "0x76AF9DA6" ("FindNextFileW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9846cce89" to virtual address "0x76AE31A7" ("GetLogicalDriveStringsW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e95993cc89" to virtual address "0x76AFF162" ("LoadLibraryW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9a9c2cd89" to virtual address "0x76AF0622" ("OpenMutexA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e92a0ecd89" to virtual address "0x76AF9BE1" ("CreateDirectoryW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e91d3ecd89" to virtual address "0x76AF46BE" ("LoadLibraryExA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e90e8ecd89" to virtual address "0x76AF023D" ("Process32FirstW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e94c877094" to virtual address "0x6C0C271F" (part of module "ACLAYERS.DLL")
  "rundll32.exe" wrote bytes "e9518fcd89" to virtual address "0x76AEFF3A" ("CreateToolhelp32Snapshot@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e988d4cd89" to virtual address "0x76AEC6B3" ("GetNativeSystemInfo@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e90c38ce89" to virtual address "0x76AE6D4F" ("CopyFileW@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e97e09cd89" to virtual address "0x76AFA6CD" ("FindResourceA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e924a7c889" to virtual address "0x76B404D7" ("RemoveDirectoryA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9d624cb89" to virtual address "0x76B18355" ("CreateDirectoryA@KERNEL32.DLL")
  "rundll32.exe" wrote bytes "e9a116cd89" to virtual address "0x76AF9ECA" ("LoadResource@KERNEL32.DLL")
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1056.004 (Show technique in the MITRE ATT&CK™ matrix)
Hiding 1 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 27
Environment Awareness
- Calls an API typically used to get product type
  
  details
  
  "rundll32.exe" called "RtlGetNtProductType" with parameter (UID: 00000000-00003116)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Calls an API typically used to get system version information
  
  details
  
  "rundll32.exe" called "RtlGetVersion" with parameter (UID: 00000000-00003116)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to read software policies
  
  details
  
  "rundll32.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")
  "rundll32.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "AUTHENTICODEENABLED")
  "wermgr.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SAFER\CODEIDENTIFIERS"; Key: "TRANSPARENTENABLED")
  
  source
  
  Registry Access
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to verify if file exist on disk (API string)
  
  details
  
  Observed api string:"PathFileExistsA" [Source: 122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin]
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Reads the active computer name
  
  details
  
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)
General
- An application crash occurred
  
  details
  
  Report process "WerFault.exe" was created by "rundll32.exe"
  
  source
  
  Monitored Target
- Contains ability to dynamically determine API calls
  
  details
  
  Found GetProcAddress() and LoadLibraryA() in an import section (Source: 122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)
  
  source
  
  Static Parser
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to read the PEB (Process Environment Block) structure
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" can read PEB structure (dword ptr fs:[00000030h]) (Offset: 95900)
  
  source
  
  Binary File
  
  relevance
  
  3/10
- Contains export functions
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "DrawThemeIcon" at ordinal 1
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "apetaloid" at ordinal 2
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "graben" at ordinal 3
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "ladykind" at ordinal 4
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "overindulge" at ordinal 5
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "spirometer" at ordinal 6
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "townless" at ordinal 7
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" contains export function called "zaparoan" at ordinal 8
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\DBWinMutex"
  "DBWinMutex"
  "\Sessions\1\BaseNamedObjects\Global\{2E21AA80-7D3F-4D54-9A37-DFFB2CA36D7C}"
  "\Sessions\1\BaseNamedObjects\{2E21AA80-7D3F-4D54-9A37-DFFB2CA36D7C}"
  "\Sessions\1\BaseNamedObjects\{C9317923-F45D-4F85-9D1F-3CAB4A7C14D0}"
  "{2E21AA80-7D3F-4D54-9A37-DFFB2CA36D7C}"
  "Global\{2E21AA80-7D3F-4D54-9A37-DFFB2CA36D7C}"
  "{C9317923-F45D-4F85-9D1F-3CAB4A7C14D0}"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Found API related strings
  
  details
  
  "FlsGetValue" (Indicator: "FlsGetValue")
  "FlsSetValue" (Indicator: "FlsSetValue")
  "InitializeCriticalSectionEx" (Indicator: "InitializeCriticalSection")
  "CorExitProcess" (Indicator: "ExitProcess")
  "LocaleNameToLCID" (Indicator: "LocaleNameToLCID")
  "WaitForSingleObjectEx" (Indicator: "WaitForSingleObject")
  "CreateThread" (Indicator: "CreateThread")
  "GetTickCount64" (Indicator: "GetTickCount")
  "VirtualAlloc" (Indicator: "VirtualAlloc")
  "GetCurrentThreadId" (Indicator: "GetCurrentThread")
  "GetModuleHandleA" (Indicator: "GetModuleHandleA")
  "GetModuleHandleW" (Indicator: "GetModuleHandleW")
  "LoadLibraryA" (Indicator: "LoadLibraryA")
  "SendMessageA" (Indicator: "SendMessageA")
  "PathFileExistsA" (Indicator: "PathFileExistsA")
  "IsProcessorFeaturePresent" (Indicator: "IsProcessorFeaturePresent")
  "IsDebuggerPresent" (Indicator: "IsDebuggerPresent")
  "UnhandledExceptionFilter" (Indicator: "UnhandledExceptionFilter")
  "SetUnhandledExceptionFilter" (Indicator: "SetUnhandledExceptionFilter")
  "GetStartupInfoW" (Indicator: "GetStartupInfoW")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
- PE file contains executable sections
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" has an executable section named ".text"
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- PE file contains writable sections
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" has an writable section named "data1"
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- PE file entrypoint instructions
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" file has an entrypoint instructions - "pushebp,movebp, esp,cmpdword ptr [ebp + 0xc], 1,jne0x1000f289,call0x1000f675,pushdword ptr [ebp + 0x10],pushdword ptr [ebp + 0xc],pushdword ptr [ebp + 8],call0x1000f145,addesp, 0xc,popebp,ret0xc,pushebp,movebp, esp,subesp, 0xc,leaecx, [ebp - 0xc],call0x1000ea2b,push0x1004effc,leaeax, [ebp - 0xc],pusheax,call0x1000f911,int3,pushebp,movebp, esp,subesp, 0xc,leaecx, [ebp - 0xc],call0x10001890,push0x1004ecfc,leaeax, [ebp - 0xc],pusheax,call0x1000f911,int3,pushebp,movebp, esp,"
  
  source
  
  Static Parser
  
  relevance
  
  1/10
- Spawns new processes
  
  details
  
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#1" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#2" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#3" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#4" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#5" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#6" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 2148 -s 212" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 3884 -s 212" (Show Process)
  Spawned process "wermgr.exe" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#7" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 284 -s 212" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#8" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 2936 -s 212" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
- Spawns new processes that are not known child processes
  
  details
  
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#1" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#2" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#3" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#4" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#5" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#6" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 2148 -s 212" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 3884 -s 212" (Show Process)
  Spawned process "wermgr.exe" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#7" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 284 -s 212" (Show Process)
  Spawned process "rundll32.exe" with commandline ""C:\opengl.dat.dll",#8" (Show Process)
  Spawned process "WerFault.exe" with commandline "-u -p 2936 -s 212" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
- The input sample is signed with a certificate
  
  details
  
  The input sample is signed with a certificate issued by "CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB" (SHA1: FA:9C:C0:60:76:BB:DB:2E:C2:BD:BC:15:79:93:AA:AF:7A:A8:0C:5A; see report for more information)
  The input sample is signed with a certificate issued by "CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB" (SHA1: D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49; see report for more information)
  The input sample is signed with a certificate issued by "CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB" (SHA1: 32:9B:78:A5:C9:EB:C2:04:32:42:DE:90:CE:1B:7C:6B:1B:A6:C6:92; see report for more information)
  The input sample is signed with a certificate issued by "CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB" (SHA1: 0B:C5:E7:67:73:D2:E4:4F:C9:90:3D:4D:FE:FE:45:15:53:BB:EC:4A; see report for more information)
  
  source
  
  Certificate Data
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1553.002 (Show technique in the MITRE ATT&CK™ matrix)
- The input sample is signed with a valid certificate
  
  details
  
  The entire certificate chain of the input sample was validated successfully.
  
  source
  
  Certificate Data
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1553.002 (Show technique in the MITRE ATT&CK™ matrix)
Installation/Persistence
- Touches files in the Windows directory
  
  details
  
  "rundll32.exe" touched file "%WINDIR%\AppPatch\sysmain.sdb"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "https://sectigo.com/CPS0"
  Pattern match: "crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y"
  Pattern match: "crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#"
  Pattern match: "http://ocsp.sectigo.com0$"
  Pattern match: "crl.comodoca.com/AAACertificateServices.crl06"
  Pattern match: "crl.comodo.net/AAACertificateServices.crl0"
  Pattern match: "crl.comodoca.com/AAACertificateServices.crl04"
  Pattern match: "http://ocsp.comodoca.com0"
  Pattern match: "http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0"
  Pattern match: "http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#"
  Pattern match: "http://ocsp.sectigo.com0"
  
  source
  
  File/Memory
  
  relevance
  
  10/10
- Possibly tries to communicate over SSL connection (HTTPS)
  
  details
  
  "https://sectigo.com/CPS0" (Indicator: "https://")
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1573 (Show technique in the MITRE ATT&CK™ matrix)
Spyware/Information Retrieval
- Calls an API typically used for taking snapshot of the specified processes
  
  details
  
  "rundll32.exe" called "CreateToolhelp32Snapshot" (UID: 00000000-00003116)
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1057 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to enumerate files on disk (API string)
  
  details
  
  Observed api string:"FindNextFileW" [Source: 122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin]
  
  source
  
  File/Memory
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
- Imports GetCommandLine API
  
  details
  
  Observed import api "GetCommandLineA" which can "Retrieves the command-line string for the current process" [Source: 122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin]
  
  source
  
  Static Parser
  
  relevance
  
  1/10
  
  ATT&CK ID
  
  T1106 (Show technique in the MITRE ATT&CK™ matrix)
- Tries to access non-existent files
  
  details
  
  "rundll32.exe" trying to access non-existent file "C:\Windows\System32\API-MS-WIN-CORE-FIBERS-L1-1-1.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\System32\API-MS-WIN-CORE-LOCALIZATION-L1-2-1.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Users\%USERNAME%\AppData\Local\Programs\Python\Python36-32\Scripts\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\System32\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\system\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "%ALLUSERSPROFILE%\Oracle\Java\javapath_target_623756\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\System32\wbem\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Windows\System32\WindowsPowerShell\v1.0\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Program Files\Wireshark\FDDBDBDFBDFBFD.DLL"
  "rundll32.exe" trying to access non-existent file "C:\Users\%USERNAME%\AppData\Local\Programs\Python\Python36-32\FDDBDBDFBDFBFD.DLL"
  
  source
  
  API Call
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1083 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Matched Compiler/Packer signature
  
  details
  
  "122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin" was detected as "Borland Delphi 3.0 (???)"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1027.002 (Show technique in the MITRE ATT&CK™ matrix)
- Reads information about supported languages
  
  details
  
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "AR")
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "AR")
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "AR-SA")
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "AR-SA")
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
  "rundll32.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "TN")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "TN")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "TN-ZA")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "TN-ZA")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "CA")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "CA")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "CA-ES")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "CA-ES")
  "wermgr.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
  
  source
  
  Registry Access
  
  relevance
  
  3/10
  
  ATT&CK ID
  
  T1012 (Show technique in the MITRE ATT&CK™ matrix)

CrowdStrike AI

Executable Process Memory Analysis (Learn More)
Malicious 1
- 00000000-00003116.00000001.67295.005F0000.00000040.mdmp (Address: 005F0000, Flags: 00000040)
  
  File's Process
  
  rundll32.exe (PID: 3116)
  
  File's Process SHA256
  
  3fa4912eb43fc304652d7b01f118589259861e2d628fa7c86193e54d5f987670
  
  File's Process Disc Pathway
  
  %WINDIR%\System32\rundll32.exe
  
  Action
  
  See Memory Dump Content Download Memory Dump
Suspicious 1
- 00000000-00003116.00000001.67295.002E0000.00000040.mdmp (Address: 002E0000, Flags: 00000040)
  
  File's Process
  
  rundll32.exe (PID: 3116)
  
  File's Process SHA256
  
  3fa4912eb43fc304652d7b01f118589259861e2d628fa7c86193e54d5f987670
  
  File's Process Disc Pathway
  
  %WINDIR%\System32\rundll32.exe
  
  Action
  
  See Memory Dump Content Download Memory Dump

File Details

All Details:

opengl.dat

Filename: opengl.dat
Size: 353KiB (361952 bytes)
Type: pedll executable
Description: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Architecture
: WINDOWS
SHA256
: 122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e
MD5
: 9d72c37dbf002a0069c85059ff0e7389
SHA1
: b21aa6e7e6f59326ec1b252b5e33bd3491e15066
ssdeep
: 6144:eumQ7wTa7g5+NUG7rVEs53B7m3hT0g7Na/aoKPxtCkT2QJx84aJXxw4x:5J7wTIJNVruKchoUaCujQJfAXxTx
imphash
: 21e76aaf32fa6db6fd58a317fd4ebc7e
authentihash
: ccd61be3a2c51b2b1949d2bb4417f06de10e519e01cd591762616c6a0856075c
Compiler/Packer
: Borland Delphi 3.0 (???)

Resources

Language
: RUSSIAN,NEUTRAL
Icon

Visualization

Input File (PortEx)

Entrypoint Preview

Instructions Count
: 34
Actions
: Show Preview

Version Info

LegalCopyright: Copyright 1995-2009 McAfee, Inc. All Rights Reserved.
BuildDate: -
CompanyName: McAfee, Inc.
ProductName: McAfee System Tray
BuildNumber: 286
FileDescription: McTray Application
FileVersion: 2.1.0.286
Translation: 0x0000 0x04b0

Additional Static Data

Entrypoint: 0x1000f27b
Entrypoint Section: .text
ImageBase: 0x10000000
Subsystem: Windows Gui
Image File Characteristics: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics: DYNAMIC_BASE, NX_COMPAT
Major OS Version: 6
Minor OS Version: 0

Classification (TrID)

45.8% (.EXE) Win32 Executable MS Visual C++ (generic)
15.4% (.EXE) Win64 Executable (generic)
9.6% (.DLL) Win32 Dynamic Link Library (generic)
7.4% (.EXE) Win16 NE executable (generic)
6.6% (.EXE) Win32 Executable (generic)

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5	Characteristics
Name .text Entropy 6.45145301658 Virtual Address 0x1000 Virtual Size 0x1e55f Raw Size 0x1e600 MD5 5703137001cd74f80f7be1022968de5d	.text	6.45145301658	0x1000	0x1e55f	0x1e600	5703137001cd74f80f7be1022968de5d	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Name data1 Entropy 6.71397830402 Virtual Address 0x20000 Virtual Size 0x2f711 Raw Size 0x2f800 MD5 379445a855fd1ed50aa9f506aaba7481	data1	6.71397830402	0x20000	0x2f711	0x2f800	379445a855fd1ed50aa9f506aaba7481	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Name .idata Entropy 4.83366717571 Virtual Address 0x50000 Virtual Size 0x876 Raw Size 0xa00 MD5 2c4c45ff7b6ae84f31d410cfe0978543	.idata	4.83366717571	0x50000	0x876	0xa00	2c4c45ff7b6ae84f31d410cfe0978543	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Name .rsrc Entropy 5.93035718191 Virtual Address 0x51000 Virtual Size 0x6138 Raw Size 0x6200 MD5 3afce1839b05f6e5e9ba5699094bffac	.rsrc	5.93035718191	0x51000	0x6138	0x6200	3afce1839b05f6e5e9ba5699094bffac	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Name .reloc Entropy 6.69773804979 Virtual Address 0x58000 Virtual Size 0x1dfc Raw Size 0x1e00 MD5 1f32a4a587cac5c0079503f27c77738b	.reloc	6.69773804979	0x58000	0x1dfc	0x1e00	1f32a4a587cac5c0079503f27c77738b	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

File Resources

Details	Name	RVA	Size	Type	Language
Name AFX_DIALOG_LAYOUT RVA 0x512e8 Size 0x2 Type data Language Russian	AFX_DIALOG_LAYOUT	0x512e8	0x2	data	Russian
Name RT_ICON RVA 0x512ec Size 0xea8 Type Device independent bitmap graphic, 48 x 96 x 8, image size 0 Language Neutral	RT_ICON	0x512ec	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Neutral
Name RT_ICON RVA 0x52194 Size 0x8a8 Type Device independent bitmap graphic, 32 x 64 x 8, image size 0 Language Neutral	RT_ICON	0x52194	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Neutral
Name RT_ICON RVA 0x52a3c Size 0x568 Type Device independent bitmap graphic, 16 x 32 x 8, image size 0 Language Neutral	RT_ICON	0x52a3c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Neutral
Name RT_ICON RVA 0x52fa4 Size 0x25a8 Type Device independent bitmap graphic, 48 x 96 x 32, image size 0 Language Neutral	RT_ICON	0x52fa4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Neutral
Name RT_ICON RVA 0x5554c Size 0x10a8 Type Device independent bitmap graphic, 32 x 64 x 32, image size 0 Language Neutral	RT_ICON	0x5554c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Neutral
Name RT_ICON RVA 0x565f4 Size 0x468 Type Device independent bitmap graphic, 16 x 32 x 32, image size 0 Language Neutral	RT_ICON	0x565f4	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Neutral
Name RT_DIALOG RVA 0x56a5c Size 0x40 Type dBase III DBT, version number 0, next free block index 4294901761 Language Russian	RT_DIALOG	0x56a5c	0x40	dBase III DBT, version number 0, next free block index 4294901761	Russian
Name RT_GROUP_ICON RVA 0x56a9c Size 0x5a Type data Language Neutral	RT_GROUP_ICON	0x56a9c	0x5a	data	Neutral
Name RT_VERSION RVA 0x56af8 Size 0x2bc Type data Language Neutral	RT_VERSION	0x56af8	0x2bc	data	Neutral
Name RT_MANIFEST RVA 0x56db4 Size 0x382 Type ASCII text, with very long lines, with no line terminators Language Neutral	RT_MANIFEST	0x56db4	0x382	ASCII text, with very long lines, with no line terminators	Neutral

File Data Directories
                
                        Details
                        Name
                        Virtual Address
                        Virtual Size
                        Is In Section
                    
                                    NameIMAGE_DIRECTORY_ENTRY_EXPORT
                                    Virtual Address0x4f640
                                    Virtual Size0xd1
                                    Is In Sectiondata1
                                
                            IMAGE_DIRECTORY_ENTRY_EXPORT
                            0x4f640
                            0xd1
                            data1
                        
                                    NameIMAGE_DIRECTORY_ENTRY_IMPORT
                                    Virtual Address0x50144
                                    Virtual Size0x50
                                    Is In Section.idata
                                
                            IMAGE_DIRECTORY_ENTRY_IMPORT
                            0x50144
                            0x50
                            .idata
                        
                                    NameIMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Virtual Address0x51000
                                    Virtual Size0x6138
                                    Is In Section.rsrc
                                
                            IMAGE_DIRECTORY_ENTRY_RESOURCE
                            0x51000
                            0x6138
                            .rsrc
                        
                                    NameIMAGE_DIRECTORY_ENTRY_EXCEPTION
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_SECURITY
                                    Virtual Address0x56c00
                                    Virtual Size0x19e0
                                    Is In Section.reloc
                                
                            IMAGE_DIRECTORY_ENTRY_SECURITY
                            0x56c00
                            0x19e0
                            .reloc
                        
                                    NameIMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Virtual Address0x58000
                                    Virtual Size0x1dfc
                                    Is In Section.reloc
                                
                            IMAGE_DIRECTORY_ENTRY_BASERELOC
                            0x58000
                            0x1dfc
                            .reloc
                        
                                    NameIMAGE_DIRECTORY_ENTRY_DEBUG
                                    Virtual Address0x4e89c
                                    Virtual Size0x1c
                                    Is In Sectiondata1
                                
                            IMAGE_DIRECTORY_ENTRY_DEBUG
                            0x4e89c
                            0x1c
                            data1
                        
                                    NameIMAGE_DIRECTORY_ENTRY_COPYRIGHT
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_GLOBALPTR
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_TLS
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_TLS
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Virtual Address0x4e8b8
                                    Virtual Size0x40
                                    Is In Sectiondata1
                                
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                            0x4e8b8
                            0x40
                            data1
                        
                                    NameIMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_IAT
                                    Virtual Address0x50000
                                    Virtual Size0x140
                                    Is In Section.idata
                                
                            IMAGE_DIRECTORY_ENTRY_IAT
                            0x50000
                            0x140
                            .idata
                        
                                    NameIMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            0x0
                            0x0
                            -
                        
                                    NameIMAGE_DIRECTORY_ENTRY_RESERVED
                                    Virtual Address0x0
                                    Virtual Size0x0
                                    Is In Section-
                                
                            IMAGE_DIRECTORY_ENTRY_RESERVED
                            0x0
                            0x0
                            -

File Imports

CloseHandle

CreateFileW

CreateThread

DecodePointer

DeleteCriticalSection

EncodePointer

EnterCriticalSection

ExitProcess

FindClose

FindFirstFileExW

FindNextFileW

FlushFileBuffers

FreeEnvironmentStringsW

FreeLibrary

GetACP

GetCommandLineA

GetCommandLineW

GetConsoleMode

GetConsoleOutputCP

GetCPInfo

GetCurrentProcess

GetCurrentProcessId

GetCurrentThreadId

GetEnvironmentStringsW

GetFileType

GetLastError

GetModuleFileNameW

GetModuleHandleA

GetModuleHandleExW

GetModuleHandleW

GetOEMCP

GetProcAddress

GetProcessHeap

GetStartupInfoW

GetStdHandle

GetStringTypeW

GetSystemTimeAsFileTime

GetTickCount64

HeapAlloc

HeapFree

HeapReAlloc

HeapSize

InitializeCriticalSectionAndSpinCount

InitializeSListHead

InterlockedFlushSList

IsDebuggerPresent

IsProcessorFeaturePresent

IsValidCodePage

LCMapStringW

LeaveCriticalSection

LoadLibraryA

LoadLibraryExW

lstrcmpA

lstrcmpiA

MultiByteToWideChar

QueryPerformanceCounter

RaiseException

RtlUnwind

SetFilePointerEx

SetLastError

SetStdHandle

SetUnhandledExceptionFilter

TerminateProcess

TlsAlloc

TlsFree

TlsGetValue

TlsSetValue

UnhandledExceptionFilter

VirtualAlloc

WaitForSingleObjectEx

WideCharToMultiByte

WriteConsoleW

WriteFile

PathFileExistsA

DialogBoxParamA

EndDialog

SendMessageA

File Exports

Name	Ordinal	Address
DrawThemeIcon	#1	0x100083b0
apetaloid	#2	0x1000b740
graben	#3	0x1000bdc0
ladykind	#4	0x1000c780
overindulge	#5	0x1000cd10
spirometer	#6	0x1000d280
townless	#7	0x1000d9c0
zaparoan	#8	0x1000e1f0

File Certificates

Certificate chain was successfully validated.

Download Certificate File (6.5KiB)

Owner	Issuer	Validity	Hashes (MD5, SHA1)
CN=MASTER GADGETS LTD, O=MASTER GADGETS LTD, ST=Essex, C=GB	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB Serial: 23840d4ff33ebae2618fcf874ad2f98	11/07/2022 00:00:00 11/07/2023 23:59:59	12:97:FB:D9:B6:AC:DC:BC:87:27:DD:3F:8B:2F:C8:9F FA:9C:C0:60:76:BB:DB:2E:C2:BD:BC:15:79:93:AA:AF:7A:A8:0C:5A
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial: 1	01/01/2004 00:00:00 12/31/2028 23:59:59	49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0 D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Serial: 48fc93b46055948d36a7c98a89d69416	05/25/2021 00:00:00 12/31/2028 23:59:59	2A:A3:20:98:2E:00:19:3F:AD:3B:D0:EA:54:06:E4:CD 32:9B:78:A5:C9:EB:C2:04:32:42:DE:90:CE:1B:7C:6B:1B:A6:C6:92
CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB	CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB Serial: 621d6d0c52019e3b9079152089211c0a	03/22/2021 00:00:00 03/21/2036 23:59:59	E8:8A:7F:88:DD:89:C6:2A:2B:B9:9C:C9:88:D2:D2:A4 0B:C5:E7:67:73:D2:E4:4F:C9:90:3D:4D:FE:FE:45:15:53:BB:EC:4A

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 13 processes in total (System Resource Monitor).

<Ignored Process>
- rundll32.exe "C:\opengl.dat.dll",#1 (PID: 3116)
  - wermgr.exe (PID: 1420)
- rundll32.exe "C:\opengl.dat.dll",#2 (PID: 3172)
- rundll32.exe "C:\opengl.dat.dll",#3 (PID: 2148)
  - WerFault.exe -u -p 2148 -s 212 (PID: 3556)
- rundll32.exe "C:\opengl.dat.dll",#4 (PID: 3732)
- rundll32.exe "C:\opengl.dat.dll",#5 (PID: 2528)
- rundll32.exe "C:\opengl.dat.dll",#6 (PID: 3884)
  - WerFault.exe -u -p 3884 -s 212 (PID: 3780)
- rundll32.exe "C:\opengl.dat.dll",#7 (PID: 284)
  - WerFault.exe -u -p 284 -s 212 (PID: 3148)
- rundll32.exe "C:\opengl.dat.dll",#8 (PID: 2936)
  - WerFault.exe -u -p 2936 -s 212 (PID: 3120)

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

Download All Memory Strings (3.9KiB)

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!#3(3-:*m0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!%7&H2<A{"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!(5 L"m?6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!(W}5x?1-7(9!5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!)"/3zi%!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!+09%,;!L;%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!.c*& .))

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!5"6a5.%"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!5+3dR5?O3xYn(2/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!7 ~|."zm2S

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!=)w"%t>)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!>?;|5%5#"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!_is_double

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!P#!r?8*83)0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!TF1i"%+A

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

!VG/72nY

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

" 4G6z15

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"","!a4-#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"'U./(#6/*,x

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"+?/}l8#}:r

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

",i#9*{<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"1(.?CbUi,

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"5/,"2Kl*/=2*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"6j&+7;m1'M

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"6|!*q)e/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"=8-1-ey0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"_mk!4C8$tzUX

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"C:\opengl.dat.dll",#1

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#2

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#3

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#4

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#5

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#6

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#7

Ansi based on Process Commandline (rundll32.exe)

"C:\opengl.dat.dll",#8

Ansi based on Process Commandline (rundll32.exe)

"Qpq$250 Ap

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"Sectigo Public Code Signing CA R36

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"Sectigo Public Code Signing CA R360

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"z<} !C{%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

"{,&23,3w(y=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#"}+8?>3%<z0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#( 1>%(%&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#*#zZ" T=e%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#+![p}58V80g

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#+#G0>Q%-2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#/%;3+qw ->

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#0/'{w}P<-2$4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#4:9"`S:w

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#4SE*&;mOg

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#6mo"1425)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#9%`>'2Q

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#;%%!F$ )

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#>F"<@&,;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#?[dv1f19

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#bC<}|.a

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

#T5/'7:1*?3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$ q&} c]`E$)4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$$>32'r7r

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$%d,&3#2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$&=},$3l2R

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$+t/491Fz

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$3;?02y;g;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$764%+XH

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$=;xdd`[><

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$?O+4"q)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$C9%7m-534:$i<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$I-2."|8"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$Sectigo Public Code Signing Root R460

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$V!S6|#R?2y?IVo'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$Z!%uKc$-!v_

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$z}3"Aq,$xJ

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

$|t&i *4W

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%"=w<e:T-Z-MD

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%3#,?+:,>#<0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%99%)N@<"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%<3!bK>dddx#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%=.q!(a2<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%?za= 04

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%^&;f)LCe

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%^{>t1/*.*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%`0^5:6${#"M4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%`k2#X*NW

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%b$$Z13O7,U6`

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%g<"3"#)!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%J(!v}}05^h

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%j=2,#;'/.<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

%{!"!o';4?/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&#(+<.1++

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&%~1n--R3}

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&(1*7 A,M

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&*1/?3u#;'">/*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&.nS"/<A

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&0~9?,7:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&3(${w>:!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&3;-q>7#z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&6/+=$&05

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&b*$9:fK3)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&f'/gz(%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&Ns].Zc#}6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

&Td0$-4K7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'#b.WN5$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'%3-"<mu=2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'-MN6+&?i#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'/["11{Q9a

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'1;(o#VC

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'3Fz26>-=jm

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'6)x?%6s-;>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'7`aF,$4$./

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'7U3x/-:?t[

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

';~-J;r*a8 W

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'^41UJ+*5>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'Ub(,9:!cx

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'xy/{-%Pr/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'{7=pKf;*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

'};t`R+=?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(#-r&,<97.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

($8*6g"?,>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(% Lx5+z8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

((((( H

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(0l,9=s3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(1=9,z$.k

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(2)!*y@V,n

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(3<) ,;,P

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(7-$8E(%;|

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(:x+i:E+#9y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(EO0e4#*=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(I/' V!0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(l!<qy.# %

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(R/yF,5V0>;";

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(u* b#J$59

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(z'9R ,$>@S

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

(zV^4;z{(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

) )K>-W=(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)##0/-7!(7G

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)%). 5()+^

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)&h96K<?):)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)(7@ux#C6"q

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)._'6**4% )

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)3 5j-O=K4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)</p17"`;^

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)\"^ |q@5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)j izM!T-j,

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)ta.#"w8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

)v^?]4L5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*!tW%p_c5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*%E@!/: @zu.1AC

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*& 3-/3RJ

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*'U+>Y^$~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

************

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

****************

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*+a#"$'&;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*1-2#'?=w;;?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*1>-4!w]

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*2'tp34x;4*M7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*4!3:(0F6(?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*<l' ?Y'6 *

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*?0)>98lI0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*c39"gKyVI

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*eT%\;#3Wg/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*f_6?!#<.4|

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*Ig==8'1g

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*kUs(uGnl5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*U*"1'*v'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*X"'x1I?#y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*x^2.%.h4+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

*}^#X=4s

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+ 78p6<,$81

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+!5r8:*jPA

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+"?d<C&|

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+%:#$c'/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+++;/3,xw!'6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

++1.o1<gv

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+-=>+@D+%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+0L'-/98=d<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+;;m1g*+%s

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+<.' #=4'j+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+>v1=['(]/Y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+dW =}U}

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+kIw+61<p;>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+n#|,q-&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+R3?5n3'3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+T34;>$)X>*%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

+}9*. %&o9)q/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

, .:Kz..'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,"q///?9&`

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,$!.94%&j

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,'\/8^V %

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,)80! IE

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,-+g<.o!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,/2+Q38'38

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,/8$Z/'!%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,0 p2m%?&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,113J,*(t|

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,1@q%!;*6g5g

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,4+u7U2(,nV1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,58*3R%p)(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,7V03}*q)4qJ

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,@IVox: )v

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,d68'`$3>=%/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,d=a.(;?p

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,Dd$31M3*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,H]V960] F

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,xc/8$!1;%x

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

,|0\288=.@^

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

- .-ds+50

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-1|CzBs:Y!%y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-4:-T#|:?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-92<(*7#:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

->Q)9"13w-=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-o$~61C6q

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-T?*';78

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-u -p 2148 -s 212

Ansi based on Process Commandline (WerFault.exe)

-u -p 284 -s 212

Ansi based on Process Commandline (WerFault.exe)

-u -p 2936 -s 212

Ansi based on Process Commandline (WerFault.exe)

-u -p 3884 -s 212

Ansi based on Process Commandline (WerFault.exe)

-Y:a8)-r'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

-}9,123Y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

."r( E)-5{i#2'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.+-,vSz*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.380:.< !

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.86x5h/"k

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.>B~Zl7%0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVbad_alloc@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVbad_array_new_length@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVbad_exception@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVexception@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVlength_error@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVlogic_error@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVout_of_range@std@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.?AVtype_info@@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.`2R=<6d-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.F m.-90'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.hP3::2G<*d$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.J7(+q:(8'" 9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.J=,#7;Z;8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.T2(2{&g*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

.zw'G=(83

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/$"%6#.1y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/+,x>#!3%>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/,9m-S"abw

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/2+/6+<7"):fD"z?y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/3acx(.,"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/7^4{t14u.6=&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/;%nA=!56<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/]/3:-2*/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/dU*sS8%"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/fnEmw$$;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/ky:1%!&&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/rIt8>"n$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/u7u&mgl|

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/vE1!) <5H

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

/x 41]2F?,"?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0l0p0t0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0 0(00080@0H0P0X0`0h0p0x0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0"0(0-03090?0D0I0Z0_0t0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0#/3?e*$9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0#0)040>0E0O0U0Z0c0i0{0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0$0,040<0D0L0T0\0d0l0t0|0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0$0.0D0N0d0n0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0%0*00060>0^0t0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0&0=0B0Q0V0[0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0)0?0E0J0O0T0Z0_0p0u0~0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0-171<1B1H1M1R1W1]1c1r1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0.1>1]1c1i1u1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

00060101.00060101

Ansi based on Runtime Data (rundll32.exe )

00080@0H0L0P0X0l0t0|0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

040101000000Z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

064686<6p6t6x6|6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

07O$&+-2!7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0<(?%57'9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0<??-* #"('-V

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0>'3Z,-1<<Up

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0]^2` 38

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0_J2_'9____0_

Ansi based on Image Processing (screen_0.png)

0http://crl.comodo.net/AAACertificateServices.crl0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0K0P0T0X0\0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0Kt0t_rmlnat_th_pr0gram

Ansi based on Image Processing (screen_1.png)

0R8-@t"fx(!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

0v4<(%"$&it74)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1 1(10181@1H1P1X1`1h1p1x1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1$1,141<1D1L1T1\1d1l1t1|1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1$1.1D1N1d1n1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1%1*141E1J1_1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1)1/181F1K1P1u1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1*323i3p3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1,101L1P1p1x1|1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1.o*7AE" "$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

16 uweq7V[

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

18$. 8%X#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1:.>vy63/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1;"><-{eQ

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1<U=%.YB8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1]-}}{%g3P

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1b Sby)+]-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1F2P2^2e2p2w2}2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1R &u+6.z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

1X:)7D+V

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2 2$2(2,2024282<2@2D2L2P2T2X2\2`2x2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2 2(20282@2H2P2X2`2h2p2x2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2 383>3e3)5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2$2,242<2D2L2T2\2d2l2t2|2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2$2.2D2N2d2n2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2$?=*L24$$3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2&)"!#%)_+cq-'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2';+yu=mujL4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2'<p 3-9",

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2)3$u.Y#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2,!Z '"kL

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2,21262a2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2,5*)d/5ddr

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2.1.0.286

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

206"9#=,$ (

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

21 54&/"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

210322000000Z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

210525000000Z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

221107000000Z

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

221214114306Z0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

227(u0>;*S!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

22ylku8yh049yu034hkofw42h4ryj02g940g9vrghw08

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

23/3H3M3y3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

231107235959Z0W1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

24282@2H2P2T2\2p2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

281231235959Z0V1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

281231235959Z0{1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

289%Z+-G

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

29"'/5&l&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2<2B2I2X2]2r2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2<2B2n2t2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2`.%=- 0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2A5=+/R0'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2b326S!|+.t% 9>T

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2c'<d`b6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2c3 Z-'=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2http://crl.comodoca.com/AAACertificateServices.crl04

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2http://crl.comodoca.com/AAACertificateServices.crl06

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2I!)8'8.+t

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2N2Y2a2l2r2}2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2VT;4f9,

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

2Z;mq"/<!2(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3 3(30383@3H3P3X3`3h3p3x3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3!3'31363;3I3N3_3f3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3!=6(q0 }

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3!?=<*1;n_=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3$3,343<3D3H=P=X=`=h=p=x=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3*<[%f( 1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3+"6"6M>d

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3/-3\$s.oS

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3/4<4A4e4k4q4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

34"C\z;3/Y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

360321235959Z0T1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3[H:01V<)$& -$9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3^p2%'("#@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

3a<f-V%'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4 4&4,4C4[4d4y4~4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4 4(40484@4H4P4X4`4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4 4(40484@4H4P4X4`4h4p4x4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4$444D4T4d4t4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4(4-4?4F4s4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4)z7 G#z/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4,~2]-~+Z,pMY$5n::

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4-z<Y>]x

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

42/{^c'0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

44%4,464R4a4u4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4=4h4n4t4|4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4af6?:!T,'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4D5I5O5T5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4I6=)%#up"%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4JJJJJJJ?H

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

4L4U4^4l4u4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5 5(50585@5H5P5X5`5h5p5x5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5"*$k /-2!=#zp

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5"= ,+2-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5"@=TU!">

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5#8k_+hL=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5$545D5T5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5$6O6`6e6j6o6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5%5/5@5E5Z5o5t5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5%Rd (fLr

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5& 30M+5'~~(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5'$!:&3(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5(}0-/HG~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5)+4X%5?<:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5+565<5K5Q5Y5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5,595B5l5r5x5~5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

50=85&~3.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

51!Rfp010%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

52595C5M5R5\5k5p5u5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

548]N?!~7&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

55$535J5p5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

56.:?0')$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5696>6H6U6Z6l6v6{6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

57!" **,52|.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5<6B6H6M6^6h6w6|6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5<6K6T6a6w6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5=5wa !*,}-:O

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5=S&$2:(@

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5>*'ys. ""6?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5g-&<,!-)J#)4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

5V$Y"z~ 1YS

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6!6#%:1>;K

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6!6'6,62696?6E6J6P6W6]6g6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6$&3,`yL ,!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6(6,6064686<6@6D6p7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6,-ax!='';

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6,;4/')r

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6,<4<<<D<L<T<\<d<l<t<|<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6,?~))*Z"?*7('

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6.'%;;o0R*1`5^S

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6/M|'/+#'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

61d*<$L/Y}9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

63[*-4k21

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

66(n(48%',

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

667j;8/>| U->1=.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6>V,&2K{^9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6?`7/)o#lS8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

6p0 sf"%$<PH3etp=w~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7 7&7+70757<7C7I7P7Z7c7h7q7w7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7!' &49jZ:7q

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7!707E7R7h7o7{7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7!8_8g8m8}8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7"767;7N7a7t7}7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7#*\~rK,;%&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7#]/"!S=0&9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7$ = $:#%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7'7;7@7F7L7Z7a7p7z7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7+r?%;$!"]!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

73/&(,f`'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

76$q?+G#t

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

767=7`7f7w7}7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

769.2/p;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

77&#pO!>)/&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

78?(]5!+%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

798?8S8j8o8~8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7:SM+6.v

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7<>^$m613)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7>+18&/i

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7[e#U8)/7;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7A8F8P8Z8e8j8o8z8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7F~;=c+JG

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7o%v26=,.]Ha`0.0R"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

7V-Ah3! +

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8#8,81878A8K8[8k8{8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8&8,82878=8D8J8P8U8[8b8h8r8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8&np:":])

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8'8-83898D8J8O8U8^8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8';xdu96oM+ Nj

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8(&'/@*]2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8(Y1S;n"d.,_/{

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8+858:8I8N8c8x8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

819?9X9`9i9r9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

85!;5,$)a

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

898R8`8l8x8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8;% +7Q:^7

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8;8I8P8V8

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8;FD</:%=)"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8?`'.W0H3

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8_21O{FL10-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8o5)1u ,2-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8Ocp.? c"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8t 9:"6[

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8U2 (!9}8*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8v+'7=w<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8z?*2p |6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

8}$'$11&5%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9 (`'- ,(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9 <3Xag%[,."g

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9#%2"&`r'&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9#9,9:9?9D9i9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9#C)7,9=('0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9&f='1eV

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9'9-979=9C9K9T9[9e9j9o9x9~9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9)9C9k9y9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9)|#>v."!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9*:9:B:P:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9+9J9P9^9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9,v45xS>Z-v

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9/!=U%<}*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9/9H9W9]9b9g9m9w9~9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9/_fv%*t:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

92>+,8+>4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

96)!7's*e"-?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

96s03, |$d'$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

98$>8x,><"%;oYn&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

999Q9a9u9z9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9:2A&lrUZ?u*l

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9A9[9r9y9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9m B:'/- /4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9S'+ V4=06

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9X:]:b:}:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

9z.U3bj<%1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

: :$:4:8:<:@:H:`:p:t:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

: <!%-!/>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:$:*:J:Y:^:o:t:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:%L?<_3-4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:%Sf=:!/!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:&5$w*/-zS

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:&:+:_:v:|:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:&:5:>:c:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:(:@:i:|:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:*"Ih"4Eugp

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:,!.W+`NV5?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:07s*!g2?X-'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:2)$f=;\%6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:8:G:R:W:\:w:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:;#;-;2;\;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:;6CZ1V"c5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

:S.)N#8.5)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

; ;$;(;,;0;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

; ;$;(;,;4;L;\;`;p;t;|;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;$;6;H;Z;l;~;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;&;8;K;e;t;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;&<,<T<}<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;';N;\;a;k;z;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;);5;:;?;Z;d;p;u;z;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;-18s2(1MDu(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;2,$<a3</=#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;20(-G3t$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;2:F%l$")>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;7)!='?n(

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;8T(".P^#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;9d,d%2CB'&t&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;:;A;X;n;{;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;;";7;<;X;k;

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;=*(Dvt#{

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;^/@yA'1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;r;#486S=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;W?946r=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

;|(||&v6/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<"7/#Zx'Hw0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<"<'<;<E<J<t<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<"<F<O<V<O>f>F?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<$^#/w3&c

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<%=H=O=U=[=n=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<)2>uP&-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<-l'$b->$L

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<3 ;,(v>&

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<3;"H-?74

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<4;y+.8uD,"?*1=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<4<<<K<P<a<f<k<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<9<?<b<u<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<><O<Z<s<x<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<>?0g%8((o

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<@<F<O<^<c<h<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<`U.3Y::{

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="McTray" type="win32"></assemblyIdentity><description>McTray</description><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<IK=,|ePk'2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<K=U=c=i=o=u={=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

<x:6?U9,%t

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

= =4=<=P=X=l=t=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=#&:.HY1/18<=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=$=,=4=<=D=L=T=\=d=l=t=|=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=&=6=G=L=a=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=&u*+u/&9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=)><>A>F>K>P>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=*=2=O=_=k=z=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=-=<=A=F=X=]=y=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=.-5c}H6-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=04m6#2)`

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=36&N>%!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=80zMZ?)jUb<-34; k?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=9=C=R=W=\=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=?%<K<#Q("6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=]xNuMZ+<}!G

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=F=V=u={=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=w79)!/:?=S(k* 4>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

=WK!&$0S

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

> >(>0>8>@>H>P>X>`>h>p>x>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

> >(>0>8>@>H>P>X>`>l>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

> >1>;>K>v>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

> ?'?.?5?B?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>">(>.>4>9>?>H>P>U>Z>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>#>8>M>S>Y>^>d>i>r>x>~>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>$"\/#' xw&z"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>$>,>4><>D>L>T>\>d>l>t>|>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>% z6!:*/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>%>/><>F>V>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>'{EgVS '

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>)+$9%//c*

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>)>.>4>>>C>I>Z>_>d>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>+A8%4~7$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>3Y89>&28

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>4>B>N>s>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>6?I?i?t?z?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>9>@>W>m>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>:?S?]?i?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>;q#"d;IP

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

><PA$/#2%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

><Y3"8;4'151%%>)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>=?B?G?L?Q?]?f?l?r?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>>->7>^>h>

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>?V2)-ig+)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

>^,!\#;%

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

? ?(?0?8?@?H?P?X?`?h?p?x?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?!:-:3/$4/z`4[

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?"?'?,?D?R?W?\?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?#1)7#2)+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?#?)?.?4?9?B?H?N?T?]?f?k?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?$?)?/?5?;?E?r?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?$?,?4?<?D?L?T?\?d?l?t?|?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?$?,?4?@?`?h?p?x?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?'_?_??_e"0_?v_

Ansi based on Image Processing (screen_1.png)

?)<;80!0-

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?,->8L,<0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?/C6X#>.6k

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?6:69&v187(#

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?6;A;6w\.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?7?T?h?s?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?8#,] #b'!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?8< \3'R

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?>T;1!9{?)ErI4

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?>Z r $;-u

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?_,8]f">8)

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?_v"?__"_?

Ansi based on Image Processing (screen_0.png)

?d$3Eaq eP

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?M4(#(4bj

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

?v__?__?_ce

Ansi based on Image Processing (screen_1.png)

?|E~R>*>+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

@316u!&.

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

@;]uW8n$b:

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

@h\603N&98`';

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

[MgFd=3H6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

\$;'9-.>5

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

\4V]d/)2X%+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

\s?7=4 ); &V%?"

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

]&kkkkkkkkk

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

].;!!R#6X

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

]5;5; 8[/=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

]AL ,Km>"<m+h

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

^7q4+.[3{I579

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

^8#}-$Ie<

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

^:%8:*(x#&_/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

^^^^2^H%mhm

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

^z)IC;5V#?

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_-~.` C=F!u

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_/-%%+7( g

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_<(7!$d/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_?#o<R:0`}w_

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_?v??_Ll_?_

Ansi based on Image Processing (screen_0.png)

__ANyAB_yRslDls

Ansi based on Image Processing (screen_0.png)

__clrcall

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__crt_strtox::floating_point_value::as_double

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__crt_strtox::floating_point_value::as_float

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__fastcall

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__restrict

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__stdcall

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__swift_1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__swift_2

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__thiscall

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__unaligned

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

__vectorcall

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_is_double

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_nextafter

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

_v_______

Ansi based on Image Processing (screen_1.png)

`!<<!9"3b("

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`09+('6p/''9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`anonymous namespace'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`copy constructor closure'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`default constructor closure'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`dynamic atexit destructor for '

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`dynamic initializer for '

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`eh vector constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`eh vector copy constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`eh vector destructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`eh vector vbase constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`eh vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`local static guard'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`local static thread guard'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`local vftable constructor closure'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`local vftable'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`managed vector constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`managed vector copy constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`managed vector destructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`omni callsig'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`placement delete closure'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`placement delete[] closure'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`scalar deleting destructor'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`udt returning'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vbase destructor'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vbtable'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector copy constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector deleting destructor'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector destructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector vbase constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vector vbase copy constructor iterator'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`vftable'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`virtual displacement map'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`y_6%:?i!

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`ZP(39&/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

`~!"Q+9>5tK

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

A$(| 0V!1

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

a-8(J~=*(9

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

A/<%'.<p^

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

a:/5%09(VRe

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

A>/--#Ep$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AAA Certificate Services0

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AAAAA$$$6

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

abcdefghijklmnopqrstuvwxyz

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AdminTabProcs

Ansi based on Runtime Data (wermgr.exe )

AE#%q&8nj)4=

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

aeTSomjzX

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

aeUAUAkotYwQxCGCQOJRulQOvAObhHlMCqeQqyg

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AFX_DIALOG_LAYOUTIDI_ICON1

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AgUdJczbjTHplIEsFgRMygUpZSHXWJsmIkjB

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

aimLpOXVgnfgUbmlxYFTsvM

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AnlrKVFCQFq

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

aOSfbGNxdfHAcgNXJuArTl

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

apetaloid

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-appmodel-runtime-l1-1-2

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-datetime-l1-1-1

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-fibers-l1-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-fibers-l1-1-1

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-file-l1-2-2

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-localization-l1-2-1

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-localization-obsolete-l1-2-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-processthreads-l1-1-2

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-string-l1-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-synch-l1-2-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-sysinfo-l1-2-1

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-winrt-l1-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-core-xstate-l2-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-rtcore-ntuser-window-l1-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

api-ms-win-security-systemfunctions-l1-1-0

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AppPolicyGetProcessTerminationMethod

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AqDdXiIjpkeUDPflnSmewZNevFjQqPEusdX

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AreFileApisANSI

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AsLJOSVXzXtNglYDFNpOb

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

at625."02

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

Attributes

Ansi based on Runtime Data (wermgr.exe )

AtyjlBFTxbZsrnKvTdeLuVDuQOiWZmJnHvw

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

AuthenticodeEnabled

Ansi based on Runtime Data (rundll32.exe )

az-AZ-Cyrl

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

az-az-cyrl

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

az-az-latn

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

az-AZ-Latn

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

b(> '5),89

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

b+#v~?}0&6G

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

B2 !)x#2TGk

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bad allocation

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bad array new length

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bad exception

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

Base Class Array'

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

Base Class Descriptor at (

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bNVbNblehNYOWJKacVuet

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bs-BA-Latn

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

bs-ba-latn

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

BuildDate

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

BuildNumber

Unicode based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

BWYVEmZlVG

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

BX,#1@5Dv

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

b{=wV-"/<~

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

C <=z$V:+

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

c1&$2%?';$

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

C8!a,C4=,

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

C?*I*g96[

Ansi based on Memory/File Scan (122ca4d274ebe0850db490adb34b938a439eb1838b303cef0c6f37b52ad1d60e.bin)

opengl.dat

Incident Response

Risk Assessment

MITRE ATT&CK™ Techniques Detection

Indicators

Malicious Indicators 8

Suspicious Indicators 11

Informative 27

CrowdStrike AI

Executable Process Memory Analysis (Learn More)

File Details

opengl.dat

Resources

Visualization

Entrypoint Preview

Version Info

Additional Static Data

Classification (TrID)

File Sections

File Resources

File Data Directories

File Imports

File Exports

File Certificates

Screenshots

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

HTTP Traffic

Extracted Strings

Extracted Files

Notifications

Runtime

Community

Details	Name	Virtual Address	Virtual Size	Is In Section
Name IMAGE_DIRECTORY_ENTRY_EXPORT Virtual Address 0x4f640 Virtual Size 0xd1 Is In Section data1	IMAGE_DIRECTORY_ENTRY_EXPORT	0x4f640	0xd1	data1
Name IMAGE_DIRECTORY_ENTRY_IMPORT Virtual Address 0x50144 Virtual Size 0x50 Is In Section .idata	IMAGE_DIRECTORY_ENTRY_IMPORT	0x50144	0x50	.idata
Name IMAGE_DIRECTORY_ENTRY_RESOURCE Virtual Address 0x51000 Virtual Size 0x6138 Is In Section .rsrc	IMAGE_DIRECTORY_ENTRY_RESOURCE	0x51000	0x6138	.rsrc
Name IMAGE_DIRECTORY_ENTRY_EXCEPTION Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_SECURITY Virtual Address 0x56c00 Virtual Size 0x19e0 Is In Section .reloc	IMAGE_DIRECTORY_ENTRY_SECURITY	0x56c00	0x19e0	.reloc
Name IMAGE_DIRECTORY_ENTRY_BASERELOC Virtual Address 0x58000 Virtual Size 0x1dfc Is In Section .reloc	IMAGE_DIRECTORY_ENTRY_BASERELOC	0x58000	0x1dfc	.reloc
Name IMAGE_DIRECTORY_ENTRY_DEBUG Virtual Address 0x4e89c Virtual Size 0x1c Is In Section data1	IMAGE_DIRECTORY_ENTRY_DEBUG	0x4e89c	0x1c	data1
Name IMAGE_DIRECTORY_ENTRY_COPYRIGHT Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_GLOBALPTR Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_TLS Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG Virtual Address 0x4e8b8 Virtual Size 0x40 Is In Section data1	IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4e8b8	0x40	data1
Name IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_IAT Virtual Address 0x50000 Virtual Size 0x140 Is In Section .idata	IMAGE_DIRECTORY_ENTRY_IAT	0x50000	0x140	.idata
Name IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0	-
Name IMAGE_DIRECTORY_ENTRY_RESERVED Virtual Address 0x0 Virtual Size 0x0 Is In Section -	IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0	-

opengl.dat

Incident Response

Risk Assessment

MITRE ATT&CK™ Techniques Detection

Indicators

Malicious Indicators 8

Suspicious Indicators 11

Informative 27

CrowdStrike AI

Executable Process Memory Analysis (Learn More)

File Details

opengl.dat

Resources

Visualization

Entrypoint Preview

Version Info

Additional Static Data

Classification (TrID)

File Sections

File Resources

File Data Directories

File Imports

File Exports

File Certificates

Screenshots

System Resource Monitor

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

HTTP Traffic

Extracted Strings

Extracted Files

Notifications

Runtime

Community

Latest News

Vetting required

Request Report Deletion

Link